Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My pc slow down maybe Malware or Spyware


  • Please log in to reply

#1
Vicadi

Vicadi

    Member

  • Member
  • PipPip
  • 19 posts
i've been with this problems for severals weeks maybe months, when i'm working on internet some times it freeze and it took to long to open new windows, i think it can be Malware or Spyware.

in adition almost a year ago i change the motherboard, procesor and memory, and i dont format the HDD, only put the new drivers to work.

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

11/8/2009 2:11:55 PM
mbam-log-2009-11-08 (14-11-55).txt

Scan type: Quick Scan
Objects scanned: 99410
Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 15
Files Infected: 186

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Media Access Startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\hppx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\MAHelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-223418.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-223521.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-223753.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-230418.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-000001.875.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-081817.750.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-091707.015.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-104815.875.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-105916.765.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-105937.843.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-110003.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-110103.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-141300.218.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-144008.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-153024.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-154913.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-183408.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-184319.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-220719.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090805-074421.781.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090805-114828.500.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090805-133655.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090805-181050.421.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090805-181130.406.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090805-184807.265.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090805-192011.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090805-203914.015.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090805-231516.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090806-004455.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090806-083207.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090806-094259.937.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090806-110316.484.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090806-112028.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090806-113036.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090806-115859.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090806-120024.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090806-124358.015.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090806-173125.296.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090806-223503.671.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090807-090236.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090807-090317.890.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090807-100947.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090807-105603.828.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090807-114626.140.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090807-133243.937.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090807-163850.500.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090807-184101.000.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090807-202345.421.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090807-204549.890.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090808-082249.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090808-141854.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090808-170103.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090808-212512.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090809-085538.500.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090809-125146.063.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090809-164616.704.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090809-170841.235.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090809-200553.954.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090809-223727.860.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090810-081705.797.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090810-104324.063.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090810-124952.485.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090810-155319.641.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090810-160301.563.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090810-184635.001.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090811-062245.297.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090811-081551.438.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-083228.454.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-144753.641.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-172130.094.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-172209.532.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-184420.672.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090813-065907.890.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090813-072058.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090813-103933.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090813-155110.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090813-230736.390.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090814-023150.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090814-081332.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090814-132302.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090814-132603.000.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090814-184815.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090815-012115.671.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090815-094754.984.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090815-122217.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090815-174937.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090815-194109.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090815-210649.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090816-080854.593.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090816-134841.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090822-220134.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090824-170253.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090825-102044.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090825-110417.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090825-110533.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090826-094736.109.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090826-102152.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090826-183421.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090827-204132.296.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090827-210144.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090828-205125.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090831-093836.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090902-121648.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090902-121710.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090904-161456.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090904-195145.578.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090908-152844.703.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090911-073942.734.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090914-072818.240.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090915-071930.100.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090915-211725.334.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090917-072955.131.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090918-072523.678.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090920-191237.365.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090920-232909.258.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090921-101957.508.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090922-074031.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090923-124300.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090923-205859.843.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090924-135743.125.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090925-071942.828.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090927-184411.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090930-072041.875.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091001-075907.828.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091002-074646.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091003-011352.593.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091005-074453.402.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091006-072142.417.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091006-081927.824.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091007-072857.605.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091007-081202.792.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091008-072501.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091008-213509.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091010-095852.765.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091011-131016.187.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091015-122409.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091019-113635.671.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091022-171821.530.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091022-172257.030.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091022-201304.295.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091023-112817.905.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091024-095351.530.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091024-122625.999.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091026-094141.420.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091029-203924.191.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091101-113255.363.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091102-091124.769.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091102-105547.769.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091102-110531.769.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091102-110734.660.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091103-105234.191.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091103-111715.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091105-074017.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091105-074023.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091105-210236.781.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091105-223642.062.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091105-230432.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091106-164314.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091106-210209.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091106-221240.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091106-232018.578.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091107-154355.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091108-112824.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091108-112828.875.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091108-130953.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully.




ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/08 14:18
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name:
Image Path:
Address: 0xF76B3000 Size: 98304 File Visible: No Signed: -
Status: -

Name:
Image Path:
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9FEB000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7CC5000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA905F000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa00b618

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa00b4d4

#: 045 Function Name: NtCreatePagingFile
Status: Hooked by "Vax347b.sys" at address 0xf7750c70

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa00b9b2

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa00b0ac

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "Vax347b.sys" at address 0xf77514fe

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "Vax347b.sys" at address 0xf775cd50

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa00b5ae

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa00afec

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa00b050

#: 160 Function Name: NtQueryKey
Status: Hooked by "Vax347b.sys" at address 0xf775151e

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa00b6ce

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa00b68e

#: 241 Function Name: NtSetSystemPowerState
Status: Hooked by "Vax347b.sys" at address 0xf775c4f0

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa00b80e

==EOF==





OTL logfile created on: 11/8/2009 2:21:56 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\VICADI\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 629.95 Mb Available Physical Memory | 62.05% Memory free
2.39 Gb Paging File | 2.07 Gb Available in Paging File | 86.69% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 6.26 Gb Free Space | 21.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 45.23 Gb Total Space | 9.85 Gb Free Space | 21.77% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACIM
Current User Name: VICADI
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/08 13:29:08 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\VICADI\Desktop\OTL.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/04/21 21:34:24 | 12,314,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2009/02/06 17:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/02/06 16:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/11/13 08:33:54 | 00,097,128 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2008/08/26 16:06:34 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/07/19 07:38:34 | 00,078,008 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2008/07/19 07:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/07/19 07:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2008/07/19 07:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/21 18:23:26 | 02,447,360 | ---- | M] () -- C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
PRC - [2007/04/30 01:03:00 | 00,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0330Mon.exe
PRC - [2007/01/12 17:47:04 | 00,163,840 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2006/09/18 10:08:56 | 00,029,696 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2005/10/27 02:00:22 | 00,299,008 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CamTray.exe
PRC - [2005/10/21 17:30:56 | 00,024,576 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\system32\StkSrv2K_.exe
PRC - [2005/04/08 14:17:52 | 00,266,240 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2005/04/02 01:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2001/11/09 11:40:10 | 00,356,352 | ---- | M] () -- C:\Program Files\UPSmart Server\UPSmart.exe
PRC - [2001/10/11 23:42:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2001/01/29 05:28:22 | 00,262,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [1999/11/01 15:02:00 | 00,061,440 | ---- | M] () -- C:\Program Files\UPSmart Server\UPServ.exe


========== Modules (SafeList) ==========

MOD - [2009/11/08 13:29:08 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\VICADI\Desktop\OTL.exe
MOD - [2008/04/13 16:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 16:12:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll
MOD - [2008/04/13 16:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/02/06 17:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/07/23 07:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2008/07/19 07:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2008/07/19 07:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2008/07/19 07:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/04/13 16:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/13 16:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2008/03/26 19:33:38 | 00,071,168 | ---- | M] () -- C:\WINDOWS\system32\LxrJD31s.exe -- (LxrJD31s)
SRV - [2007/07/10 13:39:56 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2007/03/12 12:49:46 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2005/10/21 17:30:56 | 00,024,576 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\system32\StkSrv2K_.exe -- (StkSSrv)
SRV - [2005/04/02 01:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
SRV - [2001/10/11 23:42:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)
SRV - [2001/01/29 05:28:22 | 00,262,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
SRV - [1999/11/01 15:02:00 | 00,061,440 | ---- | M] () -- C:\Program Files\UPSmart Server\UPServ.exe -- (UPSmart)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.startup.homepage: "http://www.theprized...tart.hiyo.com/"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}:1.5.0.850
FF - prefs.js..extensions.enabledItems: [email protected]:3.3
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.8.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15
FF - prefs.js..keyword.URL: "http://www.fastbrows...86DD9A9923}&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/26 16:07:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:00:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/17 16:40:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/01 11:32:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/07 00:49:00 | 00,000,000 | ---D | M]

[2008/09/26 21:49:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Mozilla\Extensions
[2008/09/26 21:49:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/08 11:28:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Mozilla\Firefox\Profiles\5ngc05t4.default\extensions
[2008/08/04 14:38:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Mozilla\Firefox\Profiles\5ngc05t4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/25 10:05:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Mozilla\Firefox\Profiles\5ngc05t4.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/05/09 09:58:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Mozilla\Firefox\Profiles\5ngc05t4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/09/08 14:29:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Mozilla\Firefox\Profiles\5ngc05t4.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2008/04/20 10:28:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Mozilla\Firefox\Profiles\5ngc05t4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/25 10:05:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Mozilla\Firefox\Profiles\5ngc05t4.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2008/09/26 20:44:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Mozilla\Firefox\Profiles\5ngc05t4.default\extensions\[email protected]
[2009/03/21 17:11:44 | 00,002,119 | ---- | M] () -- C:\Documents and Settings\VICADI\Application Data\Mozilla\Firefox\Profiles\5ngc05t4.default\searchplugins\MyStart Search.xml
[2009/11/08 11:28:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/01 11:32:13 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/01/17 16:40:29 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/08 19:12:57 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/11 10:59:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/07 14:52:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/08 11:03:55 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009/11/01 11:32:05 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/01 11:32:05 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/11/04 10:15:38 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/11/01 11:32:08 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/10/02 21:13:10 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008/08/26 16:06:54 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2008/08/26 16:07:06 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2008/08/26 16:06:45 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/08/31 08:34:06 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/31 08:34:06 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/08/31 08:34:06 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/31 08:34:06 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/09/08 14:29:00 | 00,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009/09/08 14:29:01 | 00,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml
[2009/08/31 08:34:06 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/08/31 08:34:06 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/31 08:34:06 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (910 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKLM\..\Toolbar: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKLM\..\Toolbar: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O3 - HKCU\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartupFaster] C:\Program Files\Startup Faster\startuploader.exe (URSoft,Inc)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\StartupFaster [2008/09/16 21:44:32 | 00,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\VICADI\Start Menu\Programs\Startup\StartupFaster [2008/09/16 21:44:32 | 00,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF 03 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPlacesBar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-: 99 = PROFILES.EXE
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ShutdownWithoutLogon = 0
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ebay.com ([pages] http in Trusted sites)
O15 - HKCU\..Trusted Domains: geekstogo.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 108 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range71 ([*] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range71 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range72 ([*] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range72 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range73 ([*] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range73 ([http] in Trusted sites)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab (StagingUI Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (ZonePAChat Object)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1170040435766 (WUWebControl Class)
O16 - DPF: {7B130816-1048-46F1-A3C2-6F5D96BFDFEC} https://www.bancoazt...ellaDigital.CAB (HuellaDigital.COMHuellaDigital)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/...O1.cab60096.cab (UnoCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} http://www.evite.com...geUploader4.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/...he.cab75406.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game06.zylom....gamesplayer.cab (Zylom Games Player)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C487F60B-59B9-47D9-BFDF-AB26786F8823} http://zone.msn.com/...oo.cab62201.cab ()
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/...ol.cab56649.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15034/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 10.179.0.5 10.179.0.4
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/28 19:05:31 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{51d0c412-b259-11db-befe-806d6172696f}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{52d3f2ba-aa2d-11dd-80f6-00196661a5f9}\Shell - "" = AutoRun
O33 - MountPoints2\{61d70c03-666b-11dd-80ce-00196661a5f9}\Shell - "" = AutoRun
O33 - MountPoints2\{61d70c03-666b-11dd-80ce-00196661a5f9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{61d70c03-666b-11dd-80ce-00196661a5f9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c465596d-f97d-11dd-8129-00196661a5f9}\Shell - "" = AutoRun
O33 - MountPoints2\{e3afb6b0-b26b-11db-bf00-00508d84e9ab}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\xop32.exe
O33 - MountPoints2\{e3afb6b0-b26b-11db-bf00-00508d84e9ab}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\xop32.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/01/28 19:05:05 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2100/02/08 15:03:54 | 00,053,248 | ---- | C] (Silitek Corp.) -- C:\Program Files\ACMonitor_X73.exe
[2009/11/08 13:57:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/08 13:57:12 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/08 13:29:08 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\VICADI\Desktop\OTL.exe
[2009/11/08 13:27:48 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\VICADI\Desktop\RootRepeal.exe
[2009/11/08 13:25:01 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\VICADI\Desktop\erunt_setup.exe
[2009/11/03 11:18:40 | 00,000,000 | ---D | C] -- C:\Program Files\RegSeeker
[2008/06/01 12:49:49 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\VICADI\Application Data\pcouffin.sys
[2008/02/16 22:13:40 | 00,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347b.sys
[2008/02/16 22:13:40 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347s.sys
[2007/10/15 17:07:15 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[2007/05/24 16:20:29 | 00,018,024 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\LXARScan.sys
[1999/09/22 11:49:22 | 00,099,840 | R--- | C] ( ) -- C:\WINDOWS\System32\Zipdll.dll
[1999/09/22 11:49:22 | 00,094,208 | R--- | C] ( ) -- C:\WINDOWS\System32\Unzdll.dll

========== Files - Modified Within 14 Days ==========

[2009/11/08 14:20:42 | 00,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C769E810-301D-418F-8B45-EBCA02A26CA9}.job
[2009/11/08 14:17:45 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\VICADI\Desktop\settings.dat
[2009/11/08 14:17:18 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\VICADI\My Documents\~$ektogo.doc
[2009/11/08 14:16:37 | 00,000,440 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/11/08 14:16:14 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/08 14:15:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/08 14:15:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/08 14:13:35 | 11,796,480 | -H-- | M] () -- C:\Documents and Settings\VICADI\NTUSER.DAT
[2009/11/08 14:13:35 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\VICADI\ntuser.ini
[2009/11/08 13:57:12 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\VICADI\Desktop\NTREGOPT.lnk
[2009/11/08 13:57:12 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\VICADI\Desktop\ERUNT.lnk
[2009/11/08 13:39:08 | 00,217,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/08 13:29:08 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\VICADI\Desktop\OTL.exe
[2009/11/08 13:27:53 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\VICADI\Desktop\RootRepeal.exe
[2009/11/08 13:25:09 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\VICADI\Desktop\erunt_setup.exe
[2009/11/08 13:22:56 | 00,073,728 | ---- | M] () -- C:\Documents and Settings\VICADI\My Documents\geektogo.doc
[2009/11/07 22:21:00 | 00,000,272 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2009/11/07 08:57:57 | 00,000,238 | ---- | M] () -- C:\Documents and Settings\VICADI\Desktop\Copy of Treehouse TV.url
[2009/11/07 00:49:01 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/11/06 23:20:38 | 00,248,320 | ---- | M] () -- C:\Documents and Settings\VICADI\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/06 14:19:09 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/06 13:30:18 | 00,005,009 | ---- | M] () -- C:\Documents and Settings\VICADI\Desktop\Treehouse TV.url
[2009/11/06 00:03:43 | 12,765,2684 | ---- | M] () -- C:\Documents and Settings\VICADI\Desktop\WxpPorta-Deiker.rar
[2009/11/05 07:02:18 | 00,000,374 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2009/11/04 10:08:04 | 00,061,936 | ---- | M] () -- C:\Documents and Settings\VICADI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/03 11:18:15 | 00,435,922 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/03 11:18:15 | 00,068,708 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/03 11:18:14 | 00,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/03 11:09:42 | 00,449,043 | ---- | M] () -- C:\Documents and Settings\VICADI\My Documents\RegSeeker.zip
[2009/11/02 16:09:58 | 00,542,387 | ---- | M] () -- C:\Documents and Settings\VICADI\My Documents\bejeweled blitz.rar
[2009/10/25 21:17:56 | 00,062,464 | ---- | M] () -- C:\Documents and Settings\VICADI\My Documents\El poder del joven que ora.doc

========== Files Created - No Company Name ==========

[2100/02/23 13:35:34 | 00,000,768 | ---- | C] () -- C:\Program Files\x73_lut.dat
[2100/02/08 14:53:34 | 00,001,437 | ---- | C] () -- C:\Program Files\gtx73.ini
[2009/11/08 14:17:45 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\VICADI\Desktop\settings.dat
[2009/11/08 14:17:18 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\VICADI\My Documents\~$ektogo.doc
[2009/11/08 13:57:12 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\VICADI\Desktop\NTREGOPT.lnk
[2009/11/08 13:57:12 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\VICADI\Desktop\ERUNT.lnk
[2009/11/08 13:22:56 | 00,073,728 | ---- | C] () -- C:\Documents and Settings\VICADI\My Documents\geektogo.doc
[2009/11/06 07:25:58 | 00,034,816 | ---- | C] () -- C:\Documents and Settings\VICADI\My Documents\Césarito Domínguez.doc
[2009/11/05 23:48:58 | 12,765,2684 | ---- | C] () -- C:\Documents and Settings\VICADI\Desktop\WxpPorta-Deiker.rar
[2009/11/03 11:08:51 | 00,449,043 | ---- | C] () -- C:\Documents and Settings\VICADI\My Documents\RegSeeker.zip
[2009/11/02 16:09:50 | 00,542,387 | ---- | C] () -- C:\Documents and Settings\VICADI\My Documents\bejeweled blitz.rar
[2009/08/08 20:41:36 | 00,004,096 | -H-- | C] () -- C:\Documents and Settings\VICADI\Local Settings\Application Data\keyfile3.drm
[2009/08/01 11:22:24 | 00,000,318 | ---- | C] () -- C:\WINDOWS\WPE PRO.INI
[2009/07/17 19:41:33 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2009/07/17 19:41:33 | 00,002,412 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2009/07/08 21:14:58 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/07/08 21:14:55 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/08 21:14:54 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/07/08 21:14:52 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/07/08 21:14:52 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/07/06 21:35:28 | 00,000,239 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2009/02/28 15:55:54 | 23,757,024 | ---- | C] () -- C:\Program Files\AXIALIS.rar
[2009/02/21 17:02:32 | 00,100,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\VBoxDrv.sys
[2009/01/24 18:31:52 | 00,000,040 | ---- | C] () -- C:\WINDOWS\System32\Msglixgrx.dll
[2008/11/08 19:25:10 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/09/09 13:07:21 | 04,950,374 | -H-- | C] () -- C:\Documents and Settings\VICADI\Local Settings\Application Data\IconCache.db
[2008/08/02 15:15:02 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OgaCheckControl.dll
[2008/08/02 11:37:43 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2008/06/12 19:12:05 | 00,000,066 | ---- | C] () -- C:\WINDOWS\Speed Video Splitter.INI
[2008/06/01 13:59:13 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\VICADI\Application Data\vso_ts_preview.xml
[2008/06/01 12:49:49 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\VICADI\Application Data\inst.exe
[2008/06/01 12:49:49 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\VICADI\Application Data\pcouffin.cat
[2008/06/01 12:49:49 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\VICADI\Application Data\pcouffin.inf
[2008/06/01 12:49:49 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\VICADI\Application Data\pcouffin.log
[2008/04/04 12:43:46 | 00,005,311 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/04/04 12:43:42 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/04/04 12:34:48 | 00,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2008/03/26 19:33:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2008/03/26 19:33:38 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31.dll
[2008/03/26 19:33:38 | 00,069,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrJD31d.sys
[2008/03/26 19:33:38 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\LxrJD20Sat.dll
[2008/02/16 22:14:23 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/01/09 14:01:48 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/10/15 17:07:32 | 00,000,071 | ---- | C] () -- C:\WINDOWS\GDINST.INI
[2007/10/14 16:32:12 | 00,000,036 | -H-- | C] () -- C:\WINDOWS\System32\swk.ini
[2007/08/04 18:14:33 | 00,000,032 | ---- | C] () -- C:\WINDOWS\tdlp32.ini
[2007/08/04 17:27:29 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/07/26 15:06:22 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/07/26 15:03:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/07/10 13:39:58 | 00,005,827 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2007/06/26 17:03:54 | 00,000,000 | ---- | C] () -- C:\Program Files\gamingGamePuzzleVB.DB
[2007/05/16 15:22:54 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/05/14 19:10:32 | 00,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007/02/13 22:25:06 | 00,001,219 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/02/06 12:55:29 | 00,041,976 | ---- | C] () -- C:\Documents and Settings\VICADI\Application Data\GDIPFONTCACHEV1.DAT
[2007/02/01 20:44:43 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/02/01 17:27:48 | 00,248,320 | ---- | C] () -- C:\Documents and Settings\VICADI\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/30 20:26:41 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/30 20:13:09 | 00,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2007/01/30 20:10:44 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2007/01/30 20:08:11 | 00,075,513 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2007/01/30 20:06:55 | 00,072,641 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2007/01/28 20:50:46 | 00,061,936 | ---- | C] () -- C:\Documents and Settings\VICADI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/01/28 19:10:22 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\VICADI\Application Data\desktop.ini
[2007/01/28 10:55:03 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/03/06 10:41:02 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2004/09/16 12:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 12:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2002/11/28 18:56:34 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\sfx.dll
[2002/11/10 13:51:00 | 00,152,064 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/12/27 04:38:04 | 00,054,765 | ---- | C] () -- C:\WINDOWS\System32\drivers\LMFilt.sys
[2001/10/11 23:42:49 | 00,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2001/08/23 04:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/08/23 04:00:00 | 00,000,191 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/07/20 09:48:06 | 00,008,116 | ---- | C] () -- C:\Program Files\OSLO3071b2.USB
[2000/12/05 14:56:34 | 00,114,688 | ---- | C] () -- C:\Program Files\lxarscan.dll
[2000/07/17 21:01:56 | 00,230,912 | R--- | C] () -- C:\WINDOWS\System32\Zipit.dll
[2000/01/11 11:50:48 | 00,000,047 | ---- | C] () -- C:\Program Files\ACMonitor_X73.ini
[1999/04/20 02:15:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\unvise32.dll

========== LOP Check ==========

[2008/02/13 20:51:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2008/02/15 20:27:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/07/17 19:42:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2009/04/01 22:56:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2008/06/06 12:29:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2007/05/04 23:06:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/07/07 08:48:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/11/08 14:16:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/08/24 22:44:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TreeCardGames
[2008/07/03 13:17:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/02/28 15:57:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Axialis
[2008/12/17 12:48:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Boost Windows
[2008/05/30 15:44:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\CenoPDF
[2007/04/18 11:02:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Corel
[2009/03/21 17:12:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\HiYo
[2009/09/27 12:55:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Hoyle FaceCreator
[2009/11/07 13:22:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Hoyle Puzzle and Board Games
[2008/11/10 15:54:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\LG Electronics
[2009/01/18 10:39:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Lost Marble
[2009/08/21 09:35:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\MegauploadToolbar
[2008/09/14 10:14:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Nexon
[2008/08/18 19:57:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Runes of Avalon
[2009/07/30 14:55:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\SecondLife
[2008/08/10 18:25:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\VICADI\Application Data\SecuROM
[2009/05/12 11:57:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\SolSuite
[2009/09/23 21:07:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Thinstall
[2009/08/20 18:17:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Uniblue
[2008/09/16 21:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\URSoft
[2008/06/01 16:38:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\USBSafelyRemove
[2009/04/24 20:51:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\uTorrent
[2009/03/05 15:42:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Vso
[2009/09/04 16:14:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Windows Live Writer
[2001/08/23 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2007/05/19 09:58:27 | 00,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job
[2009/11/08 14:16:37 | 00,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2009/11/05 07:02:18 | 00,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2009/11/08 14:15:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/11/07 22:21:00 | 00,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
[2007/09/09 21:21:30 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
[2009/11/08 14:20:42 | 00,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C769E810-301D-418F-8B45-EBCA02A26CA9}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/05/18 12:49:02 | 00,100,864 | ---- | M] (Atribune.org) -- C:\VundoFix.exe

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/03 23:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/03 23:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/03 23:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/03 21:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2004/08/03 22:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F7539FF
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE8F57E9
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E965A533
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
< End of report >




OTL Extras logfile created on: 11/8/2009 2:21:56 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\VICADI\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 629.95 Mb Available Physical Memory | 62.05% Memory free
2.39 Gb Paging File | 2.07 Gb Available in Paging File | 86.69% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 6.26 Gb Free Space | 21.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 45.23 Gb Total Space | 9.85 Gb Free Space | 21.77% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACIM
Current User Name: VICADI
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- winhlp32.exe %1 File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] -- regedit.exe "%1" File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"UACDisableNotify" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"58571:TCP" = 58571:TCP:*:Enabled:Pando P2P TCP Listening Port
"58571:UDP" = 58571:UDP:*:Enabled:Pando P2P UDP Listening Port
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"H:\KIMS1.2\KIMS.exe" = H:\KIMS1.2\KIMS.exe:*:Enabled:KIMS 1.2 -- File not found
"C:\Program Files\Java\jre1.6.0_05\launch4j-tmp\JDownloader.exe" = C:\Program Files\Java\jre1.6.0_05\launch4j-tmp\JDownloader.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"E:\HCE\Halo Custom Edition\haloce.exe" = E:\HCE\Halo Custom Edition\haloce.exe:*:Enabled:Halo -- (Microsoft Corporation)
"C:\Program Files\Sun\xVM VirtualBox\VirtualBox.exe" = C:\Program Files\Sun\xVM VirtualBox\VirtualBox.exe:*:Enabled:VirtualBox -- ()
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06024F70-15BC-4447-B53A-F1A7BBA21033}" = Nero 7
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0B7BA3EE-D7AC-494E-999D-DA58D6D01DAC}" = LG PC Suite
"{169A15A0-6131-4274-8A8B-7E50702A1F52}" = Cliente de Windows Rights Management con Service Pack 2
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4B141C08-51E5-4224-81BD-5FC967195734}" = LG USB Modem Driver-MDMS
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{51F167CF-79C7-402A-8905-3C3613EB12AB}" = LG PC Suite
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59B60A02-7A8B-47EF-850F-D8645B62C4B1}" = Sun xVM VirtualBox
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.0.0.7
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{7784A172-61F1-445E-8368-601607E0DD22}" = MP3 Player Utilities 4.00
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7
"{AD7D2016-E1A4-4E41-BF63-3293C7D5FB53}" = HT TVR 2.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4B7B511-F4BC-4E4A-A988-9B509312181B}" = UPSmart
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8FB5656-F061-4602-8B61-EA8A70052707}" = Microsoft Juego de Cartas Carioca
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{E82FBDF4-8C05-4513-B8D8-2331145ECA10}_is1" = Solid AVI DIVX to DVD Burner 1.2.4
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" =
"{EC905264-BCFE-423B-9C42-C3A106266790}" = SP2 con compatibilidad hacia atrás con cliente de Windows Rights Management
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F443F171-B49B-4645-915C-580E7ED79992}" = Macromedia Extension Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8024EB8-5B34-46FE-B15D-20ACF26FC20E}" = Hoyle Puzzle and Board Games
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Access Password Recovery_is1" = Access Password Recovery version 1.5
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Anime Studio Pro_is1" = Anime Studio Pro 5.6
"AoA DVD Copy_is1" = AoA DVD Copy
"Ares" = Ares 2.1.1
"Ares Tube_is1" = Ares Tube 3.0
"AudioShell_is1" = AudioShell 1.3.5
"avast!" = avast! Antivirus
"Bengal - Game of Gods" = Bengal - Game of Gods
"Boomerang Data Recovery_is1" = Boomerang Data Recovery Software 1.0.5
"CCleaner" = CCleaner (remove only)
"Chuzzle Deluxe 1.0" = Chuzzle Deluxe 1.0
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0330" = Creative WebCam Vista/Live! Cam Chat Driver (1.11.01.00)
"Creative WebCam Center" = Creative WebCam Center
"Devastro" = Devastro
"DVD Shrink_is1" = DVD Shrink 3.2
"ERUNT_is1" = ERUNT 1.1j
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 2.8
"FreeUndelete" = FreeUndelete
"HachaPro" = HachaPro
"HijackThis" = HijackThis 2.0.2
"IconWorkshop" = Axialis IconWorkshop 6.32
"IDAutomation.com EZ Barcode Font Package DEMO" = IDAutomation.com EZ Barcode Font Package DEMO
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"JDSecure" = JD Secure 3.1
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.9.5 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MegauploadToolbar" = Megaupload Toolbar
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"MP4 Player" = MP4 Player
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 6.0" = RealPlayer
"RegCure" = RegCure 1.5.0.0
"RemoveIT Pro v4 - SE" = RemoveIT Pro v4 - SE
"R-Studio 4.0NSIS" = R-Studio 4.0
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SolSuite_is1" = SolSuite 2008 v8.8
"SoundBase_is1" = SoundBase
"Speed Video Splitter_is1" = Speed Video Splitter 2.5.4
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Startup Faster!_is1" = Startup Faster!
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SysInfo" = Creative System Information
"System TuneUp_is1" = System TuneUp
"The Logo Creator v5" = The Logo Creator v5
"Total Video Converter 3.14_is1" = Total Video Converter 3.14 080930
"Toy Story 2 Print Studio" = Disney-Pixars Print Studio, Toy Story 2
"USB MP3 Player WIN98 Drivers" = USB MP3 Player WIN98 Drivers
"USB Safely Remove_is1" = USB Safely Remove 3.1
"uTorrent" = µTorrent
"wcmdmgr.exe" = WildTangent Updater
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"wtwebdriver" = WildTangent Web Driver
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 6/6/2009 12:40:23 PM | Computer Name = ACIM | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\VICADI\Local Settings\Temporary Internet Files\Content.IE5\VZ6ATY50\adserver[2].js
failed, 00000005.

Error - 6/28/2009 7:58:43 PM | Computer Name = ACIM | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\161274a09839da63eeb3d6857c97cd\ieencode.dll failed, 00000005.

Error - 6/29/2009 1:30:29 AM | Computer Name = ACIM | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\161274a09839da63eeb3d6857c97cd\ieudinit.exe failed, 00000005.

Error - 11/7/2009 8:32:38 PM | Computer Name = ACIM | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\161274a09839da63eeb3d6857c97cd\ieencode.dll failed, 00000005.

[ Application Events ]
Error - 10/28/2009 9:38:39 PM | Computer Name = ACIM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/28/2009 9:38:39 PM | Computer Name = ACIM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/28/2009 9:38:40 PM | Computer Name = ACIM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/28/2009 9:38:40 PM | Computer Name = ACIM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/29/2009 9:36:57 PM | Computer Name = ACIM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10b.ocx, version 10.0.22.87, fault address 0x001d7015.

Error - 11/1/2009 7:52:04 PM | Computer Name = ACIM | Source = Application Error | ID = 1000
Description = Faulting application hoyle puzzle games.exe, version 0.0.0.0, faulting
module hoyle puzzle games.exe, version 0.0.0.0, fault address 0x00395479.

Error - 11/4/2009 2:21:41 PM | Computer Name = ACIM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 11/6/2009 12:43:43 AM | Computer Name = ACIM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module jvm.dll, version 14.1.0.2, fault address 0x000c6472.

Error - 11/6/2009 1:44:04 PM | Computer Name = ACIM | Source = Windows Live Messenger | ID = 1000
Description =

Error - 11/8/2009 3:00:49 PM | Computer Name = ACIM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10b.ocx, version 10.0.22.87, fault address 0x00097268.

[ System Events ]
Error - 11/8/2009 5:30:47 PM | Computer Name = ACIM | Source = Service Control Manager | ID = 7034
Description = The LexBce Server service terminated unexpectedly. It has done this
1 time(s).

Error - 11/8/2009 5:30:47 PM | Computer Name = ACIM | Source = Service Control Manager | ID = 7034
Description = The Machine Debug Manager service terminated unexpectedly. It has
done this 1 time(s).

Error - 11/8/2009 5:30:47 PM | Computer Name = ACIM | Source = Service Control Manager | ID = 7034
Description = The USB2.0 TVBOX Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 11/8/2009 5:30:48 PM | Computer Name = ACIM | Source = Service Control Manager | ID = 7034
Description = The UPSmart service terminated unexpectedly. It has done this 1 time(s).

Error - 11/8/2009 5:30:48 PM | Computer Name = ACIM | Source = Service Control Manager | ID = 7034
Description = The StarWind iSCSI Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 11/8/2009 5:30:49 PM | Computer Name = ACIM | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 11/8/2009 5:40:00 PM | Computer Name = ACIM | Source = Service Control Manager | ID = 7000
Description = The Lexmark X73 MFP Scanner service failed to start due to the following
error: %%1058

Error - 11/8/2009 5:40:00 PM | Computer Name = ACIM | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2

Error - 11/8/2009 6:16:07 PM | Computer Name = ACIM | Source = Service Control Manager | ID = 7000
Description = The Lexmark X73 MFP Scanner service failed to start due to the following
error: %%1058

Error - 11/8/2009 6:16:07 PM | Computer Name = ACIM | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2


< End of report >

:)
THNX
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP