Solved Trojan found on my Room pc.

About the connection to the internet. The reason I can not is because my room pc freezes when I try to connect to the internet. Therefore, like I detailed before, I have to take your instructions on my laptop, put it on one of my flash drives, then transfer the information onto my desktop pc that is in my room. I noticed the recent ipconfig instructions. Those have to do with trouble shooting my network connection. I entailed the following info in the network thread that I started for this pc in my house. After doing scans on my room pc, I uninstalled and re-installed the wireless adaptor for my room pc. I am not sure why my pc freezes while I try to connect to the internet. I current disconnect the wireless adaptor, so that my pc does not freeze once I fully log into my account on my room pc.

So, if you would still like me to go along with the new steps to test my internet connection on my room pc, now knowing this information, I will do so. I thought I should let you know, that it is not that I have the connection to the internet. It is becasue of something on dealing directly with my pc, that forces my pc to freeze, when I plug in my wireless adaptor. I do not know what it is. From my thread in the networking area of windowsbbs, I was told to deal exclusively with the malware thread first for my room pc, before going back to the thread of mine in the network area of windowsbbs.

I am at my pc right now. If you want me to test the network by your instructions, I will do so now.

 

I did the first command, and nothing was put into the notpad. After pressing enter, the only thing that appears in the command prompt window is (in the upper left of window; within the window name), "D:WINDOWS\system32\cmd.exe ". And that actually is actually inside the window is, "The system cannot find the path specified." Nothing occurs after that. I then go onto the next part of your instructions. After inputting the next commands, I got a message stating with the title in the window "Notepad ", with the exclimation point in the yellow triangle, "The system cannont find the path specified." Other than that, the new window has the ok button.

 

I did so, the explaination of my previous post entails the specifics.

 

OTL logfile created on: 1/9/2011 1:56:38 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = D:\Documents and Settings\Nelson Ramon Arucas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 2686 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 5.08 Gb Total Space | 0.86 Gb Free Space | 17.01% Space Free | Partition Type: FAT32
Drive D: | 50.83 Gb Total Space | 11.84 Gb Free Space | 23.30% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 0.96 Gb Free Space | 12.92% Space Free | Partition Type: FAT32

Computer Name: NELSON-43082967 | User Name: Nelson Ramon Arucas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/07 19:57:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\OTL.exe
PRC - [2010/07/09 14:04:34 | 003,493,776 | ---- | M] (Xfire Inc.) -- D:\Program Files\Xfire\xfire.exe
PRC - [2010/07/04 04:49:16 | 000,398,568 | ---- | M] (tzuk) -- D:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2010/07/04 04:49:14 | 000,075,496 | ---- | M] (tzuk) -- D:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2009/11/24 18:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/19 12:25:52 | 001,589,208 | ---- | M] () -- D:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
PRC - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () -- D:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2009/03/25 13:48:56 | 001,503,290 | ---- | M] (NETGEAR) -- D:\Program Files\NETGEAR\WN111v2\WN111V2.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/14 16:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/09/30 17:46:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- D:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/09/30 17:46:12 | 007,424,000 | ---- | M] (OpenOffice.org) -- D:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/07/07 07:15:18 | 000,611,664 | ---- | M] (Lavasoft) -- D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/06/27 16:24:34 | 000,467,028 | ---- | M] (Atheros) -- D:\WINDOWS\system32\acs.exe
PRC - [2008/04/13 19:12:28 | 000,343,040 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\mspaint.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2008/03/14 02:11:10 | 000,919,016 | ---- | M] (Zone Labs, LLC) -- D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/03/14 02:11:08 | 000,075,304 | ---- | M] (Zone Labs, LLC) -- D:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2007/09/26 12:55:04 | 000,283,912 | ---- | M] (CA, Inc.) -- D:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
PRC - [2006/11/03 22:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/12/15 12:47:22 | 000,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2005/12/15 11:40:44 | 000,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2005/12/15 11:18:50 | 000,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- D:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2005/10/18 16:34:08 | 000,163,840 | ---- | M] (Saitek) -- D:\Program Files\Saitek\Software\ProfilerU.exe
PRC - [2002/06/27 03:53:26 | 000,303,104 | ---- | M] (Hewlett-Packard Co.) -- D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2002/06/27 03:34:44 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2002/06/27 03:21:30 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
PRC - [2002/06/27 03:20:58 | 000,323,646 | ---- | M] (Hewlett-Packard Co.) -- D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe


========== Modules (SafeList) ==========

MOD - [2011/01/07 19:57:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\OTL.exe
MOD - [2010/07/09 14:04:44 | 000,970,640 | ---- | M] (Xfire Inc.) -- D:\Program Files\Xfire\xfire_toucan_43094.dll
MOD - [2008/04/13 19:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/13 19:12:06 | 000,250,368 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\ime\sptip.dll
MOD - [2008/04/13 19:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/13 11:43:18 | 000,062,976 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\ime\spgrmr.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - File not found [Disabled | Stopped] -- D:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/07/04 04:49:14 | 000,075,496 | ---- | M] (tzuk) [Auto | Running] -- D:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/11/24 18:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/06 09:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- D:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/08/05 21:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- D:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2009/01/14 16:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/07/07 07:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/06/27 16:24:34 | 000,467,028 | ---- | M] (Atheros) [Auto | Running] -- D:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/03/14 02:11:08 | 000,075,304 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- D:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/02/27 11:54:52 | 000,360,547 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- D:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
SRV - [2007/09/26 12:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Running] -- D:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2006/11/03 22:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [On_Demand | Stopped] -- D:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\DOCUME~1\NELSON~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/04 04:49:10 | 000,119,016 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- D:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009/11/24 18:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- D:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 18:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 18:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 18:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 18:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- D:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 18:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/08/05 21:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/01/14 02:23:00 | 000,458,752 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\WN111v2.sys -- (WN111v2)
DRV - [2008/10/01 16:45:52 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/09/17 22:55:00 | 006,132,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/08/01 17:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 17:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/13 13:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/14 02:11:18 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- D:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/02/27 06:10:44 | 000,051,176 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- D:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008/01/30 13:28:36 | 004,725,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/12/14 04:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/07/19 18:10:28 | 000,127,768 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- D:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2007/03/27 17:59:40 | 000,166,912 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2007/02/03 09:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 09:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2006/08/14 16:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/07/02 00:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/02/28 05:52:36 | 000,035,200 | R--- | M] (Saitek) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2006/02/28 05:52:36 | 000,013,824 | R--- | M] (Saitek) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2005/11/14 12:19:30 | 000,027,264 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\SaiU5F0D.sys -- (SaiU5F0D)
DRV - [2005/11/14 12:19:26 | 000,176,640 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\SaiH5F0D.sys -- (SaiH5F0D)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2002/06/10 17:16:34 | 000,371,766 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0)
DRV - [2000/08/03 13:25:12 | 000,023,296 | ---- | M] () [Kernel | Auto | Running] -- D:\WINDOWS\System32\drivers\pedrv.sys -- (PEDRV)
DRV - [1996/04/03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Auto | Running] -- D:\WINDOWS\System32\drivers\GIVEIO.SYS -- (GIVEIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0



O1 HOSTS File: ([2011/01/08 13:41:00 | 000,000,027 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - D:\Program Files\comcasttb\comcastdx.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - D:\Program Files\comcasttb\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! ¤u¨Ã£¦C) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - d:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [avast!] D:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HP Software Update] D:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [ComcastAntispyClient] D:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O4 - HKCU..\Run: [SandboxieControl] D:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\iTunes.lnk = D:\WINDOWS\Installer\{EF6C4600-306D-4F6A-A119-C2A877D25B4A}\iTunesIco.exe ()
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Profile Launcher.lnk = D:\Program Files\Saitek\Software\ProfilerU.exe (Saitek)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk = D:\Program Files\NETGEAR\WN111v2\WN111V2.exe (NETGEAR)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZoneAlarm Security.lnk = D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - Startup: D:\Documents and Settings\Nelson Ramon Arucas\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = D:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: D:\Documents and Settings\Nelson Ramon Arucas\Start Menu\Programs\Startup\Xfire.lnk = D:\Program Files\Xfire\xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/downl...75-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} D:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DeviceEnum Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272133539471 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1272133528581 (MUWebControl Class)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} http://ipgweb.cce.hp.com/rdqaio2/downloads/msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - D:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Documents and Settings\Nelson Ramon Arucas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\Nelson Ramon Arucas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - D:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | RHS- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - D:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - D:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - C:\WINDOWS\system32\wuauserv.dll File not found

Drivers32: msacm.iac2 - D:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - D:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - D:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - D:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd - D:\WINDOWS\System32\Dvc.dll (Adaptec)
Drivers32: VIDC.I420 - D:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XFR1 - D:\WINDOWS\System32\xfcodec.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/08 23:11:01 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Nelson Ramon Arucas\Recent
[2011/01/08 13:46:51 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2011/01/08 13:29:27 | 000,031,232 | ---- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe
[2011/01/08 13:29:26 | 000,212,480 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWXCACLS.exe
[2011/01/08 13:29:26 | 000,161,792 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe
[2011/01/08 13:29:26 | 000,136,704 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe
[2011/01/08 13:29:12 | 000,000,000 | ---D | C] -- D:\WINDOWS\ERDNT
[2011/01/08 13:28:55 | 000,000,000 | ---D | C] -- D:\Qoobox
[2011/01/07 21:57:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\My Room PC malware removal guidance evidence
[2011/01/07 21:38:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\Malwarebytes
[2011/01/07 21:37:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/07 21:37:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/07 21:37:35 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/07 21:37:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2011/01/07 21:37:30 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2011/01/07 20:49:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\OTL.exe
[2011/01/07 20:49:15 | 000,446,464 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\TFC.exe
[2011/01/07 20:49:15 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\Exe files downloaded onto flash drive from windows bbs web site
[2011/01/07 20:12:18 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\items on my desktop up to jan 7 2011 pt 2 (files that could not be moved to flash drive)
[2010/12/27 16:16:19 | 000,057,408 | ---- | C] (Atheros Communications, Inc.) -- D:\WINDOWS\System32\drivers\wsimd.sys
[2010/12/27 16:16:08 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR WN111v2 Adapter

========== Files - Modified Within 30 Days ==========

[2011/01/09 01:53:10 | 248,614,944 | -HS- | M] () -- D:\WINDOWS\System32\drivers\fidbox.dat
[2011/01/09 01:51:29 | 000,001,001 | ---- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\Shortcut to ComboFix.exe.lnk
[2011/01/09 01:50:05 | 000,352,918 | ---- | M] () -- D:\WINDOWS\System32\vsconfig.xml
[2011/01/09 01:45:58 | 000,002,149 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\iTunes.lnk
[2011/01/09 01:45:33 | 000,000,330 | -H-- | M] () -- D:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/01/09 01:44:59 | 000,192,453 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml
[2011/01/09 01:42:22 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2011/01/08 23:12:13 | 002,916,524 | -HS- | M] () -- D:\WINDOWS\System32\drivers\fidbox.idx
[2011/01/08 13:41:00 | 000,000,027 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts
[2011/01/07 21:37:37 | 000,000,802 | ---- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/01/07 21:37:37 | 000,000,784 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/07 19:57:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\OTL.exe
[2011/01/07 19:51:46 | 000,719,873 | ---- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\rkill.com
[2011/01/07 19:46:26 | 000,624,128 | ---- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\dds.scr
[2011/01/07 19:45:38 | 000,296,448 | ---- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\GMER.exe
[2011/01/07 19:44:02 | 000,446,464 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\TFC.exe
[2011/01/07 19:36:10 | 000,003,142 | ---- | M] () -- D:\WINDOWS\Sandboxie.ini
[2011/01/07 19:31:32 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2010/12/27 16:16:08 | 000,001,720 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk
[2010/12/27 16:16:07 | 000,001,700 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\NETGEAR WN111v2 Smart Wizard.lnk
[2010/12/27 15:08:38 | 000,024,576 | ---- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/27 15:04:08 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2010/12/26 14:44:23 | 000,038,479 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Dungeon Fighter Online.url
[2010/12/24 10:22:14 | 000,000,284 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/21 02:08:38 | 000,002,137 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/01/09 01:51:29 | 000,001,001 | ---- | C] () -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\Shortcut to ComboFix.exe.lnk
[2011/01/08 13:29:27 | 000,256,512 | ---- | C] () -- D:\WINDOWS\PEV.exe
[2011/01/08 13:29:27 | 000,089,088 | ---- | C] () -- D:\WINDOWS\MBR.exe
[2011/01/08 13:29:26 | 000,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe
[2011/01/08 13:29:26 | 000,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe
[2011/01/08 13:29:26 | 000,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe
[2011/01/07 21:37:37 | 000,000,802 | ---- | C] () -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/01/07 21:37:37 | 000,000,784 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/07 20:49:19 | 000,719,873 | ---- | C] () -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\rkill.com
[2011/01/07 20:49:17 | 000,624,128 | ---- | C] () -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\dds.scr
[2011/01/07 20:49:17 | 000,296,448 | ---- | C] () -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\GMER.exe
[2010/12/28 00:40:08 | 000,002,149 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\iTunes.lnk
[2010/12/28 00:39:39 | 000,000,541 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Profile Launcher.lnk
[2010/12/28 00:39:13 | 000,000,743 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZoneAlarm Security.lnk
[2010/12/27 16:16:08 | 000,001,720 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk
[2010/12/27 16:16:07 | 000,001,700 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\NETGEAR WN111v2 Smart Wizard.lnk
[2010/12/27 15:04:08 | 000,000,664 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat
[2010/07/09 14:04:40 | 000,041,872 | ---- | C] () -- D:\WINDOWS\System32\xfcodec.dll
[2010/05/20 19:08:00 | 000,000,018 | -HS- | C] () -- D:\WINDOWS\WINPROD.DLL
[2010/04/02 22:04:30 | 000,000,262 | ---- | C] () -- D:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/03/07 17:36:50 | 000,000,221 | ---- | C] () -- D:\WINDOWS\NCLogConfig.ini
[2010/03/07 16:42:21 | 000,077,824 | R--- | C] () -- D:\WINDOWS\System32\hpzids01.dll
[2009/09/10 20:54:27 | 000,003,142 | ---- | C] () -- D:\WINDOWS\Sandboxie.ini
[2009/06/17 00:37:35 | 000,000,062 | ---- | C] () -- D:\WINDOWS\pcvcdbr.INI
[2009/06/17 00:37:35 | 000,000,000 | ---- | C] () -- D:\WINDOWS\pcvcdvw.INI
[2009/02/21 22:41:42 | 000,000,040 | ---- | C] () -- D:\WINDOWS\System32\Sx5363.ini
[2009/02/21 07:25:20 | 000,691,592 | ---- | C] () -- D:\WINDOWS\System32\OGACheckControl.DLL
[2008/10/26 21:47:11 | 000,151,552 | ---- | C] () -- D:\WINDOWS\System32\nvRegDev.dll
[2008/07/30 23:46:36 | 000,024,576 | ---- | C] () -- D:\Documents and Settings\Nelson Ramon Arucas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/27 16:18:04 | 000,262,216 | ---- | C] () -- D:\WINDOWS\System32\IPTests.dll
[2008/06/17 13:37:52 | 000,044,032 | ---- | C] () -- D:\WINDOWS\System32\tbdml.dll
[2008/04/07 00:54:12 | 000,000,975 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/04/04 00:11:06 | 000,000,000 | ---- | C] () -- D:\WINDOWS\msicpl.ini
[2008/04/03 09:23:38 | 000,006,048 | ---- | C] () -- D:\WINDOWS\System32\MCC16.dll
[2008/04/03 09:22:54 | 000,040,448 | ---- | C] () -- D:\WINDOWS\System32\BJAXSecurityManager.dll
[2008/04/03 09:22:53 | 000,086,016 | ---- | C] () -- D:\WINDOWS\System32\BJInstaller.dll
[2008/04/03 09:09:06 | 000,796,048 | ---- | C] () -- D:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/04/03 08:56:03 | 000,000,158 | ---- | C] () -- D:\WINDOWS\pagesuit.ini
[2008/04/03 08:56:02 | 000,023,040 | ---- | C] () -- D:\WINDOWS\System32\irisco32.dll
[2008/04/03 08:51:03 | 000,552,960 | R--- | C] () -- D:\WINDOWS\System32\hpotscl.dll
[2008/04/03 08:28:24 | 000,000,376 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2008/04/03 07:33:52 | 000,000,002 | ---- | C] () -- D:\WINDOWS\PhotoSuite.ini
[2008/04/03 07:33:43 | 000,458,752 | ---- | C] () -- D:\WINDOWS\System32\Fpl.dll
[2008/04/03 07:33:43 | 000,122,880 | ---- | C] () -- D:\WINDOWS\System32\JPEGLIB.DLL
[2008/04/03 07:33:43 | 000,019,968 | ---- | C] () -- D:\WINDOWS\System32\CPUINF32.DLL
[2008/04/03 07:33:42 | 000,332,800 | ---- | C] () -- D:\WINDOWS\System32\FPXLIB.DLL
[2008/04/03 06:58:49 | 000,000,241 | ---- | C] () -- D:\WINDOWS\QSync.INI
[2008/04/03 06:57:57 | 000,050,127 | ---- | C] () -- D:\WINDOWS\System32\lvcoinst.ini
[2008/04/03 06:57:28 | 000,147,456 | ---- | C] () -- D:\WINDOWS\System32\MimicICM.dll
[2008/04/02 23:41:40 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2008/01/31 19:18:14 | 000,009,216 | ---- | C] () -- D:\WINDOWS\System32\drivers\FlashSys.sys
[2007/07/25 18:55:24 | 000,262,144 | ---- | C] () -- D:\WINDOWS\System32\HookMAp.dll
[2007/07/25 18:54:30 | 000,266,240 | ---- | C] () -- D:\WINDOWS\System32\HookShield.dll
[2007/06/29 02:43:00 | 001,724,416 | ---- | C] () -- D:\WINDOWS\System32\nvwdmcpl.dll
[2007/06/29 02:43:00 | 001,503,232 | ---- | C] () -- D:\WINDOWS\System32\nview.dll
[2007/06/29 02:43:00 | 001,101,824 | ---- | C] () -- D:\WINDOWS\System32\nvwimg.dll
[2007/06/29 02:43:00 | 000,466,944 | ---- | C] () -- D:\WINDOWS\System32\nvshell.dll
[2007/05/01 17:49:40 | 000,005,632 | ---- | C] () -- D:\WINDOWS\System32\SaiC5F0D_11.dll
[2006/08/16 17:35:00 | 000,581,632 | ---- | C] () -- D:\WINDOWS\System32\nvhwvid.dll
[2006/08/16 17:35:00 | 000,286,720 | ---- | C] () -- D:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/14 13:31:06 | 000,032,768 | ---- | C] () -- D:\WINDOWS\System32\Auxiliary.dll
[2006/07/13 07:00:04 | 000,131,072 | ---- | C] () -- D:\WINDOWS\System32\smdll.dll
[2006/06/01 19:22:00 | 000,009,728 | ---- | C] () -- D:\WINDOWS\System32\sysinfoX64.sys
[2006/06/01 19:22:00 | 000,008,192 | ---- | C] () -- D:\WINDOWS\System32\sysinfo.sys
[2005/03/09 19:50:20 | 000,033,792 | ---- | C] () -- D:\WINDOWS\System32\drivers\libusb0.sys
[2004/09/10 20:21:34 | 002,164,117 | RH-- | C] () -- D:\Program Files\EV561405.CAB
[2004/09/10 20:21:32 | 002,977,781 | RH-- | C] () -- D:\Program Files\E3561405.CAB
[2004/09/10 20:21:32 | 000,720,116 | RH-- | C] () -- D:\Program Files\E4561410.CAB
[2004/09/10 20:21:30 | 005,331,769 | RH-- | C] () -- D:\Program Files\E2561410.CAB
[2004/09/10 20:21:26 | 002,306,744 | RH-- | C] () -- D:\Program Files\CR561401.CAB
[2004/09/10 20:21:26 | 000,611,657 | RH-- | C] () -- D:\Program Files\CS561401.CAB
[2004/09/10 20:21:24 | 002,487,448 | RH-- | C] () -- D:\Program Files\CP561401.CAB
[2004/09/10 20:21:22 | 001,232,028 | RH-- | C] () -- D:\Program Files\CM561401.CAB
[2004/09/10 20:21:22 | 000,706,243 | RH-- | C] () -- D:\Program Files\CL561401.CAB
[2004/09/10 20:21:20 | 002,071,027 | RH-- | C] () -- D:\Program Files\CF561401.CAB
[2004/09/10 20:21:20 | 000,323,898 | RH-- | C] () -- D:\Program Files\CD561401.CAB
[2004/09/10 20:21:18 | 001,952,821 | RH-- | C] () -- D:\Program Files\AV561403.CAB
[2004/09/10 20:21:18 | 001,681,457 | RH-- | C] () -- D:\Program Files\CC561401.CAB
[2004/09/10 20:21:16 | 003,032,343 | RH-- | C] () -- D:\Program Files\A4561405.CAB
[2004/09/10 20:21:14 | 005,675,627 | RH-- | C] () -- D:\Program Files\A3561405.CAB
[2004/09/10 20:21:10 | 003,580,152 | RH-- | C] () -- D:\Program Files\A2561405.CAB
[2004/09/10 20:20:36 | 002,277,520 | RH-- | C] () -- D:\Program Files\MC561403.CAB
[2004/09/10 20:20:36 | 000,915,570 | RH-- | C] () -- D:\Program Files\MG561403.CAB
[2004/09/10 20:20:34 | 003,563,686 | RH-- | C] () -- D:\Program Files\M9561403.CAB
[2004/09/10 20:20:34 | 000,313,441 | RH-- | C] () -- D:\Program Files\MA561403.CAB
[2004/09/10 20:20:32 | 012,037,546 | RH-- | C] () -- D:\Program Files\M4561403.CAB
[2004/09/10 20:20:24 | 005,279,842 | RH-- | C] () -- D:\Program Files\M3561404.CAB
[2004/09/10 20:20:22 | 000,050,808 | RH-- | C] () -- D:\Program Files\M2561406.CAB
[2004/09/10 20:20:20 | 001,867,474 | RH-- | C] () -- D:\Program Files\L3561403.CAB
[2004/09/10 20:20:20 | 001,054,743 | RH-- | C] () -- D:\Program Files\L4561403.CAB
[2004/09/10 20:20:20 | 000,947,433 | RH-- | C] () -- D:\Program Files\LV561403.CAB
[2004/09/10 20:20:20 | 000,300,700 | RH-- | C] () -- D:\Program Files\L9561403.CAB
[2004/09/10 20:20:18 | 010,629,703 | RH-- | C] () -- D:\Program Files\L2561403.CAB
[2004/09/10 20:20:12 | 013,650,283 | RH-- | C] () -- D:\Program Files\IU561401.CAB
[2004/09/10 20:20:02 | 001,673,946 | RH-- | C] () -- D:\Program Files\G3561403.CAB
[2004/09/10 20:20:02 | 000,466,445 | RH-- | C] () -- D:\Program Files\GV561403.CAB
[2004/09/10 20:20:02 | 000,107,046 | RH-- | C] () -- D:\Program Files\IJ561401.CAB
[2004/09/10 20:20:02 | 000,038,260 | RH-- | C] () -- D:\Program Files\IS561401.CAB
[2004/09/10 20:19:40 | 002,679,261 | RH-- | C] () -- D:\Program Files\ZC561402.CAB
[2004/09/10 20:19:40 | 001,692,636 | RH-- | C] () -- D:\Program Files\ZD561402.CAB
[2004/09/10 20:19:40 | 000,763,821 | RH-- | C] () -- D:\Program Files\ZE561406.CAB
[2004/09/10 20:19:38 | 047,671,800 | RH-- | C] () -- D:\Program Files\YS561401.CAB
[2004/09/10 20:19:38 | 000,192,632 | RH-- | C] () -- D:\Program Files\ZA561401.CAB
[2004/09/10 20:19:38 | 000,014,446 | RH-- | C] () -- D:\Program Files\YT561401.CAB
[2004/09/10 20:19:18 | 000,821,637 | RH-- | C] () -- D:\Program Files\YO561403.CAB
[2004/09/10 20:19:16 | 004,475,718 | RH-- | C] () -- D:\Program Files\YH561403.CAB
[2004/09/10 20:19:16 | 001,539,271 | RH-- | C] () -- D:\Program Files\YL561402.CAB
[2004/09/10 20:19:16 | 001,440,029 | RH-- | C] () -- D:\Program Files\YI561401.CAB
[2004/09/10 20:19:16 | 000,063,208 | RH-- | C] () -- D:\Program Files\YM561403.CAB
[2004/09/10 20:19:14 | 000,614,643 | RH-- | C] () -- D:\Program Files\YC561403.CAB
[2004/09/10 20:19:12 | 008,012,757 | RH-- | C] () -- D:\Program Files\YB561408.CAB
[2004/09/10 20:19:10 | 008,114,251 | RH-- | C] () -- D:\Program Files\YA561403.CAB
[2004/09/10 20:19:06 | 001,013,663 | RH-- | C] () -- D:\Program Files\X3561401.CAB
[2004/09/10 20:19:04 | 009,298,714 | RH-- | C] () -- D:\Program Files\X2561401.CAB
[2004/09/10 20:19:00 | 002,948,275 | RH-- | C] () -- D:\Program Files\WV561405.CAB
[2004/09/10 20:18:58 | 001,038,975 | RH-- | C] () -- D:\Program Files\W4561405.CAB
[2004/09/10 20:18:58 | 000,456,846 | RH-- | C] () -- D:\Program Files\ZY561401.CAB
[2004/09/10 20:18:58 | 000,441,429 | RH-- | C] () -- D:\Program Files\ZS561401.CAB
[2004/09/10 20:18:58 | 000,353,051 | RH-- | C] () -- D:\Program Files\ZT561401.CAB
[2004/09/10 20:18:58 | 000,091,858 | RH-- | C] () -- D:\Program Files\ZV561401.CAB
[2004/09/10 20:18:58 | 000,027,929 | RH-- | C] () -- D:\Program Files\ZR561403.CAB
[2004/09/10 20:18:58 | 000,017,922 | RH-- | C] () -- D:\Program Files\ZU561401.CAB
[2004/09/10 20:18:58 | 000,006,291 | RH-- | C] () -- D:\Program Files\ZZ561401.CAB
[2004/09/10 20:18:56 | 002,266,659 | RH-- | C] () -- D:\Program Files\ZF612702.CAB
[2004/09/10 20:18:56 | 000,668,276 | RH-- | C] () -- D:\Program Files\ZQ561401.CAB
[2004/09/10 20:18:56 | 000,310,133 | RH-- | C] () -- D:\Program Files\ZO561401.CAB
[2004/09/10 20:18:56 | 000,274,001 | RH-- | C] () -- D:\Program Files\ZN561401.CAB
[2004/09/10 20:18:56 | 000,243,555 | RH-- | C] () -- D:\Program Files\ZH561403.CAB
[2004/09/10 20:18:56 | 000,147,457 | RH-- | C] () -- D:\Program Files\ZK561401.CAB
[2004/09/10 20:18:56 | 000,107,454 | RH-- | C] () -- D:\Program Files\ZM561401.CAB
[2004/09/10 20:18:56 | 000,103,723 | RH-- | C] () -- D:\Program Files\ZJ561401.CAB
[2004/09/10 20:18:56 | 000,083,634 | RH-- | C] () -- D:\Program Files\ZI561402.CAB
[2004/09/10 20:18:56 | 000,047,824 | RH-- | C] () -- D:\Program Files\ZG561401.CAB
[2004/09/10 20:18:54 | 005,923,328 | R--- | C] () -- D:\Program Files\PRO11.MSI
[2004/09/10 20:18:54 | 001,255,537 | RH-- | C] () -- D:\Program Files\PV561401.CAB
[2004/09/10 20:18:50 | 007,645,762 | RH-- | C] () -- D:\Program Files\PR308246.CAB
[2004/09/10 20:18:46 | 003,540,973 | RH-- | C] () -- D:\Program Files\PR103678.CAB
[2004/09/10 20:18:44 | 006,108,423 | RH-- | C] () -- D:\Program Files\PR103368.CAB
[2004/09/10 20:18:40 | 001,740,699 | RH-- | C] () -- D:\Program Files\PA561401.CAB
[2004/09/10 20:18:40 | 000,471,375 | RH-- | C] () -- D:\Program Files\P4561402.CAB
[2004/09/10 20:18:38 | 005,671,270 | RH-- | C] () -- D:\Program Files\P3561401.CAB
[2004/09/10 20:18:36 | 029,543,747 | RH-- | C] () -- D:\Program Files\P2561401.CAB
[2004/09/10 20:18:18 | 012,391,934 | RH-- | C] () -- D:\Program Files\O1561403.CAB
[2004/09/10 20:18:18 | 000,604,672 | R--- | C] () -- D:\Program Files\OWC11.MSI
[2004/09/10 20:18:18 | 000,560,128 | R--- | C] () -- D:\Program Files\OWC10.MSI
[2004/09/10 20:18:18 | 000,178,500 | RH-- | C] () -- D:\Program Files\O9561403.CAB
[2004/09/10 20:18:10 | 002,531,817 | RH-- | C] () -- D:\Program Files\MT561403.CAB
[2004/09/10 20:18:10 | 000,030,137 | RH-- | C] () -- D:\Program Files\O0561401.CAB
[2004/09/10 20:18:08 | 000,883,593 | RH-- | C] () -- D:\Program Files\MO561403.CAB
[2004/09/10 20:18:06 | 002,642,875 | RH-- | C] () -- D:\Program Files\W3561405.CAB
[2004/09/10 20:18:06 | 002,374,394 | RH-- | C] () -- D:\Program Files\MH561401.CAB
[2004/09/10 20:18:04 | 006,270,298 | RH-- | C] () -- D:\Program Files\W2561405.CAB
[2004/09/10 20:18:00 | 002,057,146 | RH-- | C] () -- D:\Program Files\V3561403.CAB
[2004/09/10 20:18:00 | 002,056,750 | RH-- | C] () -- D:\Program Files\TR308222.CAB
[2004/09/10 20:17:58 | 003,533,058 | RH-- | C] () -- D:\Program Files\SKU0A4.CAB
[2004/09/10 20:17:58 | 002,084,690 | RH-- | C] () -- D:\Program Files\TR103621.CAB
[2004/09/10 20:17:56 | 000,473,931 | RH-- | C] () -- D:\Program Files\SKU011.XML
[2004/09/10 20:17:56 | 000,163,936 | RH-- | C] () -- D:\Program Files\SKU026.CAB
[2004/09/10 20:17:54 | 006,282,476 | RH-- | C] () -- D:\Program Files\SKU011.CAB
[2004/09/10 20:17:52 | 001,256,026 | RH-- | C] () -- D:\Program Files\QV561405.CAB
[2004/09/10 20:17:52 | 000,019,697 | R--- | C] () -- D:\Program Files\SETUP.HTM
[2004/09/10 20:17:52 | 000,006,581 | R--- | C] () -- D:\Program Files\README.HTM
[2004/09/10 20:17:50 | 002,346,637 | RH-- | C] () -- D:\Program Files\Q3561405.CAB
[2004/09/10 20:17:50 | 000,545,200 | RH-- | C] () -- D:\Program Files\Q4561405.CAB
[2004/09/10 20:17:48 | 003,053,221 | RH-- | C] () -- D:\Program Files\Q2561405.CAB
[2004/09/10 20:17:48 | 002,951,706 | RH-- | C] () -- D:\Program Files\PW561401.CAB
[2004/05/12 19:56:36 | 000,634,880 | ---- | C] () -- D:\WINDOWS\System32\pemicro_serialcm2.dll
[2004/04/18 16:43:46 | 000,147,456 | ---- | C] () -- D:\WINDOWS\System32\ssleay32.dll
[2004/04/18 16:43:44 | 000,651,264 | ---- | C] () -- D:\WINDOWS\System32\libeay32.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- D:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- D:\WINDOWS\System32\hptcpmon.ini
[2000/08/03 13:25:12 | 000,023,296 | ---- | C] () -- D:\WINDOWS\System32\pedrv.sys
[2000/08/03 13:25:12 | 000,023,296 | ---- | C] () -- D:\WINDOWS\System32\drivers\pedrv.sys
[1999/01/27 16:39:06 | 000,065,024 | ---- | C] () -- D:\WINDOWS\System32\indounin.dll
[1998/10/02 09:20:46 | 000,005,200 | ---- | C] () -- D:\WINDOWS\System32\drivers\vichw11.sys
[1997/06/13 10:56:08 | 000,056,832 | ---- | C] () -- D:\WINDOWS\System32\Iyvu9_32.dll
[1996/05/29 16:20:04 | 000,035,072 | ---- | C] () -- D:\WINDOWS\System32\SENDKEY.DLL
[1996/04/03 21:33:26 | 000,005,248 | ---- | C] () -- D:\WINDOWS\System32\drivers\GIVEIO.SYS

========== LOP Check ==========

[2009/12/26 00:55:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Activision
[2008/04/03 09:09:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/04/03 07:28:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\MGI
[2009/12/02 13:54:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\NETGEAR
[2010/08/24 21:52:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\NexonUS
[2010/08/24 21:06:28 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\PMB Files
[2010/05/20 19:08:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Processor Expert
[2008/04/08 05:24:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Saitek
[2010/10/31 14:54:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/07 07:43:23 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\CallingID
[2009/10/22 20:24:53 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\comcasttb
[2010/08/13 11:15:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\Elluminate
[2008/04/03 06:57:23 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\FotoWire
[2008/04/14 00:57:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\gtk-2.0

 

[2010/03/12 19:49:55 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\ImgBurn
[2008/04/03 07:33:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\MGI
[2010/10/30 21:03:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\MyScribe
[2010/08/24 23:06:39 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\NeopleLauncherDFO
[2009/01/19 14:38:01 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\OpenOffice.org
[2010/05/20 19:09:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\Processor Expert
[2008/11/04 19:27:52 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\TeamViewer
[2010/04/02 22:20:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\TS3Client
[2008/09/24 16:16:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\Uniblue
[2009/05/12 19:53:20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\uTorrent
[2008/07/08 07:04:44 | 000,000,370 | ---- | M] () -- D:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1207566146.job
[2011/01/09 01:45:33 | 000,000,330 | -H-- | M] () -- D:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/04/08 05:43:30 | 000,000,291 | ---- | M] () -- D:\(G) Vingintion Drive.lnk
[2011/01/08 13:44:07 | 000,011,861 | ---- | M] () -- D:\ComboFix.txt
[2011/01/09 01:42:17 | 2145,386,496 | -HS- | M] () -- D:\pagefile.sys
[2011/01/08 13:50:09 | 000,000,359 | ---- | M] () -- D:\rkill.log

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- D:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- D:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- D:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- D:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/04/03 07:54:21 | 000,000,067 | -HS- | M] () -- D:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/10/14 22:41:46 | 000,072,192 | ---- | M] (Hewlett-Packard Corporation) -- D:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp43a.dll
[2003/06/18 16:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 11:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2004/09/10 20:21:10 | 003,580,152 | RH-- | M] () -- D:\Program Files\A2561405.CAB
[2004/09/10 20:21:14 | 005,675,627 | RH-- | M] () -- D:\Program Files\A3561405.CAB
[2004/09/10 20:21:16 | 003,032,343 | RH-- | M] () -- D:\Program Files\A4561405.CAB
[2004/09/10 20:21:18 | 001,952,821 | RH-- | M] () -- D:\Program Files\AV561403.CAB
[2004/09/10 20:21:18 | 001,681,457 | RH-- | M] () -- D:\Program Files\CC561401.CAB
[2004/09/10 20:21:20 | 000,323,898 | RH-- | M] () -- D:\Program Files\CD561401.CAB
[2004/09/10 20:21:20 | 002,071,027 | RH-- | M] () -- D:\Program Files\CF561401.CAB
[2004/09/10 20:21:22 | 000,706,243 | RH-- | M] () -- D:\Program Files\CL561401.CAB
[2004/09/10 20:21:22 | 001,232,028 | RH-- | M] () -- D:\Program Files\CM561401.CAB
[2004/09/10 20:21:24 | 002,487,448 | RH-- | M] () -- D:\Program Files\CP561401.CAB
[2004/09/10 20:21:26 | 002,306,744 | RH-- | M] () -- D:\Program Files\CR561401.CAB
[2004/09/10 20:21:26 | 000,611,657 | RH-- | M] () -- D:\Program Files\CS561401.CAB
[2004/09/10 20:21:30 | 005,331,769 | RH-- | M] () -- D:\Program Files\E2561410.CAB
[2004/09/10 20:21:32 | 002,977,781 | RH-- | M] () -- D:\Program Files\E3561405.CAB
[2004/09/10 20:21:32 | 000,720,116 | RH-- | M] () -- D:\Program Files\E4561410.CAB
[2004/09/10 20:21:34 | 002,164,117 | RH-- | M] () -- D:\Program Files\EV561405.CAB
[2004/09/10 20:20:02 | 001,673,946 | RH-- | M] () -- D:\Program Files\G3561403.CAB
[2004/09/10 20:20:02 | 000,466,445 | RH-- | M] () -- D:\Program Files\GV561403.CAB
[2004/09/10 20:20:02 | 000,107,046 | RH-- | M] () -- D:\Program Files\IJ561401.CAB
[2004/09/10 20:20:02 | 000,038,260 | RH-- | M] () -- D:\Program Files\IS561401.CAB
[2004/09/10 20:20:12 | 013,650,283 | RH-- | M] () -- D:\Program Files\IU561401.CAB
[2004/09/10 20:20:18 | 010,629,703 | RH-- | M] () -- D:\Program Files\L2561403.CAB
[2004/09/10 20:20:20 | 001,867,474 | RH-- | M] () -- D:\Program Files\L3561403.CAB
[2004/09/10 20:20:20 | 001,054,743 | RH-- | M] () -- D:\Program Files\L4561403.CAB
[2004/09/10 20:20:20 | 000,300,700 | RH-- | M] () -- D:\Program Files\L9561403.CAB
[2004/09/10 20:20:20 | 000,947,433 | RH-- | M] () -- D:\Program Files\LV561403.CAB
[2004/09/10 20:20:22 | 000,050,808 | RH-- | M] () -- D:\Program Files\M2561406.CAB
[2004/09/10 20:20:24 | 005,279,842 | RH-- | M] () -- D:\Program Files\M3561404.CAB
[2004/09/10 20:20:32 | 012,037,546 | RH-- | M] () -- D:\Program Files\M4561403.CAB
[2004/09/10 20:20:34 | 003,563,686 | RH-- | M] () -- D:\Program Files\M9561403.CAB
[2004/09/10 20:20:34 | 000,313,441 | RH-- | M] () -- D:\Program Files\MA561403.CAB
[2004/09/10 20:20:36 | 002,277,520 | RH-- | M] () -- D:\Program Files\MC561403.CAB
[2004/09/10 20:20:36 | 000,915,570 | RH-- | M] () -- D:\Program Files\MG561403.CAB
[2004/09/10 20:18:06 | 002,374,394 | RH-- | M] () -- D:\Program Files\MH561401.CAB
[2004/09/10 20:18:08 | 000,883,593 | RH-- | M] () -- D:\Program Files\MO561403.CAB
[2004/09/10 20:18:10 | 002,531,817 | RH-- | M] () -- D:\Program Files\MT561403.CAB
[2004/09/10 20:18:10 | 000,030,137 | RH-- | M] () -- D:\Program Files\O0561401.CAB
[2004/09/10 20:18:18 | 012,391,934 | RH-- | M] () -- D:\Program Files\O1561403.CAB
[2004/09/10 20:18:18 | 000,178,500 | RH-- | M] () -- D:\Program Files\O9561403.CAB
[2004/09/10 20:18:18 | 000,560,128 | R--- | M] () -- D:\Program Files\OWC10.MSI
[2004/09/10 20:18:18 | 000,604,672 | R--- | M] () -- D:\Program Files\OWC11.MSI
[2004/09/10 20:18:36 | 029,543,747 | RH-- | M] () -- D:\Program Files\P2561401.CAB
[2004/09/10 20:18:38 | 005,671,270 | RH-- | M] () -- D:\Program Files\P3561401.CAB
[2004/09/10 20:18:40 | 000,471,375 | RH-- | M] () -- D:\Program Files\P4561402.CAB
[2004/09/10 20:18:40 | 001,740,699 | RH-- | M] () -- D:\Program Files\PA561401.CAB
[2004/09/10 20:18:44 | 006,108,423 | RH-- | M] () -- D:\Program Files\PR103368.CAB
[2004/09/10 20:18:46 | 003,540,973 | RH-- | M] () -- D:\Program Files\PR103678.CAB
[2004/09/10 20:18:50 | 007,645,762 | RH-- | M] () -- D:\Program Files\PR308246.CAB
[2004/09/10 20:18:54 | 005,923,328 | R--- | M] () -- D:\Program Files\PRO11.MSI
[2004/09/10 20:18:54 | 001,255,537 | RH-- | M] () -- D:\Program Files\PV561401.CAB
[2004/09/10 20:17:48 | 002,951,706 | RH-- | M] () -- D:\Program Files\PW561401.CAB
[2004/09/10 20:17:48 | 003,053,221 | RH-- | M] () -- D:\Program Files\Q2561405.CAB
[2004/09/10 20:17:50 | 002,346,637 | RH-- | M] () -- D:\Program Files\Q3561405.CAB
[2004/09/10 20:17:50 | 000,545,200 | RH-- | M] () -- D:\Program Files\Q4561405.CAB
[2004/09/10 20:17:52 | 001,256,026 | RH-- | M] () -- D:\Program Files\QV561405.CAB
[2004/09/10 20:17:52 | 000,006,581 | R--- | M] () -- D:\Program Files\README.HTM
[2004/09/10 20:17:52 | 000,019,697 | R--- | M] () -- D:\Program Files\SETUP.HTM
[2004/09/10 20:17:54 | 006,282,476 | RH-- | M] () -- D:\Program Files\SKU011.CAB
[2004/09/10 20:17:56 | 000,473,931 | RH-- | M] () -- D:\Program Files\SKU011.XML
[2004/09/10 20:17:56 | 000,163,936 | RH-- | M] () -- D:\Program Files\SKU026.CAB
[2004/09/10 20:17:58 | 003,533,058 | RH-- | M] () -- D:\Program Files\SKU0A4.CAB
[2004/09/10 20:17:58 | 002,084,690 | RH-- | M] () -- D:\Program Files\TR103621.CAB
[2004/09/10 20:18:00 | 002,056,750 | RH-- | M] () -- D:\Program Files\TR308222.CAB
[2004/09/10 20:18:00 | 002,057,146 | RH-- | M] () -- D:\Program Files\V3561403.CAB
[2004/09/10 20:18:04 | 006,270,298 | RH-- | M] () -- D:\Program Files\W2561405.CAB
[2004/09/10 20:18:06 | 002,642,875 | RH-- | M] () -- D:\Program Files\W3561405.CAB
[2004/09/10 20:18:58 | 001,038,975 | RH-- | M] () -- D:\Program Files\W4561405.CAB
[2004/09/10 20:19:00 | 002,948,275 | RH-- | M] () -- D:\Program Files\WV561405.CAB
[2004/09/10 20:19:04 | 009,298,714 | RH-- | M] () -- D:\Program Files\X2561401.CAB
[2004/09/10 20:19:06 | 001,013,663 | RH-- | M] () -- D:\Program Files\X3561401.CAB
[2004/09/10 20:19:10 | 008,114,251 | RH-- | M] () -- D:\Program Files\YA561403.CAB
[2004/09/10 20:19:12 | 008,012,757 | RH-- | M] () -- D:\Program Files\YB561408.CAB
[2004/09/10 20:19:14 | 000,614,643 | RH-- | M] () -- D:\Program Files\YC561403.CAB
[2004/09/10 20:19:16 | 004,475,718 | RH-- | M] () -- D:\Program Files\YH561403.CAB
[2004/09/10 20:19:16 | 001,440,029 | RH-- | M] () -- D:\Program Files\YI561401.CAB
[2004/09/10 20:19:16 | 001,539,271 | RH-- | M] () -- D:\Program Files\YL561402.CAB
[2004/09/10 20:19:16 | 000,063,208 | RH-- | M] () -- D:\Program Files\YM561403.CAB
[2004/09/10 20:19:18 | 000,821,637 | RH-- | M] () -- D:\Program Files\YO561403.CAB
[2004/09/10 20:19:38 | 047,671,800 | RH-- | M] () -- D:\Program Files\YS561401.CAB
[2004/09/10 20:19:38 | 000,014,446 | RH-- | M] () -- D:\Program Files\YT561401.CAB
[2004/09/10 20:19:38 | 000,192,632 | RH-- | M] () -- D:\Program Files\ZA561401.CAB
[2004/09/10 20:19:40 | 002,679,261 | RH-- | M] () -- D:\Program Files\ZC561402.CAB
[2004/09/10 20:19:40 | 001,692,636 | RH-- | M] () -- D:\Program Files\ZD561402.CAB
[2004/09/10 20:19:40 | 000,763,821 | RH-- | M] () -- D:\Program Files\ZE561406.CAB
[2004/09/10 20:18:56 | 002,266,659 | RH-- | M] () -- D:\Program Files\ZF612702.CAB
[2004/09/10 20:18:56 | 000,047,824 | RH-- | M] () -- D:\Program Files\ZG561401.CAB
[2004/09/10 20:18:56 | 000,243,555 | RH-- | M] () -- D:\Program Files\ZH561403.CAB
[2004/09/10 20:18:56 | 000,083,634 | RH-- | M] () -- D:\Program Files\ZI561402.CAB
[2004/09/10 20:18:56 | 000,103,723 | RH-- | M] () -- D:\Program Files\ZJ561401.CAB
[2004/09/10 20:18:56 | 000,147,457 | RH-- | M] () -- D:\Program Files\ZK561401.CAB
[2004/09/10 20:18:56 | 000,107,454 | RH-- | M] () -- D:\Program Files\ZM561401.CAB
[2004/09/10 20:18:56 | 000,274,001 | RH-- | M] () -- D:\Program Files\ZN561401.CAB
[2004/09/10 20:18:56 | 000,310,133 | RH-- | M] () -- D:\Program Files\ZO561401.CAB
[2004/09/10 20:18:56 | 000,668,276 | RH-- | M] () -- D:\Program Files\ZQ561401.CAB
[2004/09/10 20:18:58 | 000,027,929 | RH-- | M] () -- D:\Program Files\ZR561403.CAB
[2004/09/10 20:18:58 | 000,441,429 | RH-- | M] () -- D:\Program Files\ZS561401.CAB
[2004/09/10 20:18:58 | 000,353,051 | RH-- | M] () -- D:\Program Files\ZT561401.CAB
[2004/09/10 20:18:58 | 000,017,922 | RH-- | M] () -- D:\Program Files\ZU561401.CAB
[2004/09/10 20:18:58 | 000,091,858 | RH-- | M] () -- D:\Program Files\ZV561401.CAB
[2004/09/10 20:18:58 | 000,456,846 | RH-- | M] () -- D:\Program Files\ZY561401.CAB
[2004/09/10 20:18:58 | 000,006,291 | RH-- | M] () -- D:\Program Files\ZZ561401.CAB

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/04/02 23:33:54 | 000,094,208 | ---- | M] () -- D:\WINDOWS\system32\config\default.sav
[2008/04/02 23:33:53 | 000,659,456 | ---- | M] () -- D:\WINDOWS\system32\config\software.sav
[2008/04/02 23:33:53 | 000,434,176 | ---- | M] () -- D:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/03/14 22:20:09 | 000,000,209 | -HS- | M] () -- D:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/04/03 08:06:02 | 000,000,119 | -HS- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2008/04/03 08:06:01 | 000,000,079 | ---- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2008/09/24 17:14:51 | 000,050,688 | ---- | M] (Atribune.org) -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\ATF-Cleaner.exe
[2011/01/07 19:45:38 | 000,296,448 | ---- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\GMER.exe
[2010/10/30 20:46:27 | 042,515,122 | ---- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\MyScribeSetup.exe
[2011/01/07 19:57:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\OTL.exe
[2010/04/02 22:19:41 | 012,816,592 | ---- | M] (TeamSpeak Systems GmbH) -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\TeamSpeak3-Client-win32-3.0.0-beta18.exe
[2010/04/02 22:16:18 | 014,788,904 | ---- | M] (TeamSpeak Systems GmbH) -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\TeamSpeak3-Client-win64-3.0.0-beta18.exe
[2011/01/07 19:44:02 | 000,446,464 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/04/03 08:06:01 | 000,000,122 | -HS- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Favorites\Desktop.ini
[2008/04/03 08:39:28 | 000,001,288 | ---- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Favorites\Microsoft bCentral.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/08/14 12:19:46 | 000,001,132 | RHS- | M] () -- D:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2008/04/03 17:52:23 | 000,000,067 | -HS- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Cookies\desktop.ini
[2011/01/09 01:53:08 | 001,048,576 | -HS- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2005/01/28 16:44:28 | 000,192,512 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >
[2009/09/10 20:53:38 | 000,582,175 | ---- | M] (tzuk) -- D:\WINDOWS\Installer\SandboxieInstall.exe
[2010/07/18 18:43:56 | 000,735,984 | ---- | M] (tzuk) -- D:\WINDOWS\Installer\SandboxieInstall32.exe
[7 D:\WINDOWS\Installer\*.tmp files -> D:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Messenger\custsat.dll
[2004/08/03 19:07:00 | 000,004,821 | ---- | M] () -- D:\Program Files\Messenger\logowin.gif
[2004/08/04 04:06:34 | 000,007,047 | ---- | M] () -- D:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Messenger\msmsgs.exe
[2004/08/03 19:07:00 | 000,002,882 | ---- | M] () -- D:\Program Files\Messenger\newalert.wav
[2004/08/03 19:07:00 | 000,006,156 | ---- | M] () -- D:\Program Files\Messenger\newemail.wav
[2004/08/03 19:07:00 | 000,006,160 | ---- | M] () -- D:\Program Files\Messenger\online.wav
[2004/08/04 04:06:36 | 000,004,454 | ---- | M] () -- D:\Program Files\Messenger\type.wav
[2004/08/04 04:06:36 | 000,115,981 | ---- | M] () -- D:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"AutoInstallMinorUpdates" = 1
"NoAutoRebootWithLoggedOnUsers" = 1
"NoAutoUpdate" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:EA029835

< End of report >

 

OTL Extras logfile created on: 1/9/2011 1:56:38 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = D:\Documents and Settings\Nelson Ramon Arucas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 2686 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 5.08 Gb Total Space | 0.86 Gb Free Space | 17.01% Space Free | Partition Type: FAT32
Drive D: | 50.83 Gb Total Space | 11.84 Gb Free Space | 23.30% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 0.96 Gb Free Space | 12.92% Space Free | Partition Type: FAT32

Computer Name: NELSON-43082967 | User Name: Nelson Ramon Arucas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"56143:TCP" = 56143:TCP:*:Enabledando Media Booster
"56143:UDP" = 56143:UDP:*:Enabledando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"56143:TCP" = 56143:TCP:*:Enabledando Media Booster
"56143:UDP" = 56143:UDP:*:Enabledando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = D:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"D:\Program Files\Pando Networks\Media Booster\PMB.exe" = D:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabledando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\iTunes\iTunes.exe" = D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"D:\Program Files\Steam\steamapps\common\alpha prime\AlphaPrime.exe" = D:\Program Files\Steam\steamapps\common\alpha prime\AlphaPrime.exe:*:Enabled:Alpha Prime -- (Black Element Software)
"D:\Program Files\Gameforge4D\AirRivals\Launcher.atm" = D:\Program Files\Gameforge4D\AirRivals\Launcher.atm:Enabled:GameExe2 -- ()
"D:\Program Files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe" = D:\Program Files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe:Enabled:GameVoIP -- (Masang Soft)
"D:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = D:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"D:\Program Files\Yahoo!\Messenger\YServer.exe" = D:\Program Files\Yahoo!\Messenger\YServer.exe:*isabled:Yahoo! FT Server -- (Yahoo! Inc.)
"D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*isabled:Yahoo! Messenger -- (Yahoo! Inc.)
"D:\Program Files\Xfire\xfire.exe" = D:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe" = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe" = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"D:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = D:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"D:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe" = D:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe" = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"D:\Program Files\Ventrilo\Ventrilo.exe" = D:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"D:\Program Files\Pando Networks\Media Booster\PMB.exe" = D:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabledando Media Booster -- ()
"D:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = D:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{14AA72DA-DB40-4A34-93A6-401A81D7AF9E}" = Unreal Anthology
"{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}" = HP Driver Diagnostics
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{1CB63C5C-DA69-4793-BD35-43BDE2A86D43}" = MGI VideoWave 4
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}" = Apple Mobile Device Support
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{5E06C076-E4E7-4239-A886-B3D8AC84C166}" = HP Print Diagnostic Utility
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64963F0E-03F2-4B59-8D1B-1806545E7092}" = NVIDIA DDS Utilities
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{71D9B000-CD43-4DE9-9729-49434415B8F7}" = F300Trb
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82DFB852-9594-4668-9C66-28BB6E94BCB2}" = HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}" = Rhapsody Player Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{967FB80D-56BD-42EF-A942-9E8C78F984A4}" = Saitek SST Programming Software
"{97AFE669-5F73-4159-A8D6-777778AFBE6A}" = Philips Firmware Manager
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{984F10FD-11FD-4BED-8163-92DB81E6A825}" = Logitech IM Video Companion
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}" = Readiris 7.5
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{BF95339B-AB72-4C85-A6E1-C008CD2CC733}" = Xirrus Wi-Fi Inspector
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{ED93995E-8BF2-480F-8EA4-7D29E29A7052}" = HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet Drivers
"{EF6C4600-306D-4F6A-A119-C2A877D25B4A}" = iTunes
"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE7DEF30-AC2D-4D17-B65D-92751A4E2320}" = CodeWarrior Development Studio for S12(X) V5.0
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AE3DA7FEC22E9FC9FE0453738A4DE2CDECE169F8" = Windows Driver Package - SofTec Microsystems (sft02) SofTecUSBDevices (02/07/2007 2.40.0.0)
"AirRivals_is1" = AirRivals 1.0.0.26
"avast!" = avast! Antivirus
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"comcasttb" = Comcast Toolbar 3.0
"DFO" = DFOLauncher
"DMI Browser" = DMI Browse
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 6.1
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"InfoView" = InfoView
"InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2
"i-Speeder" = i-Speeder
"Logitech Print Service" = Logitech Print Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MGI_PRISM_V4_0" = MGI PhotoSuite 4 (Remove Only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MyScribe" = MyScribe
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PSC 2000 Series" = HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet
"RealPlayer 6.0" = RealPlayer 7 Basic
"Registry Mechanic_is1" = Registry Mechanic 5.2
"Sandboxie" = Sandboxie 3.46
"Steam App 2590" = Alpha Prime
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UT2004Mi_is1" = UT2004Mi v2.00
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMIinfo" = WMIinfo
"Xfire" = Xfire (remove only)
"Yahoo! Companion" = Yahoo! ¤u¨Ã£¦C
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
"ZoneAlarm" = ZoneAlarm
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f2fababaf06c5ea6" = UnrealKeyChanger
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 4/17/2008 4:50:54 PM | Computer Name = NELSON-43082967 | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_NewFile Error 112.

Error - 4/17/2008 4:50:54 PM | Computer Name = NELSON-43082967 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 112.

Error - 1/21/2009 5:30:22 PM | Computer Name = NELSON-43082967 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: Aavm: CreateEventsAndMapping mutex timeout
- server DOWN???, (null).

Error - 11/7/2009 9:47:04 AM | Computer Name = NELSON-43082967 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\Documents and Settings\Nelson Ramon Arucas\Local Settings\Temporary Internet
Files\Content.IE5\N9ISNS1C\restserver[1].php failed, 0000A413.

Error - 10/1/2010 10:34:40 AM | Computer Name = NELSON-43082967 | Source = avast! | ID = 33554522
Description = AAVM - initialization error: AavmStart: avworkInitialize failed, 0000A438.


Error - 10/2/2010 2:06:24 PM | Computer Name = NELSON-43082967 | Source = avast! | ID = 33554522
Description = AAVM - initialization error: AavmStart: avworkInitialize failed, 0000A438.


Error - 10/2/2010 5:05:40 PM | Computer Name = NELSON-43082967 | Source = avast! | ID = 33554522
Description = AAVM - initialization error: AavmStart: avworkInitialize failed, 0000A438.


Error - 10/3/2010 10:33:59 AM | Computer Name = NELSON-43082967 | Source = avast! | ID = 33554522
Description = AAVM - initialization error: AavmStart: avworkInitialize failed, 0000A438.


[ Application Events ]
Error - 8/30/2010 4:25:48 AM | Computer Name = NELSON-43082967 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 8/30/2010 4:31:48 AM | Computer Name = NELSON-43082967 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 9/8/2010 2:18:39 AM | Computer Name = NELSON-43082967 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 9/29/2010 8:46:18 PM | Computer Name = NELSON-43082967 | Source = ESENT | ID = 481
Description = wuauclt (656) An attempt to read from the file "D:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb "
at offset 12374016 (0x0000000000bcd000) for 208896 (0x00033000) bytes failed with
system error 23 (0x00000017): "Data error (cyclic redundancy check). ". The read
operation will fail with error -1022 (0xfffffc02). If this error persists then
the file may be damaged and may need to be restored from a previous backup.

Error - 9/29/2010 8:47:59 PM | Computer Name = NELSON-43082967 | Source = ESENT | ID = 481
Description = wuauclt (656) An attempt to read from the file "D:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb "
at offset 11780096 (0x0000000000b3c000) for 737280 (0x000b4000) bytes failed with
system error 23 (0x00000017): "Data error (cyclic redundancy check). ". The read
operation will fail with error -1022 (0xfffffc02). If this error persists then
the file may be damaged and may need to be restored from a previous backup.

Error - 10/19/2010 9:23:06 PM | Computer Name = NELSON-43082967 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/19/2010 9:23:07 PM | Computer Name = NELSON-43082967 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12/28/2010 2:40:53 AM | Computer Name = NELSON-43082967 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 12/29/2010 3:02:08 AM | Computer Name = NELSON-43082967 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 1/7/2011 8:52:28 PM | Computer Name = NELSON-43082967 | Source = MPSampleSubmission | ID = 5000
Description =

[ System Events ]
Error - 1/8/2011 10:22:18 PM | Computer Name = NELSON-43082967 | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 1/8/2011 10:26:12 PM | Computer Name = NELSON-43082967 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 1/8/2011 10:26:12 PM | Computer Name = NELSON-43082967 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 1/8/2011 10:26:12 PM | Computer Name = NELSON-43082967 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 1/8/2011 10:27:58 PM | Computer Name = NELSON-43082967 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor
service to connect.

Error - 1/8/2011 10:27:58 PM | Computer Name = NELSON-43082967 | Source = Service Control Manager | ID = 7000
Description = The TrueVector Internet Monitor service failed to start due to the
following error: %%1053

Error - 1/9/2011 2:43:00 AM | Computer Name = NELSON-43082967 | Source = ParVdm | ID = 458754
Description = Unable to get device object pointer for port object.

Error - 1/9/2011 2:43:02 AM | Computer Name = NELSON-43082967 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor
service to connect.

Error - 1/9/2011 2:43:02 AM | Computer Name = NELSON-43082967 | Source = Service Control Manager | ID = 7000
Description = The TrueVector Internet Monitor service failed to start due to the
following error: %%1053

Error - 1/9/2011 2:43:02 AM | Computer Name = NELSON-43082967 | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126


< End of report >

 

Side note, I seem to hit that 55,000 character limit quite a lot.

 

As you know, I am having problems with the connection to the internet for my room pc. Therefore, I am able to run JavaRa, but not the update/install of a fresh Java version. I will do that as soon as I'm able to connect to the internet without my room pc freezing. I have done the rest of your instructions, and are currently rebooting my pc after inputing your specified instructions for OTL. I will post the findings/results soon.

 

This screen shot is when I ran JavaRa.

http://img839.imageshack.us/i/screenshotofremovalofja.jpg/

 

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Jan 09 18:21:40 2011

Found and removed: D:\Program Files\Java\jre1.6.0_05

Found and removed: JavaPlugin.FamilyVersionSupport

Found and removed: Installer\Products\8A0F842331866D117AB7000B0D610007

Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: JavaScript

Found and removed: JavaScript Author

Found and removed: JavaScript1.1

Found and removed: JavaScript1.1 Author

Found and removed: JavaScript1.2

Found and removed: JavaScript1.2 Author

Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\JavaPlugin.160_07

Found and removed: Software\JavaSoft\Java Update

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\JavaPlugin

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\Classes\JavaPlugin.160_07

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_07

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

------------------------------------

Finished reporting.

 

All processes killed
========== OTL ==========
Service EagleNT stopped successfully!
Service EagleNT deleted successfully!
File D:\WINDOWS\System32\drivers\EagleNT.sys not found.
Error: Unable to stop service KLIF!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KLIF deleted successfully.
D:\WINDOWS\system32\drivers\klif.sys moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\asia.msi\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\global.msi\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\www.msi\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
D:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
D:\Documents and Settings\Nelson Ramon Arucas\Application Data\Uniblue\Registry Booster2 folder moved successfully.
D:\Documents and Settings\Nelson Ramon Arucas\Application Data\Uniblue folder moved successfully.
ADS D:\Documents and Settings\All Users\Application Data\TEMP:EA029835 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Adam Arucas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Javier Pelligrini
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Nelson (Dad) Arucas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nelson Ramon Arucas
->Temp folder emptied: 22097 bytes
->Temporary Internet Files folder emptied: 40143 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 2736 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Niomi June Arucas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19874 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1105 bytes

Total Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Adam Arucas

User: All Users

User: Default User

User: Javier Pelligrini

User: LocalService

User: Nelson (Dad) Arucas

User: Nelson Ramon Arucas
->Flash cache emptied: 0 bytes

User: NetworkService

User: Niomi June Arucas
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.1 log created on 01092011_182712

Files\Folders moved on Reboot...
File\Folder D:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File\Folder D:\WINDOWS\temp\Perflib_Perfdata_e8.dat not found!
File\Folder D:\WINDOWS\temp\ZLT07d21.TMP not found!
File\Folder D:\WINDOWS\temp\ZLT07d73.TMP not found!

Registry entries deleted on Reboot...

 

Ok, after I logged on last time, I've been sitting in my room, thinking about how the heck could I fix my pc's problem. So, I logged in to my room pc, and started to look at what items I had open in task manager. This was before I saw broni's new post. I started to get rid of the normal programs that I know of, which I regularlly end their tasks. I got the processes down to 36, and looked at what I had left. I thought, if I would connect the wireless adaptor and have the task manager open, I could see what processes open up once I connect the wireless adaptor. That way, I would know what to deal with, which may cause my pc to freeze. So, I did so. Sadely, a few times their would be a message when I tried to go from trusted site to site. I would first open up an explorer web page window; and let it get to the point where it said's I can not connect to the net. I would then actually plug in the wireless adaptor, and then go to google. From google, I would then try to get to windowsbbs. For a couple of tries of doing this, there was some error window that pops up when I try to get to windowsbbs; but the window would freeze. The Task Manager, however, wouldn't freeze. When I tried to end the process of the iexplorer.exe though, it would not go away immidiately. It would take a bit before the iexplorer.exe, or any other new process that would pop up after I connected the wireless adaptor and went on the web page steps (home page, google, windowsbbs). I tried a few times to see if I could see that window that would pop up when the web page would delay and the additional message window would pop up. As I was resetting my pc, and trial and erroring open and closed programs, I noticed, that as I plugged in the wireless adaptor, the avast.setup process would pop up. So, as I logged in after realizing this, I opened up the task manager, and saw that there was no avast.setup process. I plugged in the wireless adaptor, and when the avast.setup, I tried to end the process quickly. well, I couldn't do that, that way. So, the next time I logged on, I opened up avast. I have avast 4.8 currently (I know, ancient). I click on the settings and then went through each one of the sub topic tabs for avast settings; looking for anything that might prompt for access to the internet. I came up to the update basic tab. I see that the update settings for virus database and program boxes within the update basic tab, are set to automatic. I set them both to manual. I then right click on the avast icon in the task pane, and clicked on the "Stop On-Access Protection ". After doing this, I then try to connect to the internet. Oh, I forgot to meantion, I tried just doing the "Stop On-Access Protection" alone, but the avast.setup would still pop up when I plugged in the wireless adaptor. Since that didn't work alone, I tried going into avast and found the update basic tab settings. Anyways, when I did both of these things, I opened up a web page, and it went to my home page; this is not a great step just yet. But then, I went to windowsbbs, expecting that the window will freeze, then the task pane, and ultimately, my pc; but it doesn't happen. I start to think to myself, "I can't believe this, my avast antivirus was the problem?" So, I check my threads to see if there is anything new, and I see that broni had replied to my malware thread. I look at what his new instructions say, and I think, "I might as well give it a shot, I got this far." I do the instructions as indicated, and when I do the "disable all ", I get a message that some items could not be altered, and that I might have to log on as an administrator. I got administrator on my account on my room pc. Not sure why, but I took a screen shot of this when it appeared in the next time I tried this when I logged in. The screen shot is here.

http://img534.imageshack.us/i/screenshotofsixthsetofi.jpg/

I'm not sure why that popped up, but I continued with the instructions. I did as the prompt suggested and resetted the pc right then. After logging back in I see that I can not log onto the internet. I open up the task manager, and see that there are 25 processes active/open. I am logged in as normal mode. I then go into the Systems Configuration Utility window, and reactivate all things that I disabled before. I then restarted my pc, and logged in again. This time that I log in, I notice that avast on access protection is not active automatically. I turn on the on access protection, but I do not touch the update basic settings. Now, as I type all of this for you to read, I am typing it from my room pc. I am connected to the internet, and my avast is fully in use. I'm not 100% sure, but I think that the freeze when connecting to the internet, not the wireless signal per say, has to do with my version of avast anti virus.

So, I know that was long, but that is the full explaination of what I did. So, should I use the appremover program from earlier instructions to uninstall the version of avast I have and then install a new version, like the version I put on my grand parents pc?

 

I'll do that right now. Oh, and the internet connection is really low on my room pc. it goes from 5.5 mbps to 1.0 mbps, and the signal strength is always low. I do not know what to do. I'll post what I posted earlier about fixing the connection to the internet for my room pc, onto the thread I started for my room pc network connection in the network area of windowsbbs.