1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

How to Remove These Viruses?

Discussion in 'Virus & Other Malware Removal' started by M. Rush, Aug 12, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. M. Rush

    M. Rush Thread Starter

    Joined:
    Jan 21, 2002
    Messages:
    76
    Hello All,

    I just ran Kaspersky and it found 5 trojans. Not sure if I did it right for the forum, but the report is below. (I couldn't find the option to make it scan only my C: drive and stopped the scan after 6 hours when it went into my external drive)

    I'm hoping for a really easy solution --fat chance, right. For example, I searched this forum for how to remove one of the viruses and came across this post. I honestly don't think I could follow all those steps; it would just make me all cranky and I'd probably start drinking too much.

    I use AVG and don't understand why it didn't find these and wipe them out.

    Thanks in advance.

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Thursday, August 12, 2010
    Operating system: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 2 (build 6002)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Thursday, August 12, 2010 05:41:37
    Records in database: 4129153
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\

    Scan statistics:
    Objects scanned: 211872
    Threats found: 5
    Infected objects found: 5
    Suspicious objects found: 0
    Scan duration: 06:04:10


    File name / Threat / Threats count
    C:\Program Files\AIM6\addressBook.exe Infected: Trojan.Win32.Vilsel.ajgl 1
    C:\Users\Matthew\AppData\Local\Temp\ir_ext_temp_0\autorun.exe Infected: not-a-virus:porn-Tool.Win32.Agent.ws 1
    C:\Users\Matthew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\339aa645-4b27af33 Infected: Trojan-Downloader.Java.Agent.fx 1
    C:\Users\Matthew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\339aa645-4b27af33 Infected: Exploit.Java.Agent.f 1
    C:\Users\Matthew\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\339aa645-4b27af33 Infected: Trojan-Downloader.Java.Agent.fy 1

    Scanning stopped by the user.
     
  2. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,775
  3. M. Rush

    M. Rush Thread Starter

    Joined:
    Jan 21, 2002
    Messages:
    76
    Thanks, Eddie.

    No, I didn't do those steps. Thought the Kaspersky report would suffice. I will, though, and get back to you asap. (Had more time in August.)

    Thanks for your reply. You guys are great. Hasta soon.
     
  4. M. Rush

    M. Rush Thread Starter

    Joined:
    Jan 21, 2002
    Messages:
    76
    Wow, that was a lot easier than I thought it would be. Sorry I procrastinated.

    Here is the data requested. Before anything, I want to thank you guys a lot for what you do.

    Hijack Log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:51:23, on 03/11/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18975)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
    C:\Program Files\CyberLink\Shared Files\brs.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Printers\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
    C:\Users\Matthew\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=83&bd=Presario&pf=cnnb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=83&bd=Presario&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=83&bd=Presario&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=83&bd=Presario&pf=cnnb
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"
    O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
    O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe
    O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Easybits Shared Services for Windows (ezSharedSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Servicio Google Update (gupdate1ca76c08cfc9102) (gupdate1ca76c08cfc9102) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqcxs08 - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Servicio HP CUE DeviceDiscovery (hpqddsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
    O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
    O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
    O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: Net Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe
    O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Windows\system32\NMSAccessU.exe
    O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
    O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
    O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe
    O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
    O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
    O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
    O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\uxtuneup.dll,-4096 (UxTuneUp) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
    O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
    O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
    O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 22756 bytes


    DDS


    DDS (Ver_09-09-29.01) - NTFSx86
    Run by Matthew at 8:53:29,89 on 03/11/2010
    Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_21
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.34.3082.18.2814.1036 [GMT 1:00]

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\FsUsbExService.Exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\system32\NMSAccessU.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\SMINST\BLService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
    C:\Program Files\CyberLink\Shared Files\brs.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Printers\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Matthew\Desktop\dds.com
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=83&bd=Presario&pf=cnnb
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=83&bd=Presario&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=83&bd=Presario&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=83&bd=Presario&pf=cnnb
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [<NO NAME>]
    mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe"
    mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: HideFastUserSwitching = 0 (0x0)
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: E&xportar a Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - c:\windows\system32\EZUPBH~1.DLL
    SEH: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\matthew\appdata\roaming\mozilla\firefox\profiles\e4z91xmy.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - plugin: c:\program files\codecs\divx\divx web player\npdivx32.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(yahoo.homepage.dontask, true
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/09/26 16:04:46];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-4-2 87536]
    R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
    R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-4-23 233472]
    R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-5 361808]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-4-23 36608]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-1-6 66664]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1ca76c08cfc9102;Servicio Google Update (gupdate1ca76c08cfc9102);c:\program files\google\update\GoogleUpdate.exe [2009-12-6 133104]
    S2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-5 193840]
    S3 FontCache;Servicio de caché de fuentes de Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-4-23 90112]
    S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-4-23 14976]
    S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-4-23 121856]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2010-10-27 09:18 1,696,256 a------- c:\windows\system32\gameux.dll
    2010-10-27 09:17 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-10-27 09:17 28,672 a------- c:\windows\system32\Apphlpdm.dll
    2010-10-13 07:12 954,752 a------- c:\windows\system32\mfc40.dll
    2010-10-13 07:12 954,288 a------- c:\windows\system32\mfc40u.dll
    2010-10-13 06:53 231,424 a------- c:\windows\system32\msshsq.dll
    2010-10-13 06:47 8,147,456 a------- c:\windows\system32\wmploc.DLL
    2010-10-13 06:43 2,038,272 a------- c:\windows\system32\win32k.sys
    2010-10-13 06:43 867,328 a------- c:\windows\system32\wmpmde.dll
    2010-10-13 06:33 531,968 a------- c:\windows\system32\comctl32.dll

    ==================== Find3M ====================

    2010-11-03 07:07 147,673 a------- c:\programdata\nvModes.dat
    2010-11-03 07:07 147,673 a------- c:\progra~2\nvModes.dat
    2010-11-02 15:24 679,740 a------- c:\windows\system32\perfh00A.dat
    2010-11-02 15:24 134,114 a------- c:\windows\system32\perfc00A.dat
    2010-10-19 21:51 222,080 -------- c:\windows\system32\MpSigStub.exe
    2010-09-26 15:00 29,480 a------- c:\windows\system32\msxml3a.dll
    2010-09-26 15:00 505,128 a------- c:\windows\system32\msvcp71.dll
    2010-09-26 15:00 353,576 a------- c:\windows\system32\msvcr71.dll
    2010-09-08 07:01 916,480 a------- c:\windows\system32\wininet.dll
    2010-09-08 06:57 43,520 a------- c:\windows\system32\licmgr10.dll
    2010-09-08 06:56 109,056 a------- c:\windows\system32\iesysprep.dll
    2010-09-08 06:56 71,680 a------- c:\windows\system32\iesetup.dll
    2010-09-08 05:26 133,632 a------- c:\windows\system32\ieUnatt.exe
    2010-09-06 17:20 125,952 a------- c:\windows\system32\srvsvc.dll
    2010-09-06 17:19 17,920 a------- c:\windows\system32\netevent.dll
    2010-09-06 14:45 304,128 a------- c:\windows\system32\drivers\srv.sys
    2010-09-06 14:45 145,408 a------- c:\windows\system32\drivers\srv2.sys
    2010-09-06 14:45 102,400 a------- c:\windows\system32\drivers\srvnet.sys
    2010-08-26 17:37 157,184 a------- c:\windows\system32\t2embed.dll
    2010-08-26 17:33 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
    2010-08-26 17:33 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
    2010-08-26 17:33 542,720 a------- c:\windows\apppatch\AcLayers.dll
    2010-08-26 17:33 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
    2010-08-17 15:11 128,000 a------- c:\windows\system32\spoolsv.exe
    2010-08-10 16:53 274,944 a------- c:\windows\system32\schannel.dll
    2010-06-09 14:57 143,360 a------- c:\windows\inf\infstor.dat
    2010-06-09 14:57 51,200 a------- c:\windows\inf\infpub.dat
    2010-06-09 14:57 143,360 a------- c:\windows\inf\infstrng.dat
    2010-04-25 13:54 344,064 a------- c:\users\matthew\windrvswld94.exe
    2010-04-25 02:29 665,600 a------- c:\windows\inf\drvindex.dat
    2010-01-03 15:48 19,809,936 a------- c:\users\matthew\MobileMasterInst.exe
    2009-03-10 11:26 32 a------- c:\programdata\ezsid.dat
    2009-03-10 11:26 32 a------- c:\progra~2\ezsid.dat
    2008-08-05 16:58 336,930 a------- c:\windows\inf\perflib\0c0a\perfi.dat
    2008-08-05 16:58 336,930 a------- c:\windows\inf\perflib\0c0a\perfh.dat
    2008-08-05 16:58 40,258 a------- c:\windows\inf\perflib\0c0a\perfd.dat
    2008-08-05 16:58 40,258 a------- c:\windows\inf\perflib\0c0a\perfc.dat
    2008-01-21 03:57 174 a--sh--- c:\program files\desktop.ini
    2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

    ============= FINISH: 8:53:56,53 ===============


    ark.txt File:

    GMER 1.0.15.15477 - http://www.gmer.net
    Rootkit scan 2010-11-03 19:54:12
    Windows 6.0.6002 Service Pack 2
    Running: 64jk8mfw.exe; Driver: C:\Users\Matthew\AppData\Local\Temp\uxldapow.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    PAGE spsys.sys!?SPVersion@@3PADA + 1ABF 9E64D03F 110 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...]
    PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 9E64D0AF 1 Byte [16]
    PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 9E64D0AF 128 Bytes [16, 3B, C8, 75, E2, B0, 01, ...]
    PAGE spsys.sys!?SPVersion@@3PADA + 1BB0 9E64D130 6 Bytes [0E, 83, 78, 14, 01, 75]
    PAGE spsys.sys!?SPVersion@@3PADA + 1BB7 9E64D137 2298 Bytes [83, 78, 18, 37, 75, 02, B3, ...]
    PAGE ...

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73A77817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73ACA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73A7BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73A6F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73A775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73A6E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73AA8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73A7DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73A6FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73A6FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73A671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73AFCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73A9C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73A6D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73A66853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73A6687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73A72AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF dinámico/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  5. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,775
    Download TFC by OldTimer to your desktop
    • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • It will close all programs when run, so make sure you have saved all your work before you begin.
    • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
    • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.



    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.

    Please include the MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log in your next reply

    eddie
     
  6. M. Rush

    M. Rush Thread Starter

    Joined:
    Jan 21, 2002
    Messages:
    76
    All done. The results are below.

    One thing that may be of interest: Since shortly before I started this thread, I haven't been able to run the Task Manager with Ctrl+Alt+Delete. It only opens the Users pane. A tech friend told me that probably means a virus, but after running these programs I still can't open Task Manager.

    MBAM Log:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5087

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18975

    10/11/2010 10:10:59
    mbam-log-2010-11-10 (10-10-59).txt

    Scan type: Quick scan
    Objects scanned: 149347
    Time elapsed: 16 minute(s), 59 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    SUPERAntiSpyware Log:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/10/2010 at 01:54 PM

    Application Version : 4.45.1000

    Core Rules Database Version : 5838
    Trace Rules Database Version: 3650

    Scan type : Complete Scan
    Total Scan Time : 03:18:54

    Memory items scanned : 586
    Memory threats detected : 0
    Registry items scanned : 9548
    Registry threats detected : 0
    File items scanned : 201102
    File threats detected : 129

    Adware.Tracking Cookie
    C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
    C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Cookies\matthew@serving-sys[2].txt
    .imrworldwide.com [ C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .tribalfusion.com [ C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .atdmt.com [ C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .msnaccountservices.112.2o7.net [ C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .ingdirectspain.122.2o7.net [ C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .atdmt.com [ C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .imrworldwide.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .imrworldwide.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .xiti.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .lgelectronics.122.2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .dmtracker.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .revsci.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .revsci.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .revsci.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .revsci.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .prisacom.112.2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    in.getclicky.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .tns-counter.ru [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .revsci.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .atdmt.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .atdmt.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    statse.webtrendslive.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .revsci.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .statcounter.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .revsci.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .smokinggun.122.2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    reporting.mediacannon.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .care2.112.2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .revsci.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .ehg-newscientist.hitbox.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .ehg-newscientist.hitbox.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .hitbox.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .revsci.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .soundtrack.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .soundtrack.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .soundtrack.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .msnaccountservices.112.2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .educationcom.112.2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .invitemedia.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .invitemedia.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .invitemedia.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .timeinc.122.2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .revsci.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .ingdirectspain.122.2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .doubleclick.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .statcounter.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .revsci.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .fim.122.2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .mediaite.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .mediaite.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .mediaite.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    www.mediaite.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .videos.mediaite.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .videos.mediaite.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .mtvn.112.2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .revsci.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .readersdigest.122.2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .sexatdawn.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .sexatdawn.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .apmebf.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .apmebf.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .highbeam.122.2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .trackalyzer.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    counter.search.bg [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .putmanmedia.122.2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .ehg-reed.hitbox.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .ehg-reed.hitbox.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    webstats.wthosting.co.uk [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    webstats.wthosting.co.uk [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .advertising.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .microsoftwindows.112.2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .revsci.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .invitemedia.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .revsci.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .kantarmedia.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .tradedoubler.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .tradedoubler.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    stat.onestat.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    stat.onestat.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .chicagosuntimes.122.2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    stats.softcatala.cat [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .richmedia.yahoo.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    web4.realtracker.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .legolas-media.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .s.clickability.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .s.clickability.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .legolas-media.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    track.adform.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    track.adform.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .find.galegroup.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .find.galegroup.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .associatedcontent.112.2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .revsci.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .economist.122.2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    www9.addfreestats.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .revsci.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .cbsdigitalmedia.112.2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    sitestat.mayoclinic.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .bonniercorp.122.2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .kantarmedia.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .oddcast.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    counter2.hitslink.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    stat.dealtime.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .revsci.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .liveperson.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .liveperson.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    counter.hitslink.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .liveperson.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .superstats.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .2o7.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    pluckit.demandmedia.com [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .revsci.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .revsci.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]
    .revsci.net [ C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\e4z91xmy.default\cookies.sqlite ]


    HijackThis Log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 16:10:45, on 10/11/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18975)
    Boot mode: Normal

    Running processes:
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\Matthew\Desktop\HijackThis.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=83&bd=Presario&pf=cnnb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=83&bd=Presario&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=83&bd=Presario&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=83&bd=Presario&pf=cnnb
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
    O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe
    O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Easybits Shared Services for Windows (ezSharedSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Servicio Google Update (gupdate1ca76c08cfc9102) (gupdate1ca76c08cfc9102) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqcxs08 - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Servicio HP CUE DeviceDiscovery (hpqddsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
    O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe
    O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
    O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: Net Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe
    O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe
    O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
    O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe
    O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
    O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
    O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe
    O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\uxtuneup.dll,-4096 (UxTuneUp) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe
    O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
    O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
    O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
    O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 22557 bytes
     
  7. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,775
    The Task Manager problem may be related to malware, past or present.

    So, lets have an indepth look with this:


    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

    eddie
     
  8. M. Rush

    M. Rush Thread Starter

    Joined:
    Jan 21, 2002
    Messages:
    76
    Here they are. ... One thing I noticed while it was running, it said it was only checking newly modified files. I'm sure you already know that, but just in case one of the wrong settings was selected.

    Otl

    OTL logfile created on: 10/11/2010 22:25:19 - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Matthew\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18975)
    Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
    6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 224,53 Gb Total Space | 151,69 Gb Free Space | 67,56% Space Free | Partition Type: NTFS
    Drive D: | 8,35 Gb Total Space | 1,58 Gb Free Space | 18,97% Space Free | Partition Type: NTFS
    Drive F: | 931,51 Gb Total Space | 213,49 Gb Free Space | 22,92% Space Free | Partition Type: NTFS

    Computer Name: LAPTOP | User Name: Matthew | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/10 22:24:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Matthew\Desktop\OTL.exe
    PRC - [2010/10/28 23:18:56 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Archivos de programa\Mozilla Firefox\plugin-container.exe
    PRC - [2010/10/28 23:18:53 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Archivos de programa\Mozilla Firefox\firefox.exe
    PRC - [2010/09/15 03:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft Security Essentials\msseces.exe
    PRC - [2010/08/20 20:45:26 | 001,164,584 | ---- | M] () -- C:\Archivos de programa\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Archivos de programa\Microsoft Security Essentials\MsMpEng.exe
    PRC - [2010/03/25 20:40:42 | 000,203,312 | ---- | M] (Microsoft Corporation) -- c:\Archivos de programa\Microsoft Security Essentials\MpCmdRun.exe
    PRC - [2009/10/30 14:08:26 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    PRC - [2009/10/30 14:05:48 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/04/07 08:39:44 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
    PRC - [2008/04/26 00:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
    PRC - [2008/01/21 03:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe
    PRC - [2008/01/21 03:35:20 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Media Player\wmpnscfg.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/10 22:24:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Matthew\Desktop\OTL.exe
    MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/06/19 15:43:51 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Archivos de programa\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
    SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
    SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/10 11:33:02 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/10/30 14:05:48 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
    SRV - [2009/10/30 14:01:00 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
    SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2009/04/07 08:39:44 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
    SRV - [2008/04/26 00:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
    SRV - [2008/04/07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2008/02/03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
    SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Archivos de programa\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Advanced System Optimizer 3\adasprot32.sys -- (ADASPROT)
    DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/03/25 20:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
    DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Archivos de programa\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009/11/21 03:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009/11/12 05:14:28 | 000,066,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2009/10/14 06:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
    DRV - [2009/09/05 16:55:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009/04/07 08:39:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2009/03/20 09:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
    DRV - [2009/03/20 09:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
    DRV - [2009/03/20 09:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
    DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
    DRV - [2008/06/05 19:01:50 | 000,062,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
    DRV - [2008/04/24 23:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2008/04/17 19:05:16 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2008/01/29 14:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2008/01/21 03:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2008/01/21 03:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2008/01/21 03:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
    DRV - [2008/01/21 03:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2008/01/21 03:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2008/01/21 03:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2008/01/21 03:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2008/01/21 03:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2008/01/21 03:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2008/01/21 03:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2008/01/21 03:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2008/01/21 03:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2008/01/21 03:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2008/01/21 03:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2008/01/21 03:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2008/01/21 03:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2008/01/21 03:32:48 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
    DRV - [2008/01/21 03:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2008/01/21 03:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2008/01/21 03:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2008/01/21 03:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2008/01/21 03:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2008/01/21 03:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2008/01/21 03:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2007/11/01 02:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
    DRV - [2007/11/01 02:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
    DRV - [2007/11/01 02:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
    DRV - [2007/10/18 00:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/09/17 14:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/02 08:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=83&bd=Presario&pf=cnnb
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=83&bd=Presario&pf=cnnb

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=83&bd=Presario&pf=cnnb
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=83&bd=Presario&pf=cnnb
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..network.proxy.http: "221.171.160.156"
    FF - prefs.js..network.proxy.http_port: 8080


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 23:19:01 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 23:19:01 | 000,000,000 | ---D | M]

    [2009/01/31 19:06:52 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\mozilla\Extensions
    [2010/11/10 19:19:44 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\mozilla\Firefox\Profiles\e4z91xmy.default\extensions
    [2010/08/18 19:28:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matthew\AppData\Roaming\mozilla\Firefox\Profiles\e4z91xmy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/08/18 19:28:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Matthew\AppData\Roaming\mozilla\Firefox\Profiles\e4z91xmy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/11/04 22:21:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Matthew\AppData\Roaming\mozilla\Firefox\Profiles\e4z91xmy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/11/08 20:24:35 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mozilla Firefox\extensions
    [2010/08/21 18:00:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/11/08 20:24:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/08/13 18:52:28 | 000,001,538 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/08/13 18:52:28 | 000,000,947 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2010/08/13 18:52:29 | 000,000,769 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/08/13 18:52:29 | 000,001,135 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2010/01/02 01:07:03 | 000,000,709 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Archivos de programa\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Archivos de programa\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [WMPNSCFG] C:\Archivos de programa\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Matthew\Pictures\time_machine_wall.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Matthew\Pictures\time_machine_wall.jpg
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
    O28 - HKLM ShellExecuteHooks: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2007/02/12 20:53:42 | 000,000,277 | ---- | M] () - D:\autorun.inf -- [ NTFS ]
    O33 - MountPoints2\{29a7b40a-64a2-11df-b498-001f16528726}\Shell - "" = AutoRun
    O33 - MountPoints2\{29a7b40a-64a2-11df-b498-001f16528726}\Shell\AutoRun\command - "" = G:\V-Secure.exe -- File not found
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (sasnative32) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/10 22:23:56 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Matthew\Desktop\OTL.exe
    [2010/11/10 10:17:04 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\SUPERAntiSpyware.com
    [2010/11/10 10:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2010/11/10 10:16:46 | 000,000,000 | ---D | C] -- C:\Archivos de programa\SUPERAntiSpyware
    [2010/11/10 09:25:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Matthew\Desktop\TFC.exe
    [2010/11/10 09:19:40 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\Virus Logs 10 Nov
    [2010/11/10 09:18:18 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\Virus Logs 3 Nov
    [2010/11/07 10:27:40 | 000,000,000 | ---D | C] -- C:\Archivos de programa\2BrightSparks
    [2010/11/03 08:44:31 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Matthew\Desktop\HijackThis.exe
    [2010/11/02 12:58:14 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\FileZilla
    [2010/11/02 12:57:27 | 000,000,000 | ---D | C] -- C:\Archivos de programa\FileZilla FTP Client

    ========== Files - Modified Within 30 Days ==========

    [2010/11/10 22:25:58 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/10 22:25:00 | 000,000,448 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C0555753-6B24-4923-8D88-0FB064ADAA90}.job
    [2010/11/10 22:24:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Matthew\Desktop\OTL.exe
    [2010/11/10 22:19:56 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/11/10 22:19:55 | 000,147,673 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2010/11/10 22:19:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/11/10 18:55:38 | 000,137,216 | ---- | M] () -- C:\Users\Matthew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/11/10 18:28:32 | 000,679,740 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
    [2010/11/10 18:28:32 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/11/10 18:28:32 | 000,134,114 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
    [2010/11/10 18:28:32 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/11/10 18:19:37 | 000,147,673 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2010/11/10 18:07:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/11/10 18:07:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/11/10 16:07:49 | 2951,098,368 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/10 10:16:51 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/11/10 09:51:26 | 001,731,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/11/10 09:25:50 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Matthew\Desktop\TFC.exe
    [2010/11/10 09:22:34 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/10 03:00:01 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\SyncBack Editorial Backup.job
    [2010/11/10 03:00:01 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\SyncBack Finances Backup.job
    [2010/11/09 00:18:50 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\SyncBack Images Backup.job
    [2010/11/08 03:00:09 | 000,000,454 | ---- | M] () -- C:\Windows\tasks\SyncBack All Documents Backup.job
    [2010/11/05 10:04:05 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2010/11/03 11:59:03 | 292,325,238 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/11/03 08:48:27 | 000,294,912 | ---- | M] () -- C:\Users\Matthew\Desktop\64jk8mfw.exe
    [2010/11/03 08:45:59 | 000,361,369 | ---- | M] () -- C:\Users\Matthew\Desktop\dds.com
    [2010/11/03 08:44:53 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Matthew\Desktop\HijackThis.exe
    [2010/10/26 22:01:55 | 000,014,802 | ---- | M] () -- C:\Users\Matthew\Documents\Tomato Details 2010.xlsx

    ========== Files Created - No Company Name ==========

    [2010/11/10 10:16:51 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/11/10 09:49:53 | 2951,098,368 | -HS- | C] () -- C:\hiberfil.sys
    [2010/11/10 09:22:34 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/08 16:59:57 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\SyncBack Images Backup.job
    [2010/11/07 14:54:18 | 000,000,444 | ---- | C] () -- C:\Windows\tasks\SyncBack Finances Backup.job
    [2010/11/07 14:49:00 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\SyncBack Editorial Backup.job
    [2010/11/07 14:46:52 | 000,000,454 | ---- | C] () -- C:\Windows\tasks\SyncBack All Documents Backup.job
    [2010/11/03 09:47:37 | 292,325,238 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2010/11/03 08:48:23 | 000,294,912 | ---- | C] () -- C:\Users\Matthew\Desktop\64jk8mfw.exe
    [2010/11/03 08:45:38 | 000,361,369 | ---- | C] () -- C:\Users\Matthew\Desktop\dds.com
    [2010/10/18 12:25:46 | 000,014,802 | ---- | C] () -- C:\Users\Matthew\Documents\Tomato Details 2010.xlsx
    [2010/04/23 14:48:37 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
    [2010/04/23 14:48:37 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
    [2010/04/01 12:13:07 | 000,000,025 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
    [2010/03/07 14:55:07 | 000,114,688 | ---- | C] () -- C:\Windows\System32\OdiOlDVR.dll
    [2010/03/07 14:55:07 | 000,053,248 | ---- | C] () -- C:\Windows\System32\OdiAPI.dll
    [2010/02/17 11:05:47 | 000,000,282 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2009/12/31 02:21:56 | 000,000,000 | ---- | C] () -- C:\Users\Matthew\AppData\Local\prvlcl.dat
    [2009/08/18 23:10:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
    [2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
    [2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
    [2009/03/15 14:23:27 | 000,001,732 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2009/03/10 11:26:19 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
    [2009/02/27 20:32:08 | 000,147,673 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009/02/27 20:31:51 | 000,147,673 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2009/02/23 07:46:45 | 000,000,680 | ---- | C] () -- C:\Users\Matthew\AppData\Local\d3d9caps.dat
    [2009/01/31 22:39:11 | 000,137,216 | ---- | C] () -- C:\Users\Matthew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/01/18 21:26:07 | 000,013,312 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
    [2009/01/18 19:21:49 | 000,000,000 | ---- | C] () -- C:\Users\Matthew\AppData\Local\QSwitch.txt
    [2009/01/18 19:21:49 | 000,000,000 | ---- | C] () -- C:\Users\Matthew\AppData\Local\DSwitch.txt
    [2009/01/18 19:21:49 | 000,000,000 | ---- | C] () -- C:\Users\Matthew\AppData\Local\AtStart.txt
    [2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
    [2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/03/09 10:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2002/10/15 23:54:04 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

    ========== LOP Check ==========

    [2010/11/02 13:15:37 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\FileZilla
    [2010/04/01 12:13:43 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Final Draft
    [2010/08/05 11:24:36 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Image Zone Express
    [2010/04/23 15:33:21 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\PC Suite
    [2010/01/28 18:16:22 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Printer Info Cache
    [2010/04/24 09:11:46 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Samsung
    [2010/10/30 19:59:37 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Spotify
    [2010/06/19 16:59:07 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Systweak
    [2010/06/19 15:42:35 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\TuneUp Software
    [2010/11/10 22:24:50 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\uTorrent
    [2010/11/10 16:06:46 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2010/11/08 03:00:09 | 000,000,454 | ---- | M] () -- C:\Windows\Tasks\SyncBack All Documents Backup.job
    [2010/11/10 03:00:01 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\SyncBack Editorial Backup.job
    [2010/11/10 03:00:01 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\SyncBack Finances Backup.job
    [2010/11/09 00:18:50 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\SyncBack Images Backup.job
    [2010/11/10 22:25:00 | 000,000,448 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C0555753-6B24-4923-8D88-0FB064ADAA90}.job

    ========== Purity Check ==========



    < End of report >

    Extras

    OTL Extras logfile created on: 10/11/2010 22:25:19 - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Matthew\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18975)
    Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
    6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 224,53 Gb Total Space | 151,69 Gb Free Space | 67,56% Space Free | Partition Type: NTFS
    Drive D: | 8,35 Gb Total Space | 1,58 Gb Free Space | 18,97% Space Free | Partition Type: NTFS
    Drive F: | 931,51 Gb Total Space | 213,49 Gb Free Space | 22,92% Space Free | Partition Type: NTFS

    Computer Name: LAPTOP | User Name: Matthew | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "UacDisableNotify" = 0
    "InternetSettingsDisableNotify" = 0
    "AutoUpdateDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0137259E-B21B-4FF1-8BBC-480CD36A8765}" = rport=137 | protocol=17 | dir=out | app=system |
    "{0D14B407-D286-40CF-B5A7-B8464EDC6DB1}" = lport=137 | protocol=17 | dir=in | app=system |
    "{1341FF4E-177E-495F-AD93-70CA3662CAF4}" = lport=138 | protocol=17 | dir=in | app=system |
    "{1D1CDFEC-FF22-4826-96A7-BC6E6C1DBDC3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{29ECCCEA-F247-4A8C-B49A-D750F6B667A2}" = lport=139 | protocol=6 | dir=in | app=system |
    "{3DDB257C-1850-48A7-B7C8-44B380833149}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{744D4A5D-C2C1-4CCE-91B7-571F0A294531}" = rport=445 | protocol=6 | dir=out | app=system |
    "{8F497401-2D87-4EF0-BB1C-2238D7ABB082}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{A7FAF9F4-DFEE-42AA-87B4-753D5AB720E6}" = rport=139 | protocol=6 | dir=out | app=system |
    "{B38EF214-196F-48A5-A301-E66F111D04A1}" = rport=138 | protocol=17 | dir=out | app=system |
    "{CCA4C951-DDD5-4B32-8C8B-2A267CCA426E}" = lport=445 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0F965484-751D-4C7C-B929-2CEFA1AA308F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{24B87701-5C7F-4A21-94A3-19BFA51AC556}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
    "{2BF2F507-B0BB-45C4-AD32-93204376B055}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
    "{326034CD-9A87-4931-A630-C40EDDBFAC2C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{55EDAA88-4A96-4E55-96F1-DE54E41A904C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{7657DF3B-E233-44D4-AB49-70B6A767342A}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{7AE44778-704D-4441-A224-BC4C0213DF94}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{81030C6C-5F33-42CE-81EF-E0F78AB420AD}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
    "{8421FD21-6EE5-41F6-8C3A-72C840F3944D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{8EDB3533-9CC0-4525-A4E1-133FBFEB6B65}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{90C9F214-3B87-45CB-9D2B-B5FBD71A8682}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{A23C2D78-15CF-4466-A1BF-00CD0A062A23}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
    "{ACD36F31-1151-4EF5-A677-0B3441CFA343}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
    "{AEAF3A49-E948-4B32-A9A3-26B4A5BDE994}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{B843DDCB-98EE-4CA8-A323-89A6209DC50A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{B8ED2A24-E5AD-43F9-A19E-63A0E3AF37FC}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
    "{BB051594-140B-479C-88DD-5AE47DFEC597}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
    "{CBB7DB53-5D75-4B05-A3FA-E13DD816A8FD}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
    "{D188E4BD-C348-49F9-90CB-61EF41B52649}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{D8866ED7-B390-42A6-A110-B0184B2F25D5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{F9881D7D-D95E-439F-A242-42AC1F3FC34F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "TCP Query User{2E1AAD96-6C48-4C21-B478-31955FBEBBE4}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
    "TCP Query User{305A0A30-C9ED-4C05-B025-A4DCD6C0DE64}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "TCP Query User{4FE2C4F5-8A39-4048-9E86-B9907C4F3C57}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
    "TCP Query User{584FEEDE-6569-421D-BB89-A9F282493AA5}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
    "TCP Query User{5E37CBF4-129E-4986-858D-11174DF3D6A3}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "TCP Query User{804EFF46-920E-4C87-89F3-44C90D3E13A2}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "TCP Query User{8DD09C94-2CFD-4C4C-A262-E57521CB601A}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
    "TCP Query User{90E8CEDF-AB51-4898-BC35-A114E8A21A3E}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
    "TCP Query User{AD389974-8C23-4993-9E6D-EBF002831C2A}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "TCP Query User{E159027A-A433-4F76-B6EB-5974BD61E67A}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
    "TCP Query User{EED74DBF-6424-4080-B9BC-FEC9BA99AA49}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
    "UDP Query User{0A76AB95-63E8-4AB5-8A68-34028C15D6FD}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
    "UDP Query User{21549935-D024-4185-B1B9-36E5A047B394}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "UDP Query User{24458A5E-3C56-4A80-BBDA-73D41225A430}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "UDP Query User{4F6664FD-E9D2-471F-970F-74994566F8A4}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
    "UDP Query User{6370301A-AB16-4277-B07F-5611ADA52493}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
    "UDP Query User{8105ADB9-FE36-4AE5-93D6-39E00557A3F7}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "UDP Query User{81B61204-A529-4B8B-B01C-9E2BF74EB08F}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
    "UDP Query User{A59A3B27-755C-4F30-A72A-8CEF49BE52AE}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "UDP Query User{AE16A958-53AD-41D5-94FF-CD9C1DC17148}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
    "UDP Query User{B2DA0E4A-63F9-428D-ABA2-569EB1D731FF}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
    "UDP Query User{CA8ABB71-759B-4313-BE42-C7797AF83DE5}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
    "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
    "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
    "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{25F6A201-C40C-4669-936D-473877CFEB4C}" = Galería fotográfica de Windows Live
    "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
    "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 22
    "{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help
    "{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
    "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
    "{38BB21D5-B0D1-41DA-A0B0-1EFB5EF4AAC2}" = Microsoft Works
    "{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3F6FF1E6-4364-402C-B915-FA1A40016DFA}" = Windows Live Toolbar
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
    "{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
    "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6AEE2B0B-B3C1-4367-B1EF-FC4ED98DEED1}" = C4100
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7AEBFFF0-15A1-48A9-88F3-06604486C7C9}" = WMPTagSupportExtender
    "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8DF92D68-F8EE-4F9C-89A2-26254C1C4B6B}" = HP Help and Support
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8F94D5AC-C1C6-432D-8924-2F5EEBC28446}" = Windows Live Essentials
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
    "{90120000-0016-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
    "{90120000-0018-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
    "{90120000-001B-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
    "{90120000-001F-0403-0000-0000000FF1CE}_HOMESTUDENTR_{4B47C31E-46B0-462B-BEE4-DC383B6A1F2A}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
    "{90120000-001F-0416-0000-0000000FF1CE}_HOMESTUDENTR_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
    "{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0C0A-0000-0000000FF1CE}" = Paquete de compatibilidad para 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
    "{90120000-006E-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
    "{90120000-00A1-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{92E4A65F-7007-3357-A69A-167F71A337BD}" = Microsoft .NET Framework 3.5 Language Pack SP1 - esn
    "{95120000-00AF-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Spanish)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{953D4586-9A16-495E-BA1F-EE5AA66604DB}" = Windows Live Sync
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{95B012AD-3A4A-31D7-9167-5D07D2A71F47}" = Microsoft .NET Framework 4 Client Profile ESN Language Pack
    "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
    "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
    "{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
    "{AC76BA86-7AD7-1034-7B44-A81300000003}" = Adobe Reader 8.1.3 - Español
    "{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
    "{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
    "{B8583CB3-8ABE-407E-8BC6-F9A83EAC9133}" = Windows Live Writer
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
    "{C716522C-3731-4667-8579-40B098294500}" = Toolbox
    "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype&#8482; 4.2
    "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
    "{D24DDB61-8868-46CF-BC36-BECC1674F0C1}" = Creative ZEN
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DB5EE5C0-DB00-4F22-8C40-C35AD3B5B981}" = Windows Live Movie Maker
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
    "{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
    "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
    "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
    "{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
    "{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
    "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Paquete de controladores de Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
    "AIM_6" = AIM 6
    "CCleaner" = CCleaner
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "DivX Setup.divx.com" = Instalación de DivX
    "EasyBits Magic Desktop" = Magic Desktop
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Google Chrome" = Google Chrome
    "GSpot" = GSpot Codec Information Appliance
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Imaging Device Functions" = HP Imaging Device Functions 8.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
    "HPExtendedCapabilities" = HP Customer Participation Program 8.0
    "HPOCR" = HP OCR Software 8.0
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "KLiteCodecPack_is1" = K-Lite Codec Pack 6.4.0 (Basic)
    "M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player_is1" = M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1
    "Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
    "Magic ISO Maker v5.5 (build 0272)" = Magic ISO Maker v5.5 (build 0272)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 Language Pack SP1 - esn" = Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN
    "Microsoft Security Essentials" = Microsoft Security Essentials
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "RealPlayer 12.0" = RealPlayer
    "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
    "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
    "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
    "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
    "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
    "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
    "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
    "SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
    "Spotify" = Spotify
    "SyncBack_is1" = SyncBack
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "SysInfo" = Creative System Information
    "TuneUp Utilities" = TuneUp Utilities
    "uTorrent" = µTorrent
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "VLC media player" = VLC media player 1.1.4
    "VobSub" = VobSub v2.23 (Remove Only)
    "WildTangent hp Master Uninstall" = My HP Games
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "ZENcast Organizer" = ZENcast Organizer

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "FileZilla Client" = FileZilla Client 3.3.4.1

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 03/11/2010 6:56:35 | Computer Name = Laptop | Source = Application Error | ID = 1000
    Description = Aplicación con errores 64jk8mfw.exe, versión 1.0.15.15477, marca de
    hora 0x4cbda469, módulo con errores 64jk8mfw.exe, versión 1.0.15.15477, marca de
    tiempo 0x4cbda469, código de excepción 0xc0000005, desplazamiento con errores 0x0000c551,
    Id.
    de proceso 0xd20, hora de inicio de la aplicación 0x01cb7b456ed2526b.

    Error - 03/11/2010 7:00:46 | Computer Name = Laptop | Source = WinMgmt | ID = 10
    Description =

    Error - 08/11/2010 12:51:18 | Computer Name = Laptop | Source = Application Error | ID = 1000
    Description = Aplicación con errores Explorer.EXE, versión 6.0.6002.18005, marca
    de hora 0x49e01da5, módulo con errores unknown, versión 0.0.0.0, marca de tiempo
    0x00000000, código de excepción 0xc0000005, desplazamiento con errores 0x12aec260,
    Id.
    de proceso 0xac0, hora de inicio de la aplicación 0x01cb7b4633d69182.

    Error - 08/11/2010 16:08:33 | Computer Name = Laptop | Source = Application Error | ID = 1000
    Description = Aplicación con errores explorer.exe, versión 6.0.6002.18005, marca
    de hora 0x49e01da5, módulo con errores unknown, versión 0.0.0.0, marca de tiempo
    0x00000000, código de excepción 0xc0000005, desplazamiento con errores 0x0dc8c260,
    Id.
    de proceso 0x1504, hora de inicio de la aplicación 0x01cb7f6530387d40.

    Error - 08/11/2010 19:20:15 | Computer Name = Laptop | Source = WinMgmt | ID = 10
    Description =

    Error - 09/11/2010 10:43:21 | Computer Name = Laptop | Source = WinMgmt | ID = 10
    Description =

    Error - 10/11/2010 4:27:59 | Computer Name = Laptop | Source = Application Error | ID = 1000
    Description = Aplicación con errores TFC.exe, versión 3.1.7.0, marca de hora 0x2a425e19,
    módulo con errores ole32.dll, versión 6.0.6002.18277, marca de tiempo 0x4c28d53e,
    código de excepción 0xc0000005, desplazamiento con errores 0x00004669, Id. de proceso
    0xcd4, hora de inicio de la aplicación 0x01cb80b101b559a0.

    Error - 10/11/2010 4:41:02 | Computer Name = Laptop | Source = WinMgmt | ID = 10
    Description =

    Error - 10/11/2010 4:41:32 | Computer Name = Laptop | Source = EventSystem | ID = 4609
    Description =

    Error - 10/11/2010 4:51:29 | Computer Name = Laptop | Source = WinMgmt | ID = 10
    Description =

    [ OSession Events ]
    Error - 27/07/2010 4:35:08 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 03/08/2010 6:20:40 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 625
    seconds with 420 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 10/11/2010 4:51:29 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
    Description =

    Error - 10/11/2010 4:52:13 | Computer Name = Laptop | Source = Service Control Manager | ID = 7022
    Description =

    Error - 10/11/2010 6:26:52 | Computer Name = Laptop | Source = DCOM | ID = 10005
    Description =

    Error - 10/11/2010 6:26:52 | Computer Name = Laptop | Source = Service Control Manager | ID = 7009
    Description =

    Error - 10/11/2010 6:26:52 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
    Description =

    Error - 10/11/2010 10:59:43 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
    Description =

    Error - 10/11/2010 11:00:03 | Computer Name = Laptop | Source = Service Control Manager | ID = 7022
    Description =

    Error - 10/11/2010 11:08:14 | Computer Name = Laptop | Source = Microsoft-Windows-Kernel-General | ID = 5
    Description =

    Error - 10/11/2010 11:09:27 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000
    Description =

    Error - 10/11/2010 11:09:38 | Computer Name = Laptop | Source = Service Control Manager | ID = 7022
    Description =


    < End of report >
     
  9. M. Rush

    M. Rush Thread Starter

    Joined:
    Jan 21, 2002
    Messages:
    76
    There was a glitch when I posted. Not sure why it came up twice.

    ... Just out of curiosity, posting my innards up like this isn't risky, is it? I was a little uncomfortable seeing file names up there, but no biggy. When I saw something about ports, though, I was wondering if that's like handing over the keys.
     
  10. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,775
    Its okay about the double posting, I'll remove one for you ;)

    As for the details, the ports are just what is set up for your programs to access the internet, and the majority of information is nothing that can be used against you.

    Also, no product keys are displayed ;)

    Will have a look at this now :)
     
  11. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,775
    Okay, still going thru the log, but as you're online at the moment, can you run this tool:

    Please download GooredFix from one of the locations below and save it to your Desktop
    Download Mirror #1
    Download Mirror #2
    • Ensure all Firefox windows are closed.
    • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
    • When prompted to run the scan, click Yes.
    • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

    eddie
     
  12. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,775
    Okay, firstly go to AddRemove programs via the Control Panel, and uninstall these:

    Viewpoint Media Player
    Apple Software Update



    ---------------------

    Then, run this program:

    Download SREng
    • Extract it to Desktop and double click SREngLdr.EXE to run it
    • Select System Repair from the left pane.
    • Click on File Association
    • Select all entries that has an Error status click [Repair]
    • Refer to this image for an example:

      [​IMG]
    • Close SREng now.


    ---------------------------


    Then this program:


    Please download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Open JavaRa.exe again and select Search For Updates.
    • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.



    ---------------------------


    And then finally this:


    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
      Code:
      :OTL
      O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O4 - HKLM..\Run: [] File not found
      O33 - MountPoints2\{29a7b40a-64a2-11df-b498-001f16528726}\Shell\AutoRun\command - "" = G:\V-Secure.exe -- File not found
      O33 - MountPoints2\G\Shell - "" = AutoRun
      O33 - MountPoints2\{29a7b40a-64a2-11df-b498-001f16528726}\Shell - "" = AutoRun
      :Commands 
      [purity] 
      [resethosts] 
      [emptytemp] 
      [EMPTYFLASH] 
      [CREATERESTOREPOINT] 
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


    eddie
     
  13. M. Rush

    M. Rush Thread Starter

    Joined:
    Jan 21, 2002
    Messages:
    76
    Hi Eddie. All done. Not sure if this is important or not, but when Java was installing, it said that this version was already installed. Seemed kind of strange, since I'd just removed older versions.

    Here's the OTL log:

    OTL logfile created on: 11/11/2010 15:17:54 - Run 2
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Matthew\Desktop\Security & Maintenance
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18975)
    Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
    6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 224,53 Gb Total Space | 155,60 Gb Free Space | 69,30% Space Free | Partition Type: NTFS
    Drive D: | 8,35 Gb Total Space | 1,58 Gb Free Space | 18,97% Space Free | Partition Type: NTFS
    Drive F: | 931,51 Gb Total Space | 261,68 Gb Free Space | 28,09% Space Free | Partition Type: NTFS

    Computer Name: LAPTOP | User Name: Matthew | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/10 22:24:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Matthew\Desktop\Security & Maintenance\OTL.exe
    PRC - [2010/10/28 23:18:53 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Archivos de programa\Mozilla Firefox\firefox.exe
    PRC - [2010/09/15 03:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft Security Essentials\msseces.exe
    PRC - [2010/08/20 20:45:26 | 001,164,584 | ---- | M] () -- C:\Archivos de programa\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Archivos de programa\Microsoft Security Essentials\MsMpEng.exe
    PRC - [2009/10/30 14:08:26 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    PRC - [2009/10/30 14:05:48 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2009/04/11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
    PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/04/07 08:39:44 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
    PRC - [2008/04/26 00:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
    PRC - [2008/01/21 03:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe
    PRC - [2008/01/21 03:35:20 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Media Player\wmpnscfg.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/10 22:24:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Matthew\Desktop\Security & Maintenance\OTL.exe
    MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/06/19 15:43:51 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Archivos de programa\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
    SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
    SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/10 11:33:02 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/10/30 14:05:48 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
    SRV - [2009/10/30 14:01:00 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
    SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2009/04/07 08:39:44 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
    SRV - [2008/04/26 00:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
    SRV - [2008/04/07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2008/02/03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
    SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Archivos de programa\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Advanced System Optimizer 3\adasprot32.sys -- (ADASPROT)
    DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/03/25 20:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
    DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Archivos de programa\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009/11/21 03:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009/11/12 05:14:28 | 000,066,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2009/10/14 06:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
    DRV - [2009/09/05 16:55:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009/04/07 08:39:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2009/03/20 09:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
    DRV - [2009/03/20 09:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
    DRV - [2009/03/20 09:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
    DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
    DRV - [2008/06/05 19:01:50 | 000,062,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
    DRV - [2008/04/24 23:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2008/04/17 19:05:16 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2008/01/29 14:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2008/01/21 03:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2008/01/21 03:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2008/01/21 03:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
    DRV - [2008/01/21 03:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2008/01/21 03:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2008/01/21 03:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2008/01/21 03:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2008/01/21 03:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2008/01/21 03:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2008/01/21 03:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2008/01/21 03:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2008/01/21 03:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2008/01/21 03:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2008/01/21 03:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2008/01/21 03:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2008/01/21 03:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2008/01/21 03:32:48 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
    DRV - [2008/01/21 03:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2008/01/21 03:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2008/01/21 03:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2008/01/21 03:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2008/01/21 03:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2008/01/21 03:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2008/01/21 03:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2007/11/01 02:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
    DRV - [2007/11/01 02:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
    DRV - [2007/11/01 02:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
    DRV - [2007/10/18 00:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/09/17 14:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/02 08:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=83&bd=Presario&pf=cnnb
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=83&bd=Presario&pf=cnnb

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=83&bd=Presario&pf=cnnb
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=es_es&c=83&bd=Presario&pf=cnnb
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..network.proxy.http: "221.171.160.156"
    FF - prefs.js..network.proxy.http_port: 8080


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 23:19:01 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 23:19:01 | 000,000,000 | ---D | M]

    [2009/01/31 19:06:52 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\mozilla\Extensions
    [2010/11/10 19:19:44 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\mozilla\Firefox\Profiles\e4z91xmy.default\extensions
    [2010/08/18 19:28:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matthew\AppData\Roaming\mozilla\Firefox\Profiles\e4z91xmy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/08/18 19:28:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Matthew\AppData\Roaming\mozilla\Firefox\Profiles\e4z91xmy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/11/04 22:21:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Matthew\AppData\Roaming\mozilla\Firefox\Profiles\e4z91xmy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/11/11 15:08:54 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mozilla Firefox\extensions
    [2010/08/21 18:00:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/11/11 15:08:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/11/11 15:08:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/08/13 18:52:28 | 000,001,538 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/08/13 18:52:28 | 000,000,947 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2010/08/13 18:52:29 | 000,000,769 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/08/13 18:52:29 | 000,001,135 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2010/11/11 15:11:33 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Archivos de programa\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Archivos de programa\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [WMPNSCFG] C:\Archivos de programa\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Matthew\Pictures\time_machine_wall.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Matthew\Pictures\time_machine_wall.jpg
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
    O28 - HKLM ShellExecuteHooks: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2007/02/12 20:53:42 | 000,000,277 | ---- | M] () - D:\autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (sasnative32) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/11 15:11:30 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/11/11 14:59:41 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\JavaRa
    [2010/11/11 14:55:50 | 001,830,424 | ---- | C] (Smallfrogs Studio) -- C:\Users\Matthew\Desktop\SREngLdr.EXE
    [2010/11/11 14:55:50 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\Upload
    [2010/11/11 03:08:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2010/11/10 10:17:04 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\SUPERAntiSpyware.com
    [2010/11/10 10:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2010/11/10 10:16:46 | 000,000,000 | ---D | C] -- C:\Archivos de programa\SUPERAntiSpyware
    [2010/11/10 09:19:40 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\Virus Logs 10 Nov
    [2010/11/10 09:18:18 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\Virus Logs 3 Nov
    [2010/11/07 10:27:40 | 000,000,000 | ---D | C] -- C:\Archivos de programa\2BrightSparks
    [2010/11/02 12:58:14 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\FileZilla
    [2010/11/02 12:57:27 | 000,000,000 | ---D | C] -- C:\Archivos de programa\FileZilla FTP Client

    ========== Files - Modified Within 30 Days ==========

    [2010/11/11 15:20:55 | 000,679,740 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
    [2010/11/11 15:20:55 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/11/11 15:20:55 | 000,134,114 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
    [2010/11/11 15:20:55 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/11/11 15:20:00 | 000,000,448 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C0555753-6B24-4923-8D88-0FB064ADAA90}.job
    [2010/11/11 15:15:41 | 000,147,673 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2010/11/11 15:15:41 | 000,147,673 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2010/11/11 15:13:29 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/11 15:13:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/11/11 15:13:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/11/11 15:13:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/11/11 15:13:03 | 2951,118,848 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/11 15:11:33 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
    [2010/11/11 15:03:00 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/11/10 18:55:38 | 000,137,216 | ---- | M] () -- C:\Users\Matthew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/11/10 09:51:26 | 001,731,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/11/10 03:00:01 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\SyncBack Editorial Backup.job
    [2010/11/10 03:00:01 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\SyncBack Finances Backup.job
    [2010/11/09 00:18:50 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\SyncBack Images Backup.job
    [2010/11/08 03:00:09 | 000,000,454 | ---- | M] () -- C:\Windows\tasks\SyncBack All Documents Backup.job
    [2010/11/05 10:04:05 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2010/11/03 11:59:03 | 292,325,238 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/11/03 08:48:27 | 000,294,912 | ---- | M] () -- C:\Users\Matthew\Desktop\64jk8mfw.exe
    [2010/11/03 08:45:59 | 000,361,369 | ---- | M] () -- C:\Users\Matthew\Desktop\dds.com
    [2010/10/26 22:01:55 | 000,014,802 | ---- | M] () -- C:\Users\Matthew\Documents\Tomato Details 2010.xlsx

    ========== Files Created - No Company Name ==========

    [2010/11/10 09:49:53 | 2951,118,848 | -HS- | C] () -- C:\hiberfil.sys
    [2010/11/08 16:59:57 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\SyncBack Images Backup.job
    [2010/11/07 14:54:18 | 000,000,444 | ---- | C] () -- C:\Windows\tasks\SyncBack Finances Backup.job
    [2010/11/07 14:49:00 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\SyncBack Editorial Backup.job
    [2010/11/07 14:46:52 | 000,000,454 | ---- | C] () -- C:\Windows\tasks\SyncBack All Documents Backup.job
    [2010/11/03 09:47:37 | 292,325,238 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2010/11/03 08:48:23 | 000,294,912 | ---- | C] () -- C:\Users\Matthew\Desktop\64jk8mfw.exe
    [2010/11/03 08:45:38 | 000,361,369 | ---- | C] () -- C:\Users\Matthew\Desktop\dds.com
    [2010/10/18 12:25:46 | 000,014,802 | ---- | C] () -- C:\Users\Matthew\Documents\Tomato Details 2010.xlsx
    [2010/04/23 14:48:37 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
    [2010/04/23 14:48:37 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
    [2010/04/01 12:13:07 | 000,000,025 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
    [2010/03/07 14:55:07 | 000,114,688 | ---- | C] () -- C:\Windows\System32\OdiOlDVR.dll
    [2010/03/07 14:55:07 | 000,053,248 | ---- | C] () -- C:\Windows\System32\OdiAPI.dll
    [2010/02/17 11:05:47 | 000,000,282 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2009/12/31 02:21:56 | 000,000,000 | ---- | C] () -- C:\Users\Matthew\AppData\Local\prvlcl.dat
    [2009/08/18 23:10:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
    [2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
    [2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
    [2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
    [2009/03/15 14:23:27 | 000,001,732 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2009/03/10 11:26:19 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
    [2009/02/27 20:32:08 | 000,147,673 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009/02/27 20:31:51 | 000,147,673 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2009/02/23 07:46:45 | 000,000,680 | ---- | C] () -- C:\Users\Matthew\AppData\Local\d3d9caps.dat
    [2009/01/31 22:39:11 | 000,137,216 | ---- | C] () -- C:\Users\Matthew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/01/18 21:26:07 | 000,013,312 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
    [2009/01/18 19:21:49 | 000,000,000 | ---- | C] () -- C:\Users\Matthew\AppData\Local\QSwitch.txt
    [2009/01/18 19:21:49 | 000,000,000 | ---- | C] () -- C:\Users\Matthew\AppData\Local\DSwitch.txt
    [2009/01/18 19:21:49 | 000,000,000 | ---- | C] () -- C:\Users\Matthew\AppData\Local\AtStart.txt
    [2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
    [2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/03/09 10:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2002/10/15 23:54:04 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

    ========== LOP Check ==========

    [2010/11/02 13:15:37 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\FileZilla
    [2010/04/01 12:13:43 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Final Draft
    [2010/08/05 11:24:36 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Image Zone Express
    [2010/04/23 15:33:21 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\PC Suite
    [2010/01/28 18:16:22 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Printer Info Cache
    [2010/04/24 09:11:46 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Samsung
    [2010/10/30 19:59:37 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Spotify
    [2010/06/19 16:59:07 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Systweak
    [2010/06/19 15:42:35 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\TuneUp Software
    [2010/11/11 03:24:55 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\uTorrent
    [2010/11/11 15:12:04 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2010/11/08 03:00:09 | 000,000,454 | ---- | M] () -- C:\Windows\Tasks\SyncBack All Documents Backup.job
    [2010/11/10 03:00:01 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\SyncBack Editorial Backup.job
    [2010/11/10 03:00:01 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\SyncBack Finances Backup.job
    [2010/11/09 00:18:50 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\SyncBack Images Backup.job
    [2010/11/11 15:20:00 | 000,000,448 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C0555753-6B24-4923-8D88-0FB064ADAA90}.job

    ========== Purity Check ==========



    < End of report >
     
  14. M. Rush

    M. Rush Thread Starter

    Joined:
    Jan 21, 2002
    Messages:
    76
    PS: Ctrl+Alt+Delete still only shows Users. No Task Manager.

    Cheers, Matt
     
  15. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,775
    As soon as all the malware is gone, we'll look at the Task Manager :)

    Please download GooredFix from one of the locations below and save it to your Desktop
    Download Mirror #1
    Download Mirror #2
    • Ensure all Firefox windows are closed.
    • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
    • When prompted to run the scan, click Yes.
    • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

    eddie
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/942556