Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Run dd32.exe Bad image problem [Solved]

Started by carlicos , May 20 2012 02:19 AM

  • This topic is locked This topic is locked

#1
carlicos
Posted 20 May 2012 - 02:19 AM

carlicos

    New Member

  • Member
  • Pip
  • 4 posts
Since few montsh I get after starting my Win XP two boxes with Run dll32.exe bad image title and the comment: msiqar32.dll is not a valid windows image.

PC works fine after this, but seems to be very slow since then.

I use Symantec, and also Spybot updated regularly

Here the log I got acc your instructions (I got 2 fles, OTL and Extras) I paste here both one after the other:

OTL logfile created on: 5/20/2012 10:11:18 AM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = D:\Movies Facilvision
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 38.43% Memory free
1.85 Gb Paging File | 0.99 Gb Available in Paging File | 53.73% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.32 Gb Total Space | 41.15 Gb Free Space | 60.23% Space Free | Partition Type: NTFS
Drive D: | 279.46 Gb Total Space | 1.10 Gb Free Space | 0.40% Space Free | Partition Type: NTFS

Computer Name: CARLICOS | User Name: Carlos Latorre | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/20 10:10:52 | 000,595,456 | ---- | M] (OldTimer Tools) -- D:\Movies Facilvision\OTL.exe
PRC - [2012/04/28 19:06:13 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/30 21:27:54 | 004,615,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/02/14 14:33:12 | 000,086,016 | ---- | M] (Contour Design, Inc.) -- C:\Program Files\Contour Shuttle\ShuttleEngine.exe
PRC - [2011/02/14 14:33:00 | 000,118,784 | ---- | M] (Contour Design, Inc.) -- C:\Program Files\Contour Shuttle\ShuttleHelper.exe
PRC - [2011/01/15 16:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2011/01/05 12:31:34 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/01/05 12:31:32 | 000,988,216 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2010/12/14 10:12:12 | 000,956,416 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2010/11/10 13:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
PRC - [2010/01/12 10:45:36 | 000,245,760 | ---- | M] () -- C:\Program Files\Synology Data Replicator 3\SynoDrService.exe
PRC - [2009/09/01 07:15:56 | 000,125,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe
PRC - [2009/09/01 07:15:46 | 001,966,008 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2009/09/01 07:15:38 | 000,031,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
PRC - [2009/08/08 13:58:02 | 000,173,440 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
PRC - [2009/08/08 13:57:20 | 000,087,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
PRC - [2009/08/03 07:23:34 | 000,202,088 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2009/08/03 07:23:34 | 000,169,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2009/08/03 07:23:30 | 000,191,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2009/08/03 07:23:30 | 000,053,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/03/05 10:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/12/17 09:21:08 | 000,214,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/26 13:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2007/04/27 01:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2007/04/26 19:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2003/02/21 00:45:40 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE


========== Modules (No Company Name) ==========

MOD - [2012/05/20 09:59:55 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/05/20 09:59:55 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/05/06 09:22:21 | 008,797,856 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/04/28 19:06:12 | 001,911,736 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/03 17:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/16 18:14:31 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/10/16 18:14:30 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 16:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/14 09:51:52 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2010/12/14 09:51:50 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2010/12/14 09:51:44 | 000,200,704 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libpcre.dll
MOD - [2010/11/10 13:39:08 | 000,090,112 | ---- | M] () -- C:\Program Files\Launchy\plugins\controly.dll
MOD - [2010/11/10 13:39:00 | 000,081,920 | ---- | M] () -- C:\Program Files\Launchy\plugins\calcy.dll
MOD - [2010/11/10 13:38:52 | 000,024,064 | ---- | M] () -- C:\Program Files\Launchy\plugins\gcalc.dll
MOD - [2010/11/10 13:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
MOD - [2010/11/10 13:38:40 | 000,094,208 | ---- | M] () -- C:\Program Files\Launchy\plugins\runner.dll
MOD - [2010/11/10 13:38:24 | 000,122,880 | ---- | M] () -- C:\Program Files\Launchy\plugins\weby.dll
MOD - [2010/11/10 13:38:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launchy\plugins\verby.dll
MOD - [2010/01/12 10:45:36 | 000,245,760 | ---- | M] () -- C:\Program Files\Synology Data Replicator 3\SynoDrService.exe
MOD - [2009/12/16 18:18:48 | 000,233,472 | ---- | M] () -- C:\Program Files\Launchy\imageformats\qmng4.dll
MOD - [2009/12/16 16:13:02 | 008,314,880 | ---- | M] () -- C:\Program Files\Launchy\QtGui4.dll
MOD - [2009/12/16 15:56:22 | 000,712,704 | ---- | M] () -- C:\Program Files\Launchy\QtNetwork4.dll
MOD - [2009/12/16 15:54:46 | 002,236,416 | ---- | M] () -- C:\Program Files\Launchy\QtCore4.dll
MOD - [2009/01/11 00:15:44 | 000,159,744 | ---- | M] () -- C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll
MOD - [2009/01/11 00:14:06 | 000,023,552 | ---- | M] () -- C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll
MOD - [2008/09/06 15:17:32 | 000,062,800 | R--- | M] () -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\prsettg.dll
MOD - [2008/04/14 02:12:03 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008/04/14 02:12:03 | 000,279,040 | ---- | M] () -- C:\WINDOWS\system32\qdv.dll
MOD - [2008/04/14 02:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 02:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/09/20 12:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2003/08/19 10:20:04 | 000,180,224 | ---- | M] () -- C:\WINDOWS\system32\ac3filter.ax


========== Win32 Services (SafeList) ==========

SRV - [2012/05/06 09:22:24 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/02/14 14:33:12 | 000,086,016 | ---- | M] (Contour Design, Inc.) [Auto | Running] -- C:\Program Files\Contour Shuttle\ShuttleEngine.exe -- (ShuttleEngine)
SRV - [2011/01/05 12:31:34 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/01/05 12:31:32 | 000,988,216 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2010/01/12 10:45:36 | 000,245,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Synology Data Replicator 3\SynoDrService.exe -- (SynoDrService)
SRV - [2009/09/01 07:15:50 | 000,116,664 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2009/09/01 07:15:46 | 001,966,008 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/01 07:15:38 | 000,031,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2009/08/08 13:58:02 | 000,173,440 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- (SymSecurePort)
SRV - [2009/08/08 13:57:20 | 000,087,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe -- (ISSVC)
SRV - [2009/08/03 07:23:34 | 000,202,088 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2009/08/03 07:23:34 | 000,169,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2009/08/03 07:23:30 | 000,191,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2009/03/20 13:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/12/17 09:21:08 | 000,214,408 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/07/26 13:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/04/27 01:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2007/04/26 19:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2012/02/13 11:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/13 11:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/14 11:43:20 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120512.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/14 11:43:20 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120512.016\NAVENG.SYS -- (NAVENG)
DRV - [2011/10/30 21:20:08 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2011/07/29 13:54:56 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/21 17:37:16 | 000,270,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20120517.001\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2010/11/08 23:04:26 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/09/01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/06/18 18:12:49 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/03/23 08:53:12 | 000,816,672 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AE1000XP.sys -- (AE1000)
DRV - [2009/06/14 04:47:12 | 000,055,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2009/06/14 04:47:10 | 000,339,328 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2008/12/17 09:20:40 | 000,188,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2008/12/17 09:20:34 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2008/12/17 09:20:30 | 000,031,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS)
DRV - [2008/12/17 09:20:26 | 000,028,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS)
DRV - [2008/12/17 09:20:20 | 000,099,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW)
DRV - [2008/12/17 09:20:16 | 000,012,680 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS)
DRV - [2007/11/24 03:07:53 | 000,021,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eps2kt1.sys -- (token)
DRV - [2007/11/24 03:07:53 | 000,012,800 | ---- | M] (OEM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smccard.sys -- (R5BaseSmc)
DRV - [2007/07/26 13:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/04/27 01:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)
DRV - [2005/03/22 03:48:39 | 000,217,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\a320raid.sys -- (a320raid)
DRV - [2003/11/17 09:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 09:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 09:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/03/27 18:58:56 | 000,287,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/03/26 23:33:58 | 000,498,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/03/26 23:32:32 | 000,189,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/03/26 23:32:02 | 000,141,536 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hap16v2k.sys -- (hap16v2k)
DRV - [2003/03/26 23:31:40 | 000,823,616 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/03/06 17:10:34 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2003/02/21 00:24:46 | 000,116,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003/02/21 00:24:34 | 000,135,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/02/21 00:24:18 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/02/21 00:22:38 | 000,135,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2002/07/17 03:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58889

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.95.20100933
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 58889


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/08/30 13:48:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/28 19:06:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/08 09:19:03 | 000,000,000 | ---D | M]

[2009/02/14 05:56:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carlos Latorre\Application Data\Mozilla\Extensions
[2012/05/06 09:36:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carlos Latorre\Application Data\Mozilla\Firefox\Profiles\l35w7zq3.default\extensions
[2011/01/16 06:47:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Carlos Latorre\Application Data\Mozilla\Firefox\Profiles\l35w7zq3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/15 11:21:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Carlos Latorre\Application Data\Mozilla\Firefox\Profiles\l35w7zq3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/11/21 10:15:29 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\Carlos Latorre\Application Data\Mozilla\Firefox\Profiles\l35w7zq3.default\searchplugins\MyStart.xml
[2012/03/17 19:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/08 13:14:24 | 000,195,719 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\CARLOS LATORRE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\L35W7ZQ3.DEFAULT\EXTENSIONS\[email protected]
[2012/04/28 19:06:13 | 000,134,072 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/25 18:29:37 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/09/12 04:39:45 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012/03/10 03:35:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/10 03:35:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2010/04/24 05:19:33 | 000,000,909 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Contour Shuttle Device Helper] C:\Program Files\Contour Shuttle\ShuttleHelper.exe (Contour Design, Inc.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [MSIDLL] C:\WINDOWS\System32\msiqar32.dll ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Evernote Clipper.lnk = C:\WINDOWS\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico ()
O4 - Startup: C:\Documents and Settings\Carlos Latorre\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files\Launchy\Launchy.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: New Application = C:\Program Files\Contour Shuttle\ShuttleEngine.exe (Contour Design, Inc.)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EE10710-CB83-4C80-8AB6-7677FD043765}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93EB2732-3131-4D29-AF52-6D221892C16E}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Carlos Latorre\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Carlos Latorre\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/03 04:10:44 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2007/08/29 13:33:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5166c072-4558-11df-a537-00142255a8f9}\Shell\AutoRun\command - "" = F:\6b.exe
O33 - MountPoints2\{5166c072-4558-11df-a537-00142255a8f9}\Shell\open\Command - "" = F:\6b.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/13 21:24:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/13 20:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPER © v2010.build.42 (Nov 7, 2010)
[2012/05/13 20:57:27 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2012/05/13 20:57:27 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2012/05/13 20:57:27 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2012/05/13 20:57:27 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2012/05/13 20:57:27 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2012/05/13 20:57:27 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2012/05/13 20:57:27 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2012/05/13 20:57:27 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2012/05/13 20:57:26 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2012/05/13 20:57:26 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2012/05/13 20:57:25 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2012/05/13 20:57:25 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2012/05/13 20:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2012/05/13 17:44:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Carlos Latorre\Recent
[2012/05/06 12:32:56 | 000,000,000 | ---D | C] -- C:\From D no space
[2012/04/28 12:58:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool
[2012/04/28 12:56:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2012/04/28 12:56:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MG4100 series User Registration
[2012/04/28 12:56:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/04/28 12:56:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2012/04/28 12:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MG4100 series
[2012/04/28 12:55:46 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012/04/28 12:55:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\STRING
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/20 09:59:04 | 000,002,349 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Evernote Clipper.lnk
[2012/05/20 09:58:49 | 000,056,469 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2012/05/20 09:58:48 | 000,022,391 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/05/20 09:58:39 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/05/20 09:56:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/19 18:04:01 | 000,031,560 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-0000000D-00001102-00000004-10031102}.rfx
[2012/05/19 18:04:01 | 000,031,560 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-0000000D-00001102-00000004-10031102}.rfx
[2012/05/19 18:04:01 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-0000000D-00001102-00000004-10031102}.rfx
[2012/05/19 18:04:01 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-0000000D-00001102-00000004-10031102}.rfx
[2012/05/19 18:04:01 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/05/19 18:04:01 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/05/19 18:04:01 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-0000000D-00001102-00000004-10031102}.dat
[2012/05/19 18:04:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-0000000D-00001102-00000004-10031102}.dat
[2012/05/19 18:03:51 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\profile.dat
[2012/05/19 18:03:34 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-0000000D-00001102-00000004-10031102}.CDF
[2012/05/19 17:52:12 | 002,177,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/19 17:51:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/13 21:26:54 | 000,441,606 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/13 21:26:54 | 000,071,542 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/13 21:22:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/13 21:21:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/13 20:59:39 | 000,042,351 | ---- | M] () -- C:\Documents and Settings\Carlos Latorre\Desktop\Danone. Natillas. Repetimos. 1979.flv.MP3
[2012/05/13 20:46:18 | 000,962,734 | ---- | M] () -- C:\Documents and Settings\Carlos Latorre\Desktop\Danone. Natillas. Repetimos. 1979-1.flv
[2012/05/13 20:36:21 | 002,229,737 | ---- | M] () -- C:\Documents and Settings\Carlos Latorre\Desktop\Danone. Natillas. Repetimos. 1979.flv
[2012/05/13 20:35:12 | 001,201,286 | ---- | M] () -- C:\Documents and Settings\Carlos Latorre\Desktop\Danone. Natillas. Repetimos. 1979.mp4
[2012/05/13 18:46:15 | 000,179,712 | ---- | M] () -- C:\Documents and Settings\Carlos Latorre\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/06 09:43:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\wininit.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/13 21:20:14 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/05/13 20:59:39 | 000,042,351 | ---- | C] () -- C:\Documents and Settings\Carlos Latorre\Desktop\Danone. Natillas. Repetimos. 1979.flv.MP3
[2012/05/13 20:57:27 | 000,121,344 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.ax
[2012/05/13 20:57:27 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2012/05/13 20:57:27 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2012/05/13 20:57:26 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2012/05/13 20:57:26 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2012/05/13 20:57:26 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2012/05/13 20:57:26 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2012/05/13 20:57:25 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2012/05/13 20:57:25 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2012/05/13 20:57:25 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2012/05/13 20:45:36 | 000,962,734 | ---- | C] () -- C:\Documents and Settings\Carlos Latorre\Desktop\Danone. Natillas. Repetimos. 1979-1.flv
[2012/05/13 20:35:11 | 002,229,737 | ---- | C] () -- C:\Documents and Settings\Carlos Latorre\Desktop\Danone. Natillas. Repetimos. 1979.flv
[2012/05/13 20:34:27 | 001,201,286 | ---- | C] () -- C:\Documents and Settings\Carlos Latorre\Desktop\Danone. Natillas. Repetimos. 1979.mp4
[2012/04/28 12:58:10 | 000,067,840 | ---- | C] () -- C:\WINDOWS\System32\CNC1753D.TBL
[2012/04/28 11:19:47 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/02/25 18:22:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/11 11:41:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\msiqar32.dll
[2011/10/20 19:15:34 | 002,469,760 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011/10/20 19:15:34 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011/10/20 19:15:34 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/10/20 19:15:34 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/10/20 19:15:34 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2011/09/10 11:14:18 | 000,005,422 | ---- | C] () -- C:\Documents and Settings\Carlos Latorre\Application Data\8616.8A3
[2011/09/04 11:48:51 | 000,013,931 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/05/28 08:56:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/13 11:39:18 | 000,063,208 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/04 03:34:25 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/07/04 03:34:25 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\58736BF7C3.sys
[2010/06/18 19:10:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/06/18 18:14:23 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat

========== LOP Check ==========

[2011/10/30 21:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/07/03 04:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alias
[2012/04/28 12:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool
[2012/04/28 12:56:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/04/28 12:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2007/11/07 15:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canopus
[2011/09/04 11:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2007/08/29 16:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Contour Design
[2011/03/26 17:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dassault Systemes
[2009/02/08 05:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\proDAD
[2011/09/10 19:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PTC
[2008/11/08 12:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/03 05:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/01/24 04:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VertusTech
[2011/01/03 05:16:59 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010/08/13 09:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/16 04:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2011/02/11 12:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\Ambient Design
[2010/07/03 04:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\Autodesk
[2010/02/17 04:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\Blender Foundation
[2007/09/22 11:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\Canon
[2007/11/07 15:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\Canopus
[2007/10/20 09:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\CD-LabelPrint
[2010/04/17 06:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\CheckPoint
[2011/03/26 17:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\DraftSight
[2012/01/08 18:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\DRail Modelspoor Software
[2010/09/12 04:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\Foxit Software
[2011/02/11 13:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\GlarySoft
[2010/05/03 05:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\gtk-2.0
[2010/03/27 11:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\ImgBurn
[2007/12/04 14:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\JLC's Software
[2011/01/08 12:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\Launchy
[2007/08/29 14:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\Leadertech
[2012/05/13 20:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\OpenCandy
[2007/09/03 15:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\Opera
[2007/11/10 10:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\proDAD
[2011/09/11 17:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\PTC
[2011/06/04 03:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\SharePod
[2010/06/14 11:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\SNS-HDR_Lite
[2010/10/02 15:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\Softland
[2011/09/10 10:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\TuneUp Software
[2010/09/11 03:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\ZumoCast
[2012/05/20 09:58:39 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F2D0C0C

< End of report >



OTL Extras logfile created on: 5/20/2012 10:11:18 AM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = D:\Movies Facilvision
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 38.43% Memory free
1.85 Gb Paging File | 0.99 Gb Available in Paging File | 53.73% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.32 Gb Total Space | 41.15 Gb Free Space | 60.23% Space Free | Partition Type: NTFS
Drive D: | 279.46 Gb Total Space | 1.10 Gb Free Space | 0.40% Space Free | Partition Type: NTFS

Computer Name: CARLICOS | User Name: Carlos Latorre | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FIREWALLDISABLENOTIFY" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Adobe\Adobe Premiere Pro 2.0\Adobe Premiere Pro.exe" = C:\Program Files\Adobe\Adobe Premiere Pro 2.0\Adobe Premiere Pro.exe:*:Disabled:Adobe Premiere Pro -- ()
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" = C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Enabled:Sentinel Protection Server -- (SafeNet, Inc)
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" = C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*:Enabled:Sentinel Keys Server -- (SafeNet, Inc.)
"C:\Program Files\Zecter\ZumoCast\zumocast.exe" = C:\Program Files\Zecter\ZumoCast\zumocast.exe:*:Enabled:ZumoCast -- (Zecter Inc.)
"C:\Program Files\AirVideoServer\AirVideoServer.exe" = C:\Program Files\AirVideoServer\AirVideoServer.exe:*:Enabled:Air Video Server -- ()
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\DOCUME~1\CARLOS~1\LOCALS~1\Temp\Rar$EX00.203\Genarts.Sapphire.1.0.keymaker.by.TSRh.exe" = C:\DOCUME~1\CARLOS~1\LOCALS~1\Temp\Rar$EX00.203\Genarts.Sapphire.1.0.keymaker.by.TSRh.exe:*:Enabled:Genarts.Sapphire.1.0.keymaker.by.TSRh
"C:\Documents and Settings\Carlos Latorre\Desktop\Genarts.Sapphire.1.0.keymaker.by.TSRh.exe" = C:\Documents and Settings\Carlos Latorre\Desktop\Genarts.Sapphire.1.0.keymaker.by.TSRh.exe:*:Enabled:Genarts.Sapphire.1.0.keymaker.by.TSRh


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series" = Canon MG4100 series MP Drivers
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1C7C869E-752D-4C09-9666-785E6E695359}" = Symantec Client Security
"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2ECE7ECE-D15B-4999-8B8D-01C998F489D5}" = Adobe Encore DVD 2.0
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{49EB3B4F-E42C-4F0A-8C28-4205F891DF85}" = TouchCopy 09
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{4FFB0B3B-BF82-4248-A275-630AC5F7EFC5}" = Adobe Photoshop Lightroom 2.4
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{51ADFD15-6B63-4F8E-8076-F4E31FFEE32A}" = Contour Shuttle
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6A70D9E8-C51B-4196-BD1F-137E6EF6AEBB}" = Canopus ProCoder 2
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7ECC7108-277C-41CF-BB34-2ECEB41814D9}" = AnyRail4EN
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4666FB-B2AF-439F-A604-5C26B4A2F1D3}" = Creo Elements/Direct Modeling Express 4.0
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E310838-457C-4269-B177-3EFB300CBDDC}" = Synology Data Replicator 3
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}" = Iomega Product Registration
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8D8C4CD-B4B6-4FEF-BE9E-EEA6AD122F30}" = CameraBag 2 Beta
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-0000-0000-0000-EDED00000102}" = Adobe ExtendScript Toolkit 1.0
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.51 (April 7, 2012) version v2012.build.51
"{B9C54C44-BB5A-4B03-8907-C01A9790195A}" = Manual CanoScan LiDE 500F
"{BF1B93F7-2908-4F41-A48A-EF1F6F745982}" = Imaginate
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{DD362256-A7A2-4524-9457-213DDC2AFC2A}" = Adobe After Effects 7.0
"{E82BF103-904F-49C0-B77F-6EC110B71E87}" = Sound Blaster Audigy 2
"{EE7D7509-CC19-4DED-A439-F50B191C9E37}" = DraftSight
"{F0E8F664-CAC6-4104-A4F9-4373F0633495}" = Acronis Disk Director Server
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.1
"{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"abrViewer.NET" = abrViewer.NET 1.0.1
"Adobe After Effects 7.0" = Adobe After Effects 7.0
"Adobe Encore DVD 2.0" = Adobe Encore DVD 2.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Premiere Pro 2.0" = Adobe Premiere Pro 2.0
"Air Video Server" = Air Video Server 2.4.3
"AVStoDVD" = AVStoDVD 2.2.6
"Canon MG4100 series User Registration" = Canon MG4100 series User Registration
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Cycore FX 1.0.1 for After Effects" = Cycore FX 1.0.1 for After Effects
"Defraggler" = Defraggler
"Disk Heal" = Disk Heal
"DivX Codec" = Remove DivX Pro Codec
"DivX Player" = DivX Player
"doPDF 7 printer_is1" = doPDF 7.1 printer
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"FLV Player2.0 " = FLV Player
"Foxit Reader" = Foxit Reader
"Glary Utilities_is1" = Glary Utilities 2.33.0.1158
"HaaliMkx" = Haali Media Splitter
"iCF Skin Pack" = iCF Skin Pack
"iColorFolder" = iColorFolder
"ie8" = Windows Internet Explorer 8
"ImageMagick 6.7.6 Q16_is1" = ImageMagick 6.7.6-5 Q16 (2012-05-01)
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"Launchy_21344213_is1" = Launchy 2.5
"LightWave 3D 9.6 9.6" = LightWave 3D 9.6
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Magic Bullet Editors 2.0 Premiere" = Magic Bullet Editors 2.0 Premiere
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mihov Image Resizer" = Mihov Image Resizer 1.2 (remove only)
"Mozilla Firefox 10.0.4 (x86 en-US)" = Mozilla Firefox 10.0.4 (x86 en-US)
"Noise Ninja (Standalone Version)_is1" = Noise Ninja 2 (Standalone Version)
"NVIDIA Drivers" = NVIDIA Drivers
"Photomatix Pro_is1" = Photomatix Pro version 2.4.1
"PIXresizer_is1" = PIXresizer 2.0.4
"proDAD-Mercalli-1.0" = proDAD Mercalli 1.0
"PROSet" = Intel® PRO Network Adapters and Drivers
"QuickGamma_is1" = QuickGamma 2.0.0.3
"QuickMonitorProfile_is1" = QuickMonitorProfile 2.1.0.1
"Recuva" = Recuva
"Revo Uninstaller" = Revo Uninstaller 1.83
"Secunia PSI" = Secunia PSI (2.0.0.2001)
"Snapshot" = Snapshot (remove only)
"SNS-HDR Lite_is1" = SNS-HDR Lite v1.1.11
"Speccy" = Speccy
"Synology Assistant" = Synology Assistant (remove only)
"The Panorama Factory" = The Panorama Factory
"Tinderbox1 2.1v1 for AE 7.0_is1" = Tinderbox1 2.1v1 for AE 7.0
"Tinderbox2 2.1v1 for AE 7.0_is1" = Tinderbox2 2.1v1 for AE 7.0
"Tinderbox3 2.1v1 for AE 7.0_is1" = Tinderbox3 2.1v1 for AE 7.0
"Tinderbox4 2.1v1 for AE 7.0_is1" = Tinderbox4 2.1v1 for AE 7.0
"VertusFluidMask3" = Vertus Fluid Mask 3 3.0.8
"VLC media player" = VLC media player 2.0.1
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"ZumoCast" = ZumoCast

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/10/2012 1:36:02 PM | Computer Name = CARLICOS | Source = Application Hang | ID = 1002
Description = Hanging application vlc.exe, version 1.1.11.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/15/2012 10:07:39 AM | Computer Name = CARLICOS | Source = Application Hang | ID = 1002
Description = Hanging application AfterFX.exe, version 7.0.128.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/15/2012 10:14:57 AM | Computer Name = CARLICOS | Source = Application Hang | ID = 1002
Description = Hanging application AfterFX.exe, version 7.0.128.11, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/17/2012 3:28:59 PM | Computer Name = CARLICOS | Source = Application Error | ID = 1000
Description = Faulting application wordpad.exe, version 5.1.2600.6010, faulting
module mswrd8.wpc, version 2011.1.31.10, fault address 0x000365e1.

Error - 5/6/2012 4:03:24 AM | Computer Name = CARLICOS | Source = Application Hang | ID = 1002
Description = Hanging application CorelPP.exe, version 12.0.0.458, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/6/2012 4:13:57 AM | Computer Name = CARLICOS | Source = Application Hang | ID = 1002
Description = Hanging application CorelPP.exe, version 12.0.0.458, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/13/2012 12:27:35 PM | Computer Name = CARLICOS | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 10.0.4.4493, faulting
module npswf32_11_2_202_235.dll, version 11.2.202.235, fault address 0x004264c9.

Error - 5/19/2012 11:58:05 AM | Computer Name = CARLICOS | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/19/2012 11:58:06 AM | Computer Name = CARLICOS | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/19/2012 11:58:07 AM | Computer Name = CARLICOS | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/6/2012 3:27:00 AM | Computer Name = CARLICOS | Source = a320raid | ID = 262153
Description = The device, \Device\Scsi\a320raid1, did not respond within the timeout
period.

Error - 5/6/2012 3:27:02 AM | Computer Name = CARLICOS | Source = a320raid | ID = 262153
Description = The device, \Device\Scsi\a320raid1, did not respond within the timeout
period.

Error - 5/6/2012 3:28:21 AM | Computer Name = CARLICOS | Source = a320raid | ID = 262153
Description = The device, \Device\Scsi\a320raid1, did not respond within the timeout
period.

Error - 5/6/2012 3:28:23 AM | Computer Name = CARLICOS | Source = a320raid | ID = 262153
Description = The device, \Device\Scsi\a320raid1, did not respond within the timeout
period.

Error - 5/13/2012 11:33:58 AM | Computer Name = CARLICOS | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 5/13/2012 11:33:58 AM | Computer Name = CARLICOS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 5/19/2012 11:54:40 AM | Computer Name = CARLICOS | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 5/19/2012 11:54:43 AM | Computer Name = CARLICOS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 5/20/2012 3:59:37 AM | Computer Name = CARLICOS | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 5/20/2012 3:59:39 AM | Computer Name = CARLICOS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd


< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 20 May 2012 - 06:51 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi let me know of any problems after this run

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58889
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\Run: [MSIDLL] C:\WINDOWS\System32\msiqar32.dll ()
    O33 - MountPoints2\{5166c072-4558-11df-a537-00142255a8f9}\Shell\AutoRun\command - "" = F:\6b.exe
    O33 - MountPoints2\{5166c072-4558-11df-a537-00142255a8f9}\Shell\open\Command - "" = F:\6b.exe

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#3
carlicos
Posted 20 May 2012 - 12:36 PM

carlicos

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks a lot for the excellent support.

After reboot, I got OTL self running and this report:

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSIDLL deleted successfully.
C:\WINDOWS\system32\msiqar32.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5166c072-4558-11df-a537-00142255a8f9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5166c072-4558-11df-a537-00142255a8f9}\ not found.
File F:\6b.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5166c072-4558-11df-a537-00142255a8f9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5166c072-4558-11df-a537-00142255a8f9}\ not found.
File F:\6b.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
D:\Movies Facilvision\cmd.bat deleted successfully.
D:\Movies Facilvision\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Carlos Latorre
->Temp folder emptied: 93356 bytes
->Temporary Internet Files folder emptied: 661086 bytes
->Java cache emptied: 186099 bytes
->FireFox cache emptied: 58792232 bytes
->Flash cache emptied: 826 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 1988072 bytes
->Temporary Internet Files folder emptied: 179454 bytes
->Flash cache emptied: 343 bytes

User: NetworkService
->Temp folder emptied: 1975752 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 525826324 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 180852502 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 735.00 mb

Unable to start System Restore Service. Error code 1056

OTL by OldTimer - Version 3.2.43.0 log created on 05202012_202111

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

****************************************************************
Then I run after a check and I got this:

OTL logfile created on: 5/20/2012 8:29:51 PM - Run 2
OTL by OldTimer - Version 3.2.43.0 Folder = D:\Movies Facilvision
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 41.60% Memory free
1.85 Gb Paging File | 1.14 Gb Available in Paging File | 61.91% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.32 Gb Total Space | 35.05 Gb Free Space | 51.30% Space Free | Partition Type: NTFS
Drive D: | 279.46 Gb Total Space | 2.83 Gb Free Space | 1.01% Space Free | Partition Type: NTFS

Computer Name: CARLICOS | User Name: Carlos Latorre | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/20 10:10:52 | 000,595,456 | ---- | M] (OldTimer Tools) -- D:\Movies Facilvision\OTL.exe
PRC - [2012/04/28 19:06:13 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/30 21:27:54 | 004,615,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/02/14 14:33:12 | 000,086,016 | ---- | M] (Contour Design, Inc.) -- C:\Program Files\Contour Shuttle\ShuttleEngine.exe
PRC - [2011/02/14 14:33:00 | 000,118,784 | ---- | M] (Contour Design, Inc.) -- C:\Program Files\Contour Shuttle\ShuttleHelper.exe
PRC - [2011/01/15 16:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2011/01/05 12:31:34 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/01/05 12:31:32 | 000,988,216 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2010/12/14 10:12:12 | 000,956,416 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2010/11/10 13:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
PRC - [2010/01/12 10:45:36 | 000,245,760 | ---- | M] () -- C:\Program Files\Synology Data Replicator 3\SynoDrService.exe
PRC - [2009/09/01 07:15:56 | 000,125,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe
PRC - [2009/09/01 07:15:46 | 001,966,008 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2009/09/01 07:15:38 | 000,031,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
PRC - [2009/08/08 13:58:02 | 000,173,440 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
PRC - [2009/08/08 13:57:20 | 000,087,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
PRC - [2009/08/03 07:23:34 | 000,202,088 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2009/08/03 07:23:34 | 000,169,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2009/08/03 07:23:30 | 000,191,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2009/08/03 07:23:30 | 000,053,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/03/05 10:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/12/17 09:21:08 | 000,214,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/26 13:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2007/04/27 01:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2007/04/26 19:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2003/02/21 00:45:40 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE


========== Modules (No Company Name) ==========

MOD - [2012/05/20 20:27:35 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/05/20 20:27:35 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/04/28 19:06:12 | 001,911,736 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/16 18:14:31 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/10/16 18:14:30 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 16:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/14 09:51:52 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2010/12/14 09:51:50 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2010/12/14 09:51:44 | 000,200,704 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libpcre.dll
MOD - [2010/11/10 13:39:08 | 000,090,112 | ---- | M] () -- C:\Program Files\Launchy\plugins\controly.dll
MOD - [2010/11/10 13:39:00 | 000,081,920 | ---- | M] () -- C:\Program Files\Launchy\plugins\calcy.dll
MOD - [2010/11/10 13:38:52 | 000,024,064 | ---- | M] () -- C:\Program Files\Launchy\plugins\gcalc.dll
MOD - [2010/11/10 13:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
MOD - [2010/11/10 13:38:40 | 000,094,208 | ---- | M] () -- C:\Program Files\Launchy\plugins\runner.dll
MOD - [2010/11/10 13:38:24 | 000,122,880 | ---- | M] () -- C:\Program Files\Launchy\plugins\weby.dll
MOD - [2010/11/10 13:38:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launchy\plugins\verby.dll
MOD - [2010/01/12 10:45:36 | 000,245,760 | ---- | M] () -- C:\Program Files\Synology Data Replicator 3\SynoDrService.exe
MOD - [2009/12/16 18:18:48 | 000,233,472 | ---- | M] () -- C:\Program Files\Launchy\imageformats\qmng4.dll
MOD - [2009/12/16 16:13:02 | 008,314,880 | ---- | M] () -- C:\Program Files\Launchy\QtGui4.dll
MOD - [2009/12/16 15:56:22 | 000,712,704 | ---- | M] () -- C:\Program Files\Launchy\QtNetwork4.dll
MOD - [2009/12/16 15:54:46 | 002,236,416 | ---- | M] () -- C:\Program Files\Launchy\QtCore4.dll
MOD - [2009/01/11 00:15:44 | 000,159,744 | ---- | M] () -- C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll
MOD - [2009/01/11 00:14:06 | 000,023,552 | ---- | M] () -- C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll
MOD - [2008/09/06 15:17:32 | 000,062,800 | R--- | M] () -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\prsettg.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/06 09:22:24 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/02/14 14:33:12 | 000,086,016 | ---- | M] (Contour Design, Inc.) [Auto | Running] -- C:\Program Files\Contour Shuttle\ShuttleEngine.exe -- (ShuttleEngine)
SRV - [2011/01/05 12:31:34 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/01/05 12:31:32 | 000,988,216 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2010/01/12 10:45:36 | 000,245,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Synology Data Replicator 3\SynoDrService.exe -- (SynoDrService)
SRV - [2009/09/01 07:15:50 | 000,116,664 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2009/09/01 07:15:46 | 001,966,008 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/01 07:15:38 | 000,031,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2009/08/08 13:58:02 | 000,173,440 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- (SymSecurePort)
SRV - [2009/08/08 13:57:20 | 000,087,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe -- (ISSVC)
SRV - [2009/08/03 07:23:34 | 000,202,088 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2009/08/03 07:23:34 | 000,169,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2009/08/03 07:23:30 | 000,191,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2009/03/20 13:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/12/17 09:21:08 | 000,214,408 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/07/26 13:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/04/27 01:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2007/04/26 19:00:04 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2012/05/16 12:34:12 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120519.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/16 12:34:12 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120519.009\NAVENG.SYS -- (NAVENG)
DRV - [2012/02/13 11:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/13 11:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/30 21:20:08 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2011/07/29 13:54:56 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/21 17:37:16 | 000,270,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20120517.001\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2010/11/08 23:04:26 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/09/01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/06/18 18:12:49 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/03/23 08:53:12 | 000,816,672 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AE1000XP.sys -- (AE1000)
DRV - [2009/06/14 04:47:12 | 000,055,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2009/06/14 04:47:10 | 000,339,328 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2008/12/17 09:20:40 | 000,188,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2008/12/17 09:20:34 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2008/12/17 09:20:30 | 000,031,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS)
DRV - [2008/12/17 09:20:26 | 000,028,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS)
DRV - [2008/12/17 09:20:20 | 000,099,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW)
DRV - [2008/12/17 09:20:16 | 000,012,680 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS)
DRV - [2007/11/24 03:07:53 | 000,021,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eps2kt1.sys -- (token)
DRV - [2007/11/24 03:07:53 | 000,012,800 | ---- | M] (OEM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smccard.sys -- (R5BaseSmc)
DRV - [2007/07/26 13:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/04/27 01:40:00 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)
DRV - [2005/03/22 03:48:39 | 000,217,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\a320raid.sys -- (a320raid)
DRV - [2003/11/17 09:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 09:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 09:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/03/27 18:58:56 | 000,287,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/03/26 23:33:58 | 000,498,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/03/26 23:32:32 | 000,189,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/03/26 23:32:02 | 000,141,536 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hap16v2k.sys -- (hap16v2k)
DRV - [2003/03/26 23:31:40 | 000,823,616 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/03/06 17:10:34 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2003/02/21 00:24:46 | 000,116,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003/02/21 00:24:34 | 000,135,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/02/21 00:24:18 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/02/21 00:22:38 | 000,135,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2002/07/17 03:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.95.20100933
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 58889


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/08/30 13:48:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/28 19:06:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/08 09:19:03 | 000,000,000 | ---D | M]

[2009/02/14 05:56:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carlos Latorre\Application Data\Mozilla\Extensions
[2012/05/06 09:36:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carlos Latorre\Application Data\Mozilla\Firefox\Profiles\l35w7zq3.default\extensions
[2011/01/16 06:47:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Carlos Latorre\Application Data\Mozilla\Firefox\Profiles\l35w7zq3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/15 11:21:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Carlos Latorre\Application Data\Mozilla\Firefox\Profiles\l35w7zq3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/11/21 10:15:29 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\Carlos Latorre\Application Data\Mozilla\Firefox\Profiles\l35w7zq3.default\searchplugins\MyStart.xml
[2012/03/17 19:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/08 13:14:24 | 000,195,719 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\CARLOS LATORRE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\L35W7ZQ3.DEFAULT\EXTENSIONS\[email protected]
[2012/04/28 19:06:13 | 000,134,072 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/25 18:29:37 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/09/12 04:39:45 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012/03/10 03:35:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/10 03:35:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/20 20:21:31 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Contour Shuttle Device Helper] C:\Program Files\Contour Shuttle\ShuttleHelper.exe (Contour Design, Inc.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Evernote Clipper.lnk = C:\WINDOWS\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico ()
O4 - Startup: C:\Documents and Settings\Carlos Latorre\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files\Launchy\Launchy.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: New Application = C:\Program Files\Contour Shuttle\ShuttleEngine.exe (Contour Design, Inc.)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EE10710-CB83-4C80-8AB6-7677FD043765}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93EB2732-3131-4D29-AF52-6D221892C16E}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Carlos Latorre\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Carlos Latorre\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/03 04:10:44 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2007/08/29 13:33:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/20 12:23:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carlos Latorre\Desktop\fotos byn anahi
[2012/05/20 10:24:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Carlos Latorre\Recent
[2012/05/13 21:24:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/13 20:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPER © v2010.build.42 (Nov 7, 2010)
[2012/05/13 20:57:27 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2012/05/13 20:57:27 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2012/05/13 20:57:27 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2012/05/13 20:57:27 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2012/05/13 20:57:27 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2012/05/13 20:57:27 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2012/05/13 20:57:27 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2012/05/13 20:57:27 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2012/05/13 20:57:26 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2012/05/13 20:57:26 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2012/05/13 20:57:25 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2012/05/13 20:57:25 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2012/05/13 20:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2012/05/06 12:32:56 | 000,000,000 | ---D | C] -- C:\From D no space
[2012/04/28 12:58:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool
[2012/04/28 12:56:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2012/04/28 12:56:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MG4100 series User Registration
[2012/04/28 12:56:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/04/28 12:56:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2012/04/28 12:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MG4100 series
[2012/04/28 12:55:46 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012/04/28 12:55:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\STRING

========== Files - Modified Within 30 Days ==========

[2012/05/20 20:27:03 | 000,002,349 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Evernote Clipper.lnk
[2012/05/20 20:27:02 | 000,056,469 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2012/05/20 20:27:02 | 000,022,391 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/05/20 20:26:01 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/05/20 20:24:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/20 20:22:53 | 000,031,560 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-0000000D-00001102-00000004-10031102}.rfx
[2012/05/20 20:22:53 | 000,031,560 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-0000000D-00001102-00000004-10031102}.rfx
[2012/05/20 20:22:53 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-0000000D-00001102-00000004-10031102}.rfx
[2012/05/20 20:22:53 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-0000000D-00001102-00000004-10031102}.rfx
[2012/05/20 20:22:53 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/05/20 20:22:53 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/05/20 20:22:53 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-0000000D-00001102-00000004-10031102}.dat
[2012/05/20 20:22:53 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-0000000D-00001102-00000004-10031102}.dat
[2012/05/20 20:22:49 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\profile.dat
[2012/05/20 20:22:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/20 20:21:31 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/05/20 19:32:54 | 000,183,808 | ---- | M] () -- C:\Documents and Settings\Carlos Latorre\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/20 17:04:17 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\Carlos Latorre\Adobe Encore DVD_VUI.pref
[2012/05/19 17:52:12 | 002,177,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/19 17:51:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/13 21:26:54 | 000,441,606 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/13 21:26:54 | 000,071,542 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/06 09:43:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\wininit.ini

========== Files Created - No Company Name ==========

[2012/05/13 20:57:27 | 000,121,344 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.ax
[2012/05/13 20:57:27 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2012/05/13 20:57:27 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2012/05/13 20:57:26 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2012/05/13 20:57:26 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2012/05/13 20:57:26 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2012/05/13 20:57:26 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2012/05/13 20:57:25 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2012/05/13 20:57:25 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2012/05/13 20:57:25 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2012/04/28 12:58:10 | 000,067,840 | ---- | C] () -- C:\WINDOWS\System32\CNC1753D.TBL
[2012/04/28 11:19:47 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/02/25 18:22:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/20 19:15:34 | 002,469,760 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011/10/20 19:15:34 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011/10/20 19:15:34 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/10/20 19:15:34 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/10/20 19:15:34 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2011/09/10 11:14:18 | 000,005,422 | ---- | C] () -- C:\Documents and Settings\Carlos Latorre\Application Data\8616.8A3
[2011/09/04 11:48:51 | 000,013,931 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/05/28 08:56:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/13 11:39:18 | 000,063,208 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/04 03:34:25 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/07/04 03:34:25 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\58736BF7C3.sys
[2010/06/18 19:10:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/06/18 18:14:23 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat

========== LOP Check ==========

[2011/10/30 21:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/07/03 04:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alias
[2012/04/28 12:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool
[2012/04/28 12:56:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/04/28 12:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2007/11/07 15:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canopus
[2011/09/04 11:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2007/08/29 16:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Contour Design
[2011/03/26 17:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dassault Systemes
[2009/02/08 05:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\proDAD
[2011/09/10 19:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PTC
[2008/11/08 12:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/03 05:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/01/24 04:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VertusTech
[2011/01/03 05:16:59 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010/08/13 09:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/16 04:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2011/02/11 12:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\Ambient Design
[2010/07/03 04:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\Autodesk
[2010/02/17 04:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\Blender Foundation
[2007/09/22 11:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\Canon
[2007/11/07 15:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\Canopus
[2007/10/20 09:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\CD-LabelPrint
[2010/04/17 06:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\CheckPoint
[2011/03/26 17:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\DraftSight
[2012/01/08 18:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\DRail Modelspoor Software
[2010/09/12 04:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\Foxit Software
[2011/02/11 13:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\GlarySoft
[2010/05/03 05:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\gtk-2.0
[2010/03/27 11:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\ImgBurn
[2007/12/04 14:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\JLC's Software
[2011/01/08 12:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\Launchy
[2007/08/29 14:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\Leadertech
[2012/05/13 20:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\OpenCandy
[2007/09/03 15:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\Opera
[2007/11/10 10:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\proDAD
[2011/09/11 17:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\PTC
[2011/06/04 03:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\SharePod
[2010/06/14 11:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\SNS-HDR_Lite
[2010/10/02 15:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\Softland
[2011/09/10 10:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\TuneUp Software
[2010/09/11 03:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carlos Latorre\Application Data\ZumoCast
[2012/05/20 20:26:01 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F2D0C0C

< End of report >


Should I install and run the Malwarebytes' Anti-Malware acc your indications ?

Thanks again
  • 0

#4
carlicos
Posted 20 May 2012 - 01:17 PM

carlicos

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Dear Sir

I installed MBAM and ran it. No request to reboot.

This is the log I got

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.20.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Carlos Latorre :: CARLICOS [administrator]

Protection: Enabled

5/20/2012 9:06:41 PM
mbam-log-2012-05-20 (21-06-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194835
Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|Homepage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FIREWALLDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\Carlos Latorre\Application Data\Microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Carlos Latorre\Localdir\winlogo.exe (Worm.Archive) -> Quarantined and deleted successfully.

(end)


Thanks again !
  • 0

#5
Essexboy
Posted 20 May 2012 - 02:21 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ? Any problems
  • 0

#6
carlicos
Posted 20 May 2012 - 02:33 PM

carlicos

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks for reply.
Now I feel start is faster, as general behavior. And also those meesages about dll files are not anymore appearing... therefore I guess the infection is gone.
Thanks a lot !
  • 0

#7
Essexboy
Posted 20 May 2012 - 02:44 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#8
Essexboy
Posted 22 May 2012 - 12:34 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP