in adition almost a year ago i change the motherboard, procesor and memory, and i dont format the HDD, only put the new drivers to work.
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3
11/8/2009 2:11:55 PM
mbam-log-2009-11-08 (14-11-55).txt
Scan type: Quick Scan
Objects scanned: 99410
Time elapsed: 5 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 15
Files Infected: 186
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Media Access Startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\hppx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\MAHelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.0.840\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-223418.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-223521.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-223753.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-230418.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-000001.875.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-081817.750.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-091707.015.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-104815.875.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-105916.765.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-105937.843.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-110003.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-110103.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-141300.218.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-144008.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-153024.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-154913.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-183408.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-184319.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-220719.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090805-074421.781.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090805-114828.500.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090805-133655.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090805-181050.421.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090805-181130.406.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090805-184807.265.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090805-192011.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090805-203914.015.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090805-231516.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090806-004455.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090806-083207.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090806-094259.937.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090806-110316.484.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090806-112028.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090806-113036.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090806-115859.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090806-120024.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090806-124358.015.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090806-173125.296.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090806-223503.671.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090807-090236.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090807-090317.890.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090807-100947.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090807-105603.828.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090807-114626.140.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090807-133243.937.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090807-163850.500.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090807-184101.000.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090807-202345.421.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090807-204549.890.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090808-082249.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090808-141854.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090808-170103.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090808-212512.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090809-085538.500.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090809-125146.063.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090809-164616.704.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090809-170841.235.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090809-200553.954.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090809-223727.860.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090810-081705.797.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090810-104324.063.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090810-124952.485.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090810-155319.641.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090810-160301.563.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090810-184635.001.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090811-062245.297.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090811-081551.438.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-083228.454.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-144753.641.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-172130.094.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-172209.532.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-184420.672.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090813-065907.890.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090813-072058.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090813-103933.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090813-155110.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090813-230736.390.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090814-023150.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090814-081332.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090814-132302.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090814-132603.000.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090814-184815.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090815-012115.671.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090815-094754.984.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090815-122217.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090815-174937.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090815-194109.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090815-210649.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090816-080854.593.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090816-134841.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090822-220134.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090824-170253.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090825-102044.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090825-110417.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090825-110533.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090826-094736.109.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090826-102152.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090826-183421.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090827-204132.296.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090827-210144.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090828-205125.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090831-093836.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090902-121648.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090902-121710.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090904-161456.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090904-195145.578.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090908-152844.703.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090911-073942.734.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090914-072818.240.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090915-071930.100.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090915-211725.334.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090917-072955.131.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090918-072523.678.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090920-191237.365.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090920-232909.258.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090921-101957.508.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090922-074031.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090923-124300.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090923-205859.843.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090924-135743.125.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090925-071942.828.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090927-184411.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090930-072041.875.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091001-075907.828.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091002-074646.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091003-011352.593.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091005-074453.402.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091006-072142.417.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091006-081927.824.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091007-072857.605.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091007-081202.792.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091008-072501.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091008-213509.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091010-095852.765.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091011-131016.187.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091015-122409.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091019-113635.671.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091022-171821.530.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091022-172257.030.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091022-201304.295.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091023-112817.905.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091024-095351.530.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091024-122625.999.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091026-094141.420.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091029-203924.191.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091101-113255.363.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091102-091124.769.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091102-105547.769.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091102-110531.769.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091102-110734.660.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091103-105234.191.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091103-111715.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091105-074017.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091105-074023.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091105-210236.781.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091105-223642.062.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091105-230432.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091106-164314.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091106-210209.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091106-221240.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091106-232018.578.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091107-154355.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091108-112824.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091108-112828.875.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20091108-130953.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\VICADI\Local Settings\Application Data\Media Access Startup\1.5.0.850\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully.
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/08 14:18
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name:
Image Path:
Address: 0xF76B3000 Size: 98304 File Visible: No Signed: -
Status: -
Name:
Image Path:
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9FEB000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7CC5000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA905F000 Size: 49152 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa00b618
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa00b4d4
#: 045 Function Name: NtCreatePagingFile
Status: Hooked by "Vax347b.sys" at address 0xf7750c70
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa00b9b2
#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa00b0ac
#: 071 Function Name: NtEnumerateKey
Status: Hooked by "Vax347b.sys" at address 0xf77514fe
#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "Vax347b.sys" at address 0xf775cd50
#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa00b5ae
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa00afec
#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa00b050
#: 160 Function Name: NtQueryKey
Status: Hooked by "Vax347b.sys" at address 0xf775151e
#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa00b6ce
#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa00b68e
#: 241 Function Name: NtSetSystemPowerState
Status: Hooked by "Vax347b.sys" at address 0xf775c4f0
#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa00b80e
==EOF==
OTL logfile created on: 11/8/2009 2:21:56 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\VICADI\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1015.23 Mb Total Physical Memory | 629.95 Mb Available Physical Memory | 62.05% Memory free
2.39 Gb Paging File | 2.07 Gb Available in Paging File | 86.69% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 6.26 Gb Free Space | 21.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 45.23 Gb Total Space | 9.85 Gb Free Space | 21.77% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ACIM
Current User Name: VICADI
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/11/08 13:29:08 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\VICADI\Desktop\OTL.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/04/21 21:34:24 | 12,314,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2009/02/06 17:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/02/06 16:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/11/13 08:33:54 | 00,097,128 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2008/08/26 16:06:34 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/07/19 07:38:34 | 00,078,008 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2008/07/19 07:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/07/19 07:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2008/07/19 07:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/21 18:23:26 | 02,447,360 | ---- | M] () -- C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
PRC - [2007/04/30 01:03:00 | 00,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0330Mon.exe
PRC - [2007/01/12 17:47:04 | 00,163,840 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2006/09/18 10:08:56 | 00,029,696 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2005/10/27 02:00:22 | 00,299,008 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CamTray.exe
PRC - [2005/10/21 17:30:56 | 00,024,576 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\system32\StkSrv2K_.exe
PRC - [2005/04/08 14:17:52 | 00,266,240 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2005/04/02 01:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2001/11/09 11:40:10 | 00,356,352 | ---- | M] () -- C:\Program Files\UPSmart Server\UPSmart.exe
PRC - [2001/10/11 23:42:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2001/01/29 05:28:22 | 00,262,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [1999/11/01 15:02:00 | 00,061,440 | ---- | M] () -- C:\Program Files\UPSmart Server\UPServ.exe
========== Modules (SafeList) ==========
MOD - [2009/11/08 13:29:08 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\VICADI\Desktop\OTL.exe
MOD - [2008/04/13 16:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 16:12:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll
MOD - [2008/04/13 16:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/02/06 17:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/07/23 07:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2008/07/19 07:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2008/07/19 07:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2008/07/19 07:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/04/13 16:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/04/13 16:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2008/03/26 19:33:38 | 00,071,168 | ---- | M] () -- C:\WINDOWS\system32\LxrJD31s.exe -- (LxrJD31s)
SRV - [2007/07/10 13:39:56 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2007/03/12 12:49:46 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2005/10/21 17:30:56 | 00,024,576 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\system32\StkSrv2K_.exe -- (StkSSrv)
SRV - [2005/04/02 01:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
SRV - [2001/10/11 23:42:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)
SRV - [2001/01/29 05:28:22 | 00,262,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
SRV - [1999/11/01 15:02:00 | 00,061,440 | ---- | M] () -- C:\Program Files\UPSmart Server\UPServ.exe -- (UPSmart)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.startup.homepage: "http://www.theprized...tart.hiyo.com/"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}:1.5.0.850
FF - prefs.js..extensions.enabledItems: [email protected]:3.3
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.8.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15
FF - prefs.js..keyword.URL: "http://www.fastbrows...86DD9A9923}&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/26 16:07:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:00:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/17 16:40:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/01 11:32:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/07 00:49:00 | 00,000,000 | ---D | M]
[2008/09/26 21:49:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Mozilla\Extensions
[2008/09/26 21:49:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/08 11:28:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Mozilla\Firefox\Profiles\5ngc05t4.default\extensions
[2008/08/04 14:38:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Mozilla\Firefox\Profiles\5ngc05t4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/25 10:05:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Mozilla\Firefox\Profiles\5ngc05t4.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/05/09 09:58:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Mozilla\Firefox\Profiles\5ngc05t4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/09/08 14:29:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Mozilla\Firefox\Profiles\5ngc05t4.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2008/04/20 10:28:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Mozilla\Firefox\Profiles\5ngc05t4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/25 10:05:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Mozilla\Firefox\Profiles\5ngc05t4.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2008/09/26 20:44:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Mozilla\Firefox\Profiles\5ngc05t4.default\extensions\[email protected]
[2009/03/21 17:11:44 | 00,002,119 | ---- | M] () -- C:\Documents and Settings\VICADI\Application Data\Mozilla\Firefox\Profiles\5ngc05t4.default\searchplugins\MyStart Search.xml
[2009/11/08 11:28:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/01 11:32:13 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/01/17 16:40:29 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/08 19:12:57 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/11 10:59:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/07 14:52:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/08 11:03:55 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009/11/01 11:32:05 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/01 11:32:05 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/11/04 10:15:38 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/11/01 11:32:08 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/10/02 21:13:10 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008/08/26 16:06:54 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2008/08/26 16:07:06 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2008/08/26 16:06:45 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/08/31 08:34:06 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/31 08:34:06 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/08/31 08:34:06 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/31 08:34:06 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/09/08 14:29:00 | 00,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009/09/08 14:29:01 | 00,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml
[2009/08/31 08:34:06 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/08/31 08:34:06 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/31 08:34:06 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml
O1 HOSTS File: (910 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKLM\..\Toolbar: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKLM\..\Toolbar: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O3 - HKCU\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartupFaster] C:\Program Files\Startup Faster\startuploader.exe (URSoft,Inc)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\StartupFaster [2008/09/16 21:44:32 | 00,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\VICADI\Start Menu\Programs\Startup\StartupFaster [2008/09/16 21:44:32 | 00,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF 03 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPlacesBar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-: 99 = PROFILES.EXE
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ShutdownWithoutLogon = 0
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ebay.com ([pages] http in Trusted sites)
O15 - HKCU\..Trusted Domains: geekstogo.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 108 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range71 ([*] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range71 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range72 ([*] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range72 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range73 ([*] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range73 ([http] in Trusted sites)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab (StagingUI Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (ZonePAChat Object)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1170040435766 (WUWebControl Class)
O16 - DPF: {7B130816-1048-46F1-A3C2-6F5D96BFDFEC} https://www.bancoazt...ellaDigital.CAB (HuellaDigital.COMHuellaDigital)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/...O1.cab60096.cab (UnoCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} http://www.evite.com...geUploader4.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/...he.cab75406.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game06.zylom....gamesplayer.cab (Zylom Games Player)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C487F60B-59B9-47D9-BFDF-AB26786F8823} http://zone.msn.com/...oo.cab62201.cab ()
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/...ol.cab56649.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15034/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 10.179.0.5 10.179.0.4
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/28 19:05:31 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{51d0c412-b259-11db-befe-806d6172696f}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{52d3f2ba-aa2d-11dd-80f6-00196661a5f9}\Shell - "" = AutoRun
O33 - MountPoints2\{61d70c03-666b-11dd-80ce-00196661a5f9}\Shell - "" = AutoRun
O33 - MountPoints2\{61d70c03-666b-11dd-80ce-00196661a5f9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{61d70c03-666b-11dd-80ce-00196661a5f9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c465596d-f97d-11dd-8129-00196661a5f9}\Shell - "" = AutoRun
O33 - MountPoints2\{e3afb6b0-b26b-11db-bf00-00508d84e9ab}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\xop32.exe
O33 - MountPoints2\{e3afb6b0-b26b-11db-bf00-00508d84e9ab}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\xop32.exe
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/01/28 19:05:05 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ==========
[2100/02/08 15:03:54 | 00,053,248 | ---- | C] (Silitek Corp.) -- C:\Program Files\ACMonitor_X73.exe
[2009/11/08 13:57:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/08 13:57:12 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/08 13:29:08 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\VICADI\Desktop\OTL.exe
[2009/11/08 13:27:48 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\VICADI\Desktop\RootRepeal.exe
[2009/11/08 13:25:01 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\VICADI\Desktop\erunt_setup.exe
[2009/11/03 11:18:40 | 00,000,000 | ---D | C] -- C:\Program Files\RegSeeker
[2008/06/01 12:49:49 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\VICADI\Application Data\pcouffin.sys
[2008/02/16 22:13:40 | 00,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347b.sys
[2008/02/16 22:13:40 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347s.sys
[2007/10/15 17:07:15 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[2007/05/24 16:20:29 | 00,018,024 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\LXARScan.sys
[1999/09/22 11:49:22 | 00,099,840 | R--- | C] ( ) -- C:\WINDOWS\System32\Zipdll.dll
[1999/09/22 11:49:22 | 00,094,208 | R--- | C] ( ) -- C:\WINDOWS\System32\Unzdll.dll
========== Files - Modified Within 14 Days ==========
[2009/11/08 14:20:42 | 00,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C769E810-301D-418F-8B45-EBCA02A26CA9}.job
[2009/11/08 14:17:45 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\VICADI\Desktop\settings.dat
[2009/11/08 14:17:18 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\VICADI\My Documents\~$ektogo.doc
[2009/11/08 14:16:37 | 00,000,440 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/11/08 14:16:14 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/08 14:15:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/08 14:15:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/08 14:13:35 | 11,796,480 | -H-- | M] () -- C:\Documents and Settings\VICADI\NTUSER.DAT
[2009/11/08 14:13:35 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\VICADI\ntuser.ini
[2009/11/08 13:57:12 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\VICADI\Desktop\NTREGOPT.lnk
[2009/11/08 13:57:12 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\VICADI\Desktop\ERUNT.lnk
[2009/11/08 13:39:08 | 00,217,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/08 13:29:08 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\VICADI\Desktop\OTL.exe
[2009/11/08 13:27:53 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\VICADI\Desktop\RootRepeal.exe
[2009/11/08 13:25:09 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\VICADI\Desktop\erunt_setup.exe
[2009/11/08 13:22:56 | 00,073,728 | ---- | M] () -- C:\Documents and Settings\VICADI\My Documents\geektogo.doc
[2009/11/07 22:21:00 | 00,000,272 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2009/11/07 08:57:57 | 00,000,238 | ---- | M] () -- C:\Documents and Settings\VICADI\Desktop\Copy of Treehouse TV.url
[2009/11/07 00:49:01 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/11/06 23:20:38 | 00,248,320 | ---- | M] () -- C:\Documents and Settings\VICADI\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/06 14:19:09 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/06 13:30:18 | 00,005,009 | ---- | M] () -- C:\Documents and Settings\VICADI\Desktop\Treehouse TV.url
[2009/11/06 00:03:43 | 12,765,2684 | ---- | M] () -- C:\Documents and Settings\VICADI\Desktop\WxpPorta-Deiker.rar
[2009/11/05 07:02:18 | 00,000,374 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2009/11/04 10:08:04 | 00,061,936 | ---- | M] () -- C:\Documents and Settings\VICADI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/03 11:18:15 | 00,435,922 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/03 11:18:15 | 00,068,708 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/03 11:18:14 | 00,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/03 11:09:42 | 00,449,043 | ---- | M] () -- C:\Documents and Settings\VICADI\My Documents\RegSeeker.zip
[2009/11/02 16:09:58 | 00,542,387 | ---- | M] () -- C:\Documents and Settings\VICADI\My Documents\bejeweled blitz.rar
[2009/10/25 21:17:56 | 00,062,464 | ---- | M] () -- C:\Documents and Settings\VICADI\My Documents\El poder del joven que ora.doc
========== Files Created - No Company Name ==========
[2100/02/23 13:35:34 | 00,000,768 | ---- | C] () -- C:\Program Files\x73_lut.dat
[2100/02/08 14:53:34 | 00,001,437 | ---- | C] () -- C:\Program Files\gtx73.ini
[2009/11/08 14:17:45 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\VICADI\Desktop\settings.dat
[2009/11/08 14:17:18 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\VICADI\My Documents\~$ektogo.doc
[2009/11/08 13:57:12 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\VICADI\Desktop\NTREGOPT.lnk
[2009/11/08 13:57:12 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\VICADI\Desktop\ERUNT.lnk
[2009/11/08 13:22:56 | 00,073,728 | ---- | C] () -- C:\Documents and Settings\VICADI\My Documents\geektogo.doc
[2009/11/06 07:25:58 | 00,034,816 | ---- | C] () -- C:\Documents and Settings\VICADI\My Documents\Césarito Domínguez.doc
[2009/11/05 23:48:58 | 12,765,2684 | ---- | C] () -- C:\Documents and Settings\VICADI\Desktop\WxpPorta-Deiker.rar
[2009/11/03 11:08:51 | 00,449,043 | ---- | C] () -- C:\Documents and Settings\VICADI\My Documents\RegSeeker.zip
[2009/11/02 16:09:50 | 00,542,387 | ---- | C] () -- C:\Documents and Settings\VICADI\My Documents\bejeweled blitz.rar
[2009/08/08 20:41:36 | 00,004,096 | -H-- | C] () -- C:\Documents and Settings\VICADI\Local Settings\Application Data\keyfile3.drm
[2009/08/01 11:22:24 | 00,000,318 | ---- | C] () -- C:\WINDOWS\WPE PRO.INI
[2009/07/17 19:41:33 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2009/07/17 19:41:33 | 00,002,412 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2009/07/08 21:14:58 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/07/08 21:14:55 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/08 21:14:54 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/07/08 21:14:52 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/07/08 21:14:52 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/07/06 21:35:28 | 00,000,239 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2009/02/28 15:55:54 | 23,757,024 | ---- | C] () -- C:\Program Files\AXIALIS.rar
[2009/02/21 17:02:32 | 00,100,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\VBoxDrv.sys
[2009/01/24 18:31:52 | 00,000,040 | ---- | C] () -- C:\WINDOWS\System32\Msglixgrx.dll
[2008/11/08 19:25:10 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/09/09 13:07:21 | 04,950,374 | -H-- | C] () -- C:\Documents and Settings\VICADI\Local Settings\Application Data\IconCache.db
[2008/08/02 15:15:02 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OgaCheckControl.dll
[2008/08/02 11:37:43 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2008/06/12 19:12:05 | 00,000,066 | ---- | C] () -- C:\WINDOWS\Speed Video Splitter.INI
[2008/06/01 13:59:13 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\VICADI\Application Data\vso_ts_preview.xml
[2008/06/01 12:49:49 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\VICADI\Application Data\inst.exe
[2008/06/01 12:49:49 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\VICADI\Application Data\pcouffin.cat
[2008/06/01 12:49:49 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\VICADI\Application Data\pcouffin.inf
[2008/06/01 12:49:49 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\VICADI\Application Data\pcouffin.log
[2008/04/04 12:43:46 | 00,005,311 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/04/04 12:43:42 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/04/04 12:34:48 | 00,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2008/03/26 19:33:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2008/03/26 19:33:38 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31.dll
[2008/03/26 19:33:38 | 00,069,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrJD31d.sys
[2008/03/26 19:33:38 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\LxrJD20Sat.dll
[2008/02/16 22:14:23 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/01/09 14:01:48 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/10/15 17:07:32 | 00,000,071 | ---- | C] () -- C:\WINDOWS\GDINST.INI
[2007/10/14 16:32:12 | 00,000,036 | -H-- | C] () -- C:\WINDOWS\System32\swk.ini
[2007/08/04 18:14:33 | 00,000,032 | ---- | C] () -- C:\WINDOWS\tdlp32.ini
[2007/08/04 17:27:29 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/07/26 15:06:22 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/07/26 15:03:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/07/10 13:39:58 | 00,005,827 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2007/06/26 17:03:54 | 00,000,000 | ---- | C] () -- C:\Program Files\gamingGamePuzzleVB.DB
[2007/05/16 15:22:54 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/05/14 19:10:32 | 00,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007/02/13 22:25:06 | 00,001,219 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/02/06 12:55:29 | 00,041,976 | ---- | C] () -- C:\Documents and Settings\VICADI\Application Data\GDIPFONTCACHEV1.DAT
[2007/02/01 20:44:43 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/02/01 17:27:48 | 00,248,320 | ---- | C] () -- C:\Documents and Settings\VICADI\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/30 20:26:41 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/30 20:13:09 | 00,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2007/01/30 20:10:44 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2007/01/30 20:08:11 | 00,075,513 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2007/01/30 20:06:55 | 00,072,641 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2007/01/28 20:50:46 | 00,061,936 | ---- | C] () -- C:\Documents and Settings\VICADI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/01/28 19:10:22 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\VICADI\Application Data\desktop.ini
[2007/01/28 10:55:03 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/03/06 10:41:02 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2004/09/16 12:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 12:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2002/11/28 18:56:34 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\sfx.dll
[2002/11/10 13:51:00 | 00,152,064 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/12/27 04:38:04 | 00,054,765 | ---- | C] () -- C:\WINDOWS\System32\drivers\LMFilt.sys
[2001/10/11 23:42:49 | 00,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2001/08/23 04:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/08/23 04:00:00 | 00,000,191 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/07/20 09:48:06 | 00,008,116 | ---- | C] () -- C:\Program Files\OSLO3071b2.USB
[2000/12/05 14:56:34 | 00,114,688 | ---- | C] () -- C:\Program Files\lxarscan.dll
[2000/07/17 21:01:56 | 00,230,912 | R--- | C] () -- C:\WINDOWS\System32\Zipit.dll
[2000/01/11 11:50:48 | 00,000,047 | ---- | C] () -- C:\Program Files\ACMonitor_X73.ini
[1999/04/20 02:15:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\unvise32.dll
========== LOP Check ==========
[2008/02/13 20:51:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2008/02/15 20:27:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/07/17 19:42:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2009/04/01 22:56:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2008/06/06 12:29:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2007/05/04 23:06:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/07/07 08:48:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/11/08 14:16:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/08/24 22:44:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TreeCardGames
[2008/07/03 13:17:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/02/28 15:57:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Axialis
[2008/12/17 12:48:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Boost Windows
[2008/05/30 15:44:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\CenoPDF
[2007/04/18 11:02:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Corel
[2009/03/21 17:12:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\HiYo
[2009/09/27 12:55:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Hoyle FaceCreator
[2009/11/07 13:22:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Hoyle Puzzle and Board Games
[2008/11/10 15:54:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\LG Electronics
[2009/01/18 10:39:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Lost Marble
[2009/08/21 09:35:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\MegauploadToolbar
[2008/09/14 10:14:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Nexon
[2008/08/18 19:57:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Runes of Avalon
[2009/07/30 14:55:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\SecondLife
[2008/08/10 18:25:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\VICADI\Application Data\SecuROM
[2009/05/12 11:57:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\SolSuite
[2009/09/23 21:07:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Thinstall
[2009/08/20 18:17:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Uniblue
[2008/09/16 21:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\URSoft
[2008/06/01 16:38:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\USBSafelyRemove
[2009/04/24 20:51:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\uTorrent
[2009/03/05 15:42:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Vso
[2009/09/04 16:14:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\VICADI\Application Data\Windows Live Writer
[2001/08/23 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2007/05/19 09:58:27 | 00,000,402 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job
[2009/11/08 14:16:37 | 00,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2009/11/05 07:02:18 | 00,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2009/11/08 14:15:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/11/07 22:21:00 | 00,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
[2007/09/09 21:21:30 | 00,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
[2009/11/08 14:20:42 | 00,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C769E810-301D-418F-8B45-EBCA02A26CA9}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2007/05/18 12:49:02 | 00,100,864 | ---- | M] (Atribune.org) -- C:\VundoFix.exe
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/03 23:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/03 23:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/03 23:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
< %SYSTEMDRIVE%\sceclt.dll /s /md5 >
< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >
< %SYSTEMDRIVE%\logevent.dll /s /md5 >
< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/03 21:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2004/08/03 22:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
========== Alternate Data Streams ==========
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F7539FF
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE8F57E9
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E965A533
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
< End of report >
OTL Extras logfile created on: 11/8/2009 2:21:56 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\VICADI\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1015.23 Mb Total Physical Memory | 629.95 Mb Available Physical Memory | 62.05% Memory free
2.39 Gb Paging File | 2.07 Gb Available in Paging File | 86.69% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 6.26 Gb Free Space | 21.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 45.23 Gb Total Space | 9.85 Gb Free Space | 21.77% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ACIM
Current User Name: VICADI
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- winhlp32.exe %1 File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] -- regedit.exe "%1" File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"UACDisableNotify" = 1
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"58571:TCP" = 58571:TCP:*:Enabled:Pando P2P TCP Listening Port
"58571:UDP" = 58571:UDP:*:Enabled:Pando P2P UDP Listening Port
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"H:\KIMS1.2\KIMS.exe" = H:\KIMS1.2\KIMS.exe:*:Enabled:KIMS 1.2 -- File not found
"C:\Program Files\Java\jre1.6.0_05\launch4j-tmp\JDownloader.exe" = C:\Program Files\Java\jre1.6.0_05\launch4j-tmp\JDownloader.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"E:\HCE\Halo Custom Edition\haloce.exe" = E:\HCE\Halo Custom Edition\haloce.exe:*:Enabled:Halo -- (Microsoft Corporation)
"C:\Program Files\Sun\xVM VirtualBox\VirtualBox.exe" = C:\Program Files\Sun\xVM VirtualBox\VirtualBox.exe:*:Enabled:VirtualBox -- ()
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06024F70-15BC-4447-B53A-F1A7BBA21033}" = Nero 7
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0B7BA3EE-D7AC-494E-999D-DA58D6D01DAC}" = LG PC Suite
"{169A15A0-6131-4274-8A8B-7E50702A1F52}" = Cliente de Windows Rights Management con Service Pack 2
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4B141C08-51E5-4224-81BD-5FC967195734}" = LG USB Modem Driver-MDMS
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{51F167CF-79C7-402A-8905-3C3613EB12AB}" = LG PC Suite
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59B60A02-7A8B-47EF-850F-D8645B62C4B1}" = Sun xVM VirtualBox
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.0.0.7
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{7784A172-61F1-445E-8368-601607E0DD22}" = MP3 Player Utilities 4.00
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7
"{AD7D2016-E1A4-4E41-BF63-3293C7D5FB53}" = HT TVR 2.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4B7B511-F4BC-4E4A-A988-9B509312181B}" = UPSmart
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8FB5656-F061-4602-8B61-EA8A70052707}" = Microsoft Juego de Cartas Carioca
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{E82FBDF4-8C05-4513-B8D8-2331145ECA10}_is1" = Solid AVI DIVX to DVD Burner 1.2.4
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" =
"{EC905264-BCFE-423B-9C42-C3A106266790}" = SP2 con compatibilidad hacia atrás con cliente de Windows Rights Management
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F443F171-B49B-4645-915C-580E7ED79992}" = Macromedia Extension Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8024EB8-5B34-46FE-B15D-20ACF26FC20E}" = Hoyle Puzzle and Board Games
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Access Password Recovery_is1" = Access Password Recovery version 1.5
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Anime Studio Pro_is1" = Anime Studio Pro 5.6
"AoA DVD Copy_is1" = AoA DVD Copy
"Ares" = Ares 2.1.1
"Ares Tube_is1" = Ares Tube 3.0
"AudioShell_is1" = AudioShell 1.3.5
"avast!" = avast! Antivirus
"Bengal - Game of Gods" = Bengal - Game of Gods
"Boomerang Data Recovery_is1" = Boomerang Data Recovery Software 1.0.5
"CCleaner" = CCleaner (remove only)
"Chuzzle Deluxe 1.0" = Chuzzle Deluxe 1.0
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0330" = Creative WebCam Vista/Live! Cam Chat Driver (1.11.01.00)
"Creative WebCam Center" = Creative WebCam Center
"Devastro" = Devastro
"DVD Shrink_is1" = DVD Shrink 3.2
"ERUNT_is1" = ERUNT 1.1j
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 2.8
"FreeUndelete" = FreeUndelete
"HachaPro" = HachaPro
"HijackThis" = HijackThis 2.0.2
"IconWorkshop" = Axialis IconWorkshop 6.32
"IDAutomation.com EZ Barcode Font Package DEMO" = IDAutomation.com EZ Barcode Font Package DEMO
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"JDSecure" = JD Secure 3.1
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.9.5 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MegauploadToolbar" = Megaupload Toolbar
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"MP4 Player" = MP4 Player
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 6.0" = RealPlayer
"RegCure" = RegCure 1.5.0.0
"RemoveIT Pro v4 - SE" = RemoveIT Pro v4 - SE
"R-Studio 4.0NSIS" = R-Studio 4.0
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SolSuite_is1" = SolSuite 2008 v8.8
"SoundBase_is1" = SoundBase
"Speed Video Splitter_is1" = Speed Video Splitter 2.5.4
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Startup Faster!_is1" = Startup Faster!
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SysInfo" = Creative System Information
"System TuneUp_is1" = System TuneUp
"The Logo Creator v5" = The Logo Creator v5
"Total Video Converter 3.14_is1" = Total Video Converter 3.14 080930
"Toy Story 2 Print Studio" = Disney-Pixars Print Studio, Toy Story 2
"USB MP3 Player WIN98 Drivers" = USB MP3 Player WIN98 Drivers
"USB Safely Remove_is1" = USB Safely Remove 3.1
"uTorrent" = µTorrent
"wcmdmgr.exe" = WildTangent Updater
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"wtwebdriver" = WildTangent Web Driver
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 6/6/2009 12:40:23 PM | Computer Name = ACIM | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\VICADI\Local Settings\Temporary Internet Files\Content.IE5\VZ6ATY50\adserver[2].js
failed, 00000005.
Error - 6/28/2009 7:58:43 PM | Computer Name = ACIM | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\161274a09839da63eeb3d6857c97cd\ieencode.dll failed, 00000005.
Error - 6/29/2009 1:30:29 AM | Computer Name = ACIM | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\161274a09839da63eeb3d6857c97cd\ieudinit.exe failed, 00000005.
Error - 11/7/2009 8:32:38 PM | Computer Name = ACIM | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
G:\161274a09839da63eeb3d6857c97cd\ieencode.dll failed, 00000005.
[ Application Events ]
Error - 10/28/2009 9:38:39 PM | Computer Name = ACIM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.
Error - 10/28/2009 9:38:39 PM | Computer Name = ACIM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.
Error - 10/28/2009 9:38:40 PM | Computer Name = ACIM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 10/28/2009 9:38:40 PM | Computer Name = ACIM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.
Error - 10/29/2009 9:36:57 PM | Computer Name = ACIM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10b.ocx, version 10.0.22.87, fault address 0x001d7015.
Error - 11/1/2009 7:52:04 PM | Computer Name = ACIM | Source = Application Error | ID = 1000
Description = Faulting application hoyle puzzle games.exe, version 0.0.0.0, faulting
module hoyle puzzle games.exe, version 0.0.0.0, fault address 0x00395479.
Error - 11/4/2009 2:21:41 PM | Computer Name = ACIM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.
Error - 11/6/2009 12:43:43 AM | Computer Name = ACIM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module jvm.dll, version 14.1.0.2, fault address 0x000c6472.
Error - 11/6/2009 1:44:04 PM | Computer Name = ACIM | Source = Windows Live Messenger | ID = 1000
Description =
Error - 11/8/2009 3:00:49 PM | Computer Name = ACIM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10b.ocx, version 10.0.22.87, fault address 0x00097268.
[ System Events ]
Error - 11/8/2009 5:30:47 PM | Computer Name = ACIM | Source = Service Control Manager | ID = 7034
Description = The LexBce Server service terminated unexpectedly. It has done this
1 time(s).
Error - 11/8/2009 5:30:47 PM | Computer Name = ACIM | Source = Service Control Manager | ID = 7034
Description = The Machine Debug Manager service terminated unexpectedly. It has
done this 1 time(s).
Error - 11/8/2009 5:30:47 PM | Computer Name = ACIM | Source = Service Control Manager | ID = 7034
Description = The USB2.0 TVBOX Service service terminated unexpectedly. It has
done this 1 time(s).
Error - 11/8/2009 5:30:48 PM | Computer Name = ACIM | Source = Service Control Manager | ID = 7034
Description = The UPSmart service terminated unexpectedly. It has done this 1 time(s).
Error - 11/8/2009 5:30:48 PM | Computer Name = ACIM | Source = Service Control Manager | ID = 7034
Description = The StarWind iSCSI Service service terminated unexpectedly. It has
done this 1 time(s).
Error - 11/8/2009 5:30:49 PM | Computer Name = ACIM | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 11/8/2009 5:40:00 PM | Computer Name = ACIM | Source = Service Control Manager | ID = 7000
Description = The Lexmark X73 MFP Scanner service failed to start due to the following
error: %%1058
Error - 11/8/2009 5:40:00 PM | Computer Name = ACIM | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2
Error - 11/8/2009 6:16:07 PM | Computer Name = ACIM | Source = Service Control Manager | ID = 7000
Description = The Lexmark X73 MFP Scanner service failed to start due to the following
error: %%1058
Error - 11/8/2009 6:16:07 PM | Computer Name = ACIM | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2
< End of report >
THNX
Sign In
Create Account
