TechSpot

\\.\PhysicalDrive0 Win7

Solved
By jdiaz1998
Nov 26, 2010
  1. Broni

    Broni Malware Annihilator Posts: 48,018   +271

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  2. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    Extras

    OTL Extras logfile created on: 11/27/2010 1:11:41 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Juan Felipe\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
    8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 446.23 Gb Total Space | 29.51 Gb Free Space | 6.61% Space Free | Partition Type: NTFS

    Computer Name: GAMING1-PC | User Name: Juan Felipe | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- C:\Users\Juan Felipe\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1 -- [2010/07/31 13:42:25 | 000,000,000 | ---D | M]
    "AutoUpdateDisableNotify" = 1 -- [2010/07/31 13:42:25 | 000,000,000 | ---D | M]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1 -- [2010/07/31 13:42:25 | 000,000,000 | ---D | M]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1 -- [2010/07/31 13:42:25 | 000,000,000 | ---D | M]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1 -- [2010/07/31 13:42:25 | 000,000,000 | ---D | M]

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
    "{175731F3-444F-45C3-960B-62692C78E539}" = K9 Web Protection
    "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{23170F69-40C1-2702-0916-000001000000}" = 7-Zip 9.16 (x64 edition)
    "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.99
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 260.99
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.9.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy Software Installer
    "Defraggler" = Defraggler
    "Lexmark 2600 Series" = Lexmark 2600 Series
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{01521746-02A6-4A72-00BD-A285DF6B80C6}" = The Sims 2 University
    "{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.05.02.02
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1A2A15C2-6780-49c1-B296-503230E9DE00}" = The Sims™ 2 Mansion and Garden Stuff
    "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 22
    "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{38F8D823-008D-4E5A-BBCE-867A86C2BF2B}" = Sound Blaster Audigy HD
    "{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
    "{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
    "{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{54E6D670-B5FA-11DF-A6C5-005056C00008}" = Google Earth Pro
    "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
    "{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
    "{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
    "{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
    "{60D6618B-153F-4353-8185-908E676E5888}" = ASUS FancyStart
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = The Sims™ 2 Kitchen & Bath Interior Design Stuff
    "{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6986B658-7FFA-4108-81D5-24C400AC302A}" = Mega Manager
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
    "{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
    "{6CC56991-D80B-42EB-B2AF-85D6F822D8EA}" = Algebra Solved!
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® Home Stuff
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
    "{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
    "{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims™ 2 H&M® Fashion Stuff
    "{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
    "{85BC0CB6-E967-4E2C-BE92-FEDD0A5D0A31}" = Tango
    "{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A56A332-F833-45CF-9A20-6F3524054843}" = James Bond 007(TM) - Blood Stone
    "{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}" = Soldier Front
    "{8B287B75-DF8D-40C8-9620-8E4492C38EF1}" = Webroot Software
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
    "{8FE7BADE-D172-49AC-B505-961B6D5B2A8A}" = calibre
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
    "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
    "{9C244239-ED8E-40f1-937F-51C706CD2160}" = The Sims™ 2 Deluxe
    "{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
    "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A2023936-7D17-417D-8E8C-BD0062827D7B}" = Star Wars Battlefront II PC Server
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Roxio Burn
    "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.1 MUI
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
    "{B5A5627C-0173-4DB2-ADA8-740479370F67}" = Express Gate
    "{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C52DE33F-117A-4EC8-8A32-084E828D7B1E}" = Gaming Mouse
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD4D567E-44D7-4CDA-977D-C918D88FA3D9}_is1" = MemTurbo 4
    "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
    "{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims 2 Seasons
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
    "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = The Sims™ 2 Celebration! Stuff
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "8461-7759-5462-8226" = Vuze
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Ares" = Ares 2.1.5
    "ASUS AP Bank_is1" = ASUS AP Bank
    "ASUS_ScreenSaver_GSeries" = ASUS_ScreenSaver_GSeries
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
    "AviSynth" = AviSynth 2.5
    "Best Buy Software Installer" = Best Buy Software Installer
    "CamStudio" = CamStudio
    "Canon Digital Camera USB WIA Driver" = Canon Digital Camera USB WIA Driver
    "CCleaner" = CCleaner
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "CloneDVD2" = CloneDVD2
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Digital Editions" = Adobe Digital Editions
    "FileASSASSIN" = FileASSASSIN
    "Fraps" = Fraps (remove only)
    "Free Download Manager_is1" = Free Download Manager 3.0
    "Game Booster_is1" = Game Booster
    "ImgBurn" = ImgBurn
    "InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
    "InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
    "InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
    "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    "InstallShield_{8A56A332-F833-45CF-9A20-6F3524054843}" = James Bond 007(TM) - Blood Stone
    "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
    "InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
    "InterActual Player" = InterActual Player
    "JDownloader" = JDownloader
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "PFPortChecker" = PFPortChecker 1.0.36
    "Portforward Static IP Address" = Portforward Static IP Address 1.0.44
    "Prism" = Prism Video File Converter
    "PunkBusterSvc" = PunkBuster Services
    "Rapid Tools" = Rapid Tools 2.2.7.0
    "Speccy" = Speccy
    "Stanza" = Stanza
    "Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
    "Startup Delayer" = Startup Delayer v2.5 (build 138)
    "Steam App 34110" = Football Manager 2010 Demo
    "Steam App 48810" = Ship Simulator Extremes Demo
    "Steam App 6030" = Star Wars - Jedi Knight II: Jedi Outcast
    "Switch" = Switch Sound File Converter
    "TeamViewer 5" = TeamViewer 5
    "uTorrent" = µTorrent
    "Videora iPod touch Converter" = Videora iPod touch Converter 6
    "VLC media player" = VLC media player 1.0.3
    "Webroot Software" = Webroot Software
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "WinLiveSuite" = Windows Live Essentials
    "Xfire" = Xfire (remove only)

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "SOE-Clone Wars" = Clone Wars
    "UnityWebPlayer" = Unity Web Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/24/2010 11:48:03 PM | Computer Name = Gaming1-PC | Source = EventSystem | ID = 4621
    Description =

    Error - 11/25/2010 1:25:19 PM | Computer Name = Gaming1-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 11/25/2010 2:20:56 PM | Computer Name = Gaming1-PC | Source = Bonjour Service | ID = 100
    Description = 228: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 11/25/2010 2:20:56 PM | Computer Name = Gaming1-PC | Source = Bonjour Service | ID = 100
    Description = 492: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 11/25/2010 4:55:18 PM | Computer Name = Gaming1-PC | Source = Bonjour Service | ID = 100
    Description = 492: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 11/25/2010 4:57:10 PM | Computer Name = Gaming1-PC | Source = Bonjour Service | ID = 100
    Description = 500: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 11/26/2010 10:44:56 AM | Computer Name = Gaming1-PC | Source = EventSystem | ID = 4621
    Description =

    Error - 11/26/2010 10:40:05 PM | Computer Name = Gaming1-PC | Source = EventSystem | ID = 4621
    Description =

    Error - 11/26/2010 11:18:28 PM | Computer Name = Gaming1-PC | Source = EventSystem | ID = 4621
    Description =

    Error - 11/27/2010 1:32:35 AM | Computer Name = Gaming1-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    [ System Events ]
    Error - 11/27/2010 9:08:59 AM | Computer Name = Gaming1-PC | Source = DCOM | ID = 10005
    Description =

    Error - 11/27/2010 9:09:22 AM | Computer Name = Gaming1-PC | Source = DCOM | ID = 10005
    Description =

    Error - 11/27/2010 9:09:22 AM | Computer Name = Gaming1-PC | Source = DCOM | ID = 10005
    Description =

    Error - 11/27/2010 9:09:22 AM | Computer Name = Gaming1-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 11/27/2010 9:09:31 AM | Computer Name = Gaming1-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 11/27/2010 9:37:28 AM | Computer Name = Gaming1-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 11/27/2010 1:48:42 PM | Computer Name = Gaming1-PC | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 11/27/2010 1:48:48 PM | Computer Name = Gaming1-PC | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 11/27/2010 1:49:07 PM | Computer Name = Gaming1-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%1058

    Error - 11/27/2010 1:50:04 PM | Computer Name = Gaming1-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%1058


    < End of report >
     
  3. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    Text too long...
     
  4. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    for OTL^^^^^^
     
  5. Broni

    Broni Malware Annihilator Posts: 48,018   +271

    Split it between couple of replies.
     
  6. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    OTL logfile created on: 11/27/2010 1:11:41 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Juan Felipe\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
    8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 446.23 Gb Total Space | 29.51 Gb Free Space | 6.61% Space Free | Partition Type: NTFS

    Computer Name: GAMING1-PC | User Name: Juan Felipe | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/27 12:57:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Juan Felipe\Desktop\OTL.exe
    PRC - [2010/10/16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/10/14 19:57:17 | 003,066,528 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
    PRC - [2010/10/14 19:56:06 | 001,286,960 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
    PRC - [2010/10/06 06:39:27 | 002,002,728 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
    PRC - [2010/10/01 18:01:26 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2010/09/22 13:41:50 | 003,872,776 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\Plugins\AntiMalware\AEI.exe
    PRC - [2010/09/22 13:41:30 | 000,157,536 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\Plugins\AntiMalware\SSU.exe
    PRC - [2010/04/02 02:11:22 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    PRC - [2010/02/04 04:05:58 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe
    PRC - [2010/02/03 00:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    PRC - [2009/11/12 13:10:06 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    PRC - [2009/10/26 13:10:42 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
    PRC - [2009/10/09 13:27:44 | 006,937,216 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    PRC - [2009/09/30 22:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/09/30 22:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/09/24 16:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
    PRC - [2009/08/19 23:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
    PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    PRC - [2009/06/24 15:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
    PRC - [2009/06/19 13:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
    PRC - [2009/06/19 13:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
    PRC - [2009/06/15 20:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
    PRC - [2009/05/18 18:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    PRC - [2008/12/29 19:32:54 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
    PRC - [2008/12/22 20:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
    PRC - [2008/08/14 00:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
    PRC - [2008/03/31 05:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    PRC - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    PRC - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/27 12:57:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Juan Felipe\Desktop\OTL.exe
    MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    MOD - [2009/07/13 20:15:21 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fontext.dll
    MOD - [2009/07/13 20:15:21 | 000,093,696 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWOW64\fms.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
    SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\GameMon.des -- (npggsvc)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
    SRV:64bit: - [2009/12/04 11:11:40 | 003,505,264 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
    SRV:64bit: - [2009/09/17 14:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
    SRV:64bit: - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2007/11/28 15:51:42 | 001,039,872 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdncoms.exe -- (lxdn_device)
    SRV:64bit: - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
    SRV - [2010/11/26 14:59:20 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010/11/22 17:23:01 | 003,020,376 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_5632d69.dll -- (Akamai)
    SRV - [2010/10/16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/10/14 19:57:17 | 003,066,528 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
    SRV - [2010/10/06 06:39:27 | 002,002,728 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
    SRV - [2010/10/01 18:01:26 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2010/09/22 13:41:50 | 003,872,776 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
    SRV - [2010/08/30 17:15:18 | 003,791,352 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2009/12/22 22:59:49 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
    SRV - [2009/12/22 22:59:41 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2009/09/30 22:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2009/09/30 22:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2009/07/13 20:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2009/07/13 20:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
    SRV - [2009/07/13 20:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2009/06/15 20:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/03/31 05:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
    SRV - [2007/11/28 10:12:40 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxdncoms.exe -- (lxdn_device)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\npptNT2.sys -- (NPPTNT2)
    DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2010/09/07 15:08:55 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2010/07/01 17:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2010/06/29 16:53:09 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2010/06/17 14:49:12 | 000,136,224 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)
    DRV:64bit: - [2010/06/17 14:49:10 | 000,055,360 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\ssfmonm.sys -- (ssfmonm)
    DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2010/02/03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV:64bit: - [2010/01/01 12:20:28 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2009/12/04 11:11:40 | 000,093,808 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bckd.sys -- (bckd)
    DRV:64bit: - [2009/10/25 23:39:43 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009/10/09 21:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2009/10/05 12:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/10/01 23:58:57 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2009/08/16 23:15:43 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/07/20 04:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/07/04 22:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
    DRV:64bit: - [2009/07/02 11:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
    DRV:64bit: - [2009/06/28 22:53:45 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
    DRV:64bit: - [2009/06/17 11:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV:64bit: - [2009/06/17 11:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2009/06/17 11:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 15:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/05 05:16:29 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/05/12 20:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
    DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
    DRV:64bit: - [2008/08/14 06:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv)
    DRV:64bit: - [2008/05/23 20:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV:64bit: - [2007/07/24 14:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
    DRV - [2010/04/02 09:11:16 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/07/18 21:08:44] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
    DRV - [2007/09/04 18:16:00 | 000,013,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\WinFlash\GETPADD64.sys -- (GETPADD64)
    DRV - [2005/01/02 16:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
    FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.137
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
    FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4


    FF - HKLM\software\mozilla\FireFox\extensions\\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}: C:\Users\Juan Felipe\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/01 20:36:01 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/22 17:11:12 | 000,000,000 | ---D | M]

    [2010/10/14 16:33:28 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\Mozilla\Extensions
    [2010/11/20 16:15:32 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\mxgpxhcd.default\extensions
    [2010/10/23 19:32:10 | 000,000,000 | ---D | M] () -- C:\Users\Juan Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\mxgpxhcd.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
    [2010/11/15 20:34:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Juan Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\mxgpxhcd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/11/15 19:24:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Juan Felipe\AppData\Roaming\Mozilla\Firefox\Profiles\mxgpxhcd.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2010/11/26 21:50:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/10/22 22:30:26 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/10/25 19:59:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2010/11/26 20:37:40 | 000,001,826 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O1 - Hosts: 127.0.0.1 practivate.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.adobe.com
    O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 wip3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
    O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
    O1 - Hosts: 127.0.0.1 adobe.activate.com
    O1 - Hosts: 127.0.0.1 adobeereg.com
    O1 - Hosts: 127.0.0.1 www.adobeereg.com
    O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
    O1 - Hosts: 127.0.0.1 125.252.224.90
    O1 - Hosts: 127.0.0.1 125.252.224.91
    O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
    O1 - Hosts: 74.208.10.249 gs.apple.com
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
    O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
    O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Tango) - {85BC0CB6-E967-4E2C-BE92-FEDD0A5D0A31} - C:\Windows\SysWow64\7b78.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Tango) - {85BC0CB6-E967-4E2C-BE92-FEDD0A5D0A31} - C:\Windows\SysWow64\7b78.dll File not found
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.)
    O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [lxdnmon.exe] C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe ()
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\system32\AmbRunE.DLL File not found
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
    O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
    O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
    O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
    O4 - HKLM..\Run: [Gaming Mouse Hid] C:\Program Files (x86)\Gaming Mouse\hid.exe ()
    O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
    O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
    O4 - HKCU..\Run: [AdobeBridge] File not found
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 [2010/07/31 13:42:25 | 000,000,000 | ---D | M]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 [2010/07/31 13:42:25 | 000,000,000 | ---D | M]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 [2010/07/31 13:36:28 | 000,000,000 | ---D | M]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2010/07/31 13:42:25 | 000,000,000 | ---D | M]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 [2010/07/31 13:42:25 | 000,000,000 | ---D | M]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2010/07/31 13:42:25 | 000,000,000 | ---D | M]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2010/07/31 13:42:25 | 000,000,000 | ---D | M]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 [2010/07/31 13:42:25 | 000,000,000 | ---D | M]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2010/07/31 13:42:25 | 000,000,000 | ---D | M]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2010/07/31 13:42:25 | 000,000,000 | ---D | M]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2010/07/31 13:42:25 | 000,000,000 | ---D | M]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 [2010/07/31 13:42:24 | 000,000,000 | ---D | M]
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
    O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
    O8:64bit: - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm ()
    O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
    O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
    O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
    O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
    O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm ()
    O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
    O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
    O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: alteriw.net ([]http in Trusted sites)
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab (DLM Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\MPK\mpk.exe) - C:\Windows\SysWOW64\MPK\mpk.exe File not found
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O30:64bit: - LSA: Authentication Packages - (ows\w) - File not found
    O30 - LSA: Authentication Packages - (ows\w) - File not found
    O30:64bit: - LSA: Security Packages - (ls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088) - File not found
    O30 - LSA: Security Packages - (ls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{0d29154f-92cc-11df-bb96-e0cb4e3a19e3}\Shell - "" = AutoRun
    O33 - MountPoints2\{0d29154f-92cc-11df-bb96-e0cb4e3a19e3}\Shell\AutoRun\command - "" = D:\WD SmartWare.exe -- File not found
    O33 - MountPoints2\{10b6f908-83c9-11df-8964-e0cb4e3a19e3}\Shell - "" = AutoRun
    O33 - MountPoints2\{10b6f908-83c9-11df-8964-e0cb4e3a19e3}\Shell\AutoRun\command - "" = F:\setup\rsrc\Autorun.exe -- File not found
    O33 - MountPoints2\{10b6f908-83c9-11df-8964-e0cb4e3a19e3}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe -- File not found
    O33 - MountPoints2\{2c4bbb22-a160-11df-8a04-e0cb4e3a19e3}\Shell - "" = AutoRun
    O33 - MountPoints2\{2c4bbb22-a160-11df-8a04-e0cb4e3a19e3}\Shell\AutoRun\command - "" = H:\HPLauncher.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/27 12:57:58 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Juan Felipe\Desktop\OTL.exe
    [2010/11/26 23:57:02 | 000,000,000 | ---D | C] -- C:\Users\Juan Felipe\AppData\Roaming\SUPERAntiSpyware.com
    [2010/11/26 23:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2010/11/26 23:57:00 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
    [2010/11/26 23:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2010/11/26 23:56:26 | 009,852,776 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Juan Felipe\Desktop\SUPERAntiSpyware.exe
    [2010/11/26 23:55:43 | 000,000,000 | ---D | C] -- C:\Users\Juan Felipe\Desktop\Shortcuts
    [2010/11/26 23:18:54 | 001,342,552 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Juan Felipe\Desktop\TDSSKiller.exe
    [2010/11/26 21:39:48 | 000,000,000 | ---D | C] -- C:\Users\Juan Felipe\AppData\Roaming\Malwarebytes
    [2010/11/26 21:39:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/11/26 21:39:40 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/11/26 21:39:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/11/26 21:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/11/26 21:39:26 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Juan Felipe\Desktop\mbam-setup-1.46.exe
    [2010/11/26 21:32:10 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Juan Felipe\Desktop\TFC.exe
    [2010/11/26 21:09:10 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Users\Juan Felipe\Desktop\remover.exe
    [2010/11/26 09:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/11/26 09:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/11/26 09:35:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2010/11/26 09:27:22 | 000,000,000 | ---D | C] -- C:\Users\Juan Felipe\.shsh
    [2010/11/26 09:18:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2010/11/20 13:15:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panasonic
    [2010/11/17 21:29:00 | 000,000,000 | ---D | C] -- C:\JD
    [2010/11/17 21:28:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
    [2010/11/17 21:09:08 | 000,000,000 | ---D | C] -- C:\Users\Juan Felipe\AppData\Roaming\Free Download Manager
    [2010/11/17 21:09:01 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeDownloadManager.ORG
    [2010/11/17 21:09:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Download Manager
    [2010/11/16 20:38:16 | 000,000,000 | ---D | C] -- C:\Users\Juan Felipe\AppData\Roaming\ImgBurn
    [2010/11/16 20:37:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
    [2010/11/14 15:16:31 | 000,000,000 | ---D | C] -- C:\Users\Juan Felipe\AppData\Local\bizarre creations
    [2010/11/08 17:50:38 | 000,000,000 | ---D | C] -- C:\Users\Juan Felipe\AppData\Roaming\Nero
    [2010/11/08 17:49:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
    [2010/11/08 17:49:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
    [2010/11/08 17:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
    [2010/11/07 21:32:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Sports Interactive
    [2010/11/07 21:32:30 | 000,000,000 | ---D | C] -- C:\Users\Juan Felipe\Documents\Sports Interactive
    [2010/11/07 21:32:29 | 000,000,000 | ---D | C] -- C:\Users\Juan Felipe\AppData\Roaming\Sports Interactive
    [2010/11/07 21:02:41 | 000,000,000 | ---D | C] -- C:\Users\Juan Felipe\AppData\Roaming\r2 Studios
    [2010/11/07 21:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\r2 Studios
    [2010/11/07 21:02:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\r2 Studios
    [2010/11/04 16:46:27 | 000,000,000 | ---D | C] -- C:\Users\Juan Felipe\AppData\Roaming\Megaupload
    [2010/11/04 16:37:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Megaupload
    [2010/11/03 22:17:05 | 000,000,000 | ---D | C] -- C:\Users\Juan Felipe\AppData\Local\ApplicationHistory
    [2010/11/03 22:12:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bagatrix
    [2010/11/03 21:00:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
    [2010/11/03 19:04:48 | 000,000,000 | ---D | C] -- C:\Users\Juan Felipe\Desktop\SD
    [2010/11/03 18:38:47 | 000,000,000 | ---D | C] -- C:\Users\Juan Felipe\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2010/11/03 18:38:47 | 000,000,000 | ---D | C] -- C:\Users\Juan Felipe\AppData\Roaming\Adobe Mini Bridge CS5
    [2010/11/01 09:22:13 | 000,000,000 | ---D | C] -- C:\Users\Juan Felipe\Documents\LucasArts
    [2010/11/01 09:22:13 | 000,000,000 | ---D | C] -- C:\Users\Juan Felipe\AppData\Local\LucasArts
    [2010/10/31 20:41:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2010/10/31 20:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/10/29 15:19:23 | 000,000,000 | ---D | C] -- C:\Users\Juan Felipe\Documents\Vuze Downloads
    [2010/10/29 15:16:17 | 000,000,000 | ---D | C] -- C:\Users\Juan Felipe\AppData\Roaming\Azureus
    [2010/10/29 15:15:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
    [2010/10/29 14:53:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileASSASSIN
    [2010/08/14 20:21:36 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnpmui.dll
    [2010/08/14 20:21:36 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdninpa.dll
    [2010/08/14 20:21:36 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdniesc.dll
    [2010/08/14 20:21:35 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnusb1.dll
    [2010/08/14 20:21:34 | 001,101,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnserv.dll
    [2010/08/14 20:21:33 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnlmpm.dll
    [2010/08/14 20:21:33 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnprox.dll
    [2010/08/14 20:21:32 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnhbn3.dll
    [2010/08/14 20:21:31 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomc.dll
    [2010/08/14 20:21:31 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomm.dll

    ========== Files - Modified Within 30 Days ==========

    [2010/11/27 12:57:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Juan Felipe\Desktop\OTL.exe
    [2010/11/27 12:57:06 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/11/27 12:57:06 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/11/27 12:49:13 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/27 12:48:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/11/27 12:48:48 | 3112,038,400 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/27 07:39:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1085217473-2012750179-3546329357-1000UA.job
    [2010/11/27 07:29:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/11/26 23:57:00 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/11/26 23:55:41 | 009,852,776 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Juan Felipe\Desktop\SUPERAntiSpyware.exe
    [2010/11/26 23:50:52 | 000,080,384 | ---- | M] () -- C:\Users\Juan Felipe\Desktop\MBRCheck.exe
    [2010/11/26 23:21:43 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
    [2010/11/26 21:49:32 | 000,865,590 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/11/26 21:49:32 | 000,723,182 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/11/26 21:49:32 | 000,142,492 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/11/26 21:44:50 | 000,296,448 | ---- | M] () -- C:\Users\Juan Felipe\Desktop\4wbhzm91.exe
    [2010/11/26 21:39:44 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/26 21:30:54 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Juan Felipe\Desktop\mbam-setup-1.46.exe
    [2010/11/26 21:28:02 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Juan Felipe\Desktop\TFC.exe
    [2010/11/26 21:06:32 | 000,000,057 | ---- | M] () -- C:\Users\Juan Felipe\Desktop\fix.bat
    [2010/11/26 20:39:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1085217473-2012750179-3546329357-1000Core.job
    [2010/11/26 20:37:40 | 000,001,826 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2010/11/26 15:40:16 | 001,342,552 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Juan Felipe\Desktop\TDSSKiller.exe
    [2010/11/26 10:29:14 | 000,073,774 | ---- | M] () -- C:\Windows\SysWow64\wbers.dat.dmp
    [2010/11/26 09:50:46 | 000,001,826 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
    [2010/11/26 09:35:56 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/11/26 09:21:34 | 000,002,515 | ---- | M] () -- C:\Users\Juan Felipe\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
    [2010/11/26 09:21:34 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
    [2010/11/23 22:24:39 | 000,014,409 | ---- | M] () -- C:\Users\Juan Felipe\Documents\Create your own Connect the Plot Assignment.docx
    [2010/11/20 13:15:16 | 000,000,956 | ---- | M] () -- C:\Users\Public\Desktop\SDFormatter V2.0.lnk
    [2010/11/17 21:28:24 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk
    [2010/11/17 21:09:07 | 000,000,983 | ---- | M] () -- C:\Users\Juan Felipe\Desktop\Free Download Manager.lnk
    [2010/11/16 20:37:41 | 000,001,871 | ---- | M] () -- C:\Users\Juan Felipe\Desktop\ImgBurn.lnk
    [2010/11/14 22:00:00 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
    [2010/11/14 15:09:23 | 000,002,283 | ---- | M] () -- C:\Users\Public\Desktop\James Bond 007(TM) - Blood Stone.lnk
    [2010/11/10 18:27:45 | 000,008,734 | ---- | M] () -- C:\Users\Juan Felipe\Desktop\islam.wlmp
    [2010/11/09 21:02:14 | 000,002,141 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth Pro.lnk
    [2010/11/08 17:49:39 | 000,002,915 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
    [2010/11/07 17:49:37 | 000,268,246 | ---- | M] () -- C:\Users\Juan Felipe\Desktop\wallpaper-harry-1280x1024.jpg
    [2010/11/04 20:50:07 | 000,002,395 | ---- | M] () -- C:\Users\Juan Felipe\Desktop\Google Chrome.lnk
    [2010/11/04 16:38:09 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Mega Manager.lnk
    [2010/11/04 06:07:59 | 004,973,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/11/03 22:17:05 | 000,000,099 | ---- | M] () -- C:\Users\Juan Felipe\AppData\Local\fusioncache.dat
    [2010/11/03 22:12:16 | 000,002,248 | ---- | M] () -- C:\Users\Juan Felipe\Desktop\Algebra Solved!.lnk
    [2010/11/03 21:01:34 | 000,881,822 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/11/01 22:12:57 | 000,019,341 | ---- | M] () -- C:\Users\Juan Felipe\Documents\Copy of science.xlsx
    [2010/10/31 20:42:05 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010/10/29 15:15:24 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
    [2010/10/29 15:15:24 | 000,001,854 | ---- | M] () -- C:\Users\Juan Felipe\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
    [2010/10/29 14:53:04 | 000,001,061 | ---- | M] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
    [2010/10/29 14:20:34 | 000,233,960 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
    [2010/10/29 13:53:21 | 000,233,960 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
     
  7. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    ========== Files Created - No Company Name ==========

    [2010/11/26 23:57:00 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/11/26 23:51:08 | 000,080,384 | ---- | C] () -- C:\Users\Juan Felipe\Desktop\MBRCheck.exe
    [2010/11/26 21:55:02 | 000,296,448 | ---- | C] () -- C:\Users\Juan Felipe\Desktop\4wbhzm91.exe
    [2010/11/26 21:39:44 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/26 21:09:10 | 000,000,057 | ---- | C] () -- C:\Users\Juan Felipe\Desktop\fix.bat
    [2010/11/26 09:35:56 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/11/26 09:27:45 | 000,000,093 | ---- | C] () -- C:\Users\Juan Felipe\umbrella0.log
    [2010/11/23 22:24:39 | 000,014,409 | ---- | C] () -- C:\Users\Juan Felipe\Documents\Create your own Connect the Plot Assignment.docx
    [2010/11/20 13:15:16 | 000,000,956 | ---- | C] () -- C:\Users\Public\Desktop\SDFormatter V2.0.lnk
    [2010/11/19 21:50:50 | 000,073,774 | ---- | C] () -- C:\Windows\SysWow64\wbers.dat.dmp
    [2010/11/17 21:28:24 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk
    [2010/11/17 21:09:07 | 000,000,983 | ---- | C] () -- C:\Users\Juan Felipe\Desktop\Free Download Manager.lnk
    [2010/11/16 20:37:41 | 000,001,871 | ---- | C] () -- C:\Users\Juan Felipe\Desktop\ImgBurn.lnk
    [2010/11/14 15:09:23 | 000,002,283 | ---- | C] () -- C:\Users\Public\Desktop\James Bond 007(TM) - Blood Stone.lnk
    [2010/11/09 21:02:14 | 000,002,141 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth Pro.lnk
    [2010/11/08 17:49:39 | 000,002,915 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
    [2010/11/07 17:49:33 | 000,268,246 | ---- | C] () -- C:\Users\Juan Felipe\Desktop\wallpaper-harry-1280x1024.jpg
    [2010/11/04 16:38:09 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Mega Manager.lnk
    [2010/11/03 22:17:05 | 000,000,099 | ---- | C] () -- C:\Users\Juan Felipe\AppData\Local\fusioncache.dat
    [2010/11/03 22:12:16 | 000,002,248 | ---- | C] () -- C:\Users\Juan Felipe\Desktop\Algebra Solved!.lnk
    [2010/10/31 20:42:05 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010/10/29 15:15:24 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
    [2010/10/29 15:15:24 | 000,001,854 | ---- | C] () -- C:\Users\Juan Felipe\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
    [2010/10/29 14:53:04 | 000,001,061 | ---- | C] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
    [2010/10/23 18:12:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/10/06 16:45:31 | 000,003,584 | ---- | C] () -- C:\Users\Juan Felipe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/10/06 16:43:59 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2010/10/06 16:43:59 | 000,000,088 | RHS- | C] () -- C:\ProgramData\BCAE6404D7.sys
    [2010/09/29 18:01:05 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
    [2010/09/26 16:42:10 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
    [2010/09/12 13:53:07 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2010/08/14 20:21:51 | 000,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
    [2010/08/14 20:21:36 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDNinst.dll
    [2010/08/14 20:21:36 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdncomx.dll
    [2010/08/14 14:42:47 | 000,881,822 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/07/26 14:31:59 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
    [2010/07/14 22:24:46 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
    [2010/07/09 14:00:32 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
    [2010/06/23 09:41:43 | 000,000,017 | ---- | C] () -- C:\Users\Juan Felipe\AppData\Local\resmon.resmoncfg
    [2010/06/20 09:58:53 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
    [2010/06/20 07:52:08 | 000,000,000 | ---- | C] () -- C:\Users\Juan Felipe\AppData\Roaming\wklnhst.dat
    [2009/12/22 22:59:55 | 000,000,735 | ---- | C] () -- C:\Windows\FF05_Render_Spk_Hp.ini
    [2009/12/22 22:59:55 | 000,000,508 | ---- | C] () -- C:\Windows\FF05_not_Spk_Hp.ini
    [2009/12/22 22:56:23 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
    [2009/12/22 22:52:58 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2009/12/22 22:52:58 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2009/08/19 03:33:09 | 000,000,035 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
    [2009/07/29 00:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
    [2009/07/23 19:49:04 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdndrs.dll
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/05/14 13:46:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdncaps.dll
    [2008/12/01 21:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
    [2008/09/19 01:49:26 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini
    [2008/09/19 01:49:24 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini
    [2007/10/02 14:51:10 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdncnv4.dll

    ========== LOP Check ==========

    [2010/10/17 21:16:18 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\.minecraft
    [2010/10/01 16:36:49 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\Audacity
    [2010/11/26 20:33:25 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\Azureus
    [2010/08/15 10:01:50 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\calibre
    [2010/09/03 23:05:44 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\com.bigfatsimulations.airportmadness3.3A85083A650345D1ADAB4572C5816AD2DC9802A3.1
    [2010/07/12 10:59:00 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\DAEMON Tools Lite
    [2010/11/17 21:19:20 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\Free Download Manager
    [2010/09/19 13:45:52 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\Gaming Mouse
    [2010/09/20 21:06:20 | 000,000,000 | -H-D | M] -- C:\Users\Juan Felipe\AppData\Roaming\ijjigame
    [2010/11/20 08:36:53 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\ImgBurn
    [2010/10/16 22:50:42 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\IObit
    [2010/06/23 21:24:37 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\Leadertech
    [2010/11/04 16:46:27 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\Megaupload
    [2010/11/07 18:16:30 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\NCH Swift Sound
    [2010/08/06 14:40:38 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\Petroglyph
    [2010/10/23 13:25:06 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\PFStaticIP
    [2010/10/27 11:49:54 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\Quest3D
    [2010/11/07 21:02:41 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\r2 Studios
    [2010/08/14 11:25:31 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\Rapid Tools
    [2010/09/18 12:29:26 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\Red Kawa
    [2010/10/27 11:49:54 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\Roaming
    [2010/06/29 17:22:28 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\SPORE
    [2010/11/07 21:32:29 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\Sports Interactive
    [2010/11/03 18:38:47 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2010/11/03 20:22:27 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\SystemRequirementsLab
    [2010/10/17 22:32:20 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\TeamViewer
    [2010/06/28 23:53:38 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\Template
    [2010/10/09 18:02:32 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\TuneUp Software
    [2010/10/03 11:15:46 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\Ubisoft
    [2010/10/10 12:16:07 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\Unity
    [2010/11/24 19:49:24 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\uTorrent
    [2010/10/20 19:28:32 | 000,000,000 | ---D | M] -- C:\Users\Juan Felipe\AppData\Roaming\Windows Live Writer
    [2010/11/26 22:43:01 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2010/11/14 22:00:00 | 000,000,420 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/12/04 09:06:31 | 002,097,152 | -H-- | M] () -- C:\BIOS.BIN
    [2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2009/07/29 01:03:37 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2010/11/01 09:22:14 | 000,000,042 | ---- | M] () -- C:\cmdlog.txt
    [2009/12/22 23:09:13 | 000,015,800 | ---- | M] () -- C:\devlist.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2010/08/16 10:19:42 | 002,097,152 | RH-- | M] () -- C:\G60JX.BIN
    [2009/11/27 03:32:01 | 000,000,018 | ---- | M] () -- C:\G60Jx_WIN7.10
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2010/11/27 12:48:48 | 3112,038,400 | -HS- | M] () -- C:\hiberfil.sys
    [2009/12/22 22:58:46 | 000,458,394 | ---- | M] () -- C:\if.log
    [2009/12/22 23:24:09 | 000,737,937 | ---- | M] () -- C:\inject.log.txt
    [2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2010/11/27 12:48:48 | 4149,387,264 | -HS- | M] () -- C:\pagefile.sys
    [2009/12/22 07:43:52 | 000,000,105 | ---- | M] () -- C:\Pass.txt
    [2010/10/02 19:23:17 | 000,083,462 | ---- | M] () -- C:\ReactorException.dmp
    [2009/11/10 23:04:13 | 000,000,012 | ---- | M] () -- C:\RECOVERY.DAT
    [2009/12/22 22:52:58 | 000,002,114 | ---- | M] () -- C:\RHDSetup.log
    [2009/12/22 23:08:14 | 000,000,170 | ---- | M] () -- C:\SumHidd.txt
    [2009/12/22 23:07:41 | 000,000,098 | ---- | M] () -- C:\SumOS.txt
    [2010/11/26 23:20:25 | 000,066,680 | ---- | M] () -- C:\TDSSKiller.2.4.9.0_26.11.2010_23.19.35_log.txt
    [2009/09/16 13:04:46 | 000,000,024 | ---- | M] () -- C:\v82.txt
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >
    [2009/12/22 22:55:56 | 000,057,986 | ---- | M] () -- C:\Windows\AsCD_Stage138.jpg
    [2009/12/22 22:56:43 | 000,062,746 | ---- | M] () -- C:\Windows\AsCD_Stage156.jpg

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/09/23 00:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >
    [2010/10/14 16:40:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\Bak

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/06/20 06:46:05 | 000,000,221 | -HS- | M] () -- C:\Users\Juan Felipe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/11/26 21:44:50 | 000,296,448 | ---- | M] () -- C:\Users\Juan Felipe\Desktop\4wbhzm91.exe
    [2010/11/26 21:30:54 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Juan Felipe\Desktop\mbam-setup-1.46.exe
    [2010/11/26 23:50:52 | 000,080,384 | ---- | M] () -- C:\Users\Juan Felipe\Desktop\MBRCheck.exe
    [2010/11/27 12:57:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Juan Felipe\Desktop\OTL.exe
    [2010/09/01 15:33:50 | 000,083,968 | ---- | M] (eSage Lab) -- C:\Users\Juan Felipe\Desktop\remover.exe
    [2010/09/25 13:32:11 | 009,216,000 | ---- | M] () -- C:\Users\Juan Felipe\Desktop\ScreenshotCaptorSetup.exe
    [2010/11/26 23:55:41 | 009,852,776 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Juan Felipe\Desktop\SUPERAntiSpyware.exe
    [2010/11/26 15:40:16 | 001,342,552 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Juan Felipe\Desktop\TDSSKiller.exe
    [2010/11/26 21:28:02 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Juan Felipe\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2010/10/26 06:08:05 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2010/10/26 06:08:05 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2010/10/26 06:08:05 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2010/10/26 06:08:05 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2010/10/26 06:08:05 | 000,786,432 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
    [2010/10/26 06:08:05 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/04 19:28:59 | 000,000,402 | -HS- | M] () -- C:\Users\Juan Felipe\Favorites\desktop.ini
    [2010/10/27 16:53:25 | 000,000,290 | ---- | M] () -- C:\Users\Juan Felipe\Favorites\NCH Software Download Site.lnk
    [2010/10/27 16:51:44 | 000,000,298 | ---- | M] () -- C:\Users\Juan Felipe\Favorites\NCH Software Download.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/09/12 13:53:07 | 000,000,085 | -HS- | M] () -- C:\ProgramData\.zreglib
    [2010/10/06 16:45:12 | 000,000,088 | RHS- | M] () -- C:\ProgramData\BCAE6404D7.sys
    [2010/08/14 20:21:51 | 000,000,252 | ---- | M] () -- C:\ProgramData\FastPics.log
    [2010/10/06 16:48:00 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:425D0709
     
  8. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    all of it posted
     
  9. Broni

    Broni Malware Annihilator Posts: 48,018   +271

    You're running low on C drive free space.

    =========================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
      O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKLM\..\Toolbar: (Tango) - {85BC0CB6-E967-4E2C-BE92-FEDD0A5D0A31} - C:\Windows\SysWow64\7b78.dll File not found
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (Tango) - {85BC0CB6-E967-4E2C-BE92-FEDD0A5D0A31} - C:\Windows\SysWow64\7b78.dll File not found
      O4 - HKCU..\Run: [AdobeBridge] File not found
      O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\MPK\mpk.exe) - C:\Windows\SysWOW64\MPK\mpk.exe File not found
      O33 - MountPoints2\{0d29154f-92cc-11df-bb96-e0cb4e3a19e3}\Shell - "" = AutoRun
      O33 - MountPoints2\{0d29154f-92cc-11df-bb96-e0cb4e3a19e3}\Shell\AutoRun\command - "" = D:\WD SmartWare.exe -- File not found
      O33 - MountPoints2\{10b6f908-83c9-11df-8964-e0cb4e3a19e3}\Shell - "" = AutoRun
      O33 - MountPoints2\{10b6f908-83c9-11df-8964-e0cb4e3a19e3}\Shell\AutoRun\command - "" = F:\setup\rsrc\Autorun.exe -- File not found
      O33 - MountPoints2\{10b6f908-83c9-11df-8964-e0cb4e3a19e3}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe -- File not found
      O33 - MountPoints2\{2c4bbb22-a160-11df-8a04-e0cb4e3a19e3}\Shell - "" = AutoRun
      O33 - MountPoints2\{2c4bbb22-a160-11df-8a04-e0cb4e3a19e3}\Shell\AutoRun\command - "" = H:\HPLauncher.exe -- File not found
      [2010/10/06 16:43:59 | 000,000,088 | RHS- | C] () -- C:\ProgramData\BCAE6404D7.sys
      @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:425D0709
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  10. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    Hey I had not seen this. A window that says: "Access violation at address 00402FB0 in module 'OTL.exe'. Read of address FFFFFFFC."
     
  11. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    Do I erase what I had put in before?
     
     
  12. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    Or just paste it below?
     
  13. Broni

    Broni Malware Annihilator Posts: 48,018   +271

    I'm not sure, what you're saying....
     
  14. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    When the scan finished, I got a window saying that.
     
  15. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    And I am saying about the Custom Scans/Fixes. Do I overwrite what you told me to write before, or do I write it below?
     
  16. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    Do I delete this:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop
    and replace it with this?
    :OTL
    O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Tango) - {85BC0CB6-E967-4E2C-BE92-FEDD0A5D0A31} - C:\Windows\SysWow64\7b78.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Tango) - {85BC0CB6-E967-4E2C-BE92-FEDD0A5D0A31} - C:\Windows\SysWow64\7b78.dll File not found
    O4 - HKCU..\Run: [AdobeBridge] File not found
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\MPK\mpk.exe) - C:\Windows\SysWOW64\MPK\mpk.exe File not found
    O33 - MountPoints2\{0d29154f-92cc-11df-bb96-e0cb4e3a19e3}\Shell - "" = AutoRun
    O33 - MountPoints2\{0d29154f-92cc-11df-bb96-e0cb4e3a19e3}\Shell\AutoRun\command - "" = D:\WD SmartWare.exe -- File not found
    O33 - MountPoints2\{10b6f908-83c9-11df-8964-e0cb4e3a19e3}\Shell - "" = AutoRun
    O33 - MountPoints2\{10b6f908-83c9-11df-8964-e0cb4e3a19e3}\Shell\AutoRun\command - "" = F:\setup\rsrc\Autorun.exe -- File not found
    O33 - MountPoints2\{10b6f908-83c9-11df-8964-e0cb4e3a19e3}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe -- File not found
    O33 - MountPoints2\{2c4bbb22-a160-11df-8a04-e0cb4e3a19e3}\Shell - "" = AutoRun
    O33 - MountPoints2\{2c4bbb22-a160-11df-8a04-e0cb4e3a19e3}\Shell\AutoRun\command - "" = H:\HPLauncher.exe -- File not found
    [2010/10/06 16:43:59 | 000,000,088 | RHS- | C] () -- C:\ProgramData\BCAE6404D7.sys
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:425D0709


    :Services

    :Reg

    :Files

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
    ???????????
     
  17. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    All processes killed
    ========== OTL ==========
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{85BC0CB6-E967-4E2C-BE92-FEDD0A5D0A31} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85BC0CB6-E967-4E2C-BE92-FEDD0A5D0A31}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{85BC0CB6-E967-4E2C-BE92-FEDD0A5D0A31} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85BC0CB6-E967-4E2C-BE92-FEDD0A5D0A31}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\SysWOW64\MPK\mpk.exe deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d29154f-92cc-11df-bb96-e0cb4e3a19e3}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d29154f-92cc-11df-bb96-e0cb4e3a19e3}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d29154f-92cc-11df-bb96-e0cb4e3a19e3}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d29154f-92cc-11df-bb96-e0cb4e3a19e3}\ not found.
    File D:\WD SmartWare.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10b6f908-83c9-11df-8964-e0cb4e3a19e3}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10b6f908-83c9-11df-8964-e0cb4e3a19e3}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10b6f908-83c9-11df-8964-e0cb4e3a19e3}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10b6f908-83c9-11df-8964-e0cb4e3a19e3}\ not found.
    File F:\setup\rsrc\Autorun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10b6f908-83c9-11df-8964-e0cb4e3a19e3}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10b6f908-83c9-11df-8964-e0cb4e3a19e3}\ not found.
    File F:\Directx\dxsetup.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c4bbb22-a160-11df-8a04-e0cb4e3a19e3}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c4bbb22-a160-11df-8a04-e0cb4e3a19e3}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c4bbb22-a160-11df-8a04-e0cb4e3a19e3}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c4bbb22-a160-11df-8a04-e0cb4e3a19e3}\ not found.
    File H:\HPLauncher.exe not found.
    C:\ProgramData\BCAE6404D7.sys moved successfully.
    ADS C:\ProgramData\Temp:425D0709 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: juan

    User: Juan Felipe
    ->Temp folder emptied: 547998 bytes
    ->Temporary Internet Files folder emptied: 6584055 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 4016183 bytes
    ->Google Chrome cache emptied: 57834910 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 1438 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 626711 bytes

    Total Files Cleaned = 66.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: juan

    User: Juan Felipe
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 11272010_142259

    Files\Folders moved on Reboot...
    C:\Users\Juan Felipe\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
     
  18. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    Results of screen317's Security Check version 0.99.5
    Windows 7 (UAC is enabled)
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    McAfee Security Scan Plus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.0.32.18
    Adobe Reader 9.4.1 MUI
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Webroot Security current plugins\antimalware\AEI.exe
    Webroot Security current plugins\antimalware\SSU.EXE
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
  19. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    It has spent A LOT of time in 73 & 74%
     
  20. Broni

    Broni Malware Annihilator Posts: 48,018   +271

    You did well :)

    Eset scan please....
     
  21. Broni

    Broni Malware Annihilator Posts: 48,018   +271

    Keep it going....
     
  22. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    99%, no viruses.
     
  23. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    It has been in 99% for 6 minutes now.
     
  24. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    I think it is stuck on a file. It has been on the same one for.....4 minutes now.
     
  25. jdiaz1998

    jdiaz1998 TS Rookie Topic Starter Posts: 56

    still on the same file....
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.