Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Redirect Virus, and Trojan Virus [Closed]


  • This topic is locked This topic is locked

#1
om20

om20

    Member

  • Member
  • PipPip
  • 50 posts
I seem to have a Trojan Virus, and Also something that redirects me, when im on google. i dont know how to get rid of them, even after a scan with my regular virus scanner on my computer. Can anyone help?
  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

Please follow the steps below:

Step 1

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

Step 2

Posted Image OTL Custom Scan

  • Download OTL to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:
  • aswMBR log and attached zipped MBR.dat file
  • OTL scan log
  • Extras log

  • 0

#3
om20

om20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-25 10:13:45
-----------------------------
10:13:45.447 OS Version: Windows x64 6.1.7600
10:13:45.447 Number of processors: 6 586 0xA00
10:13:45.447 ComputerName: ENRIQUE-PC UserName: Enrique
10:13:47.034 Initialize success
10:13:47.186 AVAST engine defs: 11102501
10:14:18.013 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:14:18.015 Disk 0 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 3
10:14:20.062 Disk 0 MBR read successfully
10:14:20.063 Disk 0 MBR scan
10:14:20.066 Disk 0 unknown MBR code
10:14:20.068 Service scanning
10:14:23.811 Modules scanning
10:14:23.813 Disk 0 trace - called modules:
10:14:23.841 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
10:14:23.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ac2790]
10:14:23.846 3 CLASSPNP.SYS[fffff8800192743f] -> nt!IofCallDriver -> [0xfffffa800792a9b0]
10:14:23.849 5 ACPI.sys[fffff88000f76781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007a05060]
10:14:30.095 AVAST engine scan C:\Windows
10:14:36.781 AVAST engine scan C:\Windows\system32
10:15:44.319 AVAST engine scan C:\Windows\system32\drivers
10:16:04.855 AVAST engine scan C:\Users\Enrique
10:19:36.435 File: C:\Users\Enrique\AppData\Roaming\trzE64F.tmp **INFECTED** Win32:MalOb-CA [Cryp]
10:21:51.939 AVAST engine scan C:\ProgramData
10:22:39.162 Scan finished successfully
10:24:19.243 Disk 0 MBR has been saved successfully to "C:\Users\Enrique\Desktop\MBR.dat"
10:24:19.247 The log file has been saved successfully to "C:\Users\Enrique\Desktop\aswMBR.txt"



-
-
-
-

OTL logfile created on: 10/25/2011 4:40:11 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Enrique\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.43 Gb Available Physical Memory | 70.02% Memory free
15.50 Gb Paging File | 12.90 Gb Available in Paging File | 83.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 912.93 Gb Total Space | 788.40 Gb Free Space | 86.36% Space Free | Partition Type: NTFS
Drive D: | 4.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ENRIQUE-PC | User Name: Enrique | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/25 10:24:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Enrique\Downloads\OTL.exe
PRC - [2011/05/10 05:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/02/14 18:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/05 10:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2010/10/20 14:48:04 | 000,232,896 | ---- | M] (Vuze Inc.) -- C:\Program Files (x86)\Vuze\Azureus.exe
PRC - [2010/07/27 02:47:12 | 000,207,872 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
PRC - [2010/05/14 12:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/23 13:59:42 | 000,232,064 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
PRC - [2009/08/31 12:06:22 | 000,144,672 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Print Artist Gold\ReminderApp.exe
PRC - [2009/06/04 15:10:56 | 005,777,408 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2007/06/27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/03 12:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
PRC - [2006/03/21 14:19:40 | 000,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 03:26:01 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll
MOD - [2011/10/12 03:25:47 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\fd6d00c3c7d56a2e3651769081e8f412\System.EnterpriseServices.ni.dll
MOD - [2011/10/12 03:25:47 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\834be57d8ab824b4ebcbf01161791d70\System.Transactions.ni.dll
MOD - [2011/10/12 03:25:46 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\45a20172acfdcc160ecb6bd358179c31\System.Data.ni.dll
MOD - [2011/10/12 03:25:38 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll
MOD - [2011/10/12 03:25:23 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/12 03:25:16 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/12 03:25:13 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll
MOD - [2011/10/12 03:25:03 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011/10/12 03:24:58 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/12 03:24:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/12 03:24:54 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/12 03:24:32 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/07/11 01:14:29 | 006,271,648 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/11 00:57:20 | 000,028,160 | ---- | M] () -- C:\Users\Enrique\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll
MOD - [2011/06/20 14:11:02 | 000,076,288 | ---- | M] () -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
MOD - [2011/04/14 09:25:47 | 001,874,904 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/02/14 18:33:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/02/14 18:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/02/05 20:41:05 | 000,011,776 | ---- | M] () -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\extensions\[email protected]\components\FF4\toolbarhomewmp.dll
MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/10/20 14:48:04 | 000,087,480 | ---- | M] () -- C:\Program Files (x86)\Vuze\aereg.dll
MOD - [2010/04/09 00:29:22 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Vuze\plugins\azitunes\jacob-1.14.3-x86.dll
MOD - [2010/04/09 00:29:22 | 000,015,884 | ---- | M] () -- C:\Program Files (x86)\Vuze\plugins\azitunes\libProcessAccess.dll
MOD - [2009/08/31 12:06:24 | 000,152,864 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Print Artist Gold\en-US\ReminderApp.resources.dll
MOD - [2009/08/31 12:06:22 | 000,144,672 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Print Artist Gold\ReminderApp.exe
MOD - [2009/08/31 12:06:22 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Print Artist Gold\AddressBookCore.dll
MOD - [2009/06/10 14:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/06/10 14:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/06/04 15:10:56 | 005,777,408 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
MOD - [2009/03/25 16:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2009/02/27 12:56:34 | 000,016,768 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2009/01/15 14:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
MOD - [2006/01/10 09:50:20 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/01/24 19:57:23 | 001,315,592 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/11/15 11:08:10 | 005,716,848 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2010/08/04 02:51:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/07/27 02:47:14 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/23 13:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/10/01 16:45:23 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 05:04:08 | 000,600,920 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/05/10 05:04:07 | 000,287,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/05/10 05:02:41 | 000,053,592 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/05/10 04:59:59 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/05/10 04:59:48 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/05/10 04:59:37 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/02 16:07:54 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/10/25 10:59:32 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2010/10/25 10:59:28 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/04 03:22:38 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/08/04 03:22:38 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/08/04 02:15:46 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/27 02:47:46 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2010/07/27 02:47:36 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2010/04/08 05:12:00 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/15 20:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 12:07:02 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/23 07:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/04 18:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2006/12/05 12:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV - [2010/07/27 02:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/07/27 02:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/01/04 14:34:48 | 000,011,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys -- (ASInsHelp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C DC 36 01 F3 D8 25 4E 8D D0 4C 4C CF AB 4F BA [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C DC 36 01 F3 D8 25 4E 8D D0 4C 4C CF AB 4F BA [binary data]

IE - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
IE - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/
IE - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C DC 36 01 F3 D8 25 4E 8D D0 4C 4C CF AB 4F BA [binary data]
IE - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Enrique\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/05 16:20:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/05 16:20:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/15 19:36:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/15 19:36:51 | 000,000,000 | ---D | M]

[2010/12/28 21:06:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Enrique\AppData\Roaming\Mozilla\Extensions
[2011/09/12 21:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\extensions
[2011/10/24 16:28:06 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\extensions\{0e2e1d11-b40d-4cc6-91a0-6439dd7ad650}
[2011/08/01 18:24:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/07/06 15:13:23 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/02/05 20:41:05 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\extensions\[email protected]
[2011/02/03 14:57:43 | 000,000,903 | ---- | M] () -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\searchplugins\conduit.xml
[2011/05/15 19:36:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\ENRIQUE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P2UPHUW6.DEFAULT\EXTENSIONS\[email protected]
[2011/04/14 09:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: No name found = C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1125_0\
CHR - Extension: No name found = C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vshare\vshare_toolbar.dll ()
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files (x86)\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vshare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vshare\vshare_toolbar.dll ()
O3:64bit: - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AddressBookReminderApp] C:\Program Files (x86)\Nova Development\Print Artist Gold\ReminderApp.exe ()
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001..\Run: [Azureus Update] C:\Users\Enrique\AppData\Local\Ahead\AheadUpdate\Aheadup.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001..\Run: [Facebook Update] C:\Users\Enrique\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001..\Run: [kde.org Update] C:\Users\Enrique\AppData\Local\Apple Computer\AppleUpdate\Appleup.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001..\Run: [WindowsNotifierNotifier] C:\ProgramData\WindowsNotifierNotifier.dll (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8:64bit: - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8:64bit: - Extra context menu item: Easy-WebPrint Preview - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8:64bit: - Extra context menu item: Easy-WebPrint Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC411A11-3342-46A9-9EF4-906B6B494DDB}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vshare\vshare_toolbar.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4a7403a2-4a76-11e0-a66f-20cf30e9c89a}\Shell - "" = AutoRun
O33 - MountPoints2\{4a7403a2-4a76-11e0-a66f-20cf30e9c89a}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/10/25 16:17:44 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{BDDA744A-4453-4A01-940B-528B2E6E1726}
[2011/10/25 16:17:24 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{996AADBC-DF95-4CE3-A408-F857A377A280}
[2011/10/25 15:32:11 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\WinZip
[2011/10/25 15:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2011/10/25 15:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2011/10/25 15:29:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/25 14:37:14 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{F74D52EB-A27A-43BF-BA45-3D2444F0B0E4}
[2011/10/25 14:37:01 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{8F09DA1B-C220-44DC-9F64-006002CDFD57}
[2011/10/25 10:08:45 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{CAD0418A-900D-4463-806F-8C949022E63E}
[2011/10/25 10:08:33 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{F6C9BE33-48EF-42F7-8385-8E770F6C2929}
[2011/10/24 22:42:45 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{FF340EA9-AB26-4B3B-8591-8243EC9B31F1}
[2011/10/24 22:42:31 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{51BF4AC9-BAE5-4FEB-8024-3232A96E10AF}
[2011/10/24 21:51:34 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{5508BAB4-590E-4904-AD04-B33639D4126A}
[2011/10/24 21:51:19 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{1243B753-3A3A-4791-B30C-4AA8712318B1}
[2011/10/24 19:47:15 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/10/24 16:28:02 | 000,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srrstr.dll
[2011/10/24 16:27:57 | 000,129,024 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\WindowsNotifierNotifier.dll
[2011/10/24 15:38:22 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{971166CB-6177-4BE8-A43F-85383AE0293D}
[2011/10/24 15:38:09 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{DB3C4D2F-7A75-4AB0-98F2-2BED422CE4CD}
[2011/10/23 10:37:22 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{1A15D48F-0404-4F96-A3C2-98D39B139333}
[2011/10/23 10:37:10 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{9CB83C08-2BD7-47DE-876D-A054CB305250}
[2011/10/22 10:15:34 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{0769CD31-6E31-4B13-A75B-F0802194D8D2}
[2011/10/22 10:15:23 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{3D224E37-0F38-412A-ACF9-6DCCB15A2556}
[2011/10/21 12:41:41 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{593CF9CD-7849-48F9-9E45-DAFE61A0763B}
[2011/10/21 12:41:29 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{459B8678-276F-44CF-98A2-2F39275F70A1}
[2011/10/20 10:04:31 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{28953736-3E21-4457-85A6-F056B8F117E9}
[2011/10/20 10:04:11 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{A11F01E2-295F-4673-B030-4D8B60B73B05}
[2011/10/19 17:28:18 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{B43A1612-0245-4E8A-B3F7-87AC68DDC97B}
[2011/10/19 17:27:57 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{4E7E168F-F0CC-4A63-9027-2CA80D5983B4}
[2011/10/19 08:47:21 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{2A60B25A-FF4A-4CFB-BF8D-5DE673376B82}
[2011/10/19 08:47:07 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{29A797C4-7460-4B39-85CE-CB5BA1B5BA6F}
[2011/10/18 10:22:51 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{0BCAFB2E-462D-4565-948C-34705D6C1C25}
[2011/10/18 10:22:39 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{58DB7E6D-AC60-491E-8CD9-F8F4B610E84C}
[2011/10/17 14:29:56 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{B832D73E-0C87-491D-A022-8E4C5DA9789A}
[2011/10/17 14:29:43 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{84854A1E-3457-4123-9F6C-99966B214509}
[2011/10/17 07:43:22 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{A1CC0E2E-E9AB-481A-A8D3-3147ADEC042E}
[2011/10/17 07:43:10 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{3BA5CFDD-653F-4489-91D3-45276E8C43F3}
[2011/10/16 10:44:34 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{C3E19235-62A7-4833-9706-2466D6D3E39C}
[2011/10/16 10:44:21 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{01EFE8C9-8237-4225-842B-6F431A6D1450}
[2011/10/15 12:12:27 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{F4EBFBC3-D290-4021-8C68-26740F54236D}
[2011/10/15 12:12:14 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{4C968EEC-530D-476D-B41A-98C6CE4F8D5C}
[2011/10/15 07:29:56 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{F4FCA1BE-578A-42D3-80B3-B8141867176F}
[2011/10/15 07:29:39 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{397DB513-D5B0-48DD-BAE3-C7B291E76E5B}
[2011/10/14 22:37:47 | 000,000,000 | ---D | C] -- C:\Users\Enrique\Desktop\New folder
[2011/10/14 13:07:01 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{439106D7-F6EF-4DB6-B3E8-5A7B7161B6CC}
[2011/10/14 13:06:48 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{19EA6387-3917-452A-A895-121ABCFBBCEC}
[2011/10/13 15:51:22 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{2CE003E0-910B-411C-B371-B008F8146824}
[2011/10/13 15:50:59 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{1F1042FB-2033-4AA7-8985-F9F422B01F96}
[2011/10/12 23:20:02 | 000,000,000 | ---D | C] -- C:\Users\Enrique\Desktop\Prints to Print
[2011/10/12 10:57:00 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{8E9CAF41-D3DA-4BF7-B0A1-F8719526BB75}
[2011/10/12 10:56:40 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{56A34D6C-DB73-4A30-9E19-CFB2083643A4}
[2011/10/12 03:24:36 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{E2151602-2552-43B7-81D3-170D60506A06}
[2011/10/12 03:24:19 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{57782981-08CF-4923-8AA1-7DE9F2410AD4}
[2011/10/11 21:26:01 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/10/11 21:26:01 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/10/11 21:26:01 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/11 21:26:01 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/10/11 21:26:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/11 21:26:01 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/11 21:26:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/11 21:26:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/10/11 21:26:01 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/10/11 21:26:00 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/10/11 21:26:00 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/10/11 21:26:00 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/11 21:26:00 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/11 21:26:00 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/10/11 21:26:00 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/10/11 21:25:57 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/10/11 21:25:57 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/11 21:25:57 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2011/10/11 21:25:57 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/10/11 21:25:57 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/11 21:25:56 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/10/11 21:25:56 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/10/11 21:25:56 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2011/10/11 21:25:56 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011/10/11 21:25:56 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2011/10/11 21:25:56 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011/10/11 21:25:56 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011/10/11 10:20:44 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{23454CDA-AB97-44D8-9FB5-B8BF0027D3C2}
[2011/10/11 10:20:29 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{EC0250E4-6D16-4670-B884-D629BE40B7F8}
[2011/10/10 15:55:44 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{AC1F29C0-CFB2-464A-B1F9-32CCB57CB8D6}
[2011/10/10 15:55:21 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{B2F3F8D0-506E-4272-88E4-B9A4AC5466FB}
[2011/10/10 08:52:03 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{A056A7EB-79E1-43FE-8EFE-C6FB5C38D616}
[2011/10/10 08:51:47 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{3EEDBD4B-A6C0-4967-A34D-EB849AECB229}
[2011/10/09 14:03:09 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{9073CF49-0089-4BE1-ABF5-A0EBA6C8F3B8}
[2011/10/09 14:02:58 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{DCC8181F-DC85-47D7-A623-806951BDD456}
[2011/10/09 09:55:29 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{6ADBC816-C652-4D66-AFE0-A43BB1787727}
[2011/10/09 09:55:16 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{A1C739BB-59AF-4612-80EF-A819A53CBB5E}
[2011/10/08 16:01:01 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{79EBE004-5B54-4D37-A299-87CEAA27C009}
[2011/10/08 16:00:44 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{DAF23E84-854E-44DB-AD17-CAA1C6B64EC8}
[2011/10/07 14:49:00 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{BD7E4D68-37F3-48D1-ADB9-0D0F218F5034}
[2011/10/07 14:48:45 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{B0DAED76-DEE9-4963-9A5B-205B57E53C7E}
[2011/10/07 01:17:05 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\Diagnostics
[2011/10/07 01:09:41 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{4CF0EC49-F788-41DA-8AB0-15FAF0ADFDBF}
[2011/10/06 11:05:32 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{6B3BC698-0FF5-4DDC-AA3C-CA62585F4ECD}
[2011/10/06 11:05:17 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{DC48FC88-23EF-4D11-A6FF-293149C9418D}
[2011/10/05 13:53:13 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{C43E7CD7-88EE-46E0-841A-49E84C6825EC}
[2011/10/05 13:52:56 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{5E3EFACF-EC46-4F0C-8817-8F737828C4AC}
[2011/10/05 10:02:54 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{7604C591-6B80-4E88-9E1C-F86B648628B5}
[2011/10/05 10:02:39 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{338B5FF7-E811-4B53-AD5E-5D30106C419A}
[2011/10/04 10:18:49 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{3F3F9E9A-DBFA-4C9C-8D2F-5AC17E47709C}
[2011/10/04 10:18:37 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{F3B15660-350C-4F86-99D4-67C98F963D1D}
[2011/10/03 16:06:56 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{F31EA293-2F11-4CFE-9E6C-ED5FAD918EBB}
[2011/10/03 16:06:44 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{26AC4B1F-DDED-48BE-B990-F5D0CC27C176}
[2011/10/03 08:50:28 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{DD7618E6-F139-4884-A6DD-956EB4BC32E8}
[2011/10/03 08:50:06 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{3E641997-EA23-4B2D-93B8-4135C7EEBCAE}
[2011/10/02 11:09:02 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{7849EF61-C605-45D4-B31F-CEA3CEC75743}
[2011/10/02 11:08:50 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{F3706121-AD4D-432B-BD67-78A88BE76313}
[2011/10/01 10:50:15 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{4B1BDA7C-655E-4767-AE13-11CF104144E1}
[2011/10/01 10:50:01 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{5F2B3CD4-2E34-479E-B3E2-96B85431B795}
[2011/10/01 02:00:57 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{EBD4EA92-E22A-4301-BD6D-61D7D5059B22}
[2011/10/01 02:00:44 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{22963479-CE7E-4F2E-B13A-4B81ECB359F7}
[2011/09/30 12:52:38 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{388B78E6-ACB0-4BA7-BB31-79F7D60F2A05}
[2011/09/30 12:52:25 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{8AD67A0C-A245-455A-9CDB-2CDCE9A5E5CB}
[2011/09/30 09:08:25 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{F2FAA7CF-81F1-4B55-B7D6-730C14580AC3}
[2011/09/30 09:07:33 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{FE91C275-4EA1-4676-8499-48DF1E77980F}
[2011/09/29 09:32:46 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{806A81C4-8448-4857-8A7E-8056FDDAACDD}
[2011/09/29 09:32:31 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{212E1A61-64B7-46CE-BC3D-BA1B216F3B43}
[2011/09/28 17:03:55 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{EDF6F66C-3386-4A58-85A0-41B6495F6B57}
[2011/09/28 17:03:40 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{4C083F3C-DFE0-49DD-A0E3-472F5CDBA945}
[2011/09/27 18:24:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PingPlotter Standard
[2011/09/27 18:24:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PingPlotter Standard
[2011/09/27 15:42:32 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{C8104573-A79F-4F32-AF99-B34078BF2027}
[2011/09/27 15:42:15 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{1EC52A23-BE27-44F5-A80B-617F85CC1B33}
[2011/09/27 10:12:01 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{8365D88C-9D37-4394-B85D-BECE9D2DA8B2}
[2011/09/27 10:11:48 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{2E9400B1-CEE4-45D5-87E2-324081230C39}
[2011/09/27 01:28:46 | 000,000,000 | ---D | C] -- C:\Users\Enrique\Documents\toodamntrue
[2011/09/26 18:46:12 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{7D56301C-D5DB-41A8-B42F-45207D9337DB}
[2011/09/26 18:45:58 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{F74967A2-D7D1-4FE2-99D3-9222C57E4DF1}
[2011/09/26 08:47:50 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{CD18D52B-604E-455C-A9F2-1D2C5FF45616}
[2011/09/26 08:47:38 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{092E931C-DF66-4DC4-9E84-EBB28E77961B}
[2011/09/25 20:57:58 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{8709BAB2-22F2-4E16-B28A-4F0D204B5200}
[2011/09/25 20:57:46 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{C3580435-E8CC-43D7-9AB1-982CC20DF040}
[2009/05/14 23:15:24 | 005,719,400 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
[2009/05/14 23:15:24 | 004,397,928 | ---- | C] (Autodesk) -- C:\Program Files\Common Files\adlmint.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Enrique\AppData\Roaming\*.tmp files -> C:\Users\Enrique\AppData\Roaming\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/25 16:32:12 | 000,000,590 | ---- | M] () -- C:\Users\Enrique\Desktop\MBRr.zip
[2011/10/25 16:27:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/25 16:24:19 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/25 16:24:19 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/25 16:24:02 | 000,000,590 | ---- | M] () -- C:\Users\Enrique\Desktop\MBR.zip
[2011/10/25 16:17:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/25 16:16:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/25 16:16:39 | 1945,505,791 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/25 15:32:01 | 000,002,251 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011/10/25 14:52:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3354869186-130629379-3507963822-1001UA.job
[2011/10/25 10:24:19 | 000,000,512 | ---- | M] () -- C:\Users\Enrique\Desktop\MBR.dat
[2011/10/24 23:54:25 | 000,001,456 | ---- | M] () -- C:\Users\Enrique\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/10/24 21:48:23 | 107,870,494 | ---- | M] () -- C:\Users\Enrique\Desktop\zelda.psd
[2011/10/24 21:27:41 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/24 19:20:00 | 000,000,502 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Enrique.job
[2011/10/24 18:21:14 | 000,203,246 | ---- | M] () -- C:\Users\Enrique\Desktop\JESUS8.jpg
[2011/10/24 18:18:13 | 089,834,684 | ---- | M] () -- C:\Users\Enrique\Desktop\JESUS2.psd
[2011/10/24 18:08:31 | 000,169,019 | ---- | M] () -- C:\Users\Enrique\Desktop\Cracked_Glass_Texture_I_by_EverythingIsInStock.jpg
[2011/10/24 17:54:46 | 001,173,070 | ---- | M] () -- C:\Users\Enrique\Desktop\d2a2fd0d0e71c876f5ba8b750397a6e2.jpg
[2011/10/24 16:27:56 | 000,129,024 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\WindowsNotifierNotifier.dll
[2011/10/24 16:27:56 | 000,129,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\srrstr.dll
[2011/10/23 11:52:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3354869186-130629379-3507963822-1001Core.job
[2011/10/22 20:36:08 | 000,073,406 | ---- | M] () -- C:\Users\Enrique\Desktop\TheGoodDoctor.jpg
[2011/10/22 17:27:03 | 000,217,161 | ---- | M] () -- C:\Users\Enrique\Desktop\114ctop.jpg
[2011/10/22 13:24:54 | 000,274,081 | ---- | M] () -- C:\Users\Enrique\Desktop\JESUS7.jpg
[2011/10/22 12:47:23 | 000,087,608 | ---- | M] () -- C:\Users\Enrique\Desktop\Zelda_Ocarina_of_Time_art01.jpg
[2011/10/21 14:08:38 | 000,313,475 | ---- | M] () -- C:\Users\Enrique\Desktop\JESUS6.jpg
[2011/10/21 02:56:40 | 000,519,261 | ---- | M] () -- C:\Users\Enrique\Desktop\recon_by_kalkulation.jpg
[2011/10/21 02:56:33 | 007,198,582 | ---- | M] () -- C:\Users\Enrique\Desktop\conan.psd
[2011/10/19 03:05:32 | 000,021,736 | ---- | M] () -- C:\Users\Enrique\Desktop\9814294-broken-glass-with-cracks-and-holes-for-design.jpg
[2011/10/16 11:37:25 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/16 11:37:25 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/16 11:37:25 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/14 14:44:11 | 000,138,752 | ---- | M] () -- C:\Users\Enrique\Desktop\JESUS5.jpg
[2011/10/14 13:36:00 | 000,295,046 | ---- | M] () -- C:\Users\Enrique\Desktop\Shinjuku-Tokyo-Japan-Lights-Wallpaper.jpg
[2011/10/13 16:26:51 | 000,582,078 | ---- | M] () -- C:\Users\Enrique\Desktop\Tokyo-japan-1020091_1024_768.jpg
[2011/10/13 02:16:10 | 000,035,041 | ---- | M] () -- C:\Users\Enrique\Desktop\Conan-O-Brien-the-tonight-show-with-conan-obrien-6115061-434-468.jpg
[2011/10/12 19:17:26 | 000,019,117 | ---- | M] () -- C:\Users\Enrique\Desktop\Conan-O'Brien-011810L.jpg
[2011/10/12 13:30:05 | 000,110,130 | ---- | M] () -- C:\Users\Enrique\Desktop\hamsterflier1.jpg
[2011/10/12 03:23:08 | 005,294,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/11 19:28:48 | 000,017,457 | ---- | M] () -- C:\Users\Enrique\Desktop\tfalogolink.jpg
[2011/10/08 18:31:07 | 000,111,363 | ---- | M] () -- C:\Users\Enrique\Desktop\JESUS4.jpg
[2011/10/05 19:23:22 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/10/05 10:11:36 | 000,086,129 | ---- | M] () -- C:\Users\Enrique\Desktop\hame_t6.jpg
[2011/10/03 19:43:04 | 000,102,396 | ---- | M] () -- C:\Users\Enrique\Desktop\JESUS3.jpg
[2011/09/29 19:19:54 | 000,249,993 | ---- | M] () -- C:\Users\Enrique\Desktop\darksiders_promo_by_liquidology.jpg
[2011/09/29 14:46:46 | 000,100,554 | ---- | M] () -- C:\Users\Enrique\Desktop\s2.jpg
[2011/09/29 14:12:20 | 000,013,870 | ---- | M] () -- C:\Users\Enrique\Desktop\blowing-bubbles.jpg
[2011/09/29 14:11:44 | 000,062,540 | ---- | M] () -- C:\Users\Enrique\Desktop\bubbles.jpg
[2011/09/29 14:11:22 | 001,909,559 | ---- | M] () -- C:\Users\Enrique\Desktop\blue_water_bubbles.jpg
[2011/09/29 00:37:16 | 000,082,705 | ---- | M] () -- C:\Users\Enrique\Desktop\s1.jpg
[2011/09/27 18:30:17 | 000,008,354 | ---- | M] () -- C:\Users\Enrique\Desktop\www.therapyforartists.net.png
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Enrique\AppData\Roaming\*.tmp files -> C:\Users\Enrique\AppData\Roaming\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/25 16:31:19 | 000,000,590 | ---- | C] () -- C:\Users\Enrique\Desktop\MBRr.zip
[2011/10/25 15:32:01 | 000,002,251 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011/10/25 15:14:47 | 000,000,590 | ---- | C] () -- C:\Users\Enrique\Desktop\MBR.zip
[2011/10/25 10:24:19 | 000,000,512 | ---- | C] () -- C:\Users\Enrique\Desktop\MBR.dat
[2011/10/24 18:18:30 | 000,203,246 | ---- | C] () -- C:\Users\Enrique\Desktop\JESUS8.jpg
[2011/10/24 18:08:30 | 000,169,019 | ---- | C] () -- C:\Users\Enrique\Desktop\Cracked_Glass_Texture_I_by_EverythingIsInStock.jpg
[2011/10/24 17:54:45 | 001,173,070 | ---- | C] () -- C:\Users\Enrique\Desktop\d2a2fd0d0e71c876f5ba8b750397a6e2.jpg
[2011/10/22 20:36:08 | 000,073,406 | ---- | C] () -- C:\Users\Enrique\Desktop\TheGoodDoctor.jpg
[2011/10/22 13:24:54 | 000,274,081 | ---- | C] () -- C:\Users\Enrique\Desktop\JESUS7.jpg
[2011/10/22 12:47:22 | 000,087,608 | ---- | C] () -- C:\Users\Enrique\Desktop\Zelda_Ocarina_of_Time_art01.jpg
[2011/10/21 19:09:54 | 107,870,494 | ---- | C] () -- C:\Users\Enrique\Desktop\zelda.psd
[2011/10/21 16:39:02 | 000,217,161 | ---- | C] () -- C:\Users\Enrique\Desktop\114ctop.jpg
[2011/10/21 14:02:38 | 000,313,475 | ---- | C] () -- C:\Users\Enrique\Desktop\JESUS6.jpg
[2011/10/19 03:05:32 | 000,021,736 | ---- | C] () -- C:\Users\Enrique\Desktop\9814294-broken-glass-with-cracks-and-holes-for-design.jpg
[2011/10/14 14:42:25 | 000,138,752 | ---- | C] () -- C:\Users\Enrique\Desktop\JESUS5.jpg
[2011/10/14 13:36:00 | 000,295,046 | ---- | C] () -- C:\Users\Enrique\Desktop\Shinjuku-Tokyo-Japan-Lights-Wallpaper.jpg
[2011/10/13 16:26:51 | 000,582,078 | ---- | C] () -- C:\Users\Enrique\Desktop\Tokyo-japan-1020091_1024_768.jpg
[2011/10/13 02:36:32 | 007,198,582 | ---- | C] () -- C:\Users\Enrique\Desktop\conan.psd
[2011/10/13 02:16:10 | 000,035,041 | ---- | C] () -- C:\Users\Enrique\Desktop\Conan-O-Brien-the-tonight-show-with-conan-obrien-6115061-434-468.jpg
[2011/10/12 19:17:26 | 000,019,117 | ---- | C] () -- C:\Users\Enrique\Desktop\Conan-O'Brien-011810L.jpg
[2011/10/12 19:07:05 | 000,519,261 | ---- | C] () -- C:\Users\Enrique\Desktop\recon_by_kalkulation.jpg
[2011/10/12 13:30:05 | 000,110,130 | ---- | C] () -- C:\Users\Enrique\Desktop\hamsterflier1.jpg
[2011/10/11 19:28:48 | 000,017,457 | ---- | C] () -- C:\Users\Enrique\Desktop\tfalogolink.jpg
[2011/10/08 18:28:41 | 000,111,363 | ---- | C] () -- C:\Users\Enrique\Desktop\JESUS4.jpg
[2011/10/05 10:10:04 | 000,086,129 | ---- | C] () -- C:\Users\Enrique\Desktop\hame_t6.jpg
[2011/10/03 19:39:27 | 000,102,396 | ---- | C] () -- C:\Users\Enrique\Desktop\JESUS3.jpg
[2011/10/03 16:58:41 | 089,834,684 | ---- | C] () -- C:\Users\Enrique\Desktop\JESUS2.psd
[2011/09/29 19:19:53 | 000,249,993 | ---- | C] () -- C:\Users\Enrique\Desktop\darksiders_promo_by_liquidology.jpg
[2011/09/29 14:46:06 | 000,100,554 | ---- | C] () -- C:\Users\Enrique\Desktop\s2.jpg
[2011/09/29 14:12:20 | 000,013,870 | ---- | C] () -- C:\Users\Enrique\Desktop\blowing-bubbles.jpg
[2011/09/29 14:11:44 | 000,062,540 | ---- | C] () -- C:\Users\Enrique\Desktop\bubbles.jpg
[2011/09/29 14:11:20 | 001,909,559 | ---- | C] () -- C:\Users\Enrique\Desktop\blue_water_bubbles.jpg
[2011/09/29 00:34:55 | 000,082,705 | ---- | C] () -- C:\Users\Enrique\Desktop\s1.jpg
[2011/09/27 18:30:17 | 000,008,354 | ---- | C] () -- C:\Users\Enrique\Desktop\www.therapyforartists.net.png
[2011/06/29 10:41:18 | 000,000,078 | ---- | C] () -- C:\ProgramData\7822f4ff
[2011/05/29 23:25:21 | 000,011,440 | -HS- | C] () -- C:\ProgramData\5tj76a8lhem5hw5065kc0t1ls4prx67h17ci0hn6l4qr
[2011/05/29 23:25:21 | 000,011,438 | -HS- | C] () -- C:\Users\Enrique\AppData\Local\5tj76a8lhem5hw5065kc0t1ls4prx67h17ci0hn6l4qr
[2011/04/24 00:54:31 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\pxhpinst.exe
[2010/12/26 20:39:17 | 000,001,456 | ---- | C] () -- C:\Users\Enrique\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/12/26 20:10:54 | 000,000,431 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010/12/26 12:58:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/28 15:36:06 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2010/07/28 15:35:35 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll
[2010/07/28 15:34:23 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/07/28 15:34:23 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/07/28 15:34:22 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/07/28 15:34:22 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/07/28 15:32:49 | 000,009,987 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/07/28 15:32:47 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/07/28 15:32:46 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2010/07/28 15:32:46 | 000,007,698 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/07/28 15:30:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/06/15 23:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 14:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 14:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 14:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 10:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP207.INI

========== LOP Check ==========

[2011/02/10 00:52:31 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\acccore
[2011/01/24 20:21:29 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\Autodesk
[2011/10/25 16:41:45 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\Azureus
[2011/09/05 15:05:19 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\Canon
[2011/04/30 22:44:17 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/03 11:49:38 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\Filter Forge Freepack 2 - Photo Effects
[2011/07/12 03:20:09 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/07/07 15:57:13 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\PingKaching.45C46A55E3922496F6ADD09FCC67FAC1A9B38B70.1
[2010/12/26 20:10:45 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\ScanSoft
[2011/01/31 23:43:29 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/04/24 13:18:18 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\Windows Live Writer
[2011/10/23 11:52:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3354869186-130629379-3507963822-1001Core.job
[2011/10/25 14:52:00 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3354869186-130629379-3507963822-1001UA.job
[2011/08/18 11:20:44 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/30 08:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/30 08:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/30 08:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2011/09/30 08:12:41 | 001,030,200 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/08/19 21:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: FIREFOX.EXE
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: FIREFOX.EXE -SAFE-MODE
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2011/09/30 08:12:41 | 001,030,200 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2011/09/30 08:12:41 | 001,030,200 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2011/09/30 08:12:41 | 001,030,200 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2011/09/30 08:12:41 | 001,030,200 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/08/19 21:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: IEXPLORE.EXE

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8CE646EE

< End of report >

:
:







OTL Extras logfile created on: 10/25/2011 4:40:11 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Enrique\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.43 Gb Available Physical Memory | 70.02% Memory free
15.50 Gb Paging File | 12.90 Gb Available in Paging File | 83.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 912.93 Gb Total Space | 788.40 Gb Free Space | 86.36% Space Free | Partition Type: NTFS
Drive D: | 4.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ENRIQUE-PC | User Name: Enrique | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3354869186-130629379-3507963822-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460" = Canon MP460
"{1314D90A-A77D-4635-BB8C-840FBB466BE3}" = Autodesk MatchMover 2010 (64-bit)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{284B452E-075E-4C7B-B8EE-E4A798CC3772}" = Maya 2010 (64-bit)
"{2B80C356-CA93-433D-814C-BF4CBF3195C2}" = Maya 2010 (64-bit) Documentation (en_US)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{73414D7D-F23E-B9E2-3B21-1574C5DE36DC}" = ATI Catalyst Install Manager
"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
"{7C9BB3CD-05F4-DA12-9F32-AA8B12E93E8E}" = ccc-utility64
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{833B98DC-A851-43D3-B22C-9C7B815520E3}" = Autodesk DirectConnect 2010 (64-bit)
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9301985B-D116-4A93-A93D-94580084FF86}" = 64 Bit HP CIO Components Installer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B7FEA90D-9620-455F-9B15-652D4FA80B0A}" = Autodesk Toxik 2010 (64-bit)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CF390C22-532A-E2CC-2660-A38C8E85A5A9}" = ATI AVIVO64 Codecs
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"Wacom Tablet Driver" = Wacom Tablet

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{076DB5CB-317A-2BE5-CD2E-6FAB05708F76}" = CCC Help Italian
"{07A4B946-4648-D7BA-8EBC-E70612369210}" = CCC Help Chinese Traditional
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{124C9BD0-8C52-40AB-8238-0605703B1C28}" = ASUS Backup Wizard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23EDDCC4-DDCF-46F2-94B8-E5511A870D40}" = Print Artist Gold 23
"{24990A39-5F20-4FCA-BAFE-EEF1E4800709}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
"{2ED5306E-A2D1-6427-6669-C5D14F49ACF1}" = CCC Help Japanese
"{2FA4FF3B-CEB8-FB52-5FE5-55F2B831E58E}" = CCC Help Korean
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1.3
"{3D57F633-6F61-6D56-2015-4D610C7614BD}" = CCC Help English
"{3E43EBBB-5858-1E4A-ED47-1F9BD178FFFB}" = CCC Help Polish
"{45D146C1-3805-977C-4EBE-731A582C2871}" = CCC Help Portuguese
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}" = AI Manager
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54A5471C-7F82-E7DA-4F82-680A138D9432}" = CCC Help Hungarian
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62150342-D3D1-1AD0-666E-5808F38BB41E}" = Catalyst Control Center InstallProxy
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6790CAB2-7B98-8377-05F8-32F3840B9242}" = CCC Help Norwegian
"{68176354-40B6-7C37-5167-42D322045BD7}" = PingKaching
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{768BCF88-1F4E-DFDC-4E58-E149302AE7FB}" = Catalyst Control Center Graphics Previews Vista
"{776EC843-9B48-8E72-6574-B0A7FCBE74AB}" = Market Samurai
"{7BA90166-3C22-CB7D-334D-67BE0AB0E2E5}" = CCC Help Danish
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83A7C82F-863A-61F4-8D3B-68227F37005A}" = CCC Help Finnish
"{847CAE64-4CD2-4B2D-AF00-978FF5431033}" = Nero 7 Ultra Edition
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{887DF5A1-FEC9-76F7-DFCA-BC07C4F3F8F3}" = CCC Help Dutch
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DB5DF43-ED8B-7ECA-EBE2-02B7618B95EB}" = CCC Help Turkish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{976609BF-CE92-2E4B-F0B4-2C7AADC62AB4}" = CCC Help Spanish
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E11A94D-5F60-10C6-D582-E79728F4DFF1}" = CCC Help Russian
"{A14F7508-B784-40B8-B11A-E0E2EEB7229F}" = Adobe Premiere Pro 1.5 Tryout
"{A1BC7068-C1BA-410F-8B9A-DB807C803DE2}" = Adobe Creative Suite 5 Design Premium
"{A1E2A918-F0E4-244E-3D64-D5FFE55D0055}" = CCC Help Czech
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B87660A6-A3DC-294A-11BF-82BF0DA6043A}" = ccc-core-static
"{B8AAEB36-6832-FE2D-D810-4A39284AE98F}" = CCC Help Swedish
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{C25EEE5E-9230-B809-32B5-FE9519CEB8D9}" = CCC Help Greek
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7E32DA9-0292-EC8D-0C78-BDD00D857991}" = Catalyst Control Center Localization All
"{C9FA391B-7861-25EA-AE90-ECAB6BA65BC2}" = CCC Help German
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED721ABC-423D-4F7D-AEBB-E1E39C388E84}" = Facebook Video Calling 1.0.0.8714
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F834B42E-6A06-A37F-0C90-CDBE31EF072D}" = CCC Help Chinese Standard
"{FC3EFAAD-4BD4-A5A7-875C-D41945E28F28}" = CCC Help Thai
"{FDAC518A-18AE-EF17-FF1F-48F3435C5786}" = CCC Help French
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"AIM_7" = AIM 7
"ASUS VIBE" = ASUS VIBE
"ATT-SST" = AT&T Service & Support Tool
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"Canon MP460 User Registration" = Canon MP460 User Registration
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"conduitEngine" = Conduit Engine
"DivX Setup.divx.com" = DivX Setup
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"Filter Forge Freepack 2 - Photo Effects_is1" = Filter Forge Freepack 2 - Photo Effects 1.012
"Google Chrome" = Google Chrome
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"NSS" = Norton Security Scan
"PingKaching.45C46A55E3922496F6ADD09FCC67FAC1A9B38B70.1" = PingKaching
"PingPlotter Standard" = PingPlotter Standard 3.30.4s
"PROPLUS" = Microsoft Office Professional Plus 2007
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ST6UNST #1" = Address Book
"Vector Magic" = Vector Magic
"VisualLightBox" = VisualLightBox
"vshare" = vShare Toolbar
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = att.net Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/10/2011 12:45:06 AM | Computer Name = Enrique-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.79:5353 4 Enrique-PC.local.
Addr 192.168.1.79

Error - 10/10/2011 12:45:06 AM | Computer Name = Enrique-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 0; will rename 4 Enrique-PC.local.
Addr 99.44.33.105

Error - 10/10/2011 12:45:06 AM | Computer Name = Enrique-PC | Source = Bonjour Service | ID = 100
Description = Local Hostname Enrique-PC.local already in use; will try Enrique-PC-2.local
instead

Error - 10/11/2011 5:09:16 PM | Computer Name = Enrique-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 10/12/2011 3:04:51 PM | Computer Name = Enrique-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 10/13/2011 1:58:38 AM | Computer Name = Enrique-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f21db Faulting module name: msxml3.dll, version: 8.110.7600.16723,
time stamp: 0x4d103aab Exception code: 0xc0000005 Fault offset: 0x0002e64f Faulting
process id: 0x3d10 Faulting application start time: 0x01cc896d1fb7af8e Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\System32\msxml3.dll Report Id: 64724539-f560-11e0-89f4-20cf30e9c89a

Error - 10/13/2011 9:59:04 PM | Computer Name = Enrique-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 10/15/2011 4:08:11 PM | Computer Name = Enrique-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 10/16/2011 3:00:21 PM | Computer Name = Enrique-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f21db Faulting module name: msxml3.dll, version: 8.110.7600.16723,
time stamp: 0x4d103aab Exception code: 0xc0000005 Fault offset: 0x0002e64f Faulting
process id: 0xf9c Faulting application start time: 0x01cc8c35d44ddac0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\System32\msxml3.dll Report Id: 17fa09b5-f829-11e0-b7a9-20cf30e9c89a

Error - 10/17/2011 3:35:14 AM | Computer Name = Enrique-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 10/12/2011 6:21:34 AM | Computer Name = Enrique-PC | Source = DCOM | ID = 10010
Description =

Error - 10/12/2011 9:18:17 PM | Computer Name = Enrique-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on E: cannot be read.

Error - 10/13/2011 6:55:34 AM | Computer Name = Enrique-PC | Source = DCOM | ID = 10010
Description =

Error - 10/14/2011 10:54:43 PM | Computer Name = Enrique-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on F: cannot be read.

Error - 10/16/2011 5:54:08 AM | Computer Name = Enrique-PC | Source = DCOM | ID = 10010
Description =

Error - 10/22/2011 1:14:53 PM | Computer Name = Enrique-PC | Source = DCOM | ID = 10010
Description =

Error - 10/22/2011 10:07:10 PM | Computer Name = Enrique-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/23/2011 3:07:35 PM | Computer Name = Enrique-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on E: cannot be read.

Error - 10/23/2011 11:37:24 PM | Computer Name = Enrique-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on F: cannot be read.

Error - 10/25/2011 12:49:14 AM | Computer Name = Enrique-PC | Source = DCOM | ID = 10010
Description =


< End of report >

Attached Files

  • Attached File  MBRr.zip   590bytes   25 downloads

  • 0

#4
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please proceed with following steps:

Step 1

Please uninstall following programs (if present):

  • Conduit Engine
  • Microsoft Security Essentials
  • Norton Security Scan
  • vShare Toolbar
  • Vuze Remote Toolbar

How to unistall program in Windows Vista and 7:

  • Open Programs and Features by clicking the Start button Posted Image, clicking Control Panel, clicking Programs, and then clicking Programs and Features.
  • Select a program(s) listed above, and then click Uninstall. Some programs include the option to change or repair the program in addition to uninstalling it. But many simply offer the option to uninstall. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Step 2

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista, 7).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Step 3

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in:

    :OTL
    IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
    FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
    [2011/10/24 16:28:06 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\extensions\{0e2e1d11-b40d-4cc6-91a0-6439dd7ad650}
    [2011/07/06 15:13:23 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    [2011/02/05 20:41:05 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\extensions\[email protected]
    [2011/02/03 14:57:43 | 000,000,903 | ---- | M] () -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\searchplugins\conduit.xml
    O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vshare\vshare_toolbar.dll ()
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vshare\vshare_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vshare\vshare_toolbar.dll ()
    O3 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001..\Run: [Azureus Update] C:\Users\Enrique\AppData\Local\Ahead\AheadUpdate\Aheadup.DLL (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001..\Run: [kde.org Update] C:\Users\Enrique\AppData\Local\Apple Computer\AppleUpdate\Appleup.DLL (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001..\Run: [WindowsNotifierNotifier] C:\ProgramData\WindowsNotifierNotifier.dll (Microsoft Corporation)
      	
    :Files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    C:\Users\Enrique\AppData\Roaming\trzE64F.tmp
    
    :Reg
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYJAVA]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 4

Posted Image Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware.
  • Select the Update tab.
  • Click on Check for Updates button.
  • Click on OK.
  • Select the Scanner tab.
  • Select Perform quick scan, then click on Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

When completed the above, please post back the following in the order asked for:
  • GooredFix.txt log
  • OTL fix log
  • Quick OTL scan log
  • MBAM log

  • 0

#5
om20

om20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
On step three after pressing the "run fix". nothing popped up. It prompted me to restart. I pressed ok. And nothing happened. And I cant locate the file where you said to. But I have the other logs.

Google Fix

GooredFix by jpshortstuff (03.07.10.1)
Log created at 10:32 on 27/10/2011 (Enrique)
Firefox version 4.0.1 (en-US)

========== GooredScan ==========

Deleting "C:\Users\Enrique\Application Data\Mozilla\Firefox\Profiles\p2uphuw6.default\extensions\{0e2e1d11-b40d-4cc6-91a0-6439dd7ad650}" -> Success!

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [02:36 16/05/2011]

C:\Users\Enrique\Application Data\Mozilla\Firefox\Profiles\p2uphuw6.default\extensions\
{635abd67-4fe9-1b23-4f01-e679fa7484c1} [06:31 26/10/2011]
{ba14329e-9550-4989-b3f2-9732e92d17cc} [22:13 06/07/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video" [23:20 05/03/2011]
"{6904342A-8307-11DF-A508-4AE2DFD72085}"="C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa" [23:20 05/03/2011]

-=E.O.F=-


OLT LOG
OTL logfile created on: 10/27/2011 11:23:36 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Enrique\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.80 Gb Available Physical Memory | 74.88% Memory free
15.50 Gb Paging File | 13.36 Gb Available in Paging File | 86.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 912.93 Gb Total Space | 785.52 Gb Free Space | 86.04% Space Free | Partition Type: NTFS
Drive D: | 4.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ENRIQUE-PC | User Name: Enrique | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/25 10:24:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Enrique\Downloads\OTL.exe
PRC - [2011/05/10 05:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/02/14 18:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/05 10:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2010/07/27 02:47:12 | 000,207,872 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/23 13:59:42 | 000,232,064 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
PRC - [2009/08/31 12:06:22 | 000,144,672 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Print Artist Gold\ReminderApp.exe
PRC - [2009/06/04 15:10:56 | 005,777,408 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2007/06/27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/03 12:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
PRC - [2006/03/21 14:19:40 | 000,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 03:26:01 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll
MOD - [2011/10/12 03:25:47 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\fd6d00c3c7d56a2e3651769081e8f412\System.EnterpriseServices.ni.dll
MOD - [2011/10/12 03:25:47 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\834be57d8ab824b4ebcbf01161791d70\System.Transactions.ni.dll
MOD - [2011/10/12 03:25:46 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\45a20172acfdcc160ecb6bd358179c31\System.Data.ni.dll
MOD - [2011/10/12 03:25:38 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll
MOD - [2011/10/12 03:25:23 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/12 03:25:16 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/12 03:25:13 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll
MOD - [2011/10/12 03:25:03 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011/10/12 03:24:58 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/12 03:24:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/12 03:24:54 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/12 03:24:32 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/07/11 01:14:29 | 006,271,648 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/20 14:11:02 | 000,076,288 | ---- | M] () -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
MOD - [2011/04/14 09:25:47 | 001,874,904 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/02/14 18:33:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/02/14 18:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/01/05 10:06:43 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/08/31 12:06:24 | 000,152,864 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Print Artist Gold\en-US\ReminderApp.resources.dll
MOD - [2009/08/31 12:06:22 | 000,144,672 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Print Artist Gold\ReminderApp.exe
MOD - [2009/08/31 12:06:22 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Print Artist Gold\AddressBookCore.dll
MOD - [2009/06/10 14:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/06/10 14:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/06/04 15:10:56 | 005,777,408 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
MOD - [2009/03/25 16:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2009/01/15 14:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
MOD - [2006/01/10 09:50:20 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/01/24 19:57:23 | 001,315,592 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/11/15 11:08:10 | 005,716,848 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2010/08/04 02:51:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/07/27 02:47:14 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/23 13:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/10/01 16:45:23 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 05:04:08 | 000,600,920 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/05/10 05:04:07 | 000,287,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/05/10 05:02:41 | 000,053,592 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/05/10 04:59:59 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/05/10 04:59:48 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/05/10 04:59:37 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/02 16:07:54 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/10/25 10:59:32 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2010/10/25 10:59:28 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/04 03:22:38 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/08/04 03:22:38 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/08/04 02:15:46 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/27 02:47:46 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2010/07/27 02:47:36 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2010/04/08 05:12:00 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/15 20:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 12:07:02 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/23 07:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/04 18:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2006/12/05 12:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV - [2010/07/27 02:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/07/27 02:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/01/04 14:34:48 | 000,011,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys -- (ASInsHelp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C DC 36 01 F3 D8 25 4E 8D D0 4C 4C CF AB 4F BA [binary data]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Enrique\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/05 16:20:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/05 16:20:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/15 19:36:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/15 19:36:51 | 000,000,000 | ---D | M]

[2010/12/28 21:06:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Enrique\AppData\Roaming\Mozilla\Extensions
[2011/10/27 10:32:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\extensions
[2011/10/25 23:31:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/07/06 15:13:23 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/02/03 14:57:43 | 000,000,903 | ---- | M] () -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\searchplugins\conduit.xml
[2011/05/15 19:36:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\ENRIQUE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P2UPHUW6.DEFAULT\EXTENSIONS\[email protected]
[2011/04/14 09:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: No name found = C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1125_0\
CHR - Extension: No name found = C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files (x86)\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AddressBookReminderApp] C:\Program Files (x86)\Nova Development\Print Artist Gold\ReminderApp.exe ()
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Azureus Update] rundll32 "C:\Users\Enrique\AppData\Local\Ahead\AheadUpdate\Aheadup.DLL",DllRegisterServer File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Enrique\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [kde.org Update] rundll32 "C:\Users\Enrique\AppData\Local\Apple Computer\AppleUpdate\Appleup.DLL",DllRegisterServer File not found
O4 - HKCU..\Run: [WindowsNotifierNotifier] rundll32.exe "C:\ProgramData\WindowsNotifierNotifier.dll",DllRegisterServer File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8:64bit: - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8:64bit: - Extra context menu item: Easy-WebPrint Preview - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8:64bit: - Extra context menu item: Easy-WebPrint Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC411A11-3342-46A9-9EF4-906B6B494DDB}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4a7403a2-4a76-11e0-a66f-20cf30e9c89a}\Shell - "" = AutoRun
O33 - MountPoints2\{4a7403a2-4a76-11e0-a66f-20cf30e9c89a}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/27 11:17:24 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{30F4831A-6FBA-4465-8482-6E4C7663140F}
[2011/10/27 11:17:09 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{76771268-1C35-4815-9BE1-DBDABA92A03A}
[2011/10/27 10:59:45 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{FCEA9F00-E974-4004-962C-8501268C75AB}
[2011/10/27 10:59:29 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{27BECFB9-A544-49EE-823B-9B91FA205EC7}
[2011/10/27 10:43:09 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{3CAAF892-4825-4859-83D7-8EAF178D0B25}
[2011/10/27 10:42:53 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{0B2E3937-4A4B-483F-8351-EDE8C734BD8D}
[2011/10/27 10:32:31 | 000,000,000 | ---D | C] -- C:\Users\Enrique\Desktop\GooredFix Backups
[2011/10/27 10:30:03 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Enrique\Desktop\GooredFix.exe
[2011/10/27 10:24:17 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{FEEE6F1D-CAFE-43C9-BA12-6B39C966193C}
[2011/10/27 10:24:06 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{0DA26ACC-3F00-4E3F-8780-45DC6D1B87B2}
[2011/10/27 02:21:59 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{80433312-5214-4F0F-80AF-26B551802098}
[2011/10/27 02:21:46 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{A86AC95F-1494-4FE6-B916-C6B91068928E}
[2011/10/26 16:24:21 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{AF6A0F20-F5EF-4435-93C0-A04DE93260EB}
[2011/10/26 16:23:58 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{CC88B4E8-7A33-4FF4-8267-F4CC8F3FFD73}
[2011/10/25 23:31:16 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{2E523148-6A5F-4D0A-B317-FD5E85C3061A}
[2011/10/25 23:31:02 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{3E9C0B2E-DA59-40FB-8C1F-6C8DAC24941A}
[2011/10/25 16:17:44 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{BDDA744A-4453-4A01-940B-528B2E6E1726}
[2011/10/25 16:17:24 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{996AADBC-DF95-4CE3-A408-F857A377A280}
[2011/10/25 15:32:11 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\WinZip
[2011/10/25 15:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2011/10/25 15:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2011/10/25 14:37:14 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{F74D52EB-A27A-43BF-BA45-3D2444F0B0E4}
[2011/10/25 14:37:01 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{8F09DA1B-C220-44DC-9F64-006002CDFD57}
[2011/10/25 10:08:45 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{CAD0418A-900D-4463-806F-8C949022E63E}
[2011/10/25 10:08:33 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{F6C9BE33-48EF-42F7-8385-8E770F6C2929}
[2011/10/24 22:42:45 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{FF340EA9-AB26-4B3B-8591-8243EC9B31F1}
[2011/10/24 22:42:31 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{51BF4AC9-BAE5-4FEB-8024-3232A96E10AF}
[2011/10/24 21:51:34 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{5508BAB4-590E-4904-AD04-B33639D4126A}
[2011/10/24 21:51:19 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{1243B753-3A3A-4791-B30C-4AA8712318B1}
[2011/10/24 19:47:15 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/10/24 15:38:22 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{971166CB-6177-4BE8-A43F-85383AE0293D}
[2011/10/24 15:38:09 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{DB3C4D2F-7A75-4AB0-98F2-2BED422CE4CD}
[2011/10/23 10:37:22 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{1A15D48F-0404-4F96-A3C2-98D39B139333}
[2011/10/23 10:37:10 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{9CB83C08-2BD7-47DE-876D-A054CB305250}
[2011/10/22 10:15:34 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{0769CD31-6E31-4B13-A75B-F0802194D8D2}
[2011/10/22 10:15:23 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{3D224E37-0F38-412A-ACF9-6DCCB15A2556}
[2011/10/21 12:41:41 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{593CF9CD-7849-48F9-9E45-DAFE61A0763B}
[2011/10/21 12:41:29 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{459B8678-276F-44CF-98A2-2F39275F70A1}
[2011/10/20 10:04:31 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{28953736-3E21-4457-85A6-F056B8F117E9}
[2011/10/20 10:04:11 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{A11F01E2-295F-4673-B030-4D8B60B73B05}
[2011/10/19 17:28:18 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{B43A1612-0245-4E8A-B3F7-87AC68DDC97B}
[2011/10/19 17:27:57 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{4E7E168F-F0CC-4A63-9027-2CA80D5983B4}
[2011/10/19 08:47:21 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{2A60B25A-FF4A-4CFB-BF8D-5DE673376B82}
[2011/10/19 08:47:07 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{29A797C4-7460-4B39-85CE-CB5BA1B5BA6F}
[2011/10/18 10:22:51 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{0BCAFB2E-462D-4565-948C-34705D6C1C25}
[2011/10/18 10:22:39 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{58DB7E6D-AC60-491E-8CD9-F8F4B610E84C}
[2011/10/17 14:29:56 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{B832D73E-0C87-491D-A022-8E4C5DA9789A}
[2011/10/17 14:29:43 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{84854A1E-3457-4123-9F6C-99966B214509}
[2011/10/17 07:43:22 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{A1CC0E2E-E9AB-481A-A8D3-3147ADEC042E}
[2011/10/17 07:43:10 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{3BA5CFDD-653F-4489-91D3-45276E8C43F3}
[2011/10/16 10:44:34 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{C3E19235-62A7-4833-9706-2466D6D3E39C}
[2011/10/16 10:44:21 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{01EFE8C9-8237-4225-842B-6F431A6D1450}
[2011/10/15 12:12:27 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{F4EBFBC3-D290-4021-8C68-26740F54236D}
[2011/10/15 12:12:14 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{4C968EEC-530D-476D-B41A-98C6CE4F8D5C}
[2011/10/15 07:29:56 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{F4FCA1BE-578A-42D3-80B3-B8141867176F}
[2011/10/15 07:29:39 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{397DB513-D5B0-48DD-BAE3-C7B291E76E5B}
[2011/10/14 22:37:47 | 000,000,000 | ---D | C] -- C:\Users\Enrique\Desktop\New folder
[2011/10/14 13:07:01 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{439106D7-F6EF-4DB6-B3E8-5A7B7161B6CC}
[2011/10/14 13:06:48 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{19EA6387-3917-452A-A895-121ABCFBBCEC}
[2011/10/13 15:51:22 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{2CE003E0-910B-411C-B371-B008F8146824}
[2011/10/13 15:50:59 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{1F1042FB-2033-4AA7-8985-F9F422B01F96}
[2011/10/12 23:20:02 | 000,000,000 | ---D | C] -- C:\Users\Enrique\Desktop\Prints to Print
[2011/10/12 10:57:00 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{8E9CAF41-D3DA-4BF7-B0A1-F8719526BB75}
[2011/10/12 10:56:40 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{56A34D6C-DB73-4A30-9E19-CFB2083643A4}
[2011/10/12 03:24:36 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{E2151602-2552-43B7-81D3-170D60506A06}
[2011/10/12 03:24:19 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{57782981-08CF-4923-8AA1-7DE9F2410AD4}
[2011/10/11 10:20:44 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{23454CDA-AB97-44D8-9FB5-B8BF0027D3C2}
[2011/10/11 10:20:29 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{EC0250E4-6D16-4670-B884-D629BE40B7F8}
[2011/10/10 15:55:44 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{AC1F29C0-CFB2-464A-B1F9-32CCB57CB8D6}
[2011/10/10 15:55:21 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{B2F3F8D0-506E-4272-88E4-B9A4AC5466FB}
[2011/10/10 08:52:03 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{A056A7EB-79E1-43FE-8EFE-C6FB5C38D616}
[2011/10/10 08:51:47 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{3EEDBD4B-A6C0-4967-A34D-EB849AECB229}
[2011/10/09 14:03:09 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{9073CF49-0089-4BE1-ABF5-A0EBA6C8F3B8}
[2011/10/09 14:02:58 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{DCC8181F-DC85-47D7-A623-806951BDD456}
[2011/10/09 09:55:29 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{6ADBC816-C652-4D66-AFE0-A43BB1787727}
[2011/10/09 09:55:16 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{A1C739BB-59AF-4612-80EF-A819A53CBB5E}
[2011/10/08 16:01:01 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{79EBE004-5B54-4D37-A299-87CEAA27C009}
[2011/10/08 16:00:44 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{DAF23E84-854E-44DB-AD17-CAA1C6B64EC8}
[2011/10/07 14:49:00 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{BD7E4D68-37F3-48D1-ADB9-0D0F218F5034}
[2011/10/07 14:48:45 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{B0DAED76-DEE9-4963-9A5B-205B57E53C7E}
[2011/10/07 01:17:05 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\Diagnostics
[2011/10/07 01:09:41 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{4CF0EC49-F788-41DA-8AB0-15FAF0ADFDBF}
[2011/10/06 11:05:32 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{6B3BC698-0FF5-4DDC-AA3C-CA62585F4ECD}
[2011/10/06 11:05:17 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{DC48FC88-23EF-4D11-A6FF-293149C9418D}
[2011/10/05 13:53:13 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{C43E7CD7-88EE-46E0-841A-49E84C6825EC}
[2011/10/05 13:52:56 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{5E3EFACF-EC46-4F0C-8817-8F737828C4AC}
[2011/10/05 10:02:54 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{7604C591-6B80-4E88-9E1C-F86B648628B5}
[2011/10/05 10:02:39 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{338B5FF7-E811-4B53-AD5E-5D30106C419A}
[2011/10/04 10:18:49 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{3F3F9E9A-DBFA-4C9C-8D2F-5AC17E47709C}
[2011/10/04 10:18:37 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{F3B15660-350C-4F86-99D4-67C98F963D1D}
[2011/10/03 16:06:56 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{F31EA293-2F11-4CFE-9E6C-ED5FAD918EBB}
[2011/10/03 16:06:44 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{26AC4B1F-DDED-48BE-B990-F5D0CC27C176}
[2011/10/03 08:50:28 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{DD7618E6-F139-4884-A6DD-956EB4BC32E8}
[2011/10/03 08:50:06 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{3E641997-EA23-4B2D-93B8-4135C7EEBCAE}
[2011/10/02 11:09:02 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{7849EF61-C605-45D4-B31F-CEA3CEC75743}
[2011/10/02 11:08:50 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{F3706121-AD4D-432B-BD67-78A88BE76313}
[2011/10/01 10:50:15 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{4B1BDA7C-655E-4767-AE13-11CF104144E1}
[2011/10/01 10:50:01 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{5F2B3CD4-2E34-479E-B3E2-96B85431B795}
[2011/10/01 02:00:57 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{EBD4EA92-E22A-4301-BD6D-61D7D5059B22}
[2011/10/01 02:00:44 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{22963479-CE7E-4F2E-B13A-4B81ECB359F7}
[2011/09/30 12:52:38 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{388B78E6-ACB0-4BA7-BB31-79F7D60F2A05}
[2011/09/30 12:52:25 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{8AD67A0C-A245-455A-9CDB-2CDCE9A5E5CB}
[2011/09/30 09:08:25 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{F2FAA7CF-81F1-4B55-B7D6-730C14580AC3}
[2011/09/30 09:07:33 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{FE91C275-4EA1-4676-8499-48DF1E77980F}
[2011/09/29 09:32:46 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{806A81C4-8448-4857-8A7E-8056FDDAACDD}
[2011/09/29 09:32:31 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{212E1A61-64B7-46CE-BC3D-BA1B216F3B43}
[2011/09/28 17:03:55 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{EDF6F66C-3386-4A58-85A0-41B6495F6B57}
[2011/09/28 17:03:40 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{4C083F3C-DFE0-49DD-A0E3-472F5CDBA945}
[2011/09/27 18:24:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PingPlotter Standard
[2011/09/27 18:24:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PingPlotter Standard
[2011/09/27 15:42:32 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{C8104573-A79F-4F32-AF99-B34078BF2027}
[2011/09/27 15:42:15 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{1EC52A23-BE27-44F5-A80B-617F85CC1B33}
[2009/05/14 23:15:24 | 005,719,400 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
[2009/05/14 23:15:24 | 004,397,928 | ---- | C] (Autodesk) -- C:\Program Files\Common Files\adlmint.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Enrique\AppData\Roaming\*.tmp files -> C:\Users\Enrique\AppData\Roaming\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/27 11:27:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/27 11:24:00 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/27 11:24:00 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/27 11:16:41 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/27 11:15:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/27 11:15:44 | 1945,505,791 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/27 10:30:03 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Enrique\Desktop\GooredFix.exe
[2011/10/27 03:38:44 | 000,216,951 | ---- | M] () -- C:\Users\Enrique\Desktop\114ctop.jpg
[2011/10/27 03:38:27 | 109,774,226 | ---- | M] () -- C:\Users\Enrique\Desktop\zelda.psd
[2011/10/27 02:52:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3354869186-130629379-3507963822-1001UA.job
[2011/10/25 17:50:20 | 000,076,626 | ---- | M] () -- C:\Users\Enrique\Desktop\JESUS9.jpg
[2011/10/25 17:49:45 | 000,001,456 | ---- | M] () -- C:\Users\Enrique\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/10/25 17:49:24 | 089,855,693 | ---- | M] () -- C:\Users\Enrique\Desktop\JESUS2.psd
[2011/10/25 16:32:12 | 000,000,590 | ---- | M] () -- C:\Users\Enrique\Desktop\MBRr.zip
[2011/10/25 16:24:02 | 000,000,590 | ---- | M] () -- C:\Users\Enrique\Desktop\MBR.zip
[2011/10/25 15:32:01 | 000,002,251 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011/10/25 10:24:19 | 000,000,512 | ---- | M] () -- C:\Users\Enrique\Desktop\MBR.dat
[2011/10/24 21:27:41 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/24 18:21:14 | 000,203,246 | ---- | M] () -- C:\Users\Enrique\Desktop\JESUS8.jpg
[2011/10/24 18:08:31 | 000,169,019 | ---- | M] () -- C:\Users\Enrique\Desktop\Cracked_Glass_Texture_I_by_EverythingIsInStock.jpg
[2011/10/24 17:54:46 | 001,173,070 | ---- | M] () -- C:\Users\Enrique\Desktop\d2a2fd0d0e71c876f5ba8b750397a6e2.jpg
[2011/10/23 11:52:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3354869186-130629379-3507963822-1001Core.job
[2011/10/22 20:36:08 | 000,073,406 | ---- | M] () -- C:\Users\Enrique\Desktop\TheGoodDoctor.jpg
[2011/10/22 13:24:54 | 000,274,081 | ---- | M] () -- C:\Users\Enrique\Desktop\JESUS7.jpg
[2011/10/22 12:47:23 | 000,087,608 | ---- | M] () -- C:\Users\Enrique\Desktop\Zelda_Ocarina_of_Time_art01.jpg
[2011/10/21 14:08:38 | 000,313,475 | ---- | M] () -- C:\Users\Enrique\Desktop\JESUS6.jpg
[2011/10/21 02:56:40 | 000,519,261 | ---- | M] () -- C:\Users\Enrique\Desktop\recon_by_kalkulation.jpg
[2011/10/21 02:56:33 | 007,198,582 | ---- | M] () -- C:\Users\Enrique\Desktop\conan.psd
[2011/10/19 03:05:32 | 000,021,736 | ---- | M] () -- C:\Users\Enrique\Desktop\9814294-broken-glass-with-cracks-and-holes-for-design.jpg
[2011/10/16 11:37:25 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/16 11:37:25 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/16 11:37:25 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/14 14:44:11 | 000,138,752 | ---- | M] () -- C:\Users\Enrique\Desktop\JESUS5.jpg
[2011/10/14 13:36:00 | 000,295,046 | ---- | M] () -- C:\Users\Enrique\Desktop\Shinjuku-Tokyo-Japan-Lights-Wallpaper.jpg
[2011/10/13 16:26:51 | 000,582,078 | ---- | M] () -- C:\Users\Enrique\Desktop\Tokyo-japan-1020091_1024_768.jpg
[2011/10/13 02:16:10 | 000,035,041 | ---- | M] () -- C:\Users\Enrique\Desktop\Conan-O-Brien-the-tonight-show-with-conan-obrien-6115061-434-468.jpg
[2011/10/12 19:17:26 | 000,019,117 | ---- | M] () -- C:\Users\Enrique\Desktop\Conan-O'Brien-011810L.jpg
[2011/10/12 13:30:05 | 000,110,130 | ---- | M] () -- C:\Users\Enrique\Desktop\hamsterflier1.jpg
[2011/10/12 03:23:08 | 005,294,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/11 19:28:48 | 000,017,457 | ---- | M] () -- C:\Users\Enrique\Desktop\tfalogolink.jpg
[2011/10/08 18:31:07 | 000,111,363 | ---- | M] () -- C:\Users\Enrique\Desktop\JESUS4.jpg
[2011/10/05 19:23:22 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/10/05 10:11:36 | 000,086,129 | ---- | M] () -- C:\Users\Enrique\Desktop\hame_t6.jpg
[2011/10/03 19:43:04 | 000,102,396 | ---- | M] () -- C:\Users\Enrique\Desktop\JESUS3.jpg
[2011/09/29 19:19:54 | 000,249,993 | ---- | M] () -- C:\Users\Enrique\Desktop\darksiders_promo_by_liquidology.jpg
[2011/09/29 14:46:46 | 000,100,554 | ---- | M] () -- C:\Users\Enrique\Desktop\s2.jpg
[2011/09/29 14:12:20 | 000,013,870 | ---- | M] () -- C:\Users\Enrique\Desktop\blowing-bubbles.jpg
[2011/09/29 14:11:44 | 000,062,540 | ---- | M] () -- C:\Users\Enrique\Desktop\bubbles.jpg
[2011/09/29 14:11:22 | 001,909,559 | ---- | M] () -- C:\Users\Enrique\Desktop\blue_water_bubbles.jpg
[2011/09/29 00:37:16 | 000,082,705 | ---- | M] () -- C:\Users\Enrique\Desktop\s1.jpg
[2011/09/27 18:30:17 | 000,008,354 | ---- | M] () -- C:\Users\Enrique\Desktop\www.therapyforartists.net.png
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Enrique\AppData\Roaming\*.tmp files -> C:\Users\Enrique\AppData\Roaming\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/25 17:49:43 | 000,076,626 | ---- | C] () -- C:\Users\Enrique\Desktop\JESUS9.jpg
[2011/10/25 16:31:19 | 000,000,590 | ---- | C] () -- C:\Users\Enrique\Desktop\MBRr.zip
[2011/10/25 15:32:01 | 000,002,251 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011/10/25 15:14:47 | 000,000,590 | ---- | C] () -- C:\Users\Enrique\Desktop\MBR.zip
[2011/10/25 10:24:19 | 000,000,512 | ---- | C] () -- C:\Users\Enrique\Desktop\MBR.dat
[2011/10/24 18:18:30 | 000,203,246 | ---- | C] () -- C:\Users\Enrique\Desktop\JESUS8.jpg
[2011/10/24 18:08:30 | 000,169,019 | ---- | C] () -- C:\Users\Enrique\Desktop\Cracked_Glass_Texture_I_by_EverythingIsInStock.jpg
[2011/10/24 17:54:45 | 001,173,070 | ---- | C] () -- C:\Users\Enrique\Desktop\d2a2fd0d0e71c876f5ba8b750397a6e2.jpg
[2011/10/22 20:36:08 | 000,073,406 | ---- | C] () -- C:\Users\Enrique\Desktop\TheGoodDoctor.jpg
[2011/10/22 13:24:54 | 000,274,081 | ---- | C] () -- C:\Users\Enrique\Desktop\JESUS7.jpg
[2011/10/22 12:47:22 | 000,087,608 | ---- | C] () -- C:\Users\Enrique\Desktop\Zelda_Ocarina_of_Time_art01.jpg
[2011/10/21 19:09:54 | 109,774,226 | ---- | C] () -- C:\Users\Enrique\Desktop\zelda.psd
[2011/10/21 16:39:02 | 000,216,951 | ---- | C] () -- C:\Users\Enrique\Desktop\114ctop.jpg
[2011/10/21 14:02:38 | 000,313,475 | ---- | C] () -- C:\Users\Enrique\Desktop\JESUS6.jpg
[2011/10/19 03:05:32 | 000,021,736 | ---- | C] () -- C:\Users\Enrique\Desktop\9814294-broken-glass-with-cracks-and-holes-for-design.jpg
[2011/10/14 14:42:25 | 000,138,752 | ---- | C] () -- C:\Users\Enrique\Desktop\JESUS5.jpg
[2011/10/14 13:36:00 | 000,295,046 | ---- | C] () -- C:\Users\Enrique\Desktop\Shinjuku-Tokyo-Japan-Lights-Wallpaper.jpg
[2011/10/13 16:26:51 | 000,582,078 | ---- | C] () -- C:\Users\Enrique\Desktop\Tokyo-japan-1020091_1024_768.jpg
[2011/10/13 02:36:32 | 007,198,582 | ---- | C] () -- C:\Users\Enrique\Desktop\conan.psd
[2011/10/13 02:16:10 | 000,035,041 | ---- | C] () -- C:\Users\Enrique\Desktop\Conan-O-Brien-the-tonight-show-with-conan-obrien-6115061-434-468.jpg
[2011/10/12 19:17:26 | 000,019,117 | ---- | C] () -- C:\Users\Enrique\Desktop\Conan-O'Brien-011810L.jpg
[2011/10/12 19:07:05 | 000,519,261 | ---- | C] () -- C:\Users\Enrique\Desktop\recon_by_kalkulation.jpg
[2011/10/12 13:30:05 | 000,110,130 | ---- | C] () -- C:\Users\Enrique\Desktop\hamsterflier1.jpg
[2011/10/11 19:28:48 | 000,017,457 | ---- | C] () -- C:\Users\Enrique\Desktop\tfalogolink.jpg
[2011/10/08 18:28:41 | 000,111,363 | ---- | C] () -- C:\Users\Enrique\Desktop\JESUS4.jpg
[2011/10/05 10:10:04 | 000,086,129 | ---- | C] () -- C:\Users\Enrique\Desktop\hame_t6.jpg
[2011/10/03 19:39:27 | 000,102,396 | ---- | C] () -- C:\Users\Enrique\Desktop\JESUS3.jpg
[2011/10/03 16:58:41 | 089,855,693 | ---- | C] () -- C:\Users\Enrique\Desktop\JESUS2.psd
[2011/09/29 19:19:53 | 000,249,993 | ---- | C] () -- C:\Users\Enrique\Desktop\darksiders_promo_by_liquidology.jpg
[2011/09/29 14:46:06 | 000,100,554 | ---- | C] () -- C:\Users\Enrique\Desktop\s2.jpg
[2011/09/29 14:12:20 | 000,013,870 | ---- | C] () -- C:\Users\Enrique\Desktop\blowing-bubbles.jpg
[2011/09/29 14:11:44 | 000,062,540 | ---- | C] () -- C:\Users\Enrique\Desktop\bubbles.jpg
[2011/09/29 14:11:20 | 001,909,559 | ---- | C] () -- C:\Users\Enrique\Desktop\blue_water_bubbles.jpg
[2011/09/29 00:34:55 | 000,082,705 | ---- | C] () -- C:\Users\Enrique\Desktop\s1.jpg
[2011/09/27 18:30:17 | 000,008,354 | ---- | C] () -- C:\Users\Enrique\Desktop\www.therapyforartists.net.png
[2011/06/29 10:41:18 | 000,000,078 | ---- | C] () -- C:\ProgramData\7822f4ff
[2011/05/29 23:25:21 | 000,011,440 | -HS- | C] () -- C:\ProgramData\5tj76a8lhem5hw5065kc0t1ls4prx67h17ci0hn6l4qr
[2011/05/29 23:25:21 | 000,011,438 | -HS- | C] () -- C:\Users\Enrique\AppData\Local\5tj76a8lhem5hw5065kc0t1ls4prx67h17ci0hn6l4qr
[2011/04/24 00:54:31 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\pxhpinst.exe
[2010/12/26 20:39:17 | 000,001,456 | ---- | C] () -- C:\Users\Enrique\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/12/26 20:10:54 | 000,000,431 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010/12/26 12:58:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/28 15:36:06 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2010/07/28 15:35:35 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll
[2010/07/28 15:34:23 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/07/28 15:34:23 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/07/28 15:34:22 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/07/28 15:34:22 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/07/28 15:32:49 | 000,009,987 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/07/28 15:32:47 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/07/28 15:32:46 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2010/07/28 15:32:46 | 000,007,698 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/07/28 15:30:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/06/15 23:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 14:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 14:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 14:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 10:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP207.INI

========== LOP Check ==========

[2011/02/10 00:52:31 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\acccore
[2011/01/24 20:21:29 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\Autodesk
[2011/10/25 19:40:25 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\Azureus
[2011/09/05 15:05:19 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\Canon
[2011/04/30 22:44:17 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/03 11:49:38 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\Filter Forge Freepack 2 - Photo Effects
[2011/07/12 03:20:09 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/07/07 15:57:13 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\PingKaching.45C46A55E3922496F6ADD09FCC67FAC1A9B38B70.1
[2010/12/26 20:10:45 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\ScanSoft
[2011/01/31 23:43:29 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/04/24 13:18:18 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\Windows Live Writer
[2011/10/23 11:52:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3354869186-130629379-3507963822-1001Core.job
[2011/10/27 02:52:00 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3354869186-130629379-3507963822-1001UA.job
[2011/08/18 11:20:44 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8CE646EE

< End of report >

extras
OTL Extras logfile created on: 10/27/2011 11:23:36 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Enrique\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.80 Gb Available Physical Memory | 74.88% Memory free
15.50 Gb Paging File | 13.36 Gb Available in Paging File | 86.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 912.93 Gb Total Space | 785.52 Gb Free Space | 86.04% Space Free | Partition Type: NTFS
Drive D: | 4.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ENRIQUE-PC | User Name: Enrique | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460" = Canon MP460
"{1314D90A-A77D-4635-BB8C-840FBB466BE3}" = Autodesk MatchMover 2010 (64-bit)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{284B452E-075E-4C7B-B8EE-E4A798CC3772}" = Maya 2010 (64-bit)
"{2B80C356-CA93-433D-814C-BF4CBF3195C2}" = Maya 2010 (64-bit) Documentation (en_US)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{73414D7D-F23E-B9E2-3B21-1574C5DE36DC}" = ATI Catalyst Install Manager
"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
"{7C9BB3CD-05F4-DA12-9F32-AA8B12E93E8E}" = ccc-utility64
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{833B98DC-A851-43D3-B22C-9C7B815520E3}" = Autodesk DirectConnect 2010 (64-bit)
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9301985B-D116-4A93-A93D-94580084FF86}" = 64 Bit HP CIO Components Installer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B7FEA90D-9620-455F-9B15-652D4FA80B0A}" = Autodesk Toxik 2010 (64-bit)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CF390C22-532A-E2CC-2660-A38C8E85A5A9}" = ATI AVIVO64 Codecs
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Wacom Tablet Driver" = Wacom Tablet

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{076DB5CB-317A-2BE5-CD2E-6FAB05708F76}" = CCC Help Italian
"{07A4B946-4648-D7BA-8EBC-E70612369210}" = CCC Help Chinese Traditional
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{124C9BD0-8C52-40AB-8238-0605703B1C28}" = ASUS Backup Wizard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23EDDCC4-DDCF-46F2-94B8-E5511A870D40}" = Print Artist Gold 23
"{24990A39-5F20-4FCA-BAFE-EEF1E4800709}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
"{2ED5306E-A2D1-6427-6669-C5D14F49ACF1}" = CCC Help Japanese
"{2FA4FF3B-CEB8-FB52-5FE5-55F2B831E58E}" = CCC Help Korean
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1.3
"{3D57F633-6F61-6D56-2015-4D610C7614BD}" = CCC Help English
"{3E43EBBB-5858-1E4A-ED47-1F9BD178FFFB}" = CCC Help Polish
"{45D146C1-3805-977C-4EBE-731A582C2871}" = CCC Help Portuguese
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}" = AI Manager
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54A5471C-7F82-E7DA-4F82-680A138D9432}" = CCC Help Hungarian
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62150342-D3D1-1AD0-666E-5808F38BB41E}" = Catalyst Control Center InstallProxy
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6790CAB2-7B98-8377-05F8-32F3840B9242}" = CCC Help Norwegian
"{68176354-40B6-7C37-5167-42D322045BD7}" = PingKaching
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{768BCF88-1F4E-DFDC-4E58-E149302AE7FB}" = Catalyst Control Center Graphics Previews Vista
"{776EC843-9B48-8E72-6574-B0A7FCBE74AB}" = Market Samurai
"{7BA90166-3C22-CB7D-334D-67BE0AB0E2E5}" = CCC Help Danish
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83A7C82F-863A-61F4-8D3B-68227F37005A}" = CCC Help Finnish
"{847CAE64-4CD2-4B2D-AF00-978FF5431033}" = Nero 7 Ultra Edition
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{887DF5A1-FEC9-76F7-DFCA-BC07C4F3F8F3}" = CCC Help Dutch
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DB5DF43-ED8B-7ECA-EBE2-02B7618B95EB}" = CCC Help Turkish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{976609BF-CE92-2E4B-F0B4-2C7AADC62AB4}" = CCC Help Spanish
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E11A94D-5F60-10C6-D582-E79728F4DFF1}" = CCC Help Russian
"{A14F7508-B784-40B8-B11A-E0E2EEB7229F}" = Adobe Premiere Pro 1.5 Tryout
"{A1BC7068-C1BA-410F-8B9A-DB807C803DE2}" = Adobe Creative Suite 5 Design Premium
"{A1E2A918-F0E4-244E-3D64-D5FFE55D0055}" = CCC Help Czech
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B87660A6-A3DC-294A-11BF-82BF0DA6043A}" = ccc-core-static
"{B8AAEB36-6832-FE2D-D810-4A39284AE98F}" = CCC Help Swedish
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{C25EEE5E-9230-B809-32B5-FE9519CEB8D9}" = CCC Help Greek
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7E32DA9-0292-EC8D-0C78-BDD00D857991}" = Catalyst Control Center Localization All
"{C9FA391B-7861-25EA-AE90-ECAB6BA65BC2}" = CCC Help German
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED721ABC-423D-4F7D-AEBB-E1E39C388E84}" = Facebook Video Calling 1.0.0.8714
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F834B42E-6A06-A37F-0C90-CDBE31EF072D}" = CCC Help Chinese Standard
"{FC3EFAAD-4BD4-A5A7-875C-D41945E28F28}" = CCC Help Thai
"{FDAC518A-18AE-EF17-FF1F-48F3435C5786}" = CCC Help French
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"AIM_7" = AIM 7
"ASUS VIBE" = ASUS VIBE
"ATT-SST" = AT&T Service & Support Tool
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"Canon MP460 User Registration" = Canon MP460 User Registration
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX Setup
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"Filter Forge Freepack 2 - Photo Effects_is1" = Filter Forge Freepack 2 - Photo Effects 1.012
"Google Chrome" = Google Chrome
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"PingKaching.45C46A55E3922496F6ADD09FCC67FAC1A9B38B70.1" = PingKaching
"PingPlotter Standard" = PingPlotter Standard 3.30.4s
"PROPLUS" = Microsoft Office Professional Plus 2007
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ST6UNST #1" = Address Book
"Vector Magic" = Vector Magic
"VisualLightBox" = VisualLightBox
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = att.net Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/11/2011 5:09:16 PM | Computer Name = Enrique-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 10/12/2011 3:04:51 PM | Computer Name = Enrique-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 10/13/2011 1:58:38 AM | Computer Name = Enrique-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f21db Faulting module name: msxml3.dll, version: 8.110.7600.16723,
time stamp: 0x4d103aab Exception code: 0xc0000005 Fault offset: 0x0002e64f Faulting
process id: 0x3d10 Faulting application start time: 0x01cc896d1fb7af8e Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\System32\msxml3.dll Report Id: 64724539-f560-11e0-89f4-20cf30e9c89a

Error - 10/13/2011 9:59:04 PM | Computer Name = Enrique-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 10/15/2011 4:08:11 PM | Computer Name = Enrique-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 10/16/2011 3:00:21 PM | Computer Name = Enrique-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f21db Faulting module name: msxml3.dll, version: 8.110.7600.16723,
time stamp: 0x4d103aab Exception code: 0xc0000005 Fault offset: 0x0002e64f Faulting
process id: 0xf9c Faulting application start time: 0x01cc8c35d44ddac0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\System32\msxml3.dll Report Id: 17fa09b5-f829-11e0-b7a9-20cf30e9c89a

Error - 10/17/2011 3:35:14 AM | Computer Name = Enrique-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 10/18/2011 2:09:00 PM | Computer Name = Enrique-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 10/19/2011 11:42:57 PM | Computer Name = Enrique-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 10/20/2011 2:43:52 PM | Computer Name = Enrique-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 10/12/2011 9:18:17 PM | Computer Name = Enrique-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on E: cannot be read.

Error - 10/13/2011 6:55:34 AM | Computer Name = Enrique-PC | Source = DCOM | ID = 10010
Description =

Error - 10/14/2011 10:54:43 PM | Computer Name = Enrique-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on F: cannot be read.

Error - 10/16/2011 5:54:08 AM | Computer Name = Enrique-PC | Source = DCOM | ID = 10010
Description =

Error - 10/22/2011 1:14:53 PM | Computer Name = Enrique-PC | Source = DCOM | ID = 10010
Description =

Error - 10/22/2011 10:07:10 PM | Computer Name = Enrique-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 10/23/2011 3:07:35 PM | Computer Name = Enrique-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on E: cannot be read.

Error - 10/23/2011 11:37:24 PM | Computer Name = Enrique-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on F: cannot be read.

Error - 10/25/2011 12:49:14 AM | Computer Name = Enrique-PC | Source = DCOM | ID = 10010
Description =

Error - 10/27/2011 12:08:40 AM | Computer Name = Enrique-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on E: cannot be read.


< End of report >






Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8030

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/27/2011 11:12:12 AM
mbam-log-2011-10-27 (11-12-12).txt

Scan type: Quick scan
Objects scanned: 178401
Time elapsed: 1 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Enrique\AppData\Local\Temp\thpm2495298123986810285.tmp (Exploit.Drop.3) -> Quarantined and deleted successfully.
  • 0

#6
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Something went wrong with OTL fix so please repeat this step:

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

    :OTL
    IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
    FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
    [2011/10/24 16:28:06 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\extensions\{0e2e1d11-b40d-4cc6-91a0-6439dd7ad650}
    [2011/07/06 15:13:23 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    [2011/02/05 20:41:05 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\extensions\[email protected]
    [2011/02/03 14:57:43 | 000,000,903 | ---- | M] () -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\searchplugins\conduit.xml
    O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vshare\vshare_toolbar.dll ()
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vshare\vshare_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vshare\vshare_toolbar.dll ()
    O3 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001..\Run: [Azureus Update] C:\Users\Enrique\AppData\Local\Ahead\AheadUpdate\Aheadup.DLL (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001..\Run: [kde.org Update] C:\Users\Enrique\AppData\Local\Apple Computer\AppleUpdate\Appleup.DLL (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001..\Run: [WindowsNotifierNotifier] C:\ProgramData\WindowsNotifierNotifier.dll (Microsoft Corporation)
        	
    :Files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    C:\Users\Enrique\AppData\Roaming\trzE64F.tmp
    
    :Reg
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYJAVA]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#7
om20

om20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
when i press "ok" absolutely nothing happens
  • 0

#8
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Do the following please:

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Under the Custom Scans/Fixes box copy and paste this in:

    C:\_OTL\MovedFiles\*.*
    
  • Click on button None
  • Click the Posted Image button. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

  • 0

#9
om20

om20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
OTL logfile created on: 11/1/2011 4:57:05 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Enrique\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 6.06 Gb Available Physical Memory | 78.21% Memory free
15.50 Gb Paging File | 13.56 Gb Available in Paging File | 87.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 912.93 Gb Total Space | 783.80 Gb Free Space | 85.85% Space Free | Partition Type: NTFS
Drive D: | 4.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ENRIQUE-PC | User Name: Enrique | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========


< C:\_OTL\MovedFiles\*.* >

< End of report >
  • 0

#10
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Do the following please:

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

  • 0

Advertisements


#11
om20

om20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
OTL logfile created on: 11/1/2011 5:24:46 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Enrique\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 6.05 Gb Available Physical Memory | 78.08% Memory free
15.50 Gb Paging File | 13.55 Gb Available in Paging File | 87.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 912.93 Gb Total Space | 783.79 Gb Free Space | 85.85% Space Free | Partition Type: NTFS
Drive D: | 4.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ENRIQUE-PC | User Name: Enrique | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/25 10:24:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Enrique\Downloads\OTL.exe
PRC - [2011/05/10 05:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/01/24 19:57:23 | 001,315,592 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/11/15 11:08:10 | 005,716,848 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2010/08/04 02:51:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/07/27 02:47:14 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/23 13:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/10/01 16:45:23 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 05:04:08 | 000,600,920 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/05/10 05:04:07 | 000,287,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/05/10 05:02:41 | 000,053,592 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/05/10 04:59:59 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/05/10 04:59:48 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/05/10 04:59:37 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/02 16:07:54 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/10/25 10:59:32 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2010/10/25 10:59:28 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/04 03:22:38 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/08/04 03:22:38 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/08/04 02:15:46 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/27 02:47:46 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2010/07/27 02:47:36 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2010/04/08 05:12:00 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/15 20:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 12:07:02 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/23 07:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/04 18:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2006/12/05 12:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV - [2010/07/27 02:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/07/27 02:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/01/04 14:34:48 | 000,011,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys -- (ASInsHelp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C DC 36 01 F3 D8 25 4E 8D D0 4C 4C CF AB 4F BA [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C DC 36 01 F3 D8 25 4E 8D D0 4C 4C CF AB 4F BA [binary data]

IE - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
IE - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/
IE - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C DC 36 01 F3 D8 25 4E 8D D0 4C 4C CF AB 4F BA [binary data]
IE - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Enrique\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/05 16:20:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/05 16:20:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/15 19:36:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/15 19:36:51 | 000,000,000 | ---D | M]

[2010/12/28 21:06:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Enrique\AppData\Roaming\Mozilla\Extensions
[2011/10/27 10:32:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\extensions
[2011/10/25 23:31:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/07/06 15:13:23 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/02/03 14:57:43 | 000,000,903 | ---- | M] () -- C:\Users\Enrique\AppData\Roaming\Mozilla\Firefox\Profiles\p2uphuw6.default\searchplugins\conduit.xml
[2011/05/15 19:36:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\ENRIQUE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P2UPHUW6.DEFAULT\EXTENSIONS\[email protected]
[2011/04/14 09:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: No name found = C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1125_0\
CHR - Extension: No name found = C:\Users\Enrique\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files (x86)\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AddressBookReminderApp] C:\Program Files (x86)\Nova Development\Print Artist Gold\ReminderApp.exe ()
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001..\Run: [Azureus Update] rundll32 "C:\Users\Enrique\AppData\Local\Ahead\AheadUpdate\Aheadup.DLL",DllRegisterServer File not found
O4 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001..\Run: [Facebook Update] C:\Users\Enrique\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001..\Run: [kde.org Update] rundll32 "C:\Users\Enrique\AppData\Local\Apple Computer\AppleUpdate\Appleup.DLL",DllRegisterServer File not found
O4 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001..\Run: [WindowsNotifierNotifier] rundll32.exe "C:\ProgramData\WindowsNotifierNotifier.dll",DllRegisterServer File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8:64bit: - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8:64bit: - Extra context menu item: Easy-WebPrint Preview - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8:64bit: - Extra context menu item: Easy-WebPrint Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC411A11-3342-46A9-9EF4-906B6B494DDB}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4a7403a2-4a76-11e0-a66f-20cf30e9c89a}\Shell - "" = AutoRun
O33 - MountPoints2\{4a7403a2-4a76-11e0-a66f-20cf30e9c89a}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3354869186-130629379-3507963822-1001\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/11/01 15:02:24 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{F43203E6-34EB-4E9C-8759-FE496BC0CAAD}
[2011/11/01 15:02:11 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{34C9B8D4-6507-46B2-AB3F-C595116C886F}
[2011/10/27 11:17:24 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{30F4831A-6FBA-4465-8482-6E4C7663140F}
[2011/10/27 11:17:09 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{76771268-1C35-4815-9BE1-DBDABA92A03A}
[2011/10/27 10:59:45 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{FCEA9F00-E974-4004-962C-8501268C75AB}
[2011/10/27 10:59:29 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{27BECFB9-A544-49EE-823B-9B91FA205EC7}
[2011/10/27 10:43:09 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{3CAAF892-4825-4859-83D7-8EAF178D0B25}
[2011/10/27 10:42:53 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{0B2E3937-4A4B-483F-8351-EDE8C734BD8D}
[2011/10/27 10:32:31 | 000,000,000 | ---D | C] -- C:\Users\Enrique\Desktop\GooredFix Backups
[2011/10/27 10:30:03 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Enrique\Desktop\GooredFix.exe
[2011/10/27 10:24:17 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{FEEE6F1D-CAFE-43C9-BA12-6B39C966193C}
[2011/10/27 10:24:06 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{0DA26ACC-3F00-4E3F-8780-45DC6D1B87B2}
[2011/10/27 02:21:59 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{80433312-5214-4F0F-80AF-26B551802098}
[2011/10/27 02:21:46 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{A86AC95F-1494-4FE6-B916-C6B91068928E}
[2011/10/26 16:24:21 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{AF6A0F20-F5EF-4435-93C0-A04DE93260EB}
[2011/10/26 16:23:58 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{CC88B4E8-7A33-4FF4-8267-F4CC8F3FFD73}
[2011/10/25 23:31:16 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{2E523148-6A5F-4D0A-B317-FD5E85C3061A}
[2011/10/25 23:31:02 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{3E9C0B2E-DA59-40FB-8C1F-6C8DAC24941A}
[2011/10/25 16:17:44 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{BDDA744A-4453-4A01-940B-528B2E6E1726}
[2011/10/25 16:17:24 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{996AADBC-DF95-4CE3-A408-F857A377A280}
[2011/10/25 15:32:11 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\WinZip
[2011/10/25 15:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2011/10/25 15:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2011/10/25 14:37:14 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{F74D52EB-A27A-43BF-BA45-3D2444F0B0E4}
[2011/10/25 14:37:01 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{8F09DA1B-C220-44DC-9F64-006002CDFD57}
[2011/10/25 10:08:45 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{CAD0418A-900D-4463-806F-8C949022E63E}
[2011/10/25 10:08:33 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{F6C9BE33-48EF-42F7-8385-8E770F6C2929}
[2011/10/24 22:42:45 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{FF340EA9-AB26-4B3B-8591-8243EC9B31F1}
[2011/10/24 22:42:31 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{51BF4AC9-BAE5-4FEB-8024-3232A96E10AF}
[2011/10/24 21:51:34 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{5508BAB4-590E-4904-AD04-B33639D4126A}
[2011/10/24 21:51:19 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{1243B753-3A3A-4791-B30C-4AA8712318B1}
[2011/10/24 19:47:15 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/10/24 16:28:02 | 000,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srrstr.dll
[2011/10/24 15:38:22 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{971166CB-6177-4BE8-A43F-85383AE0293D}
[2011/10/24 15:38:09 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{DB3C4D2F-7A75-4AB0-98F2-2BED422CE4CD}
[2011/10/23 10:37:22 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{1A15D48F-0404-4F96-A3C2-98D39B139333}
[2011/10/23 10:37:10 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{9CB83C08-2BD7-47DE-876D-A054CB305250}
[2011/10/22 10:15:34 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{0769CD31-6E31-4B13-A75B-F0802194D8D2}
[2011/10/22 10:15:23 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{3D224E37-0F38-412A-ACF9-6DCCB15A2556}
[2011/10/21 12:41:41 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{593CF9CD-7849-48F9-9E45-DAFE61A0763B}
[2011/10/21 12:41:29 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{459B8678-276F-44CF-98A2-2F39275F70A1}
[2011/10/20 10:04:31 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{28953736-3E21-4457-85A6-F056B8F117E9}
[2011/10/20 10:04:11 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{A11F01E2-295F-4673-B030-4D8B60B73B05}
[2011/10/19 17:28:18 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{B43A1612-0245-4E8A-B3F7-87AC68DDC97B}
[2011/10/19 17:27:57 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{4E7E168F-F0CC-4A63-9027-2CA80D5983B4}
[2011/10/19 08:47:21 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{2A60B25A-FF4A-4CFB-BF8D-5DE673376B82}
[2011/10/19 08:47:07 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{29A797C4-7460-4B39-85CE-CB5BA1B5BA6F}
[2011/10/18 10:22:51 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{0BCAFB2E-462D-4565-948C-34705D6C1C25}
[2011/10/18 10:22:39 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{58DB7E6D-AC60-491E-8CD9-F8F4B610E84C}
[2011/10/17 14:29:56 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{B832D73E-0C87-491D-A022-8E4C5DA9789A}
[2011/10/17 14:29:43 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{84854A1E-3457-4123-9F6C-99966B214509}
[2011/10/17 07:43:22 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{A1CC0E2E-E9AB-481A-A8D3-3147ADEC042E}
[2011/10/17 07:43:10 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{3BA5CFDD-653F-4489-91D3-45276E8C43F3}
[2011/10/16 10:44:34 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{C3E19235-62A7-4833-9706-2466D6D3E39C}
[2011/10/16 10:44:21 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{01EFE8C9-8237-4225-842B-6F431A6D1450}
[2011/10/15 12:12:27 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{F4EBFBC3-D290-4021-8C68-26740F54236D}
[2011/10/15 12:12:14 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{4C968EEC-530D-476D-B41A-98C6CE4F8D5C}
[2011/10/15 07:29:56 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{F4FCA1BE-578A-42D3-80B3-B8141867176F}
[2011/10/15 07:29:39 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{397DB513-D5B0-48DD-BAE3-C7B291E76E5B}
[2011/10/14 22:37:47 | 000,000,000 | ---D | C] -- C:\Users\Enrique\Desktop\New folder
[2011/10/14 13:07:01 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{439106D7-F6EF-4DB6-B3E8-5A7B7161B6CC}
[2011/10/14 13:06:48 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{19EA6387-3917-452A-A895-121ABCFBBCEC}
[2011/10/13 15:51:22 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{2CE003E0-910B-411C-B371-B008F8146824}
[2011/10/13 15:50:59 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{1F1042FB-2033-4AA7-8985-F9F422B01F96}
[2011/10/12 23:20:02 | 000,000,000 | ---D | C] -- C:\Users\Enrique\Desktop\Prints to Print
[2011/10/12 10:57:00 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{8E9CAF41-D3DA-4BF7-B0A1-F8719526BB75}
[2011/10/12 10:56:40 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{56A34D6C-DB73-4A30-9E19-CFB2083643A4}
[2011/10/12 03:24:36 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{E2151602-2552-43B7-81D3-170D60506A06}
[2011/10/12 03:24:19 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{57782981-08CF-4923-8AA1-7DE9F2410AD4}
[2011/10/11 21:26:01 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/10/11 21:26:01 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/10/11 21:26:01 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/11 21:26:01 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/10/11 21:26:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/11 21:26:01 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/11 21:26:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/11 21:26:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/10/11 21:26:01 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/10/11 21:26:00 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/10/11 21:26:00 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/10/11 21:26:00 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/11 21:26:00 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/11 21:26:00 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/10/11 21:26:00 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/10/11 21:25:57 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/10/11 21:25:57 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/11 21:25:57 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2011/10/11 21:25:57 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/10/11 21:25:57 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/11 21:25:56 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/10/11 21:25:56 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/10/11 21:25:56 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2011/10/11 21:25:56 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011/10/11 21:25:56 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2011/10/11 21:25:56 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011/10/11 21:25:56 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011/10/11 10:20:44 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{23454CDA-AB97-44D8-9FB5-B8BF0027D3C2}
[2011/10/11 10:20:29 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{EC0250E4-6D16-4670-B884-D629BE40B7F8}
[2011/10/10 15:55:44 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{AC1F29C0-CFB2-464A-B1F9-32CCB57CB8D6}
[2011/10/10 15:55:21 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{B2F3F8D0-506E-4272-88E4-B9A4AC5466FB}
[2011/10/10 08:52:03 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{A056A7EB-79E1-43FE-8EFE-C6FB5C38D616}
[2011/10/10 08:51:47 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{3EEDBD4B-A6C0-4967-A34D-EB849AECB229}
[2011/10/09 14:03:09 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{9073CF49-0089-4BE1-ABF5-A0EBA6C8F3B8}
[2011/10/09 14:02:58 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{DCC8181F-DC85-47D7-A623-806951BDD456}
[2011/10/09 09:55:29 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{6ADBC816-C652-4D66-AFE0-A43BB1787727}
[2011/10/09 09:55:16 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{A1C739BB-59AF-4612-80EF-A819A53CBB5E}
[2011/10/08 16:01:01 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{79EBE004-5B54-4D37-A299-87CEAA27C009}
[2011/10/08 16:00:44 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{DAF23E84-854E-44DB-AD17-CAA1C6B64EC8}
[2011/10/07 14:49:00 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{BD7E4D68-37F3-48D1-ADB9-0D0F218F5034}
[2011/10/07 14:48:45 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{B0DAED76-DEE9-4963-9A5B-205B57E53C7E}
[2011/10/07 01:17:05 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\Diagnostics
[2011/10/07 01:09:41 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{4CF0EC49-F788-41DA-8AB0-15FAF0ADFDBF}
[2011/10/06 11:05:32 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{6B3BC698-0FF5-4DDC-AA3C-CA62585F4ECD}
[2011/10/06 11:05:17 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{DC48FC88-23EF-4D11-A6FF-293149C9418D}
[2011/10/05 13:53:13 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{C43E7CD7-88EE-46E0-841A-49E84C6825EC}
[2011/10/05 13:52:56 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{5E3EFACF-EC46-4F0C-8817-8F737828C4AC}
[2011/10/05 10:02:54 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{7604C591-6B80-4E88-9E1C-F86B648628B5}
[2011/10/05 10:02:39 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{338B5FF7-E811-4B53-AD5E-5D30106C419A}
[2011/10/04 10:18:49 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{3F3F9E9A-DBFA-4C9C-8D2F-5AC17E47709C}
[2011/10/04 10:18:37 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{F3B15660-350C-4F86-99D4-67C98F963D1D}
[2011/10/03 16:06:56 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{F31EA293-2F11-4CFE-9E6C-ED5FAD918EBB}
[2011/10/03 16:06:44 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{26AC4B1F-DDED-48BE-B990-F5D0CC27C176}
[2011/10/03 08:50:28 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{DD7618E6-F139-4884-A6DD-956EB4BC32E8}
[2011/10/03 08:50:06 | 000,000,000 | ---D | C] -- C:\Users\Enrique\AppData\Local\{3E641997-EA23-4B2D-93B8-4135C7EEBCAE}
[2009/05/14 23:15:24 | 005,719,400 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
[2009/05/14 23:15:24 | 004,397,928 | ---- | C] (Autodesk) -- C:\Program Files\Common Files\adlmint.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Enrique\AppData\Roaming\*.tmp files -> C:\Users\Enrique\AppData\Roaming\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/01 17:27:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/01 15:28:27 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/11/01 15:09:24 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/01 15:09:24 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/01 15:01:30 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/01 15:01:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/01 15:01:19 | 1945,505,791 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/28 01:33:50 | 000,048,041 | ---- | M] () -- C:\Users\Enrique\Desktop\Conan-O-Brien-the-tonight-show-with-conan-obrien-6115061-434-468.jpg
[2011/10/28 01:28:05 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/28 01:28:05 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/28 01:28:05 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/28 01:19:56 | 007,615,799 | ---- | M] () -- C:\Users\Enrique\Desktop\conan.psd
[2011/10/27 23:52:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3354869186-130629379-3507963822-1001UA.job
[2011/10/27 23:08:10 | 122,530,351 | ---- | M] () -- C:\Users\Enrique\Desktop\zelda.psd
[2011/10/27 19:47:05 | 000,075,221 | ---- | M] () -- C:\Users\Enrique\Desktop\JESUS10.jpg
[2011/10/27 19:45:33 | 089,668,735 | ---- | M] () -- C:\Users\Enrique\Desktop\JESUS2.psd
[2011/10/27 19:45:12 | 000,001,456 | ---- | M] () -- C:\Users\Enrique\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/10/27 13:32:39 | 000,082,656 | ---- | M] () -- C:\Users\Enrique\Desktop\205851_137968209623723_100002316345683_235047_482229_n.jpg
[2011/10/27 11:52:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3354869186-130629379-3507963822-1001Core.job
[2011/10/27 10:30:03 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Enrique\Desktop\GooredFix.exe
[2011/10/27 03:38:44 | 000,216,951 | ---- | M] () -- C:\Users\Enrique\Desktop\114ctop.jpg
[2011/10/25 17:50:20 | 000,076,626 | ---- | M] () -- C:\Users\Enrique\Desktop\JESUS9.jpg
[2011/10/25 16:32:12 | 000,000,590 | ---- | M] () -- C:\Users\Enrique\Desktop\MBRr.zip
[2011/10/25 16:24:02 | 000,000,590 | ---- | M] () -- C:\Users\Enrique\Desktop\MBR.zip
[2011/10/25 15:32:01 | 000,002,251 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011/10/25 10:24:19 | 000,000,512 | ---- | M] () -- C:\Users\Enrique\Desktop\MBR.dat
[2011/10/24 21:27:41 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/24 18:21:14 | 000,203,246 | ---- | M] () -- C:\Users\Enrique\Desktop\JESUS8.jpg
[2011/10/24 18:08:31 | 000,169,019 | ---- | M] () -- C:\Users\Enrique\Desktop\Cracked_Glass_Texture_I_by_EverythingIsInStock.jpg
[2011/10/24 17:54:46 | 001,173,070 | ---- | M] () -- C:\Users\Enrique\Desktop\d2a2fd0d0e71c876f5ba8b750397a6e2.jpg
[2011/10/24 16:27:56 | 000,129,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\srrstr.dll
[2011/10/22 20:36:08 | 000,073,406 | ---- | M] () -- C:\Users\Enrique\Desktop\TheGoodDoctor.jpg
[2011/10/22 13:24:54 | 000,274,081 | ---- | M] () -- C:\Users\Enrique\Desktop\JESUS7.jpg
[2011/10/22 12:47:23 | 000,087,608 | ---- | M] () -- C:\Users\Enrique\Desktop\Zelda_Ocarina_of_Time_art01.jpg
[2011/10/21 14:08:38 | 000,313,475 | ---- | M] () -- C:\Users\Enrique\Desktop\JESUS6.jpg
[2011/10/21 02:56:40 | 000,519,261 | ---- | M] () -- C:\Users\Enrique\Desktop\recon_by_kalkulation.jpg
[2011/10/19 03:05:32 | 000,021,736 | ---- | M] () -- C:\Users\Enrique\Desktop\9814294-broken-glass-with-cracks-and-holes-for-design.jpg
[2011/10/14 14:44:11 | 000,138,752 | ---- | M] () -- C:\Users\Enrique\Desktop\JESUS5.jpg
[2011/10/14 13:36:00 | 000,295,046 | ---- | M] () -- C:\Users\Enrique\Desktop\Shinjuku-Tokyo-Japan-Lights-Wallpaper.jpg
[2011/10/13 16:26:51 | 000,582,078 | ---- | M] () -- C:\Users\Enrique\Desktop\Tokyo-japan-1020091_1024_768.jpg
[2011/10/12 19:17:26 | 000,019,117 | ---- | M] () -- C:\Users\Enrique\Desktop\Conan-O'Brien-011810L.jpg
[2011/10/12 13:30:05 | 000,110,130 | ---- | M] () -- C:\Users\Enrique\Desktop\hamsterflier1.jpg
[2011/10/12 03:23:08 | 005,294,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/11 19:28:48 | 000,017,457 | ---- | M] () -- C:\Users\Enrique\Desktop\tfalogolink.jpg
[2011/10/08 18:31:07 | 000,111,363 | ---- | M] () -- C:\Users\Enrique\Desktop\JESUS4.jpg
[2011/10/05 10:11:36 | 000,086,129 | ---- | M] () -- C:\Users\Enrique\Desktop\hame_t6.jpg
[2011/10/03 19:43:04 | 000,102,396 | ---- | M] () -- C:\Users\Enrique\Desktop\JESUS3.jpg
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Enrique\AppData\Roaming\*.tmp files -> C:\Users\Enrique\AppData\Roaming\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/27 19:45:10 | 000,075,221 | ---- | C] () -- C:\Users\Enrique\Desktop\JESUS10.jpg
[2011/10/27 12:58:33 | 000,082,656 | ---- | C] () -- C:\Users\Enrique\Desktop\205851_137968209623723_100002316345683_235047_482229_n.jpg
[2011/10/25 17:49:43 | 000,076,626 | ---- | C] () -- C:\Users\Enrique\Desktop\JESUS9.jpg
[2011/10/25 16:31:19 | 000,000,590 | ---- | C] () -- C:\Users\Enrique\Desktop\MBRr.zip
[2011/10/25 15:32:01 | 000,002,251 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011/10/25 15:14:47 | 000,000,590 | ---- | C] () -- C:\Users\Enrique\Desktop\MBR.zip
[2011/10/25 10:24:19 | 000,000,512 | ---- | C] () -- C:\Users\Enrique\Desktop\MBR.dat
[2011/10/24 18:18:30 | 000,203,246 | ---- | C] () -- C:\Users\Enrique\Desktop\JESUS8.jpg
[2011/10/24 18:08:30 | 000,169,019 | ---- | C] () -- C:\Users\Enrique\Desktop\Cracked_Glass_Texture_I_by_EverythingIsInStock.jpg
[2011/10/24 17:54:45 | 001,173,070 | ---- | C] () -- C:\Users\Enrique\Desktop\d2a2fd0d0e71c876f5ba8b750397a6e2.jpg
[2011/10/22 20:36:08 | 000,073,406 | ---- | C] () -- C:\Users\Enrique\Desktop\TheGoodDoctor.jpg
[2011/10/22 13:24:54 | 000,274,081 | ---- | C] () -- C:\Users\Enrique\Desktop\JESUS7.jpg
[2011/10/22 12:47:22 | 000,087,608 | ---- | C] () -- C:\Users\Enrique\Desktop\Zelda_Ocarina_of_Time_art01.jpg
[2011/10/21 19:09:54 | 122,530,351 | ---- | C] () -- C:\Users\Enrique\Desktop\zelda.psd
[2011/10/21 16:39:02 | 000,216,951 | ---- | C] () -- C:\Users\Enrique\Desktop\114ctop.jpg
[2011/10/21 14:02:38 | 000,313,475 | ---- | C] () -- C:\Users\Enrique\Desktop\JESUS6.jpg
[2011/10/19 03:05:32 | 000,021,736 | ---- | C] () -- C:\Users\Enrique\Desktop\9814294-broken-glass-with-cracks-and-holes-for-design.jpg
[2011/10/14 14:42:25 | 000,138,752 | ---- | C] () -- C:\Users\Enrique\Desktop\JESUS5.jpg
[2011/10/14 13:36:00 | 000,295,046 | ---- | C] () -- C:\Users\Enrique\Desktop\Shinjuku-Tokyo-Japan-Lights-Wallpaper.jpg
[2011/10/13 16:26:51 | 000,582,078 | ---- | C] () -- C:\Users\Enrique\Desktop\Tokyo-japan-1020091_1024_768.jpg
[2011/10/13 02:36:32 | 007,615,799 | ---- | C] () -- C:\Users\Enrique\Desktop\conan.psd
[2011/10/13 02:16:10 | 000,048,041 | ---- | C] () -- C:\Users\Enrique\Desktop\Conan-O-Brien-the-tonight-show-with-conan-obrien-6115061-434-468.jpg
[2011/10/12 19:17:26 | 000,019,117 | ---- | C] () -- C:\Users\Enrique\Desktop\Conan-O'Brien-011810L.jpg
[2011/10/12 19:07:05 | 000,519,261 | ---- | C] () -- C:\Users\Enrique\Desktop\recon_by_kalkulation.jpg
[2011/10/12 13:30:05 | 000,110,130 | ---- | C] () -- C:\Users\Enrique\Desktop\hamsterflier1.jpg
[2011/10/11 19:28:48 | 000,017,457 | ---- | C] () -- C:\Users\Enrique\Desktop\tfalogolink.jpg
[2011/10/08 18:28:41 | 000,111,363 | ---- | C] () -- C:\Users\Enrique\Desktop\JESUS4.jpg
[2011/10/05 10:10:04 | 000,086,129 | ---- | C] () -- C:\Users\Enrique\Desktop\hame_t6.jpg
[2011/10/03 19:39:27 | 000,102,396 | ---- | C] () -- C:\Users\Enrique\Desktop\JESUS3.jpg
[2011/10/03 16:58:41 | 089,668,735 | ---- | C] () -- C:\Users\Enrique\Desktop\JESUS2.psd
[2011/06/29 10:41:18 | 000,000,078 | ---- | C] () -- C:\ProgramData\7822f4ff
[2011/05/29 23:25:21 | 000,011,440 | -HS- | C] () -- C:\ProgramData\5tj76a8lhem5hw5065kc0t1ls4prx67h17ci0hn6l4qr
[2011/05/29 23:25:21 | 000,011,438 | -HS- | C] () -- C:\Users\Enrique\AppData\Local\5tj76a8lhem5hw5065kc0t1ls4prx67h17ci0hn6l4qr
[2011/04/24 00:54:31 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\pxhpinst.exe
[2010/12/26 20:39:17 | 000,001,456 | ---- | C] () -- C:\Users\Enrique\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/12/26 20:10:54 | 000,000,431 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010/12/26 12:58:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/28 15:36:06 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2010/07/28 15:35:35 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll
[2010/07/28 15:34:23 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/07/28 15:34:23 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/07/28 15:34:22 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/07/28 15:34:22 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/07/28 15:32:49 | 000,009,987 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/07/28 15:32:47 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/07/28 15:32:46 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2010/07/28 15:32:46 | 000,007,698 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/07/28 15:30:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/06/15 23:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 14:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 14:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 14:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 10:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP207.INI

========== LOP Check ==========

[2011/02/10 00:52:31 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\acccore
[2011/01/24 20:21:29 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\Autodesk
[2011/10/28 02:28:26 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\Azureus
[2011/09/05 15:05:19 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\Canon
[2011/04/30 22:44:17 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/03 11:49:38 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\Filter Forge Freepack 2 - Photo Effects
[2011/07/12 03:20:09 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/07/07 15:57:13 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\PingKaching.45C46A55E3922496F6ADD09FCC67FAC1A9B38B70.1
[2010/12/26 20:10:45 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\ScanSoft
[2011/01/31 23:43:29 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/04/24 13:18:18 | 000,000,000 | ---D | M] -- C:\Users\Enrique\AppData\Roaming\Windows Live Writer
[2011/10/27 11:52:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3354869186-130629379-3507963822-1001Core.job
[2011/10/27 23:52:00 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3354869186-130629379-3507963822-1001UA.job
[2011/08/18 11:20:44 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2011/10/26 01:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2011/10/26 01:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/10/26 01:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2011/10/26 01:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/08/19 21:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/04/14 09:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: FIREFOX.EXE
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2011/04/14 09:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: FIREFOX.EXE -SAFE-MODE
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2011/10/26 01:10:47 | 001,036,344 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2011/10/26 01:10:47 | 001,036,344 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2011/10/26 01:10:47 | 001,036,344 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2011/10/26 01:10:47 | 001,036,344 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/08/19 21:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: IEXPLORE.EXE

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8CE646EE

< End of report >
  • 0

#12
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image
  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection
  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.
  • 0

#13
om20

om20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
It says to diable my antipy ware and antivirus of Microsoft security esentials. But the directions dont aplly. i cant even see an icon for those on my desk top. how do I disable those?
  • 0

#14
om20

om20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
I seem to having a hard time disabling my anti viruses.
  • 0

#15
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
You can uninstall your AV and AS programs. Then run Combofix.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP