Aqui va mi log de hijackthis, ya que tengo se me abren ventanas de publicidad continuamente al navegar. Lo he probado todo (Ad-aware, Spyboot, cccleaner, antivirus) pero no lo logro encontrar. Les agradeceria una ayuda.

Gracias de antemano!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:17:10, on 10/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.e xe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Notebook Hardware Control\nhcservice.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Fred Costa\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: iComment - {9005D5D6-4DD4-4D15-B550-2CCE057D6E86} - "C:\Program Files\iComment 2.0.2\iComment.dll" (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MacDrive application] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe"
O4 - HKLM\..\Run: [Getting started with MacDrive] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto
O4 - HKLM\..\RunOnce: [SpybotDeletingA4290] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6082] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Fred Costa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB4732] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6565] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Add Hyperlink iComment - res://C:\Program Files\iComment 2.0.2\iComment.dll/267
O8 - Extra context menu item: Add Picture iComment - res://C:\Program Files\iComment 2.0.2\iComment.dll/267
O8 - Extra context menu item: Add Text iComment - res://C:\Program Files\iComment 2.0.2\iComment.dll/267
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: iComment - {9005D5D6-4DD4-4D15-B550-2CCE057D6E86} - "C:\Program Files\iComment 2.0.2\iComment.dll" (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/mygarmin/m/GarminAxControl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1232684635112
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fredhaus
O17 - HKLM\Software\..\Telephony: DomainName = fredhaus
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMIDiagEventService - Unknown owner - C:\Program Files\AMI\AMIDiag\AMIDiagEventService.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Franson GpsGate 2.0 - Unknown owner - C:\Program Files\Franson\GpsGate 2.0\GpsGateService.exe
O23 - Service: Google Update Service (gupdate1c9ab2a70325936) (gupdate1c9ab2a70325936) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MacDrive service (MacDriveService) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: Notebook Hardware Control Service - Notebook Hardware Control (NHC) - Homepage, Downloads, Help, Docu, FAQ, News - www.pbus-167.com - C:\Program Files\Notebook Hardware Control\nhcservice.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ServiceLayer - Unknown owner - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

--
End of file - 15803 bytes

Ve a Panel de control - Herramientas administrativas - Servicios y detén el servicio KService.

Abre Regedit, desplázate a:
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run y suprime la entrada correspondiente a kdx.

HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services y suprime la entrada correspondiente a kdx.

Suprime toda la carpeta donde se instaló KService (C:\Program Files\Kontiki\)

Reiniciar la máquina.

○» Desactiva la opción de Restaurar Sistema, una vez que tu sistema quede limpio la puedes volver a activar (Si no puedes por cualquier motivo, omite este paso).

○» Asegura que tu sistema Muestre los archivos y carpetas ocultos

○» Reinicia en Modo Seguro. (Repáralo si no funciona y si no puedes repararlo omite este paso)

○»En Procedimientos en Logs de HijackThis encontraras información de cómo llevar a cabo las indicaciones que desconozcas.

○» Ejecuta el HijackThis y da clic en el botón Do a system scan only

○» Selecciona las casillas de las siguientes entradas y presiona el botón Fix Checked:
O4 - HKLM\..\RunOnce: [SpybotDeletingA4290] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6082] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4732] command.com /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6565] cmd.exe /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add Hyperlink iComment - res://C:\Program Files\iComment 2.0.2\iComment.dll/267
O8 - Extra context menu item: Add Picture iComment - res://C:\Program Files\iComment 2.0.2\iComment.dll/267
O8 - Extra context menu item: Add Text iComment - res://C:\Program Files\iComment 2.0.2\iComment.dll/267
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fredhaus <-- Eliminar solamente si no la has metido tu
O17 - HKLM\Software\..\Telephony: DomainName = fredhaus <-- Eliminar solamente si no la has metido tu
O23 - Service: AMIDiagEventService - Unknown owner - C:\Program Files\AMI\AMIDiag\AMIDiagEventService.exe (file missing)

○» Limpia la papelera

○» Reinicia tu sistema operativo normalmente

Ahora sigue los siguientes pasos:

○»Actualiza tu sistema acá: microsoft.com (Si por algún motivo no puedes actualizar sigue con los demás pasos)

○» Borra todas las cookies y el registro con CCleaner y seguidamente descarga y ejecuta ATF-Cleaner

○»Vete a Panel de Control--> Java y elimina todos los archivos temporales. (Si utilizas JAVA).Si la utilizas, comprueba que este actualizado. En caso de tener que actualizarlo, lo puedes hacer en: Descarga gratuita del software de Java - Sun Microsystems

○»Pásale el Malwarebytes Anti-Malware. Descarga de Malwarebytes Anti-Malware (Manual de Malwarebytes Anti-Malware)

○»Pásale el Dr.Web CureIt! (Dr. Web Cureit - Manual)

○» Haz un scan on-line acá:Free ESET Online Antivirus Scanner
Debes usar el Internet Explorer y aceptar los ActiveX
Le pones que elimine lo que te detecte.

○» Coméntame los resultados y publica otro log aquí.

__________________

Hola y gracias por la ayuda!
He hecho todo como has dicho pero no hay resultado

Aquí esta de nuevo mi log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:15:27, on 13/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.e xe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Notebook Hardware Control\nhcservice.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
C:\WINDOWS\system32\aetcrss1.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MacDrive application] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe"
O4 - HKLM\..\Run: [Getting started with MacDrive] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto
O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Fred Costa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: iComment - {9005D5D6-4DD4-4D15-B550-2CCE057D6E86} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/mygarmin/m/GarminAxControl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1232684635112
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9ab2a70325936) (gupdate1c9ab2a70325936) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MacDrive service (MacDriveService) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: Notebook Hardware Control Service - Notebook Hardware Control (NHC) - Homepage, Downloads, Help, Docu, FAQ, News - www.pbus-167.com - C:\Program Files\Notebook Hardware Control\nhcservice.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

--
End of file - 14338 bytes

Descarga el ComboFix y me pones su resultado.
Procura no tenga que volver a editarte un tema, escribe correctamente o tus temas serán eliminados.

__________________

Lo siento pero mi español escrito no es muy bueno...

Gracias


ComboFix 09-08-10.06 - Fred Costa 13/08/2009 22:39.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1535.806 [GMT 1:00]
Running from: c:\documents and settings\Fred Costa\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090812-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\Installer\3a6f69.msi
c:\windows\Installer\6870c71.msp
c:\windows\system32\AutoRun.inf
c:\windows\system32\lsprst7.dll
c:\windows\system32\OgaCheckControl.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\xpysys.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-12 22:11 . 2009-08-12 22:11 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-11 23:21 . 2009-08-11 23:21 -------- d-----w- c:\program files\Common Files\Skype
2009-08-11 23:17 . 2009-08-11 23:17 9843864 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\95F12167483D466CABC98CA FE4B4FD93\CT4SKypePlugIn20_Multi_Media.exe
2009-08-11 23:17 . 2009-08-11 23:17 77824 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\95F12167483D466CABC98CA FE4B4FD93\RLLauncher.exe
2009-08-11 23:13 . 2009-08-11 23:13 -------- d-----w- c:\program files\Oneeko
2009-08-11 23:12 . 2009-08-11 23:12 2317122 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\516F50703CB54254A809182 5E1EAFE03\OneekoSetup.exe
2009-08-11 23:12 . 2009-08-11 23:12 16384 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\516F50703CB54254A809182 5E1EAFE03\UninstallOneeko.exe
2009-08-11 23:12 . 2009-08-11 23:12 1532928 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\516F50703CB54254A809182 5E1EAFE03\OneekoSkypeExtra.exe
2009-08-11 18:44 . 2009-08-11 18:44 148736 ----a-w- c:\documents and settings\All Users\Application Data\hpe5C3.dll
2009-08-11 18:21 . 2009-08-11 18:21 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2009-08-11 18:16 . 2009-08-11 18:16 -------- d-----w- c:\program files\Raak Technologies
2009-08-09 14:13 . 2009-08-10 16:28 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-09 14:10 . 2009-08-09 14:10 -------- d-----w- c:\windows\system32\drivers\NSS
2009-08-09 14:10 . 2009-08-09 14:10 -------- d-----w- c:\program files\Norton Security Scan
2009-08-09 14:10 . 2009-08-09 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-09 14:10 . 2009-08-09 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-09 14:10 . 2009-08-09 14:10 -------- d-----w- c:\program files\NortonInstaller
2009-08-09 14:10 . 2009-08-09 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-06 21:32 . 2009-08-06 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\GARMIN
2009-08-06 09:41 . 2009-08-13 17:30 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\vlc
2009-08-05 15:39 . 2009-08-05 15:39 -------- d-----w- c:\program files\ESET
2009-08-05 15:39 . 2009-08-05 15:39 -------- d-----w- c:\documents and settings\Fred Costa\DoctorWeb
2009-08-03 00:37 . 2009-08-03 00:37 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-07-31 18:44 . 2009-07-31 18:44 -------- d-----w- c:\documents and settings\Fred Costa\Local Settings\Application Data\Identities
2009-07-30 15:57 . 2009-07-30 15:57 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\Malwarebytes
2009-07-30 15:57 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-30 15:57 . 2009-08-12 22:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-30 15:57 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-30 15:57 . 2009-07-30 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-29 18:59 . 2009-07-29 18:59 -------- d-----w- c:\program files\Common Files\DirectX
2009-07-29 18:04 . 2008-07-10 10:01 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2009-07-29 17:40 . 2009-07-29 17:40 -------- d-----w- c:\windows\Logs
2009-07-29 16:15 . 2009-07-29 16:15 -------- d-----w- c:\program files\iPod
2009-07-29 16:15 . 2009-07-29 16:16 -------- d-----w- c:\program files\iTunes
2009-07-29 16:01 . 2009-07-29 16:01 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-29 12:44 . 2009-07-29 12:44 -------- d-----w- c:\documents and settings\Fred Costa\Local Settings\Application Data\Codemasters
2009-07-29 03:32 . 2009-07-29 03:34 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\GetRightToGo
2009-07-29 03:22 . 2009-07-29 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-07-29 03:20 . 1999-06-25 08:55 149504 ----a-w- C:\UNWISE.EXE
2009-07-29 03:05 . 2009-07-29 03:05 -------- d-----w- c:\program files\Microïds
2009-07-29 00:16 . 1998-06-11 22:15 307200 ----a-w- c:\windows\vidcap32.exe
2009-07-29 00:16 . 2002-07-03 10:44 53248 ----a-w- c:\windows\amcap.exe
2009-07-29 00:16 . 2009-07-29 00:17 -------- d-----w- c:\program files\Common Files\sncp106
2009-07-29 00:16 . 2002-12-27 17:26 243712 ----a-w- c:\windows\system32\drivers\sncp106.sys
2009-07-29 00:16 . 2002-12-24 13:27 45056 ----a-w- c:\windows\system32\vsncp106.dll
2009-07-29 00:16 . 2002-11-25 18:46 120884 ----a-w- c:\windows\usncp106.exe
2009-07-29 00:16 . 2002-11-25 17:36 20480 ----a-w- c:\windows\dsncp106.exe
2009-07-29 00:16 . 2002-11-25 17:10 28672 ----a-w- c:\windows\vsncp106.exe
2009-07-29 00:16 . 2002-11-25 16:36 61440 ----a-w- c:\windows\system32\dsncp106.dll
2009-07-28 21:07 . 2009-08-11 22:00 -------- d--h--w- c:\windows\$hf_mig$
2009-07-27 21:27 . 2009-07-06 21:39 937984 ----a-w- c:\documents and settings\Fred Costa\Application Data\Mozilla\Firefox\Profiles\wvws1u4u.default\ext ensions\piclens@cooliris.com\libs\PicLensHelper.ex e
2009-07-27 21:27 . 2009-07-06 21:39 344064 ----a-w- c:\documents and settings\Fred Costa\Application Data\Mozilla\Firefox\Profiles\wvws1u4u.default\ext ensions\piclens@cooliris.com\libs\LaunchCooliris.e xe
2009-07-27 21:27 . 2009-07-06 21:39 106496 ----a-w- c:\documents and settings\Fred Costa\Application Data\Mozilla\Firefox\Profiles\wvws1u4u.default\ext ensions\piclens@cooliris.com\plugins\npcoolirisplu gin.dll
2009-07-27 21:27 . 2009-07-06 21:39 103424 ----a-w- c:\documents and settings\Fred Costa\Application Data\Mozilla\Firefox\Profiles\wvws1u4u.default\ext ensions\piclens@cooliris.com\libs\pixomatic.dll
2009-07-27 21:27 . 2009-07-06 21:39 65536 ----a-w- c:\documents and settings\Fred Costa\Application Data\Mozilla\Firefox\Profiles\wvws1u4u.default\ext ensions\piclens@cooliris.com\components\coolirisst ub.dll
2009-07-27 21:27 . 2009-07-06 21:39 4722688 ----a-w- c:\documents and settings\Fred Costa\Application Data\Mozilla\Firefox\Profiles\wvws1u4u.default\ext ensions\piclens@cooliris.com\libs\cooliris19.dll
2009-07-21 13:59 . 2009-07-21 13:59 1878984 ----a-w- c:\documents and settings\Fred Costa\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-07-16 06:30 . 2009-08-01 13:29 -------- d-----w- c:\documents and settings\Fred Costa\Local Settings\Application Data\Temp
2009-07-15 21:43 . 2009-07-15 21:44 -------- d-----w- c:\documents and settings\Fred Costa\.googlemaps
2009-07-15 21:43 . 2009-07-15 21:44 -------- d-----w- c:\program files\GMapCatcher
2009-07-15 21:10 . 2009-07-15 21:10 -------- d-----w- c:\program files\Subversion
2009-07-15 05:48 . 2007-01-17 09:07 7296 ----a-r- c:\windows\system32\drivers\grmnusb.sys
2009-07-15 05:48 . 2007-01-17 09:07 17536 ----a-r- c:\windows\system32\drivers\grmn0200.sys
2009-07-15 05:48 . 2007-01-17 09:07 17024 ----a-r- c:\windows\system32\drivers\grmngen.sys
2009-07-15 05:48 . 2007-01-17 09:07 16512 ----a-r- c:\windows\system32\drivers\grmn0400.sys
2009-07-15 05:48 . 2007-01-17 09:07 11776 ----a-r- c:\windows\system32\drivers\grmn1200.sys
2009-07-15 03:36 . 2009-07-15 04:14 -------- d-----w- c:\program files\mapnaveditor_59
2009-07-15 03:15 . 2009-07-15 03:15 -------- d-----w- c:\documents and settings\Fred Costa\Local Settings\Application Data\gMapMaker
2009-07-15 02:48 . 2009-07-16 07:33 -------- d-----w- c:\program files\OziExplorer
2009-07-15 02:39 . 2009-07-15 02:39 -------- d-----w- c:\program files\gMapMaker
2009-07-15 02:09 . 2009-07-15 02:09 -------- d-----w- c:\documents and settings\Fred Costa\Local Settings\Application Data\GianPaoloSaliola
2009-07-15 02:09 . 2009-07-15 02:09 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\GianPaoloSaliola
2009-07-15 02:05 . 2009-07-15 02:05 3638 ----a-r- c:\documents and settings\Fred Costa\Application Data\Microsoft\Installer\{BBAFBA6B-5A9C-46BB-BE96-94526E047AE4}\_C87889EF5AE3AB4D664005.exe
2009-07-15 02:05 . 2009-07-15 02:05 3638 ----a-r- c:\documents and settings\Fred Costa\Application Data\Microsoft\Installer\{BBAFBA6B-5A9C-46BB-BE96-94526E047AE4}\_9F443F6227882F277C1ABD.exe
2009-07-15 02:05 . 2009-07-15 02:05 3638 ----a-r- c:\documents and settings\Fred Costa\Application Data\Microsoft\Installer\{BBAFBA6B-5A9C-46BB-BE96-94526E047AE4}\_6FEFF9B68218417F98F549.exe
2009-07-15 02:05 . 2009-07-15 02:05 -------- d-----w- c:\program files\Earth Resource Mapping
2009-07-15 02:05 . 2009-07-15 02:05 -------- d-----w- c:\program files\OkMap
2009-07-15 02:05 . 2009-07-15 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\GianPaoloSaliola
2009-07-15 01:12 . 2009-07-15 01:12 -------- d-----w- c:\windows\system32\it-IT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-08-13 00:44 . 2009-01-27 06:50 -------- d-----w- c:\program files\LogMeIn
2009-08-12 23:09 . 2009-01-31 12:46 84684 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-12 06:01 . 2009-01-23 04:14 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\Skype
2009-08-12 06:01 . 2009-01-23 04:15 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\skypePM
2009-08-12 05:59 . 2009-07-06 22:52 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\nView_Wallpaper
2009-08-12 05:59 . 2009-01-23 04:55 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2009-08-12 00:57 . 2009-07-06 21:17 8 ----a-w- c:\windows\system32\nvModes.dat
2009-08-11 23:21 . 2009-02-13 18:48 -------- d-----r- c:\program files\Skype
2009-08-11 23:21 . 2009-01-22 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-11 22:23 . 2009-01-27 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-11 22:13 . 2009-01-22 22:42 -------- d-----w- c:\program files\Safari
2009-08-11 22:03 . 2009-01-22 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-11 20:18 . 2009-02-20 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-08-11 18:43 . 2009-01-22 22:27 -------- d-----w- c:\program files\Sony Ericsson
2009-08-11 18:40 . 2009-01-22 22:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-11 01:43 . 2009-03-15 20:39 -------- d-----w- c:\program files\CoffeeCup Software
2009-08-11 01:08 . 2009-01-22 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-10 00:13 . 2009-03-31 17:11 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\FreeCall
2009-08-09 17:43 . 2009-01-23 05:53 -------- d-----w- c:\program files\Common Files\Mediafour
2009-08-09 17:43 . 2009-01-23 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Mediafour
2009-08-06 21:59 . 2009-01-31 10:13 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\Nokia
2009-08-05 09:01 . 2008-04-14 08:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 00:26 . 2009-07-09 20:17 -------- d-----w- c:\program files\Universal Shield 4.3
2009-08-02 19:25 . 2009-01-27 01:30 3140 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-08-02 19:25 . 2009-01-27 01:30 3140 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-08-01 13:26 . 2009-01-23 05:18 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-30 12:43 . 2009-01-22 22:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-29 16:16 . 2009-01-22 22:23 103848 ----a-w- c:\documents and settings\Fred Costa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-29 16:15 . 2009-01-22 23:22 -------- d-----w- c:\program files\Common Files\Apple
2009-07-29 15:41 . 2009-01-23 01:24 -------- d-----w- c:\program files\Sony
2009-07-29 01:12 . 2009-01-27 02:30 -------- d-----w- c:\program files\Virtual Earth 3D
2009-07-29 00:14 . 2009-01-23 06:41 -------- d-----w- c:\program files\Google
2009-07-28 13:42 . 2009-03-12 02:52 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\Spotify
2009-07-28 13:32 . 2009-01-31 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-07-17 19:01 . 2008-04-14 08:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 20:49 . 2009-01-27 01:07 -------- d-----w- c:\program files\GPS Utility
2009-07-15 13:39 . 2009-01-22 22:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-15 04:56 . 2009-01-23 06:56 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\GARMIN
2009-07-14 03:56 . 2009-01-28 21:06 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\Download Manager
2009-07-14 02:54 . 2009-01-23 07:18 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-14 00:41 . 2009-07-14 00:35 -------- d-----w- c:\program files\Firegraphic 10
2009-07-14 00:35 . 2009-07-14 00:35 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\InfraRecorder
2009-07-13 22:43 . 2008-07-12 19:25 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 11:50 . 2009-01-22 22:48 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\Publish Providers
2009-07-13 11:47 . 2009-01-22 22:47 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\Sony
2009-07-13 11:24 . 2009-07-13 11:24 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\HandBrake
2009-07-12 09:33 . 2009-07-12 09:31 -------- d-----w- c:\program files\A4Desk Flash Photo Gallery Builder
2009-07-12 09:32 . 2009-07-12 09:31 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\A4Gallery
2009-07-12 05:35 . 2009-07-12 05:35 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\JAlbum
2009-07-12 05:24 . 2009-07-12 05:23 -------- d-----w- c:\program files\Jalbum
2009-07-12 04:54 . 2009-01-31 11:50 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\iTag
2009-07-12 03:02 . 2009-07-10 03:56 -------- d-----w- c:\program files\FrameForge 3D Studio 1.4.3
2009-07-11 03:23 . 2009-01-23 06:06 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-11 03:23 . 2009-01-23 06:06 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-11 03:23 . 2009-07-11 03:23 -------- d-----w- c:\program files\Livestation
2009-07-11 03:00 . 2009-07-11 03:00 -------- d-----w- c:\program files\NVTweak
2009-07-11 02:57 . 2009-07-11 02:57 -------- d-----w- c:\program files\NVTray
2009-07-11 01:56 . 2009-05-02 10:16 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\U3
2009-07-10 00:13 . 2009-07-09 20:18 -------- d-----w- c:\program files\Password Protect Folders
2009-07-09 06:12 . 2009-07-09 06:12 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\iComment
2009-07-08 22:13 . 2009-07-08 22:12 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\CoffeeCup Software
2009-07-08 13:43 . 2009-07-08 13:43 -------- d-----w- c:\program files\iComment 2.0.2
2009-07-08 02:42 . 2009-07-08 02:42 921600 ----a-w- c:\windows\system32\TVE2COM.dll
2009-07-08 02:42 . 2009-07-08 02:42 901120 ----a-w- c:\windows\system32\TVE2.dll
2009-07-07 04:05 . 2009-07-07 04:05 118784 ----a-w- c:\windows\SeaMonkeyUninstall.exe
2009-07-07 04:05 . 2009-04-27 17:40 16393 ----a-w- c:\windows\mozver.dat
2009-07-07 04:05 . 2009-04-27 17:40 118784 ----a-w- c:\windows\GREUninstall.exe
2009-07-07 04:05 . 2009-07-07 04:05 -------- d-----w- c:\program files\mozilla.org
2009-07-07 04:05 . 2009-07-07 03:46 -------- d-----w- c:\program files\WYSIWYG Web Builder 6
2009-07-07 03:45 . 2009-07-07 03:47 737280 ----a-w- c:\windows\iun6002.exe
2009-07-07 01:24 . 2009-07-07 01:24 -------- d-----w- c:\program files\Artisteer 2
2009-07-07 01:20 . 2009-07-07 01:20 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\Artisteer
2009-07-06 21:15 . 2009-07-06 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-07-06 20:51 . 2009-01-22 23:55 -------- d-----w- c:\program files\NVIDIA Corporation
2009-07-05 23:14 . 2009-07-05 23:14 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-05 23:14 . 2009-07-05 23:14 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\SystemRequirementsLab
2009-07-05 23:14 . 2009-07-05 23:14 290816 ----a-w- c:\documents and settings\Fred Costa\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-07-05 23:14 . 2009-07-05 23:14 290816 ----a-w- c:\documents and settings\Fred Costa\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-07-05 23:14 . 2009-07-05 23:14 290816 ----a-w- c:\documents and settings\Fred Costa\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-07-05 23:14 . 2009-07-05 23:14 290816 ----a-w- c:\documents and settings\Fred Costa\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-07-05 18:35 . 2009-01-28 22:59 103848 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-05 06:55 . 2009-01-22 23:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-05 06:53 . 2009-01-22 23:56 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-05 04:02 . 2009-01-23 06:09 -------- d-----w- c:\program files\jdownloader
2009-07-04 02:29 . 2009-07-04 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Resources
2009-07-03 20:53 . 2009-07-03 20:52 -------- d-----w- c:\program files\Flash Slideshow Maker Professional
2009-07-03 19:42 . 2009-07-03 19:42 13 ---h--w- c:\documents and settings\All Users\Application Data\ÝÙÃÄ3113›.sys
2009-07-03 19:42 . 2009-07-03 19:42 13 ---h--w- c:\documents and settings\All Users\Application Data\ÝÙÃÄ3113›.sys
2009-07-03 17:09 . 2008-04-23 00:16 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 13:23 . 2009-07-03 13:23 94208 ----a-r- c:\documents and settings\Fred Costa\Application Data\Microsoft\Installer\{24AAB420-4E30-4496-9739-3E216F3DE6AE}\python_icon.exe
2009-07-03 13:23 . 2009-07-03 13:22 -------- d-----w- c:\program files\Python26
2009-07-02 19:23 . 2009-07-02 19:19 -------- d-----w- c:\program files\Magellan
2009-07-02 19:15 . 2009-07-02 19:15 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\TomTom
2009-07-02 19:06 . 2009-01-27 01:04 -------- d-----w- c:\program files\GPS-Photo Link
2009-07-02 05:22 . 2009-07-02 05:22 -------- d-----w- c:\program files\outlookDuplicates
2009-07-02 04:00 . 2009-01-31 09:38 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\MyPhoneExplorer
2009-07-02 03:46 . 2009-01-31 09:38 -------- d-----w- c:\program files\MyPhoneExplorer
2009-07-02 03:28 . 2009-06-30 16:27 -------- d-----w- c:\program files\D-Client
2009-07-02 03:28 . 2009-07-02 03:28 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-07-02 03:21 . 2009-07-02 03:21 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\Sony Setup
2002-07-31 18:55 . 2009-07-07 00:49 208 --sh--w- c:\windows\WSYS049.SYS
2009-01-27 01:12 . 2009-01-27 01:12 56 --sh--r- c:\windows\system32\F9BBC1FF57.sys
2009-01-27 01:12 . 2009-01-27 01:12 2098 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-07-12 19:20 1614848 362BC5AF8EAF712832C58CC13AE05750 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Google Update"="c:\documents and settings\Fred Costa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-23 133104]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-01-27 39408]
"ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-12-22 688218]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-02-05 81000]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-01-23 258134]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"Hcontrol"="c:\windows\ATK0100\HControl.exe" [2009-02-17 110592]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-22 185872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2009-06-10 86016]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"MacDrive application"="c:\program files\Mediafour\MacDrive 7\MacDrive.exe" [2009-06-15 201304]
"Getting started with MacDrive"="c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe" [2008-09-02 141312]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-02-17 17508864]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 76304]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]
"CertificateRegistration"="aetcrss1.exe" - c:\windows\system32\aetcrss1.exe [2005-07-29 28672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\Fred Costa\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-1-22 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-25 809488]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 00:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 20:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
backup=c:\windows\pss\Google Calendar Sync.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"getPlus(R) Helper"=3 (0x3)
"mnmsrvc"=3 (0x3)
"CiSvc"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"BsHelpCS"=3 (0x3)
"INTELLIscribe"=2 (0x2)
"fsssvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"
"EPSON BX300F Series"=c:\windows\System32\spool\DRIVERS\W32X86\3 \E_FATIEJE.EXE /FU "c:\windows\TEMP\E_S2D4.tmp" /EF "HKCU"
"NVTray"=c:\program files\NVTray\NVTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" -launchedbylogin
"KernelFaultCheck"=%systemroot%\system32\dumpr ep 0 -k
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"EPSON Stylus D68 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3 \E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB005" /M "Stylus D68"
"EPSON Stylus D68 Series (Copy 1)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_F ATIAAE.EXE /P32 "EPSON Stylus D68 Series (Copy 1)" /O6 "USB005" /M "Stylus D68"

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Documents and Settings\\Fred Costa\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Fred Costa\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\MSPUB.EXE"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer_tab.exe"=
"c:\\Program Files\\TrackMaker\\trackmaker.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\Program Files\\Adobe\\Adobe Flash CS4\\Flash.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Sony\\Vegas Pro 8.0\\VegSrv80.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"c:\\Program Files\\CoffeeCup Software\\CoffeeCup Visual Site Designer\\vsd.exe"=
"c:\\Program Files\\CoffeeCup Software\\Direct FTP\\DirectFTP.exe"=
"c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\mapnaveditor_59\\MapNavEditor.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Sony Ericsson\\Emma\\Emma.exe"=
"c:\\Program Files\\Oneeko\\ONEEKO.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"6666:TCP"= 6666:TCP:FileZilla FTP Client
"1836:TCP"= 1836:TCP:FileZilla FTP Client

R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [30/04/2009 17:18 284416]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [19/05/2009 13:19 20992]
R0 R592;R592;c:\windows\system32\drivers\R592.sys [22/01/2009 23:53 57088]
R0 risdpntk;risdpntk;c:\windows\system32\drivers\risd pntk.sys [22/01/2009 23:53 27264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [23/01/2009 00:19 114768]
R1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.s ys [03/04/2006 22:00 14949]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [23/01/2009 00:19 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssflt r_tdi.sys [18/02/2009 19:20 55152]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepK E.sys [25/03/2009 22:39 10384]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24/07/2008 19:46 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sy s [27/01/2009 07:50 47640]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [27/01/2009 03:34 4096]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [09/03/2009 12:25 38304]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [29/06/2009 18:33 86696]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [29/06/2009 18:33 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [29/06/2009 18:33 114472]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [29/06/2009 18:33 108328]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [29/06/2009 18:33 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sy s [29/06/2009 18:33 104616]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [29/06/2009 18:33 109736]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [11/08/2009 19:21 27632]
S1 hwinterface;hwinterface;c:\windows\system32\Driver s\hwinterface.sys --> c:\windows\system32\Drivers\hwinterface.sys [?]
S2 gupdate1c9ab2a70325936;Google Update Service (gupdate1c9ab2a70325936);c:\program files\Google\Update\GoogleUpdate.exe [22/03/2009 21:11 133104]
S3 7ByteIo;7ByteIo;c:\program files\Hot CPU Tester Pro 4 LE\SysInfo.sys [25/03/2009 21:19 9984]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfil t.sys [27/01/2009 07:18 1684736]
S3 atidgllk;atidgllk;\??\c:\program files\ASUS\SmartDoctor\atidgllk.sys --> c:\program files\ASUS\SmartDoctor\atidgllk.sys [?]
S3 CPUgenieDriver;CPUgenieDriver;\??\c:\program files\CPUgenie\NBFreezer.sys --> c:\program files\CPUgenie\NBFreezer.sys [?]
S3 cpuz131;cpuz131;\??\c:\docume~1\FREDCO~1\LOCALS~1\ Temp\cpuz131\cpuz_x32.sys --> c:\docume~1\FREDCO~1\LOCALS~1\Temp\cpuz131\cpuz_x3 2.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [08/03/2009 23:52 23152]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [17/03/2009 17:09 13224]
S3 MemDev;MemDev;\??\c:\progra~1\AMI\AMIDiag\MemTest. Sys --> c:\progra~1\AMI\AMIDiag\MemTest.Sys [?]
S3 ntportio;ntportio;\??\d:\rar$ex00.469\ntportio.sys --> d:\rar$ex00.469\ntportio.sys [?]
S3 PhTVTune;SinoVideo WDM TVTuner;c:\windows\system32\drivers\Silicon.sys [29/01/2009 23:05 28224]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [23/01/2009 08:10 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [23/01/2009 08:10 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [23/01/2009 08:10 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [23/01/2009 08:10 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [23/01/2009 08:10 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sy s [23/01/2009 08:10 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [23/01/2009 08:10 115752]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol;c:\windows\system32\drivers\yk51x32l.sys [16/07/2008 06:41 57856]
S3 SkVlanProtocol;Marvell VLAN Protocol;c:\windows\system32\drivers\yk51x32v.sys [10/07/2008 06:41 20992]
S3 SNCP106;PC Camera (6009 CIF);c:\windows\system32\drivers\sncp106.sys [29/07/2009 01:16 243712]
S3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\drivers\SynMini.sys [22/01/2009 23:45 720438]
S3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\drivers\SynScan.sys [22/01/2009 23:45 8246]
S4 AMIDiagEventService;AMIDiagEventService;c:\program files\AMI\AMIDiag\AMIDiagEventService.exe --> c:\program files\AMI\AMIDiag\AMIDiagEventService.exe [?]
S4 Franson GpsGate 2.0;Franson GpsGate 2.0;c:\program files\Franson\GpsGate 2.0\GpsGateService.exe [12/09/2008 01:58 258048]
S4 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetsprov]
c:\windows\system32\regsvr32.exe /s c:\windows\system32\aetsprov.dll
.
Contents of the 'Scheduled Tasks' folder

2009-08-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:30]

2009-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 08:04]

2009-07-09 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p officejet 6100 series272A572217594EBCF1CEE215E352B92AD073FDE42389 77623.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 16:56]

2009-08-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-27 04:13]

2009-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-22 20:11]

2009-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-22 20:11]

2009-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-879983540-1177238915-1003Core.job
- c:\documents and settings\Fred Costa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-23 06:40]

2009-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-879983540-1177238915-1003UA.job
- c:\documents and settings\Fred Costa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-23 06:40]

2009-08-09 c:\windows\Tasks\Norton Security Scan for Fred Costa.job
- c:\program files\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-08-09 14:10]

2009-08-12 c:\windows\Tasks\User_Feed_Synchronization-{57A3B4D9-5C02-480B-81BC-ED615A26240A}.job
- c:\windows\system32\msfeedssync.exe [2008-07-12 04:31]
.
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-MacDrive Volume Icons - (no file)


.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Fred Costa\Application Data\Mozilla\Firefox\Profiles\wvws1u4u.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|iGoogle
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Fred Costa\Application Data\Mozilla\Firefox\Profiles\wvws1u4u.default\ext ensions\piclens@cooliris.com\components\coolirisst ub.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\documents and settings\Fred Costa\Application Data\Mozilla\Firefox\Profiles\wvws1u4u.default\ext ensions\piclens@cooliris.com\plugins\npcoolirisplu gin.dll
FF - plugin: c:\documents and settings\Fred Costa\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Fred Costa\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dl l
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLC\npvlc.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_sett ing", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-08-13 22:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\E verestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-790525478-879983540-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{1B03CFB0-B88D-003E-4E4C-F3710FA4DF79}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oagjcmkjekbfkeimbdmhcnbkoohfji"=hex:69,61,64,70,6 f,67,6a,70,66,63,6d,64,6e,6d,
6c,6b,65,6a,00,00
"naekgjipdpdkfndegimljaijbhhe"=hex:6a,61,6a,6f,62, 6a,6d,61,65,61,6a,65,6a,6d,
61,6b,6d,6d,66,70,00,f5
"gbolbbajhjijpncihfhonagmilmdnnpbfeillkfpgnnnoj"=h ex:6b,61,67,6a,68,6c,63,69,
65,61,6c,70,6d,6a,69,6b,61,70,61,68,63,66,00,7e
"bbmlcdeoiplkobginepjanlefnokihibakgc"=hex:62,61,6 f,70,00,6c

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C 7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:93,e1,5f,70,c8,bf,c1,ae,98,17,1a,e4, fd,cf,41,60,b1,3c,15,39,22,
59,49,85,26,3b,a8,0f,a3,15,0d,19,98,06,40,b1,08,10 ,92,8c,52,00,0e,1a,d1,ca,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:93,e1,5f,70,c8,bf,c1,ae,98,17,1a,e4, fd,cf,41,60,b1,3c,15,39,22,
59,49,85,26,3b,a8,0f,a3,15,0d,19,98,06,40,b1,08,10 ,92,8c,52,00,0e,1a,d1,ca,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(2000)
c:\windows\system32\IWPDGINA.DLL
c:\program files\Intel\WiFi\bin\LangResources\ENU\SsoGnENU.dl l
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-08-13 22:56
ComboFix-quarantined-files.txt 2009-08-13 21:55

Pre-Run: 4,853,624,832 bytes free
Post-Run: 4,757,164,032 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
;timeout=3
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windo ws XP Professional" /noexecute=optin /fastdetect /usepmtimer

554 --- E O F --- 2009-07-31 19:19

Hola fredhaus:

te recuerdo:

Te pediría que prestes mas atención cuando escribas los post sucesivos.

Saludos

__________________

Cualquier post que no cumpla las normas del foro sera eliminado sin previo aviso.

-----------------------------------------------------------------------

Foro TrucosWindows.net --- Foro Windows Vista-Windows 7

Seguridad Informática --- Info Spyware --- Noticias Informática --- Blog Vista Ultimate --- Windows 7

1. Abre el notepad - no utilice otro tipo de editor de texto que el Bloc de notas o el script fallará.
   • Clic en inicio -> ejecutar y escribe: notepad.exe
   • Clic en aceptar
2. Copia/pega el texto de la casilla de abajo en el notepad:
   
   Código:

   KillAll:: 
   File:: 
     c:\documents and settings\Fred Costa\Application Data\Microsoft\Installer\{BBAFBA6B-5A9C-46BB-BE96-94526E047AE4}\_C87889EF5AE3AB4D664005.exe
   c:\documents and settings\Fred Costa\Application Data\Microsoft\Installer\{BBAFBA6B-5A9C-46BB-BE96-94526E047AE4}\_9F443F6227882F277C1ABD.exe
   c:\documents and settings\Fred Costa\Application Data\Microsoft\Installer\{BBAFBA6B-5A9C-46BB-BE96-94526E047AE4}\_6FEFF9B68218417F98F549.exe
   c:\windows\iun6002.exe

3. Ve a la ventana del Bloc de notas y haz clic en Editar -> Pegar
   • A continuación, haz clic en Archivo -> Guardar
   • Nombre del archivo CFScript.txt
   • Guarde el archivo en el escritorio
4. Arrastra el archivo que acaba de crear ... CFScript.txt y soltar en el icono principal ComboFix.exe como se indica a continuación.
   
   
5. Espera a que ComboFix termine de ejecutarse.
6. Esto iniciará de nuevo ComboFix.

Después de reiniciar el sistema (en caso de que pida reiniciar), pega el contenido de Combofix.txt en la próxima respuesta.

Descarga, instala y ejecuta el SpyBot S&D, nos pones su log.

__________________

Hola y gracias por responder.

Aquí esta mi log de combofix, pero no lo se como coger lo log de spybot. Puedes ayudar por favor?
Gracias.

ComboFix 09-08-22.06 - Fred Costa 23/08/2009 16:56.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1535.541 [GMT 1:00]
Running from: c:\documents and settings\Fred Costa\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Fred Costa\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090820-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point

FILE ::
"c:\documents and settings\Fred Costa\Application Data\Microsoft\Installer\{BBAFBA6B-5A9C-46BB-BE96-94526E047AE4}\_6FEFF9B68218417F98F549.exe"
"c:\documents and settings\Fred Costa\Application Data\Microsoft\Installer\{BBAFBA6B-5A9C-46BB-BE96-94526E047AE4}\_9F443F6227882F277C1ABD.exe"
"c:\documents and settings\Fred Costa\Application Data\Microsoft\Installer\{BBAFBA6B-5A9C-46BB-BE96-94526E047AE4}\_C87889EF5AE3AB4D664005.exe"
"c:\windows\iun6002.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Fred Costa\Application Data\Microsoft\Installer\{BBAFBA6B-5A9C-46BB-BE96-94526E047AE4}\_6FEFF9B68218417F98F549.exe
c:\documents and settings\Fred Costa\Application Data\Microsoft\Installer\{BBAFBA6B-5A9C-46BB-BE96-94526E047AE4}\_9F443F6227882F277C1ABD.exe
c:\documents and settings\Fred Costa\Application Data\Microsoft\Installer\{BBAFBA6B-5A9C-46BB-BE96-94526E047AE4}\_C87889EF5AE3AB4D664005.exe
c:\windows\iun6002.exe

.
((((((((((((((((((((((((( Files Created from 2009-07-23 to 2009-08-23 )))))))))))))))))))))))))))))))
.

2009-08-15 19:12 . 2008-04-14 03:26 30592 -c--a-w- c:\windows\system32\dllcache\rndismpx.sys
2009-08-15 19:12 . 2008-04-14 03:26 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2009-08-15 19:12 . 2008-04-14 03:26 12800 -c--a-w- c:\windows\system32\dllcache\usb8023x.sys
2009-08-15 19:12 . 2008-04-14 03:26 12800 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2009-08-14 20:27 . 2008-04-14 08:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-08-14 20:27 . 2001-08-18 01:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-08-12 22:11 . 2009-08-12 22:11 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-11 23:21 . 2009-08-11 23:21 -------- d-----w- c:\program files\Common Files\Skype
2009-08-11 23:17 . 2009-08-11 23:17 9843864 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\95F12167483D466CABC98CA FE4B4FD93\CT4SKypePlugIn20_Multi_Media.exe
2009-08-11 23:17 . 2009-08-11 23:17 77824 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\95F12167483D466CABC98CA FE4B4FD93\RLLauncher.exe
2009-08-11 23:13 . 2009-08-11 23:13 -------- d-----w- c:\program files\Oneeko
2009-08-11 23:12 . 2009-08-11 23:12 2317122 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\516F50703CB54254A809182 5E1EAFE03\OneekoSetup.exe
2009-08-11 23:12 . 2009-08-11 23:12 16384 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\516F50703CB54254A809182 5E1EAFE03\UninstallOneeko.exe
2009-08-11 23:12 . 2009-08-11 23:12 1532928 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\516F50703CB54254A809182 5E1EAFE03\OneekoSkypeExtra.exe
2009-08-11 18:44 . 2009-08-11 18:44 148736 ----a-w- c:\documents and settings\All Users\Application Data\hpe5C3.dll
2009-08-11 18:21 . 2009-08-11 18:21 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2009-08-11 18:16 . 2009-08-11 18:16 -------- d-----w- c:\program files\Raak Technologies
2009-08-09 14:13 . 2009-08-21 17:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-09 14:10 . 2009-08-09 14:10 -------- d-----w- c:\windows\system32\drivers\NSS
2009-08-09 14:10 . 2009-08-09 14:10 -------- d-----w- c:\program files\Norton Security Scan
2009-08-09 14:10 . 2009-08-09 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-09 14:10 . 2009-08-09 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-09 14:10 . 2009-08-09 14:10 -------- d-----w- c:\program files\NortonInstaller
2009-08-09 14:10 . 2009-08-09 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-06 21:32 . 2009-08-06 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\GARMIN
2009-08-06 09:41 . 2009-08-19 19:47 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\vlc
2009-08-05 15:39 . 2009-08-05 15:39 -------- d-----w- c:\program files\ESET
2009-08-05 15:39 . 2009-08-05 15:39 -------- d-----w- c:\documents and settings\Fred Costa\DoctorWeb
2009-08-03 00:37 . 2009-08-03 00:37 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-07-31 18:44 . 2009-07-31 18:44 -------- d-----w- c:\documents and settings\Fred Costa\Local Settings\Application Data\Identities
2009-07-30 15:57 . 2009-07-30 15:57 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\Malwarebytes
2009-07-30 15:57 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-30 15:57 . 2009-08-12 22:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-30 15:57 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-30 15:57 . 2009-07-30 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-29 18:59 . 2009-07-29 18:59 -------- d-----w- c:\program files\Common Files\DirectX
2009-07-29 18:04 . 2008-07-10 10:01 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2009-07-29 17:40 . 2009-07-29 17:40 -------- d-----w- c:\windows\Logs
2009-07-29 16:15 . 2009-07-29 16:15 -------- d-----w- c:\program files\iPod
2009-07-29 16:15 . 2009-07-29 16:16 -------- d-----w- c:\program files\iTunes
2009-07-29 16:01 . 2009-07-29 16:01 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-29 12:44 . 2009-07-29 12:44 -------- d-----w- c:\documents and settings\Fred Costa\Local Settings\Application Data\Codemasters
2009-07-29 03:32 . 2009-07-29 03:34 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\GetRightToGo
2009-07-29 03:22 . 2009-07-29 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-07-29 03:20 . 1999-06-25 08:55 149504 ----a-w- C:\UNWISE.EXE
2009-07-29 03:05 . 2009-07-29 03:05 -------- d-----w- c:\program files\Microïds
2009-07-29 00:16 . 1998-06-11 22:15 307200 ----a-w- c:\windows\vidcap32.exe
2009-07-29 00:16 . 2002-07-03 10:44 53248 ----a-w- c:\windows\amcap.exe
2009-07-29 00:16 . 2009-07-29 00:17 -------- d-----w- c:\program files\Common Files\sncp106
2009-07-29 00:16 . 2002-12-27 17:26 243712 ----a-w- c:\windows\system32\drivers\sncp106.sys
2009-07-29 00:16 . 2002-12-24 13:27 45056 ----a-w- c:\windows\system32\vsncp106.dll
2009-07-29 00:16 . 2002-11-25 18:46 120884 ----a-w- c:\windows\usncp106.exe
2009-07-29 00:16 . 2002-11-25 17:36 20480 ----a-w- c:\windows\dsncp106.exe
2009-07-29 00:16 . 2002-11-25 17:10 28672 ----a-w- c:\windows\vsncp106.exe
2009-07-29 00:16 . 2002-11-25 16:36 61440 ----a-w- c:\windows\system32\dsncp106.dll
2009-07-28 21:07 . 2009-08-11 22:00 -------- d--h--w- c:\windows\$hf_mig$
2009-07-27 21:27 . 2009-07-06 21:39 937984 ----a-w- c:\documents and settings\Fred Costa\Application Data\Mozilla\Firefox\Profiles\wvws1u4u.default\ext ensions\piclens@cooliris.com\libs\PicLensHelper.ex e
2009-07-27 21:27 . 2009-07-06 21:39 344064 ----a-w- c:\documents and settings\Fred Costa\Application Data\Mozilla\Firefox\Profiles\wvws1u4u.default\ext ensions\piclens@cooliris.com\libs\LaunchCooliris.e xe
2009-07-27 21:27 . 2009-07-06 21:39 106496 ----a-w- c:\documents and settings\Fred Costa\Application Data\Mozilla\Firefox\Profiles\wvws1u4u.default\ext ensions\piclens@cooliris.com\plugins\npcoolirisplu gin.dll
2009-07-27 21:27 . 2009-07-06 21:39 103424 ----a-w- c:\documents and settings\Fred Costa\Application Data\Mozilla\Firefox\Profiles\wvws1u4u.default\ext ensions\piclens@cooliris.com\libs\pixomatic.dll
2009-07-27 21:27 . 2009-07-06 21:39 65536 ----a-w- c:\documents and settings\Fred Costa\Application Data\Mozilla\Firefox\Profiles\wvws1u4u.default\ext ensions\piclens@cooliris.com\components\coolirisst ub.dll
2009-07-27 21:27 . 2009-07-06 21:39 4722688 ----a-w- c:\documents and settings\Fred Costa\Application Data\Mozilla\Firefox\Profiles\wvws1u4u.default\ext ensions\piclens@cooliris.com\libs\cooliris19.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-08-23 16:16 . 2009-01-23 04:14 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\Skype
2009-08-23 16:14 . 2009-01-23 04:55 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2009-08-23 16:13 . 2009-07-06 22:52 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\nView_Wallpaper
2009-08-23 16:09 . 2009-01-27 06:50 -------- d-----w- c:\program files\LogMeIn
2009-08-21 11:36 . 2009-01-23 04:15 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\skypePM
2009-08-14 10:41 . 2009-01-22 22:23 104400 ----a-w- c:\documents and settings\Fred Costa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-12 23:09 . 2009-01-31 12:46 84684 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-12 00:57 . 2009-07-06 21:17 8 ----a-w- c:\windows\system32\nvModes.dat
2009-08-11 23:21 . 2009-02-13 18:48 -------- d-----r- c:\program files\Skype
2009-08-11 23:21 . 2009-01-22 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-11 22:23 . 2009-01-27 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-11 22:13 . 2009-01-22 22:42 -------- d-----w- c:\program files\Safari
2009-08-11 22:03 . 2009-01-22 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-11 20:18 . 2009-02-20 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-08-11 18:43 . 2009-01-22 22:27 -------- d-----w- c:\program files\Sony Ericsson
2009-08-11 18:40 . 2009-01-22 22:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-11 01:43 . 2009-03-15 20:39 -------- d-----w- c:\program files\CoffeeCup Software
2009-08-11 01:08 . 2009-01-22 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-10 00:13 . 2009-03-31 17:11 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\FreeCall
2009-08-09 17:43 . 2009-01-23 05:53 -------- d-----w- c:\program files\Common Files\Mediafour
2009-08-09 17:43 . 2009-01-23 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Mediafour
2009-08-06 21:59 . 2009-01-31 10:13 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\Nokia
2009-08-05 09:01 . 2008-04-14 08:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 00:26 . 2009-07-09 20:17 -------- d-----w- c:\program files\Universal Shield 4.3
2009-08-02 19:25 . 2009-01-27 01:30 3140 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-08-02 19:25 . 2009-01-27 01:30 3140 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-08-01 13:26 . 2009-01-23 05:18 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-30 12:43 . 2009-01-22 22:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-29 16:15 . 2009-01-22 23:22 -------- d-----w- c:\program files\Common Files\Apple
2009-07-29 15:41 . 2009-01-23 01:24 -------- d-----w- c:\program files\Sony
2009-07-29 01:12 . 2009-01-27 02:30 -------- d-----w- c:\program files\Virtual Earth 3D
2009-07-29 00:14 . 2009-01-23 06:41 -------- d-----w- c:\program files\Google
2009-07-28 13:42 . 2009-03-12 02:52 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\Spotify
2009-07-28 13:32 . 2009-01-31 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-07-21 13:59 . 2009-07-21 13:59 1878984 ----a-w- c:\documents and settings\Fred Costa\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-07-17 19:01 . 2008-04-14 08:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 07:33 . 2009-07-15 02:48 -------- d-----w- c:\program files\OziExplorer
2009-07-15 21:44 . 2009-07-15 21:43 -------- d-----w- c:\program files\GMapCatcher
2009-07-15 21:10 . 2009-07-15 21:10 -------- d-----w- c:\program files\Subversion
2009-07-15 20:49 . 2009-01-27 01:07 -------- d-----w- c:\program files\GPS Utility
2009-07-15 13:39 . 2009-01-22 22:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-15 04:56 . 2009-01-23 06:56 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\GARMIN
2009-07-15 04:14 . 2009-07-15 03:36 -------- d-----w- c:\program files\mapnaveditor_59
2009-07-15 02:39 . 2009-07-15 02:39 -------- d-----w- c:\program files\gMapMaker
2009-07-15 02:09 . 2009-07-15 02:09 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\GianPaoloSaliola
2009-07-15 02:05 . 2009-07-15 02:05 -------- d-----w- c:\program files\Earth Resource Mapping
2009-07-15 02:05 . 2009-07-15 02:05 -------- d-----w- c:\program files\OkMap
2009-07-15 02:05 . 2009-07-15 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\GianPaoloSaliola
2009-07-14 03:56 . 2009-01-28 21:06 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\Download Manager
2009-07-14 02:54 . 2009-01-23 07:18 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-14 00:41 . 2009-07-14 00:35 -------- d-----w- c:\program files\Firegraphic 10
2009-07-14 00:35 . 2009-07-14 00:35 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\InfraRecorder
2009-07-13 22:43 . 2008-07-12 19:25 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 11:50 . 2009-01-22 22:48 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\Publish Providers
2009-07-13 11:47 . 2009-01-22 22:47 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\Sony
2009-07-13 11:24 . 2009-07-13 11:24 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\HandBrake
2009-07-12 09:33 . 2009-07-12 09:31 -------- d-----w- c:\program files\A4Desk Flash Photo Gallery Builder
2009-07-12 09:32 . 2009-07-12 09:31 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\A4Gallery
2009-07-12 05:35 . 2009-07-12 05:35 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\JAlbum
2009-07-12 05:24 . 2009-07-12 05:23 -------- d-----w- c:\program files\Jalbum
2009-07-12 04:54 . 2009-01-31 11:50 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\iTag
2009-07-12 03:02 . 2009-07-10 03:56 -------- d-----w- c:\program files\FrameForge 3D Studio 1.4.3
2009-07-11 03:23 . 2009-01-23 06:06 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-11 03:23 . 2009-01-23 06:06 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-11 03:23 . 2009-07-11 03:23 -------- d-----w- c:\program files\Livestation
2009-07-11 03:00 . 2009-07-11 03:00 -------- d-----w- c:\program files\NVTweak
2009-07-11 02:57 . 2009-07-11 02:57 -------- d-----w- c:\program files\NVTray
2009-07-11 01:56 . 2009-05-02 10:16 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\U3
2009-07-10 00:13 . 2009-07-09 20:18 -------- d-----w- c:\program files\Password Protect Folders
2009-07-09 06:12 . 2009-07-09 06:12 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\iComment
2009-07-08 22:13 . 2009-07-08 22:12 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\CoffeeCup Software
2009-07-08 13:43 . 2009-07-08 13:43 -------- d-----w- c:\program files\iComment 2.0.2
2009-07-08 02:42 . 2009-07-08 02:42 921600 ----a-w- c:\windows\system32\TVE2COM.dll
2009-07-08 02:42 . 2009-07-08 02:42 901120 ----a-w- c:\windows\system32\TVE2.dll
2009-07-07 04:05 . 2009-07-07 04:05 118784 ----a-w- c:\windows\SeaMonkeyUninstall.exe
2009-07-07 04:05 . 2009-04-27 17:40 16393 ----a-w- c:\windows\mozver.dat
2009-07-07 04:05 . 2009-04-27 17:40 118784 ----a-w- c:\windows\GREUninstall.exe
2009-07-07 04:05 . 2009-07-07 04:05 -------- d-----w- c:\program files\mozilla.org
2009-07-07 04:05 . 2009-07-07 03:46 -------- d-----w- c:\program files\WYSIWYG Web Builder 6
2009-07-07 01:24 . 2009-07-07 01:24 -------- d-----w- c:\program files\Artisteer 2
2009-07-07 01:20 . 2009-07-07 01:20 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\Artisteer
2009-07-06 21:15 . 2009-07-06 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-07-06 20:51 . 2009-01-22 23:55 -------- d-----w- c:\program files\NVIDIA Corporation
2009-07-05 23:14 . 2009-07-05 23:14 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-05 23:14 . 2009-07-05 23:14 -------- d-----w- c:\documents and settings\Fred Costa\Application Data\SystemRequirementsLab
2009-07-05 23:14 . 2009-07-05 23:14 290816 ----a-w- c:\documents and settings\Fred Costa\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-07-05 23:14 . 2009-07-05 23:14 290816 ----a-w- c:\documents and settings\Fred Costa\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-07-05 23:14 . 2009-07-05 23:14 290816 ----a-w- c:\documents and settings\Fred Costa\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-07-05 23:14 . 2009-07-05 23:14 290816 ----a-w- c:\documents and settings\Fred Costa\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-07-05 18:35 . 2009-01-28 22:59 103848 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-05 06:55 . 2009-01-22 23:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-05 06:53 . 2009-01-22 23:56 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-05 04:02 . 2009-01-23 06:09 -------- d-----w- c:\program files\jdownloader
2009-07-04 02:29 . 2009-07-04 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Resources
2009-07-03 20:53 . 2009-07-03 20:52 -------- d-----w- c:\program files\Flash Slideshow Maker Professional
2009-07-03 19:42 . 2009-07-03 19:42 13 ---h--w- c:\documents and settings\All Users\Application Data\ÝÙÃÄ3113›.sys
2009-07-03 19:42 . 2009-07-03 19:42 13 ---h--w- c:\documents and settings\All Users\Application Data\ÝÙÃÄ3113›.sys
2009-07-03 17:09 . 2008-04-23 00:16 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 13:23 . 2009-07-03 13:23 94208 ----a-r- c:\documents and settings\Fred Costa\Application Data\Microsoft\Installer\{24AAB420-4E30-4496-9739-3E216F3DE6AE}\python_icon.exe
2009-07-03 13:23 . 2009-07-03 13:22 -------- d-----w- c:\program files\Python26
2002-07-31 18:55 . 2009-07-07 00:49 208 --sh--w- c:\windows\WSYS049.SYS
2009-01-27 01:12 . 2009-01-27 01:12 56 --sh--r- c:\windows\system32\F9BBC1FF57.sys
2009-01-27 01:12 . 2009-01-27 01:12 2098 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-07-12 19:20 1614848 362BC5AF8EAF712832C58CC13AE05750 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-13_21.50.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-02 07:26 . 2006-12-02 07:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
- 2006-12-02 00:26 . 2006-12-02 00:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
- 2006-12-02 00:25 . 2006-12-02 00:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 07:25 . 2006-12-02 07:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 05:56 . 2006-12-02 05:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
- 2006-12-01 22:56 . 2006-12-01 22:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2009-08-23 16:09 . 2009-08-23 16:09 16384 c:\windows\Temp\Perflib_Perfdata_b74.dat
+ 2009-08-21 11:31 . 2009-08-21 11:31 16384 c:\windows\Temp\Perflib_Perfdata_758.dat
+ 2009-08-23 16:08 . 2009-08-23 16:08 16384 c:\windows\Temp\Perflib_Perfdata_4e4.dat
- 2008-04-14 08:00 . 2009-04-16 13:30 87192 c:\windows\system32\perfc009.dat
+ 2008-04-14 08:00 . 2009-08-15 19:13 87192 c:\windows\system32\perfc009.dat
+ 2009-08-14 01:39 . 2009-08-14 01:39 25214 c:\windows\Installer\{C82185E8-C27B-4EF4-2009-2222BC2C2B6D}\MP_EUR_16_Main_Application_icon.exe
- 2009-02-13 17:18 . 2009-02-13 17:18 25214 c:\windows\Installer\{C82185E8-C27B-4EF4-2009-2222BC2C2B6D}\MP_EUR_16_Main_Application_icon.exe
- 2006-12-01 22:54 . 2006-12-02 02:24 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-02 05:54 . 2006-12-02 05:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
- 2006-12-01 22:54 . 2006-12-02 02:24 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 05:54 . 2006-12-02 05:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
- 2006-12-01 22:54 . 2006-12-02 02:24 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-02 05:54 . 2006-12-02 05:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2008-04-14 08:00 . 2009-08-15 19:13 483824 c:\windows\system32\perfh009.dat
- 2008-04-14 08:00 . 2009-04-16 13:30 483824 c:\windows\system32\perfh009.dat
- 2006-12-02 00:25 . 2006-12-02 00:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 07:25 . 2006-12-02 07:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 07:25 . 2006-12-02 07:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
- 2006-12-02 00:25 . 2006-12-02 00:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a 1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2009-01-22 16:05 . 2009-08-14 10:38 2283368 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Google Update"="c:\documents and settings\Fred Costa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-23 133104]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-01-27 39408]
"ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-12-22 688218]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-02-05 81000]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-01-23 258134]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"Hcontrol"="c:\windows\ATK0100\HControl.exe" [2009-02-17 110592]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-22 185872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2009-06-10 86016]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"MacDrive application"="c:\program files\Mediafour\MacDrive 7\MacDrive.exe" [2009-06-15 201304]
"Getting started with MacDrive"="c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe" [2008-09-02 141312]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-02-17 17508864]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 76304]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]
"CertificateRegistration"="aetcrss1.exe" - c:\windows\system32\aetcrss1.exe [2005-07-29 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dl l" [2008-04-14 136704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\Fred Costa\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-1-22 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-25 809488]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 00:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 20:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
backup=c:\windows\pss\Google Calendar Sync.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"getPlus(R) Helper"=3 (0x3)
"mnmsrvc"=3 (0x3)
"CiSvc"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"BsHelpCS"=3 (0x3)
"INTELLIscribe"=2 (0x2)
"fsssvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"ISUSPM"="c:\documents and settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"
"EPSON BX300F Series"=c:\windows\System32\spool\DRIVERS\W32X86\3 \E_FATIEJE.EXE /FU "c:\windows\TEMP\E_S2D4.tmp" /EF "HKCU"
"NVTray"=c:\program files\NVTray\NVTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" -launchedbylogin
"KernelFaultCheck"=%systemroot%\system32\dumpr ep 0 -k
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"EPSON Stylus D68 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3 \E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB005" /M "Stylus D68"
"EPSON Stylus D68 Series (Copy 1)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_F ATIAAE.EXE /P32 "EPSON Stylus D68 Series (Copy 1)" /O6 "USB005" /M "Stylus D68"

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Documents and Settings\\Fred Costa\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Fred Costa\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\MSPUB.EXE"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer_tab.exe"=
"c:\\Program Files\\TrackMaker\\trackmaker.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\Program Files\\Adobe\\Adobe Flash CS4\\Flash.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Sony\\Vegas Pro 8.0\\VegSrv80.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"c:\\Program Files\\CoffeeCup Software\\CoffeeCup Visual Site Designer\\vsd.exe"=
"c:\\Program Files\\CoffeeCup Software\\Direct FTP\\DirectFTP.exe"=
"c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\mapnaveditor_59\\MapNavEditor.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Sony Ericsson\\Emma\\Emma.exe"=
"c:\\Program Files\\Oneeko\\ONEEKO.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"6666:TCP"= 6666:TCP:FileZilla FTP Client
"1836:TCP"= 1836:TCP:FileZilla FTP Client

R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [30/04/2009 17:18 284416]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [19/05/2009 13:19 20992]
R0 R592;R592;c:\windows\system32\drivers\R592.sys [22/01/2009 23:53 57088]
R0 risdpntk;risdpntk;c:\windows\system32\drivers\risd pntk.sys [22/01/2009 23:53 27264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [23/01/2009 00:19 114768]
R1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.s ys [03/04/2006 22:00 14949]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [23/01/2009 00:19 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssflt r_tdi.sys [18/02/2009 19:20 55152]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepK E.sys [25/03/2009 22:39 10384]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24/07/2008 19:46 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sy s [27/01/2009 07:50 47640]
R2 MacDriveService;MacDrive service;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [26/11/2008 10:23 150528]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 23:31 29263712]
R2 Notebook Hardware Control Service;Notebook Hardware Control Service;c:\program files\Notebook Hardware Control\nhcservice.exe [23/01/2009 05:56 77824]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [09/03/2009 17:56 603904]
R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [14/04/2008 09:00 14336]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [27/01/2009 03:34 4096]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [09/03/2009 12:25 38304]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [11/08/2009 19:21 27632]
S1 hwinterface;hwinterface;c:\windows\system32\Driver s\hwinterface.sys --> c:\windows\system32\Drivers\hwinterface.sys [?]
S2 gupdate1c9ab2a70325936;Google Update Service (gupdate1c9ab2a70325936);c:\program files\Google\Update\GoogleUpdate.exe [22/03/2009 21:11 133104]
S3 7ByteIo;7ByteIo;c:\program files\Hot CPU Tester Pro 4 LE\SysInfo.sys [25/03/2009 21:19 9984]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfil t.sys [27/01/2009 07:18 1684736]
S3 atidgllk;atidgllk;\??\c:\program files\ASUS\SmartDoctor\atidgllk.sys --> c:\program files\ASUS\SmartDoctor\atidgllk.sys [?]
S3 CPUgenieDriver;CPUgenieDriver;\??\c:\program files\CPUgenie\NBFreezer.sys --> c:\program files\CPUgenie\NBFreezer.sys [?]
S3 cpuz131;cpuz131;\??\c:\docume~1\FREDCO~1\LOCALS~1\ Temp\cpuz131\cpuz_x32.sys --> c:\docume~1\FREDCO~1\LOCALS~1\Temp\cpuz131\cpuz_x3 2.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [08/03/2009 23:52 23152]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [17/03/2009 17:09 13224]
S3 MemDev;MemDev;\??\c:\progra~1\AMI\AMIDiag\MemTest. Sys --> c:\progra~1\AMI\AMIDiag\MemTest.Sys [?]
S3 ntportio;ntportio;\??\d:\rar$ex00.469\ntportio.sys --> d:\rar$ex00.469\ntportio.sys [?]
S3 PhTVTune;SinoVideo WDM TVTuner;c:\windows\system32\drivers\Silicon.sys [29/01/2009 23:05 28224]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [23/01/2009 08:10 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [23/01/2009 08:10 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [23/01/2009 08:10 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [23/01/2009 08:10 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [23/01/2009 08:10 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sy s [23/01/2009 08:10 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [23/01/2009 08:10 115752]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [29/06/2009 18:33 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [29/06/2009 18:33 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [29/06/2009 18:33 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [29/06/2009 18:33 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [29/06/2009 18:33 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sy s [29/06/2009 18:33 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [29/06/2009 18:33 109736]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol;c:\windows\system32\drivers\yk51x32l.sys [16/07/2008 06:41 57856]
S3 SkVlanProtocol;Marvell VLAN Protocol;c:\windows\system32\drivers\yk51x32v.sys [10/07/2008 06:41 20992]
S3 SNCP106;PC Camera (6009 CIF);c:\windows\system32\drivers\sncp106.sys [29/07/2009 01:16 243712]
S3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\drivers\SynMini.sys [22/01/2009 23:45 720438]
S3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\drivers\SynScan.sys [22/01/2009 23:45 8246]
S4 AMIDiagEventService;AMIDiagEventService;c:\program files\AMI\AMIDiag\AMIDiagEventService.exe --> c:\program files\AMI\AMIDiag\AMIDiagEventService.exe [?]
S4 Franson GpsGate 2.0;Franson GpsGate 2.0;c:\program files\Franson\GpsGate 2.0\GpsGateService.exe [12/09/2008 01:58 258048]
S4 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetsprov]
c:\windows\system32\regsvr32.exe /s c:\windows\system32\aetsprov.dll
.
Contents of the 'Scheduled Tasks' folder

2009-08-23 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:30]

2009-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 08:04]

2009-07-09 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p officejet 6100 series272A572217594EBCF1CEE215E352B92AD073FDE42389 77623.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 16:56]

2009-08-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-27 04:13]

2009-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-22 20:11]

2009-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-22 20:11]

2009-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-879983540-1177238915-1003Core.job
- c:\documents and settings\Fred Costa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-23 06:40]

2009-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-879983540-1177238915-1003UA.job
- c:\documents and settings\Fred Costa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-23 06:40]

2009-08-23 c:\windows\Tasks\Norton Security Scan for Fred Costa.job
- c:\program files\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-08-09 14:10]

2009-08-23 c:\windows\Tasks\User_Feed_Synchronization-{57A3B4D9-5C02-480B-81BC-ED615A26240A}.job
- c:\windows\system32\msfeedssync.exe [2008-07-12 04:31]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Fred Costa\Application Data\Mozilla\Firefox\Profiles\wvws1u4u.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|iGoogle
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Fred Costa\Application Data\Mozilla\Firefox\Profiles\wvws1u4u.default\ext ensions\piclens@cooliris.com\components\coolirisst ub.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\documents and settings\Fred Costa\Application Data\Mozilla\Firefox\Profiles\wvws1u4u.default\ext ensions\piclens@cooliris.com\plugins\npcoolirisplu gin.dll
FF - plugin: c:\documents and settings\Fred Costa\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Fred Costa\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dl l
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLC\npvlc.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_sett ing", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-08-23 17:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\E verestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-790525478-879983540-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{1B03CFB0-B88D-003E-4E4C-F3710FA4DF79}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oagjcmkjekbfkeimbdmhcnbkoohfji"=hex:69,61,64,70,6 f,67,6a,70,66,63,6d,64,6e,6d,
6c,6b,65,6a,00,00
"naekgjipdpdkfndegimljaijbhhe"=hex:6a,61,6a,6f,62, 6a,6d,61,65,61,6a,65,6a,6d,
61,6b,6d,6d,66,70,00,f5
"gbolbbajhjijpncihfhonagmilmdnnpbfeillkfpgnnnoj"=h ex:6b,61,67,6a,68,6c,63,69,
65,61,6c,70,6d,6a,69,6b,61,70,61,68,63,66,00,7e
"bbmlcdeoiplkobginepjanlefnokihibakgc"=hex:62,61,6 f,70,00,6c

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C 7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:93,e1,5f,70,c8,bf,c1,ae,98,17,1a,e4, fd,cf,41,60,b1,3c,15,39,22,
59,49,85,26,3b,a8,0f,a3,15,0d,19,98,06,40,b1,08,10 ,92,8c,52,00,0e,1a,d1,ca,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:93,e1,5f,70,c8,bf,c1,ae,98,17,1a,e4, fd,cf,41,60,b1,3c,15,39,22,
59,49,85,26,3b,a8,0f,a3,15,0d,19,98,06,40,b1,08,10 ,92,8c,52,00,0e,1a,d1,ca,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1648)
c:\windows\system32\IWPDGINA.DLL
c:\program files\Intel\WiFi\bin\LangResources\ENU\SsoGnENU.dl l
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(3512)
c:\windows\system32\WININET.dll
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSENG.DLL
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.e xe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\ATK0100\ATKOSD.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
c:\windows\system32\notepad.exe
.
************************************************** ************************
.
Completion time: 2009-08-23 17:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-23 16:24
ComboFix2.txt 2009-08-13 21:56

Pre-Run: 3,290,828,800 bytes free
Post-Run: 3,234,582,528 bytes free

623 --- E O F --- 2009-07-31 19:19

¿como va su pc?

Hola y gracias por la respuesta pronto.
Mi PC continua com las ventanas...