Solved Checking Room PC For Problems.

Summary:
I first tried to run combofix in normal mode after turning off avast antivirus. I even made sure that avast didn't show up within task manager. When it was completely off, I then tried to run combofix, after a while, nothing was happening, so it was obvious that combofix was frozen. I then had to do a force reset. Then, after making sure that avast was off again, I ran rkill. For some odd reason this froze. I then restarted the pc and went into safe mode. I then ran rkill, and a message popped up detailing that the antivirus was being used by another program. Not sure why this was, when I checked the task manager, nothing out of the essentials was active; not even the avast antivirus task manager exe files. The program then closed after I clicked ok in the pop up window. I then clicked on the avast setup icon to see if I can uninstall avast, seeing as if that was the main cause of this weird issue. I first got a pop up message that an error occured with running the avast setup exe, but then the uninstal/install window appeared. I then went through the normal process of uninstalling avast. I then tried to run combofix in safe mode. Well, after a bit, a pop up window appeared detailing that combo fix was outdated and if I would like to update. I clicked on the yes button, and combofix then disappears. I've had combofix from since the last time I worked on my room pc from when I was receiving help in this forum section. After seeing that combofix was gone, I resetted the pc, went into normal mode, and downloaded combofix from the previous post within this thread. I then ran rkill, which ran normally, then ran combofix, which ran normally.

End of Summary

 

http://img850.imageshack.us/i/satmar52011combofixss1.jpg/

http://img717.imageshack.us/i/satmar52011combofixss2.jpg/

http://img42.imageshack.us/i/satmar52011combofixss3.jpg/

 

This log file is located at D:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/05/2011 at 13:27:48.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 03/05/2011 at 13:27:54.

 

This log file is located at D:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/05/2011 at 13:49:51.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

D:\WINDOWS\Explorer.EXE
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\internet explorer\iexplore.exe
D:\32788R22FWJFW\cmd.cfxxe
D:\32788R22FWJFW\NirCmd.cfxxe


Rkill completed on 03/05/2011 at 13:50:06.

 

ComboFix 11-03-04.06 - Nelson Ramon Arucas 03/05/2011 13:57:34.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1066 [GMT -5:00]
Running from: d:\documents and settings\Nelson Ramon Arucas\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-05 to 2011-03-05 )))))))))))))))))))))))))))))))
.
.
2011-03-04 06:32 . 2011-02-11 06:54 5943120 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{B3AD9BCB-C9EB-44D5-94FD-179E0D314C57}\mpengine.dll
2011-03-03 03:33 . 2011-03-05 18:30 -------- d-----w- d:\documents and settings\All Users\Application Data\AVAST Software
2011-03-03 03:33 . 2011-03-03 03:33 -------- d-----w- d:\program files\AVAST Software
2011-02-26 01:19 . 2011-02-26 01:19 41872 ----a-w- d:\windows\system32\xfcodec.dll
2011-02-25 07:04 . 2011-02-25 07:05 -------- d-----w- D:\fbfc6cc0495fefa7710205ca
2011-02-05 19:33 . 2011-02-05 19:33 -------- d-----w- d:\program files\iPod
2011-02-05 19:33 . 2011-02-05 19:34 -------- d-----w- d:\program files\iTunes
2011-02-05 19:33 . 2011-02-05 19:34 -------- d-----w- d:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-02-05 19:28 . 2011-02-05 19:28 -------- d-----w- d:\program files\Bonjour
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-11 06:54 . 2008-04-03 19:33 5943120 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-02-03 02:40 . 2011-01-10 07:34 472808 ----a-w- d:\windows\system32\deployJava1.dll
2011-02-03 00:19 . 2008-04-04 04:14 73728 ----a-w- d:\windows\system32\javacpl.cpl
2011-02-02 22:11 . 2009-10-03 06:06 222080 ------w- d:\windows\system32\MpSigStub.exe
2010-12-20 23:09 . 2011-01-08 02:37 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2011-01-08 02:37 20952 ----a-w- d:\windows\system32\drivers\mbam.sys
2004-09-11 01:18 . 2004-09-11 01:18 5923328 ------r- d:\program files\PRO11.MSI
2004-09-11 01:18 . 2004-09-11 01:18 604672 ------r- d:\program files\OWC11.MSI
2004-09-11 01:18 . 2004-09-11 01:18 560128 ------r- d:\program files\OWC10.MSI
.
.
((((((((((((((((((((((((((((( SnapShot@2011-01-08_18.41.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-05 18:40 . 2011-03-05 18:40 16384 d:\windows\Temp\Perflib_Perfdata_620.dat
+ 2011-01-28 17:17 . 2010-09-02 14:20 99328 d:\windows\system32\ZoneLabs\zlquarantine.dll
+ 2011-01-28 17:17 . 2010-09-02 14:21 70656 d:\windows\system32\ZoneLabs\zatray.exe
+ 2011-01-28 17:17 . 2010-09-02 14:21 21504 d:\windows\system32\ZoneLabs\lib\zsys.zip.dll
+ 2011-01-28 17:17 . 2010-09-02 14:21 14336 d:\windows\system32\ZoneLabs\lib\zmenu.zip.dll
+ 2011-01-28 17:17 . 2010-09-02 14:21 47616 d:\windows\system32\ZoneLabs\lib\zfde.zip.dll
+ 2011-01-28 17:17 . 2010-09-02 14:21 85504 d:\windows\system32\ZoneLabs\lib\ZAlert.zip.dll
+ 2011-01-28 17:17 . 2010-09-02 14:21 37376 d:\windows\system32\ZoneLabs\lib\UpdateUI.zip.dll
+ 2011-01-28 17:17 . 2010-09-02 14:21 12800 d:\windows\system32\ZoneLabs\lib\oem_1488.zip.dll
+ 2011-01-28 17:17 . 2010-09-02 14:21 12800 d:\windows\system32\ZoneLabs\lib\oem_1487.zip.dll
+ 2011-01-28 17:17 . 2010-09-02 14:21 12800 d:\windows\system32\ZoneLabs\lib\oem_1486.zip.dll
+ 2011-01-28 17:17 . 2010-09-02 14:21 20992 d:\windows\system32\ZoneLabs\lib\oem_1466.zip.dll
+ 2011-01-28 17:17 . 2010-09-02 14:21 12800 d:\windows\system32\ZoneLabs\lib\oem_1460.zip.dll
+ 2011-01-28 17:17 . 2010-09-02 14:21 10240 d:\windows\system32\ZoneLabs\lib\oem_1454.zip.dll
+ 2011-01-28 17:17 . 2010-09-02 14:21 11264 d:\windows\system32\ZoneLabs\lib\oem_1445.zip.dll
+ 2011-01-28 17:17 . 2010-09-02 14:21 14336 d:\windows\system32\ZoneLabs\lib\oem_1440.zip.dll
+ 2011-01-28 17:17 . 2010-09-02 14:21 12288 d:\windows\system32\ZoneLabs\lib\oem_1413.zip.dll
+ 2011-01-28 17:17 . 2010-09-02 14:21 11264 d:\windows\system32\ZoneLabs\lib\oem_1010.zip.dll
+ 2011-01-28 17:17 . 2010-09-02 14:21 29184 d:\windows\system32\ZoneLabs\lib\NavBar.zip.dll
+ 2011-01-28 17:17 . 2010-09-02 14:21 13312 d:\windows\system32\ZoneLabs\lib\MainLoop.zip.dll
+ 2011-01-28 17:17 . 2010-09-02 14:21 35840 d:\windows\system32\ZoneLabs\lib\Alert.zip.dll
+ 2011-01-28 17:17 . 2010-09-02 14:20 38912 d:\windows\system32\ZoneLabs\featuremap.dll
+ 2011-01-28 17:17 . 2010-09-02 14:20 75776 d:\windows\system32\ZoneLabs\camupd.dll
+ 2011-01-28 17:17 . 2010-09-02 14:20 69120 d:\windows\system32\zlcomm.dll
+ 2011-01-28 17:17 . 2010-09-02 14:20 43008 d:\windows\system32\vswmi.dll
+ 2011-01-28 17:17 . 2010-09-02 14:20 58368 d:\windows\system32\vsregexp.dll
+ 2011-01-15 19:39 . 2007-08-09 07:27 73728 d:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
+ 2011-01-17 03:00 . 2011-01-17 03:01 27060 d:\windows\system32\Restore\rstrlog.dat
+ 2008-04-03 13:52 . 2007-08-09 07:27 73728 d:\windows\system32\HPZipm12.exe
+ 2011-02-05 19:29 . 2010-12-14 23:51 41984 d:\windows\system32\DRVSTORE\usbaapl_A4C70B47551C2629A145AE032C4D1823570ADB7B\usbaapl.sys
+ 2011-02-05 19:29 . 2010-04-20 00:29 18432 d:\windows\system32\DRVSTORE\netaapl_8A27A03003759CB01567E831096473C330131D64\netaapl.sys
+ 2011-02-05 19:34 . 2009-05-18 18:17 26600 d:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
- 2010-12-27 21:16 . 2007-12-14 09:31 57408 d:\windows\system32\drivers\wsimd.sys
+ 2011-01-11 18:09 . 2007-12-14 09:31 57408 d:\windows\system32\drivers\wsimd.sys
+ 2010-09-01 08:30 . 2010-09-01 08:30 15544 d:\windows\system32\drivers\psi_mf.sys
+ 2008-01-29 19:01 . 2009-05-18 18:17 26600 d:\windows\system32\drivers\GEARAspiWDM.sys
+ 2010-10-07 17:23 . 2010-10-07 17:23 91424 d:\windows\system32\dnssd.dll
+ 2011-01-11 05:30 . 2011-01-11 05:30 28160 d:\windows\Installer\a08f69.msi
+ 2011-01-11 22:58 . 2011-01-11 22:58 21504 d:\windows\Installer\1347efe.msi
+ 2010-08-06 22:50 . 2011-01-18 23:27 49152 d:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-08-06 22:50 . 2010-08-06 22:50 49152 d:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-02-05 19:36 . 2011-02-05 19:36 27136 d:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
- 2008-04-03 14:09 . 2008-04-03 14:13 4212 d:\windows\system32\zllictbl.dat
+ 2008-04-03 14:09 . 2011-01-28 17:17 4212 d:\windows\system32\zllictbl.dat
+ 2011-01-11 18:09 . 2011-01-11 18:09 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\WNDA3100_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2010-12-27 21:16 . 2010-12-27 21:16 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\WNDA3100_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-12-02 18:55 . 2011-01-11 18:09 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut9_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2009-12-02 18:55 . 2010-12-27 21:16 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut9_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2009-12-02 18:55 . 2010-12-27 21:16 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut8_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-12-02 18:55 . 2011-01-11 18:09 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut8_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2011-01-11 18:09 . 2011-01-11 18:09 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut7_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2010-12-27 21:16 . 2010-12-27 21:16 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut7_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-12-02 18:55 . 2011-01-11 18:09 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut6_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2009-12-02 18:55 . 2010-12-27 21:16 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut6_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-12-02 18:55 . 2011-01-11 18:09 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut5_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2009-12-02 18:55 . 2010-12-27 21:16 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut5_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2009-12-02 18:55 . 2010-12-27 21:16 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut4_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-12-02 18:55 . 2011-01-11 18:09 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut4_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2011-01-11 18:09 . 2011-01-11 18:09 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut3_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2010-12-27 21:16 . 2010-12-27 21:16 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut3_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-12-02 18:55 . 2011-01-11 18:09 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut23_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2009-12-02 18:55 . 2010-12-27 21:16 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut23_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-12-02 18:55 . 2011-01-11 18:09 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut22_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2009-12-02 18:55 . 2010-12-27 21:16 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut22_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-12-02 18:55 . 2011-01-11 18:09 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut2_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2009-12-02 18:55 . 2010-12-27 21:16 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut2_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2009-12-02 18:55 . 2010-12-27 21:16 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut19_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-12-02 18:55 . 2011-01-11 18:09 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut19_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-12-02 18:55 . 2011-01-11 18:09 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut18_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2009-12-02 18:55 . 2010-12-27 21:16 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut18_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2009-12-02 18:55 . 2010-12-27 21:16 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut17_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-12-02 18:55 . 2011-01-11 18:09 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut17_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-12-02 18:55 . 2011-01-11 18:09 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut16_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2009-12-02 18:55 . 2010-12-27 21:16 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut16_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-12-02 18:55 . 2011-01-11 18:09 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut14_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2009-12-02 18:55 . 2010-12-27 21:16 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut14_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2009-12-02 18:55 . 2010-12-27 21:16 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut13_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-12-02 18:55 . 2011-01-11 18:09 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut13_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2009-12-02 18:55 . 2010-12-27 21:16 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut1_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-12-02 18:55 . 2011-01-11 18:09 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut1_385FFF305DB34C18B1F9D7793D1B9A0B.exe
- 2010-12-27 21:16 . 2010-12-27 21:16 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\ARPPRODUCTICON.exe
+ 2011-01-11 18:09 . 2011-01-11 18:09 3638 d:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\ARPPRODUCTICON.exe
+ 2011-01-28 17:17 . 2010-09-02 14:20 141824 d:\windows\system32\ZoneLabs\zlupdate.dll
+ 2011-01-28 17:17 . 2010-09-02 14:20 173056 d:\windows\system32\ZoneLabs\vsvault.dll
+ 2011-01-28 17:15 . 2010-09-02 14:20 211456 d:\windows\system32\ZoneLabs\vsdb.dll
+ 2011-01-28 17:17 . 2007-10-11 21:51 832984 d:\windows\system32\ZoneLabs\updating.dll
- 2008-04-03 14:09 . 2007-10-12 00:50 832984 d:\windows\system32\ZoneLabs\updating.dll
+ 2011-01-28 17:17 . 2010-09-02 14:20 434688 d:\windows\system32\ZoneLabs\ssleay32.dll
+ 2011-01-28 17:17 . 2010-09-02 14:20 135680 d:\windows\system32\ZoneLabs\scheduler.dll
+ 2011-01-28 17:17 . 2009-07-14 04:58 722392 d:\windows\system32\ZoneLabs\qrbase.dll
+ 2011-01-28 17:17 . 2010-09-02 14:21 126976 d:\windows\system32\ZoneLabs\lib\zui.zip.dll
+ 2011-01-28 17:17 . 2010-09-02 14:21 279040 d:\windows\system32\ZoneLabs\lib\TrayTest.zip.dll
+ 2011-01-28 17:17 . 2010-09-02 14:21 225792 d:\windows\system32\ZoneLabs\lib\Overview.zip.dll
+ 2011-01-28 17:17 . 2010-09-02 14:21 368640 d:\windows\system32\ZoneLabs\lib\LicenseUI.zip.dll
+ 2011-01-28 17:17 . 2010-09-02 14:21 184832 d:\windows\system32\ZoneLabs\lib\DashBoard.zip.dll
+ 2011-01-28 17:17 . 2010-09-02 14:21 375296 d:\windows\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2011-01-28 17:15 . 2010-02-08 13:41 595432 d:\windows\system32\ZoneLabs\icslta.dll
+ 2011-01-28 17:18 . 2010-05-04 19:04 284136 d:\windows\system32\ZoneLabs\ffapi.dll
+ 2011-01-28 17:17 . 2010-09-02 14:20 169984 d:\windows\system32\ZoneLabs\fbl.dll
+ 2011-01-28 17:17 . 2008-03-17 21:52 813568 d:\windows\system32\ZoneLabs\dbghelp.dll
- 2008-04-03 14:09 . 2004-01-30 20:35 813568 d:\windows\system32\ZoneLabs\dbghelp.dll
+ 2011-01-28 17:17 . 2010-09-02 14:20 103936 d:\windows\system32\zlcommdb.dll
+ 2008-06-27 21:22 . 2008-06-27 21:22 401498 d:\windows\system32\wgapi.dll
+ 2011-01-28 17:17 . 2010-09-02 14:20 110080 d:\windows\system32\vsxml.dll
+ 2011-01-28 17:15 . 2010-09-02 14:20 714240 d:\windows\system32\vsutil.dll
+ 2011-01-28 17:17 . 2010-09-02 14:20 302592 d:\windows\system32\vspubapi.dll
+ 2011-01-28 17:17 . 2010-09-02 14:20 108032 d:\windows\system32\vsmonapi.dll
+ 2011-01-28 17:15 . 2010-09-02 14:20 228352 d:\windows\system32\vsinit.dll
+ 2011-01-28 17:17 . 2010-05-13 15:02 532224 d:\windows\system32\vsdatant.sys
+ 2011-01-28 17:15 . 2010-09-02 14:20 112128 d:\windows\system32\vsdata.dll
+ 2011-01-11 06:53 . 2011-01-11 06:53 233936 d:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
+ 2011-01-11 06:53 . 2011-01-11 06:53 311248 d:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.dll
+ 2011-02-19 18:59 . 2011-02-03 02:40 157472 d:\windows\system32\javaws.exe
+ 2011-02-19 18:59 . 2011-02-03 02:40 145184 d:\windows\system32\javaw.exe
+ 2011-02-19 18:59 . 2011-02-03 02:40 145184 d:\windows\system32\java.exe
- 2008-01-29 19:02 . 2008-01-29 19:02 107368 d:\windows\system32\GEARAspi.dll
+ 2008-01-29 19:02 . 2008-04-17 17:12 107368 d:\windows\system32\GEARAspi.dll
+ 2011-02-05 19:34 . 2008-04-17 17:12 107368 d:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
+ 2010-10-07 17:23 . 2010-10-07 17:23 197920 d:\windows\system32\dnssdX.dll
+ 2010-10-07 17:23 . 2010-10-07 17:23 107808 d:\windows\system32\dns-sd.exe
+ 2011-01-10 06:25 . 2011-01-10 06:25 262144 d:\windows\system32\config\systemprofile\NtUser.dat
+ 2010-04-21 20:31 . 2011-01-18 23:43 861120 d:\windows\Installer\SandboxieInstall32.exe
+ 2011-01-11 06:42 . 2011-01-11 06:42 279552 d:\windows\Installer\bd70b.msi
+ 2011-01-11 06:42 . 2011-01-11 06:42 164864 d:\windows\Installer\bd707.msi
+ 2011-01-11 06:42 . 2011-01-11 06:42 186880 d:\windows\Installer\bd701.msi
+ 2011-01-11 06:41 . 2011-01-11 06:41 203776 d:\windows\Installer\bd6e7.msi
+ 2011-02-19 19:50 . 2011-02-19 19:50 180224 d:\windows\Installer\81a18de.msi
+ 2011-02-05 19:24 . 2011-02-05 19:24 811008 d:\windows\Installer\5b5ffc.msi
+ 2011-01-10 07:33 . 2011-01-10 07:33 675840 d:\windows\Installer\37a3bd.msi
+ 2011-01-10 06:51 . 2011-01-10 06:51 219648 d:\windows\Installer\11379d.msi
+ 2011-02-05 19:35 . 2011-02-05 19:35 380928 d:\windows\Installer\{AAD47011-8518-4608-9656-951DA35B587B}\iTunesIco.exe
+ 2011-01-11 05:31 . 2011-01-11 05:31 102400 d:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2008-07-10 20:54 . 2010-12-07 16:44 562000 d:\windows\Downloaded Program Files\MSDcode.dll
+ 2011-01-28 17:17 . 2010-09-02 14:20 1238528 d:\windows\system32\zpeng25.dll
+ 2011-01-28 17:17 . 2010-09-02 14:20 1790464 d:\windows\system32\ZoneLabs\vsruledb.dll
+ 2011-01-28 17:17 . 2010-09-02 14:22 2435592 d:\windows\system32\ZoneLabs\vsmon.exe
+ 2011-01-28 17:17 . 2010-09-02 14:21 1536512 d:\windows\system32\ZoneLabs\lib\zpy.zip.dll
+ 2011-02-05 19:29 . 2010-12-14 23:51 4184352 d:\windows\system32\DRVSTORE\usbaapl_A4C70B47551C2629A145AE032C4D1823570ADB7B\usbaaplrc.dll
+ 2011-02-05 19:29 . 2010-04-20 00:29 1461992 d:\windows\system32\DRVSTORE\netaapl_8A27A03003759CB01567E831096473C330131D64\wdfcoinstaller01009.dll
+ 2011-01-11 06:41 . 2011-01-11 06:41 2689536 d:\windows\Installer\bd6ed.msp
+ 2011-01-11 05:39 . 2011-01-11 05:39 2283008 d:\windows\Installer\a090a6.msi
+ 2011-01-11 05:31 . 2011-01-11 05:31 2086912 d:\windows\Installer\a08f70.msi
+ 2011-02-05 19:36 . 2011-02-05 19:36 1549312 d:\windows\Installer\5b6734.msi
+ 2011-02-05 19:35 . 2011-02-05 19:35 6596096 d:\windows\Installer\5b6703.msi
+ 2011-02-05 19:29 . 2011-02-05 19:29 3085312 d:\windows\Installer\5b6053.msi
+ 2011-02-05 19:28 . 2011-02-05 19:28 1984000 d:\windows\Installer\5b601f.msi
+ 2011-02-05 19:23 . 2011-02-05 19:23 9472000 d:\windows\Installer\5b5ff6.msi
+ 2011-01-11 18:09 . 2011-01-11 18:09 1785856 d:\windows\Installer\29c33d.msi
+ 2011-01-18 23:24 . 2011-01-18 23:24 20303872 d:\windows\Installer\d2872.msp
+ 2009-12-02 18:54 . 2011-01-11 18:08 15138304 d:\windows\Downloaded Installations\{BB1F9BC3-F3C9-499B-BDEA-C2A672A4F8D9}\WN111v2.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 03:44 1400712 ----a-w- d:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "d:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "d:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SandboxieControl "= "d:\program files\Sandboxie\SbieCtrl.exe" [2011-01-12 405736]
"msnmsgr "= "d:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ComcastAntispyClient "= "d:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
"FileHippo.com "= "d:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "d:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"HP Software Update "= "d:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
"Adobe Reader Speed Launcher "= "d:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM "= "d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"MSN Toolbar "= "d:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]
"Microsoft Default Manager "= "d:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"jswtrayutil "= "d:\program files\NETGEAR\WN111v2\jswtrayutil.exe" [BU]
"ZoneAlarm Client "= "d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-02 1043968]
"QuickTime Task "= "d:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper "= "d:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "d:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3 "= "advpack.dll" [2009-06-29 124928]
"WUAppSetup "= "d:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 430080]
.
d:\documents and settings\Nelson Ramon Arucas\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - d:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
Xfire.lnk - d:\program files\Xfire\xfire.exe [2011-2-25 3502992]
.
d:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - d:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
hp psc 2000 Series.lnk - d:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-6-27 323646]
Launch Profile Launcher.lnk - d:\program files\Saitek\Software\ProfilerU.exe [2008-4-8 163840]
Logitech Desktop Messenger.lnk - d:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-4-3 169472]
McAfee Security Scan Plus.lnk - d:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
NETGEAR WN111v2 Smart Wizard.lnk - d:\program files\NETGEAR\WN111v2\WN111V2.exe [2009-11-4 1507431]
officejet 6100.lnk - d:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-6-27 147456]
Secunia PSI Tray.lnk - d:\program files\Secunia\PSI\psi_tray.exe [2011-1-5 291896]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel "= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate "= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast "= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"d:\program files\Gameforge4D\AirRivals\Launcher.atm "= d:\program files\Gameforge4D\AirRivals\Launcher.atm:Enabled:GameExe2
"d:\program files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe "= d:\program files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe:Enabled:GameVoIP
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"d:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"d:\\WINDOWS\\system32\\sessmgr.exe "=
"d:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"d:\\Program Files\\Xfire\\xfire.exe "=
"d:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe "=
"d:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe "=
"d:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe "=
"d:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe "=
"d:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe "=
"d:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe "=
"d:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe "=
"d:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe "=
"d:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe "=
"d:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe "=
"d:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"d:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe "=
"d:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe "=
"d:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe "=
"d:\\Program Files\\Ventrilo\\Ventrilo.exe "=
"d:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe "=
"d:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe "=
"d:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe "=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"d:\\Program Files\\iTunes\\iTunes.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56143:TCP "= 56143:TCPando Media Booster
"56143:UDP "= 56143:UDPando Media Booster
.
R2 AntiSpywareService;Comcast AntiSpyware;d:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [6/17/2009 12:49 PM 616408]
R2 PEDRV;P&E Microcomputer System PCI Driver.;d:\windows\system32\drivers\pedrv.sys [8/3/2000 1:25 PM 23296]
R2 Secunia PSI Agent;Secunia PSI Agent;d:\program files\Secunia\PSI\psia.exe [1/5/2011 5:31 AM 988216]
R2 Secunia Update Agent;Secunia Update Agent;d:\program files\Secunia\PSI\sua.exe [1/5/2011 5:31 AM 399416]
R2 WinDefend;Windows Defender;d:\program files\Windows Defender\MsMpEng.exe [11/3/2006 10:19 PM 13592]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;d:\windows\system32\DNINDIS5.sys [7/24/2003 12:10 PM 17149]
R3 JSWSCIMD;jswscimd Service;d:\windows\system32\drivers\jswscimd.sys [10/1/2008 4:45 PM 57440]
R3 PSI;PSI;d:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
R3 SaiH5F0D;SaiH5F0D;d:\windows\system32\drivers\SaiH5F0D.sys [4/4/2008 1:15 AM 176640]
R3 SaiU5F0D;SaiU5F0D;d:\windows\system32\drivers\SaiU5F0D.sys [4/4/2008 1:15 AM 27264]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;d:\windows\system32\drivers\WN111v2.sys [1/14/2009 2:23 AM 458752]
S2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [1/10/2011 1:51 AM 136176]
S3 jswpsapi;Jumpstart Wifi Protected Setup;d:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 11:54 AM 360547]
S3 McComponentHostService;McAfee Security Scan Component Host Service;d:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;d:\windows\System32\svchost.exe -k nosGetPlusHelper [8/3/2004 7:07 PM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-01 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
2008-07-08 d:\windows\Tasks\FRU Task 2002-06-27 08:46ewlett-Packard2002-06-27 08:46p psc 2200 seriesF56855811176EC24C9B302F94878AD886AF77CFF207566146.job
- d:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-27 08:46]
.
2011-03-05 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-01-10 06:51]
.
2011-03-05 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-01-10 06:51]
.
2011-03-05 d:\windows\Tasks\MP Scheduled Scan.job
- d:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]
.
2011-03-05 d:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- d:\program files\Ask.com\UpdateTask.exe [2010-09-29 03:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-05 14:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-343818398-813497703-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1480)
d:\program files\CA\PPRT\bin\CACheck.dll
d:\program files\CA\PPRT\bin\CAHook.dll
d:\program files\CA\PPRT\bin\CAServer.dll
.
- - - - - - - > 'explorer.exe'(876)
d:\windows\system32\WININET.dll
d:\program files\CA\PPRT\bin\CACheck.dll
d:\program files\CA\PPRT\bin\CAHook.dll
d:\program files\CA\PPRT\bin\CAServer.dll
d:\program files\Xfire\xfire_toucan_44036.dll
d:\windows\IME\SPGRMR.DLL
d:\program files\Common Files\Microsoft Shared\INK\PENUSA.DLL
d:\windows\system32\ieframe.dll
d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
Completion time: 2011-03-05 14:11:45
ComboFix-quarantined-files.txt 2011-03-05 19:11
ComboFix2.txt 2011-01-08 18:44
.
Pre-Run: 23,461,986,304 bytes free
Post-Run: 23,511,851,008 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - FB6758E6898F3D1959F693AC800AA2B3

 

OTL logfile created on: 3/5/2011 6:52:18 PM - Run 2
OTL by OldTimer - Version 3.2.20.1 Folder = D:\Documents and Settings\Nelson Ramon Arucas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 2686 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 5.08 Gb Total Space | 0.03 Gb Free Space | 0.62% Space Free | Partition Type: FAT32
Drive D: | 50.83 Gb Total Space | 21.67 Gb Free Space | 42.64% Space Free | Partition Type: NTFS

Computer Name: NELSON-43082967 | User Name: Nelson Ramon Arucas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/25 20:19:28 | 003,502,992 | ---- | M] (Xfire Inc.) -- D:\Program Files\Xfire\xfire.exe
PRC - [2011/02/23 10:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/01/12 09:35:54 | 000,405,736 | ---- | M] (SANDBOXIE L.T.D) -- D:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2011/01/12 09:35:52 | 000,069,864 | ---- | M] (SANDBOXIE L.T.D) -- D:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2011/01/07 19:57:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\OTL.exe
PRC - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) -- D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011/01/05 05:31:34 | 000,399,416 | ---- | M] (Secunia) -- D:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/01/05 05:31:32 | 000,988,216 | ---- | M] (Secunia) -- D:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/01/05 05:31:32 | 000,291,896 | ---- | M] (Secunia) -- D:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/09/02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- D:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/09/02 09:21:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/08/09 07:47:54 | 000,248,832 | ---- | M] (FileHippo.com) -- D:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2010/07/06 12:30:48 | 000,240,480 | ---- | M] (Microsoft Corp.) -- D:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- D:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/11/04 10:20:04 | 001,507,431 | ---- | M] (NETGEAR) -- D:\Program Files\NETGEAR\WN111v2\WN111V2.exe
PRC - [2009/08/19 12:25:52 | 001,589,208 | ---- | M] () -- D:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
PRC - [2009/08/07 17:15:06 | 000,311,152 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () -- D:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2009/02/06 17:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2008/09/30 17:46:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- D:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/09/30 17:46:12 | 007,424,000 | ---- | M] (OpenOffice.org) -- D:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/07/07 07:15:18 | 000,611,664 | ---- | M] (Lavasoft) -- D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/06/27 16:24:34 | 000,467,028 | ---- | M] (Atheros) -- D:\WINDOWS\system32\acs.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2007/09/26 12:55:04 | 000,283,912 | ---- | M] (CA, Inc.) -- D:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
PRC - [2006/11/03 22:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 22:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/12/15 12:47:22 | 000,204,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2005/12/15 11:40:44 | 000,282,624 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2005/12/15 11:18:50 | 000,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- D:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2005/10/18 16:34:08 | 000,163,840 | ---- | M] (Saitek) -- D:\Program Files\Saitek\Software\ProfilerU.exe
PRC - [2002/06/27 03:53:26 | 000,303,104 | ---- | M] (Hewlett-Packard Co.) -- D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2002/06/27 03:34:44 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2002/06/27 03:21:30 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
PRC - [2002/06/27 03:20:58 | 000,323,646 | ---- | M] (Hewlett-Packard Co.) -- D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
PRC - [2002/04/11 06:19:36 | 000,077,824 | ---- | M] () -- D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe


========== Modules (SafeList) ==========

MOD - [2011/02/25 20:19:34 | 000,972,176 | ---- | M] (Xfire Inc.) -- D:\Program Files\Xfire\xfire_toucan_44036.dll
MOD - [2011/02/23 10:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2011/01/07 19:57:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\OTL.exe
MOD - [2008/04/13 19:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/13 19:12:06 | 000,250,368 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\ime\sptip.dll
MOD - [2008/04/13 19:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/13 11:43:18 | 000,062,976 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\ime\spgrmr.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - File not found [Disabled | Stopped] -- D:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/01/12 09:35:52 | 000,069,864 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- D:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/01/05 05:31:34 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- D:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/01/05 05:31:32 | 000,988,216 | ---- | M] (Secunia) [Auto | Running] -- D:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2010/11/29 10:41:26 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- D:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/09/02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- D:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- D:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/06 09:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- D:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/08/05 21:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/06/17 12:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- D:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2008/07/07 07:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/06/27 16:24:34 | 000,467,028 | ---- | M] (Atheros) [Auto | Running] -- D:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/02/27 11:54:52 | 000,360,547 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- D:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
SRV - [2007/09/26 12:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Running] -- D:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- D:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/03 22:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Running] -- D:\DOCUME~1\NELSON~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/02/23 09:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- D:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 09:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 09:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 09:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- D:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 09:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 09:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 09:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- D:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/01/12 09:35:48 | 000,125,672 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- D:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- D:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- D:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/08/05 21:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/01/14 02:23:00 | 000,458,752 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\WN111v2.sys -- (WN111v2)
DRV - [2008/10/01 16:45:52 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/09/17 22:55:00 | 006,132,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/08/01 17:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 17:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/13 13:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/30 13:28:36 | 004,725,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/12/14 04:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/03/27 17:59:40 | 000,166,912 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2007/02/03 09:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 09:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2006/08/14 16:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/07/02 00:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/02/28 05:52:36 | 000,035,200 | R--- | M] (Saitek) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2006/02/28 05:52:36 | 000,013,824 | R--- | M] (Saitek) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2005/11/14 12:19:30 | 000,027,264 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\SaiU5F0D.sys -- (SaiU5F0D)
DRV - [2005/11/14 12:19:26 | 000,176,640 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\SaiH5F0D.sys -- (SaiH5F0D)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2002/06/10 17:16:34 | 000,371,766 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0)
DRV - [2000/08/03 13:25:12 | 000,023,296 | ---- | M] () [Kernel | Auto | Running] -- D:\WINDOWS\System32\drivers\pedrv.sys -- (PEDRV)
DRV - [1996/04/03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Auto | Running] -- D:\WINDOWS\System32\drivers\GIVEIO.SYS -- (GIVEIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-343818398-813497703-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-343818398-813497703-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-343818398-813497703-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-343818398-813497703-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-21-343818398-813497703-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
IE - HKU\S-1-5-21-343818398-813497703-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
IE - HKU\S-1-5-21-343818398-813497703-682003330-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-343818398-813497703-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-343818398-813497703-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-21-343818398-813497703-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-343818398-813497703-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-343818398-813497703-682003330-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-343818398-813497703-682003330-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: D:\Program Files\MSN Toolbar\Platform\4.0.0417.0\Firefox [2011/01/11 01:41:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/01/11 01:42:19 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/01/08 13:41:00 | 000,000,027 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - D:\Program Files\comcasttb\comcastdx.dll ()
O2 - BHO: (no name) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - D:\Program Files\WOT\WOT.dll ()
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - D:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - D:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - D:\Program Files\comcasttb\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - D:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! ¤u¨Ã£¦C) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-343818398-813497703-682003330-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-343818398-813497703-682003330-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - d:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-343818398-813497703-682003330-1003\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - D:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-343818398-813497703-682003330-1003\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-343818398-813497703-682003330-1004\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - d:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-343818398-813497703-682003330-1005\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-343818398-813497703-682003330-1005\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - d:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Software Update] D:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [jswtrayutil] D:\Program Files\NETGEAR\WN111v2\jswtrayutil.exe File not found
O4 - HKLM..\Run: [Microsoft Default Manager] D:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] D:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-343818398-813497703-682003330-1003..\Run: [ComcastAntispyClient] D:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O4 - HKU\S-1-5-21-343818398-813497703-682003330-1003..\Run: [FileHippo.com] D:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-343818398-813497703-682003330-1003..\Run: [SandboxieControl] D:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-343818398-813497703-682003330-1003..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-343818398-813497703-682003330-1003..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-343818398-813497703-682003330-1004..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe File not found
O4 - HKU\S-1-5-21-343818398-813497703-682003330-1004..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-343818398-813497703-682003330-1004..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-343818398-813497703-682003330-1005..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe File not found
O4 - HKU\S-1-5-21-343818398-813497703-682003330-1006..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe File not found
O4 - HKU\S-1-5-21-343818398-813497703-682003330-1007..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe File not found
O4 - HKU\.DEFAULT..\RunOnce: [WUAppSetup] D:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 File not found
O4 - HKU\S-1-5-18..\RunOnce: [WUAppSetup] D:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 File not found
O4 - HKU\S-1-5-21-343818398-813497703-682003330-1004..\RunOnce: [FlashPlayerUpdate] D:\WINDOWS\System32\Macromed\Flash\FlashUtil9f.exe File not found
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Profile Launcher.lnk = D:\Program Files\Saitek\Software\ProfilerU.exe (Saitek)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = D:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk = D:\Program Files\NETGEAR\WN111v2\WN111V2.exe (NETGEAR)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = D:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: D:\Documents and Settings\Nelson Ramon Arucas\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = D:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: D:\Documents and Settings\Nelson Ramon Arucas\Start Menu\Programs\Startup\Xfire.lnk = D:\Program Files\Xfire\xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-813497703-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-813497703-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-343818398-813497703-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-343818398-813497703-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-343818398-813497703-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-813497703-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-813497703-682003330-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-813497703-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-813497703-682003330-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-813497703-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-813497703-682003330-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-813497703-682003330-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/downl...75-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} D:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DeviceEnum Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272133539471 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1272133528581 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} http://ipgweb.cce.hp.com/rdqaio2/downloads/msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - D:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - D:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Documents and Settings\Nelson Ramon Arucas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\Nelson Ramon Arucas\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - D:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | RHS- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - D:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - D:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - C:\WINDOWS\system32\wuauserv.dll File not found

Drivers32: msacm.iac2 - D:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - D:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - D:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - D:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd - D:\WINDOWS\System32\Dvc.dll (Adaptec)
Drivers32: VIDC.I420 - D:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XFR1 - D:\WINDOWS\System32\xfcodec.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56308550258917376)

========== Files/Folders - Created Within 30 Days ==========

[2011/03/05 15:12:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\malware thread files for room pc
[2011/03/05 15:07:30 | 000,019,544 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/03/05 15:07:30 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/03/05 15:07:29 | 000,301,528 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswSP.sys
[2011/03/05 15:07:27 | 000,025,432 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys
[2011/03/05 15:07:26 | 000,371,544 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswSnx.sys
[2011/03/05 15:07:26 | 000,049,240 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys
[2011/03/05 15:07:25 | 000,102,232 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys
[2011/03/05 15:07:25 | 000,096,344 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswmon.sys
[2011/03/05 15:07:24 | 000,030,680 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys
[2011/03/05 15:05:04 | 000,190,016 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\aswBoot.exe
[2011/03/05 15:05:04 | 000,040,648 | ---- | C] (AVAST Software) -- D:\WINDOWS\avastSS.scr
[2011/03/05 13:49:28 | 000,212,480 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWXCACLS.exe
[2011/03/05 13:49:28 | 000,161,792 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe
[2011/03/05 13:49:28 | 000,136,704 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe
[2011/03/05 13:49:28 | 000,031,232 | ---- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe
[2011/03/05 13:33:49 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Nelson Ramon Arucas\Recent
[2011/03/02 22:33:17 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/03/02 22:33:16 | 000,000,000 | ---D | C] -- D:\Program Files\AVAST Software
[2011/03/02 22:05:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\folder of avast
[2011/02/25 02:04:57 | 000,000,000 | ---D | C] -- D:\fbfc6cc0495fefa7710205ca
[2011/02/05 14:34:38 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/02/05 14:33:15 | 000,000,000 | ---D | C] -- D:\Program Files\iPod
[2011/02/05 14:33:01 | 000,000,000 | ---D | C] -- D:\Program Files\iTunes
[2011/02/05 14:33:01 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/02/05 14:28:29 | 000,000,000 | ---D | C] -- D:\Program Files\Bonjour
[2011/02/05 14:23:22 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

========== Files - Modified Within 30 Days ==========

[2011/03/05 18:03:01 | 000,000,912 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/05 18:03:01 | 000,000,908 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/05 18:01:07 | 000,000,262 | ---- | M] () -- D:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/03/05 15:07:31 | 000,001,689 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/05 15:07:26 | 000,002,625 | ---- | M] () -- D:\WINDOWS\System32\CONFIG.NT
[2011/03/05 13:48:37 | 004,280,953 | R--- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\ComboFix.exe
[2011/03/05 13:43:06 | 000,192,453 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml
[2011/03/05 13:42:54 | 000,000,330 | -H-- | M] () -- D:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/03/05 13:39:24 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2011/03/05 12:31:12 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2011/03/04 11:30:15 | 000,048,238 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Dungeon Fighter Online.url
[2011/03/01 17:43:12 | 000,000,284 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/26 16:50:46 | 000,024,576 | ---- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/25 20:19:32 | 000,041,872 | ---- | M] () -- D:\WINDOWS\System32\xfcodec.dll
[2011/02/23 10:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- D:\WINDOWS\avastSS.scr
[2011/02/23 10:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\aswBoot.exe
[2011/02/23 09:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswSnx.sys
[2011/02/23 09:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswSP.sys
[2011/02/23 09:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys
[2011/02/23 09:55:47 | 000,102,232 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys
[2011/02/23 09:55:44 | 000,096,344 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswmon.sys
[2011/02/23 09:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys
[2011/02/23 09:54:57 | 000,030,680 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys
[2011/02/23 09:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/02/22 13:42:31 | 000,000,082 | ---- | M] () -- D:\WINDOWS\wininit.ini
[2011/02/21 22:06:36 | 000,000,981 | ---- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/02/21 22:06:36 | 000,000,963 | ---- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\Spybot - Search & Destroy.lnk
[2011/02/05 14:34:38 | 000,001,542 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/02/05 14:23:22 | 000,001,604 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

========== Files Created - No Company Name ==========

[2011/03/05 15:07:31 | 000,001,689 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/05 13:49:28 | 000,256,512 | ---- | C] () -- D:\WINDOWS\PEV.exe
[2011/03/05 13:49:28 | 000,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe
[2011/03/05 13:49:28 | 000,089,088 | ---- | C] () -- D:\WINDOWS\MBR.exe
[2011/03/05 13:49:28 | 000,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe
[2011/03/05 13:49:28 | 000,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe
[2011/03/05 13:48:34 | 004,280,953 | R--- | C] () -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\ComboFix.exe
[2011/02/25 20:19:32 | 000,041,872 | ---- | C] () -- D:\WINDOWS\System32\xfcodec.dll
[2011/02/22 13:42:31 | 000,000,082 | ---- | C] () -- D:\WINDOWS\wininit.ini
[2011/02/05 14:36:07 | 000,000,284 | ---- | C] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/05 14:34:38 | 000,001,542 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/02/05 14:23:22 | 000,001,604 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/05/20 19:08:00 | 000,000,018 | -HS- | C] () -- D:\WINDOWS\WINPROD.DLL
[2010/04/02 22:04:30 | 000,000,262 | ---- | C] () -- D:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/03/07 17:36:50 | 000,000,221 | ---- | C] () -- D:\WINDOWS\NCLogConfig.ini
[2010/03/07 16:42:21 | 000,077,824 | R--- | C] () -- D:\WINDOWS\System32\hpzids01.dll
[2009/09/10 20:54:27 | 000,003,412 | ---- | C] () -- D:\WINDOWS\Sandboxie.ini
[2009/06/17 00:37:35 | 000,000,062 | ---- | C] () -- D:\WINDOWS\pcvcdbr.INI
[2009/06/17 00:37:35 | 000,000,000 | ---- | C] () -- D:\WINDOWS\pcvcdvw.INI
[2009/02/21 22:41:42 | 000,000,040 | ---- | C] () -- D:\WINDOWS\System32\Sx5363.ini
[2009/02/21 07:25:20 | 000,691,592 | ---- | C] () -- D:\WINDOWS\System32\OGACheckControl.DLL
[2008/10/26 21:47:11 | 000,151,552 | ---- | C] () -- D:\WINDOWS\System32\nvRegDev.dll
[2008/07/30 23:46:36 | 000,024,576 | ---- | C] () -- D:\Documents and Settings\Nelson Ramon Arucas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/27 16:18:04 | 000,262,216 | ---- | C] () -- D:\WINDOWS\System32\IPTests.dll
[2008/06/17 13:37:52 | 000,044,032 | ---- | C] () -- D:\WINDOWS\System32\tbdml.dll
[2008/04/07 00:54:12 | 000,000,975 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/04/04 00:11:06 | 000,000,000 | ---- | C] () -- D:\WINDOWS\msicpl.ini
[2008/04/03 09:23:38 | 000,006,048 | ---- | C] () -- D:\WINDOWS\System32\MCC16.dll
[2008/04/03 09:22:54 | 000,040,448 | ---- | C] () -- D:\WINDOWS\System32\BJAXSecurityManager.dll
[2008/04/03 09:22:53 | 000,086,016 | ---- | C] () -- D:\WINDOWS\System32\BJInstaller.dll
[2008/04/03 08:56:03 | 000,000,158 | ---- | C] () -- D:\WINDOWS\pagesuit.ini
[2008/04/03 08:56:02 | 000,023,040 | ---- | C] () -- D:\WINDOWS\System32\irisco32.dll
[2008/04/03 08:51:03 | 000,552,960 | R--- | C] () -- D:\WINDOWS\System32\hpotscl.dll
[2008/04/03 08:28:24 | 000,000,376 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2008/04/03 07:33:52 | 000,000,002 | ---- | C] () -- D:\WINDOWS\PhotoSuite.ini
[2008/04/03 07:33:43 | 000,458,752 | ---- | C] () -- D:\WINDOWS\System32\Fpl.dll
[2008/04/03 07:33:43 | 000,122,880 | ---- | C] () -- D:\WINDOWS\System32\JPEGLIB.DLL
[2008/04/03 07:33:43 | 000,019,968 | ---- | C] () -- D:\WINDOWS\System32\CPUINF32.DLL
[2008/04/03 07:33:42 | 000,332,800 | ---- | C] () -- D:\WINDOWS\System32\FPXLIB.DLL
[2008/04/03 06:58:49 | 000,000,241 | ---- | C] () -- D:\WINDOWS\QSync.INI
[2008/04/03 06:57:57 | 000,050,127 | ---- | C] () -- D:\WINDOWS\System32\lvcoinst.ini
[2008/04/03 06:57:28 | 000,147,456 | ---- | C] () -- D:\WINDOWS\System32\MimicICM.dll
[2008/04/02 23:41:40 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2008/01/31 19:18:14 | 000,009,216 | ---- | C] () -- D:\WINDOWS\System32\drivers\FlashSys.sys
[2007/07/25 18:55:24 | 000,262,144 | ---- | C] () -- D:\WINDOWS\System32\HookMAp.dll
[2007/07/25 18:54:30 | 000,266,240 | ---- | C] () -- D:\WINDOWS\System32\HookShield.dll
[2007/06/29 02:43:00 | 001,724,416 | ---- | C] () -- D:\WINDOWS\System32\nvwdmcpl.dll
[2007/06/29 02:43:00 | 001,503,232 | ---- | C] () -- D:\WINDOWS\System32\nview.dll
[2007/06/29 02:43:00 | 001,101,824 | ---- | C] () -- D:\WINDOWS\System32\nvwimg.dll
[2007/06/29 02:43:00 | 000,466,944 | ---- | C] () -- D:\WINDOWS\System32\nvshell.dll
[2007/05/01 17:49:40 | 000,005,632 | ---- | C] () -- D:\WINDOWS\System32\SaiC5F0D_11.dll
[2006/08/16 17:35:00 | 000,581,632 | ---- | C] () -- D:\WINDOWS\System32\nvhwvid.dll
[2006/08/16 17:35:00 | 000,286,720 | ---- | C] () -- D:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/14 13:31:06 | 000,032,768 | ---- | C] () -- D:\WINDOWS\System32\Auxiliary.dll
[2006/07/13 07:00:04 | 000,131,072 | ---- | C] () -- D:\WINDOWS\System32\smdll.dll
[2006/06/01 19:22:00 | 000,009,728 | ---- | C] () -- D:\WINDOWS\System32\sysinfoX64.sys
[2006/06/01 19:22:00 | 000,008,192 | ---- | C] () -- D:\WINDOWS\System32\sysinfo.sys
[2005/03/09 19:50:20 | 000,033,792 | ---- | C] () -- D:\WINDOWS\System32\drivers\libusb0.sys
[2004/09/10 20:21:34 | 002,164,117 | RH-- | C] () -- D:\Program Files\EV561405.CAB
[2004/09/10 20:21:32 | 002,977,781 | RH-- | C] () -- D:\Program Files\E3561405.CAB
[2004/09/10 20:21:32 | 000,720,116 | RH-- | C] () -- D:\Program Files\E4561410.CAB
[2004/09/10 20:21:30 | 005,331,769 | RH-- | C] () -- D:\Program Files\E2561410.CAB
[2004/09/10 20:21:26 | 002,306,744 | RH-- | C] () -- D:\Program Files\CR561401.CAB
[2004/09/10 20:21:26 | 000,611,657 | RH-- | C] () -- D:\Program Files\CS

 

561401.CAB
[2004/09/10 20:21:24 | 002,487,448 | RH-- | C] () -- D:\Program Files\CP561401.CAB
[2004/09/10 20:21:22 | 001,232,028 | RH-- | C] () -- D:\Program Files\CM561401.CAB
[2004/09/10 20:21:22 | 000,706,243 | RH-- | C] () -- D:\Program Files\CL561401.CAB
[2004/09/10 20:21:20 | 002,071,027 | RH-- | C] () -- D:\Program Files\CF561401.CAB
[2004/09/10 20:21:20 | 000,323,898 | RH-- | C] () -- D:\Program Files\CD561401.CAB
[2004/09/10 20:21:18 | 001,952,821 | RH-- | C] () -- D:\Program Files\AV561403.CAB
[2004/09/10 20:21:18 | 001,681,457 | RH-- | C] () -- D:\Program Files\CC561401.CAB
[2004/09/10 20:21:16 | 003,032,343 | RH-- | C] () -- D:\Program Files\A4561405.CAB
[2004/09/10 20:21:14 | 005,675,627 | RH-- | C] () -- D:\Program Files\A3561405.CAB
[2004/09/10 20:21:10 | 003,580,152 | RH-- | C] () -- D:\Program Files\A2561405.CAB
[2004/09/10 20:20:36 | 002,277,520 | RH-- | C] () -- D:\Program Files\MC561403.CAB
[2004/09/10 20:20:36 | 000,915,570 | RH-- | C] () -- D:\Program Files\MG561403.CAB
[2004/09/10 20:20:34 | 003,563,686 | RH-- | C] () -- D:\Program Files\M9561403.CAB
[2004/09/10 20:20:34 | 000,313,441 | RH-- | C] () -- D:\Program Files\MA561403.CAB
[2004/09/10 20:20:32 | 012,037,546 | RH-- | C] () -- D:\Program Files\M4561403.CAB
[2004/09/10 20:20:24 | 005,279,842 | RH-- | C] () -- D:\Program Files\M3561404.CAB
[2004/09/10 20:20:22 | 000,050,808 | RH-- | C] () -- D:\Program Files\M2561406.CAB
[2004/09/10 20:20:20 | 001,867,474 | RH-- | C] () -- D:\Program Files\L3561403.CAB
[2004/09/10 20:20:20 | 001,054,743 | RH-- | C] () -- D:\Program Files\L4561403.CAB
[2004/09/10 20:20:20 | 000,947,433 | RH-- | C] () -- D:\Program Files\LV561403.CAB
[2004/09/10 20:20:20 | 000,300,700 | RH-- | C] () -- D:\Program Files\L9561403.CAB
[2004/09/10 20:20:18 | 010,629,703 | RH-- | C] () -- D:\Program Files\L2561403.CAB
[2004/09/10 20:20:12 | 013,650,283 | RH-- | C] () -- D:\Program Files\IU561401.CAB
[2004/09/10 20:20:02 | 001,673,946 | RH-- | C] () -- D:\Program Files\G3561403.CAB
[2004/09/10 20:20:02 | 000,466,445 | RH-- | C] () -- D:\Program Files\GV561403.CAB
[2004/09/10 20:20:02 | 000,107,046 | RH-- | C] () -- D:\Program Files\IJ561401.CAB
[2004/09/10 20:20:02 | 000,038,260 | RH-- | C] () -- D:\Program Files\IS561401.CAB
[2004/09/10 20:19:40 | 002,679,261 | RH-- | C] () -- D:\Program Files\ZC561402.CAB
[2004/09/10 20:19:40 | 001,692,636 | RH-- | C] () -- D:\Program Files\ZD561402.CAB
[2004/09/10 20:19:40 | 000,763,821 | RH-- | C] () -- D:\Program Files\ZE561406.CAB
[2004/09/10 20:19:38 | 047,671,800 | RH-- | C] () -- D:\Program Files\YS561401.CAB
[2004/09/10 20:19:38 | 000,192,632 | RH-- | C] () -- D:\Program Files\ZA561401.CAB
[2004/09/10 20:19:38 | 000,014,446 | RH-- | C] () -- D:\Program Files\YT561401.CAB
[2004/09/10 20:19:18 | 000,821,637 | RH-- | C] () -- D:\Program Files\YO561403.CAB
[2004/09/10 20:19:16 | 004,475,718 | RH-- | C] () -- D:\Program Files\YH561403.CAB
[2004/09/10 20:19:16 | 001,539,271 | RH-- | C] () -- D:\Program Files\YL561402.CAB
[2004/09/10 20:19:16 | 001,440,029 | RH-- | C] () -- D:\Program Files\YI561401.CAB
[2004/09/10 20:19:16 | 000,063,208 | RH-- | C] () -- D:\Program Files\YM561403.CAB
[2004/09/10 20:19:14 | 000,614,643 | RH-- | C] () -- D:\Program Files\YC561403.CAB
[2004/09/10 20:19:12 | 008,012,757 | RH-- | C] () -- D:\Program Files\YB561408.CAB
[2004/09/10 20:19:10 | 008,114,251 | RH-- | C] () -- D:\Program Files\YA561403.CAB
[2004/09/10 20:19:06 | 001,013,663 | RH-- | C] () -- D:\Program Files\X3561401.CAB
[2004/09/10 20:19:04 | 009,298,714 | RH-- | C] () -- D:\Program Files\X2561401.CAB
[2004/09/10 20:19:00 | 002,948,275 | RH-- | C] () -- D:\Program Files\WV561405.CAB
[2004/09/10 20:18:58 | 001,038,975 | RH-- | C] () -- D:\Program Files\W4561405.CAB
[2004/09/10 20:18:58 | 000,456,846 | RH-- | C] () -- D:\Program Files\ZY561401.CAB
[2004/09/10 20:18:58 | 000,441,429 | RH-- | C] () -- D:\Program Files\ZS561401.CAB
[2004/09/10 20:18:58 | 000,353,051 | RH-- | C] () -- D:\Program Files\ZT561401.CAB
[2004/09/10 20:18:58 | 000,091,858 | RH-- | C] () -- D:\Program Files\ZV561401.CAB
[2004/09/10 20:18:58 | 000,027,929 | RH-- | C] () -- D:\Program Files\ZR561403.CAB
[2004/09/10 20:18:58 | 000,017,922 | RH-- | C] () -- D:\Program Files\ZU561401.CAB
[2004/09/10 20:18:58 | 000,006,291 | RH-- | C] () -- D:\Program Files\ZZ561401.CAB
[2004/09/10 20:18:56 | 002,266,659 | RH-- | C] () -- D:\Program Files\ZF612702.CAB
[2004/09/10 20:18:56 | 000,668,276 | RH-- | C] () -- D:\Program Files\ZQ561401.CAB
[2004/09/10 20:18:56 | 000,310,133 | RH-- | C] () -- D:\Program Files\ZO561401.CAB
[2004/09/10 20:18:56 | 000,274,001 | RH-- | C] () -- D:\Program Files\ZN561401.CAB
[2004/09/10 20:18:56 | 000,243,555 | RH-- | C] () -- D:\Program Files\ZH561403.CAB
[2004/09/10 20:18:56 | 000,147,457 | RH-- | C] () -- D:\Program Files\ZK561401.CAB
[2004/09/10 20:18:56 | 000,107,454 | RH-- | C] () -- D:\Program Files\ZM561401.CAB
[2004/09/10 20:18:56 | 000,103,723 | RH-- | C] () -- D:\Program Files\ZJ561401.CAB
[2004/09/10 20:18:56 | 000,083,634 | RH-- | C] () -- D:\Program Files\ZI561402.CAB
[2004/09/10 20:18:56 | 000,047,824 | RH-- | C] () -- D:\Program Files\ZG561401.CAB
[2004/09/10 20:18:54 | 005,923,328 | R--- | C] () -- D:\Program Files\PRO11.MSI
[2004/09/10 20:18:54 | 001,255,537 | RH-- | C] () -- D:\Program Files\PV561401.CAB
[2004/09/10 20:18:50 | 007,645,762 | RH-- | C] () -- D:\Program Files\PR308246.CAB
[2004/09/10 20:18:46 | 003,540,973 | RH-- | C] () -- D:\Program Files\PR103678.CAB
[2004/09/10 20:18:44 | 006,108,423 | RH-- | C] () -- D:\Program Files\PR103368.CAB
[2004/09/10 20:18:40 | 001,740,699 | RH-- | C] () -- D:\Program Files\PA561401.CAB
[2004/09/10 20:18:40 | 000,471,375 | RH-- | C] () -- D:\Program Files\P4561402.CAB
[2004/09/10 20:18:38 | 005,671,270 | RH-- | C] () -- D:\Program Files\P3561401.CAB
[2004/09/10 20:18:36 | 029,543,747 | RH-- | C] () -- D:\Program Files\P2561401.CAB
[2004/09/10 20:18:18 | 012,391,934 | RH-- | C] () -- D:\Program Files\O1561403.CAB
[2004/09/10 20:18:18 | 000,604,672 | R--- | C] () -- D:\Program Files\OWC11.MSI
[2004/09/10 20:18:18 | 000,560,128 | R--- | C] () -- D:\Program Files\OWC10.MSI
[2004/09/10 20:18:18 | 000,178,500 | RH-- | C] () -- D:\Program Files\O9561403.CAB
[2004/09/10 20:18:10 | 002,531,817 | RH-- | C] () -- D:\Program Files\MT561403.CAB
[2004/09/10 20:18:10 | 000,030,137 | RH-- | C] () -- D:\Program Files\O0561401.CAB
[2004/09/10 20:18:08 | 000,883,593 | RH-- | C] () -- D:\Program Files\MO561403.CAB
[2004/09/10 20:18:06 | 002,642,875 | RH-- | C] () -- D:\Program Files\W3561405.CAB
[2004/09/10 20:18:06 | 002,374,394 | RH-- | C] () -- D:\Program Files\MH561401.CAB
[2004/09/10 20:18:04 | 006,270,298 | RH-- | C] () -- D:\Program Files\W2561405.CAB
[2004/09/10 20:18:00 | 002,057,146 | RH-- | C] () -- D:\Program Files\V3561403.CAB
[2004/09/10 20:18:00 | 002,056,750 | RH-- | C] () -- D:\Program Files\TR308222.CAB
[2004/09/10 20:17:58 | 003,533,058 | RH-- | C] () -- D:\Program Files\SKU0A4.CAB
[2004/09/10 20:17:58 | 002,084,690 | RH-- | C] () -- D:\Program Files\TR103621.CAB
[2004/09/10 20:17:56 | 000,473,931 | RH-- | C] () -- D:\Program Files\SKU011.XML
[2004/09/10 20:17:56 | 000,163,936 | RH-- | C] () -- D:\Program Files\SKU026.CAB
[2004/09/10 20:17:54 | 006,282,476 | RH-- | C] () -- D:\Program Files\SKU011.CAB
[2004/09/10 20:17:52 | 001,256,026 | RH-- | C] () -- D:\Program Files\QV561405.CAB
[2004/09/10 20:17:52 | 000,019,697 | R--- | C] () -- D:\Program Files\SETUP.HTM
[2004/09/10 20:17:52 | 000,006,581 | R--- | C] () -- D:\Program Files\README.HTM
[2004/09/10 20:17:50 | 002,346,637 | RH-- | C] () -- D:\Program Files\Q3561405.CAB
[2004/09/10 20:17:50 | 000,545,200 | RH-- | C] () -- D:\Program Files\Q4561405.CAB
[2004/09/10 20:17:48 | 003,053,221 | RH-- | C] () -- D:\Program Files\Q2561405.CAB
[2004/09/10 20:17:48 | 002,951,706 | RH-- | C] () -- D:\Program Files\PW561401.CAB
[2004/05/12 19:56:36 | 000,634,880 | ---- | C] () -- D:\WINDOWS\System32\pemicro_serialcm2.dll
[2004/04/18 16:43:46 | 000,147,456 | ---- | C] () -- D:\WINDOWS\System32\ssleay32.dll
[2004/04/18 16:43:44 | 000,651,264 | ---- | C] () -- D:\WINDOWS\System32\libeay32.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- D:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- D:\WINDOWS\System32\hptcpmon.ini
[2000/08/03 13:25:12 | 000,023,296 | ---- | C] () -- D:\WINDOWS\System32\pedrv.sys
[2000/08/03 13:25:12 | 000,023,296 | ---- | C] () -- D:\WINDOWS\System32\drivers\pedrv.sys
[1999/01/27 16:39:06 | 000,065,024 | ---- | C] () -- D:\WINDOWS\System32\indounin.dll
[1998/10/02 09:20:46 | 000,005,200 | ---- | C] () -- D:\WINDOWS\System32\drivers\vichw11.sys
[1997/06/13 10:56:08 | 000,056,832 | ---- | C] () -- D:\WINDOWS\System32\Iyvu9_32.dll
[1996/05/29 16:20:04 | 000,035,072 | ---- | C] () -- D:\WINDOWS\System32\SENDKEY.DLL
[1996/04/03 21:33:26 | 000,005,248 | ---- | C] () -- D:\WINDOWS\System32\drivers\GIVEIO.SYS

========== LOP Check ==========

[2009/12/26 00:55:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Activision
[2011/03/02 19:59:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/03/05 15:04:53 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/04/03 09:09:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/04/03 07:28:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\MGI
[2009/12/02 13:54:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\NETGEAR
[2010/08/24 21:52:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\NexonUS
[2010/08/24 21:06:28 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\PMB Files
[2010/05/20 19:08:21 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Processor Expert
[2008/04/08 05:24:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Saitek
[2010/10/31 14:54:29 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP
[2011/02/05 14:34:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/07 11:23:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson (Dad) Arucas\Application Data\comcasttb
[2009/11/07 07:43:23 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\CallingID
[2011/01/10 20:48:53 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\CheckPoint
[2009/10/22 20:24:53 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\comcasttb
[2010/08/13 11:15:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\Elluminate
[2008/04/03 06:57:23 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\FotoWire
[2011/01/11 00:33:49 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\Foxit
[2011/01/11 00:33:52 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\Foxit Software
[2008/04/14 00:57:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\gtk-2.0
[2010/03/12 19:49:55 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\ImgBurn
[2008/04/03 07:33:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\MGI
[2010/10/30 21:03:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\MyScribe
[2010/08/24 23:06:39 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\NeopleLauncherDFO
[2009/01/19 14:38:01 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\OpenOffice.org
[2010/05/20 19:09:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\Processor Expert
[2008/11/04 19:27:52 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\TeamViewer
[2010/04/02 22:20:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\TS3Client
[2009/05/12 19:53:20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\uTorrent
[2008/07/08 07:04:44 | 000,000,370 | ---- | M] () -- D:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1207566146.job
[2011/03/05 13:42:54 | 000,000,330 | -H-- | M] () -- D:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/03/05 18:01:07 | 000,000,262 | ---- | M] () --
D:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/04/08 05:43:30 | 000,000,291 | ---- | M] () -- D:\(G) Vingintion Drive.lnk
[2011/03/05 14:11:46 | 000,034,087 | ---- | M] () -- D:\ComboFix.txt
[2011/01/28 12:17:04 | 000,000,192 | ---- | M] () -- D:\INSTALL.LOG
[2011/01/09 18:21:47 | 000,016,755 | ---- | M] () -- D:\JavaRa.log
[2011/03/05 13:39:12 | 2145,386,496 | -HS- | M] () -- D:\pagefile.sys
[2011/03/05 13:50:06 | 000,000,545 | ---- | M] () -- D:\rkill.log

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- D:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- D:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- D:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- D:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/04/03 07:54:21 | 000,000,067 | -HS- | M] () -- D:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/10/14 22:41:46 | 000,072,192 | ---- | M] (Hewlett-Packard Corporation) -- D:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp43a.dll
[2003/06/18 16:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/02/23 10:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- D:\WINDOWS\avastSS.scr
[2009/07/10 11:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2004/09/10 20:21:10 | 003,580,152 | RH-- | M] () -- D:\Program Files\A2561405.CAB
[2004/09/10 20:21:14 | 005,675,627 | RH-- | M] () -- D:\Program Files\A3561405.CAB
[2004/09/10 20:21:16 | 003,032,343 | RH-- | M] () -- D:\Program Files\A4561405.CAB
[2004/09/10 20:21:18 | 001,952,821 | RH-- | M] () -- D:\Program Files\AV561403.CAB
[2004/09/10 20:21:18 | 001,681,457 | RH-- | M] () -- D:\Program Files\CC561401.CAB
[2004/09/10 20:21:20 | 000,323,898 | RH-- | M] () -- D:\Program Files\CD561401.CAB
[2004/09/10 20:21:20 | 002,071,027 | RH-- | M] () -- D:\Program Files\CF561401.CAB
[2004/09/10 20:21:22 | 000,706,243 | RH-- | M] () -- D:\Program Files\CL561401.CAB
[2004/09/10 20:21:22 | 001,232,028 | RH-- | M] () -- D:\Program Files\CM561401.CAB
[2004/09/10 20:21:24 | 002,487,448 | RH-- | M] () -- D:\Program Files\CP561401.CAB
[2004/09/10 20:21:26 | 002,306,744 | RH-- | M] () -- D:\Program Files\CR561401.CAB
[2004/09/10 20:21:26 | 000,611,657 | RH-- | M] () -- D:\Program Files\CS561401.CAB
[2004/09/10 20:21:30 | 005,331,769 | RH-- | M] () -- D:\Program Files\E2561410.CAB
[2004/09/10 20:21:32 | 002,977,781 | RH-- | M] () -- D:\Program Files\E3561405.CAB
[2004/09/10 20:21:32 | 000,720,116 | RH-- | M] () -- D:\Program Files\E4561410.CAB
[2004/09/10 20:21:34 | 002,164,117 | RH-- | M] () -- D:\Program Files\EV561405.CAB
[2004/09/10 20:20:02 | 001,673,946 | RH-- | M] () -- D:\Program Files\G3561403.CAB
[2004/09/10 20:20:02 | 000,466,445 | RH-- | M] () -- D:\Program Files\GV561403.CAB
[2004/09/10 20:20:02 | 000,107,046 | RH-- | M] () -- D:\Program Files\IJ561401.CAB
[2004/09/10 20:20:02 | 000,038,260 | RH-- | M] () -- D:\Program Files\
IS561401.CAB
[2004/09/10 20:20:12 | 013,650,283 | RH-- | M] () -- D:\Program Files\IU561401.CAB
[2004/09/10 20:20:18 | 010,629,703 | RH-- | M] () -- D:\Program Files\L2561403.CAB
[2004/09/10 20:20:20 | 001,867,474 | RH-- | M] () -- D:\Program Files\L3561403.CAB
[2004/09/10 20:20:20 | 001,054,743 | RH-- | M] () -- D:\Program Files\L4561403.CAB
[2004/09/10 20:20:20 | 000,300,700 | RH-- | M] () -- D:\Program Files\L9561403.CAB
[2004/09/10 20:20:20 | 000,947,433 | RH-- | M] () -- D:\Program Files\LV561403.CAB
[2004/09/10 20:20:22 | 000,050,808 | RH-- | M] () -- D:\Program Files\M2561406.CAB
[2004/09/10 20:20:24 | 005,279,842 | RH-- | M] () -- D:\Program Files\M3561404.CAB
[2004/09/10 20:20:32 | 012,037,546 | RH-- | M] () -- D:\Program Files\M4561403.CAB
[2004/09/10 20:20:34 | 003,563,686 | RH-- | M] () -- D:\Program Files\M9561403.CAB
[2004/09/10 20:20:34 | 000,313,441 | RH-- | M] () -- D:\Program Files\MA561403.CAB
[2004/09/10 20:20:36 | 002,277,520 | RH-- | M] () -- D:\Program Files\MC561403.CAB
[2004/09/10 20:20:36 | 000,915,570 | RH-- | M] () -- D:\Program Files\MG561403.CAB
[2004/09/10 20:18:06 | 002,374,394 | RH-- | M] () -- D:\Program Files\MH561401.CAB
[2004/09/10 20:18:08 | 000,883,593 | RH-- | M] () -- D:\Program Files\MO561403.CAB
[2004/09/10 20:18:10 | 002,531,817 | RH-- | M] () -- D:\Program Files\MT561403.CAB
[2004/09/10 20:18:10 | 000,030,137 | RH-- | M] () -- D:\Program Files\O0561401.CAB
[2004/09/10 20:18:18 | 012,391,934 | RH-- | M] () -- D:\Program Files\O1561403.CAB
[2004/09/10 20:18:18 | 000,178,500 | RH-- | M] () -- D:\Program Files\O9561403.CAB
[2004/09/10 20:18:18 | 000,560,128 | R--- | M] () -- D:\Program Files\OWC10.MSI
[2004/09/10 20:18:18 | 000,604,672 | R--- | M] () -- D:\Program Files\OWC11.MSI
[2004/09/10 20:18:36 | 029,543,747 | RH-- | M] () -- D:\Program Files\P2561401.CAB
[2004/09/10 20:18:38 | 005,671,270 | RH-- | M] () -- D:\Program Files\P3561401.CAB
[2004/09/10 20:18:40 | 000,471,375 | RH-- | M] () -- D:\Program Files\P4561402.CAB
[2004/09/10 20:18:40 | 001,740,699 | RH-- | M] () -- D:\Program Files\PA561401.CAB
[2004/09/10 20:18:44 | 006,108,423 | RH-- | M] () -- D:\Program Files\PR103368.CAB
[2004/09/10 20:18:46 | 003,540,973 | RH-- | M] () -- D:\Program Files\PR103678.CAB
[2004/09/10 20:18:50 | 007,645,762 | RH-- | M] () -- D:\Program Files\PR308246.CAB
[2004/09/10 20:18:54 | 005,923,328 | R--- | M] () -- D:\Program Files\PRO11.MSI
[2004/09/10 20:18:54 | 001,255,537 | RH-- | M] () -- D:\Program Files\PV561401.CAB
[2004/09/10 20:17:48 | 002,951,706 | RH-- | M] () -- D:\Program Files\PW561401.CAB
[2004/09/10 20:17:48 | 003,053,221 | RH-- | M] () -- D:\Program Files\Q2561405.CAB
[2004/09/10 20:17:50 | 002,346,637 | RH-- | M] () -- D:\Program Files\Q3561405.CAB
[2004/09/10 20:17:50 | 000,545,200 | RH-- | M] () -- D:\Program Files\Q4561405.CAB
[2004/09/10 20:17:52 | 001,256,026 | RH-- | M] () -- D:\Program Files\QV561405.CAB
[2004/09/10 20:17:52 | 000,006,581 | R--- | M] () -- D:\Program Files\README.HTM
[2004/09/10 20:17:52 | 000,019,697 | R--- | M] () -- D:\Program Files\SETUP.HTM
[2004/09/10 20:17:54 | 006,282,476 | RH-- | M] () -- D:\Program Files\SKU011.CAB
[2004/09/10 20:17:56 | 000,473,931 | RH-- | M] () -- D:\Program Files\SKU011.XML
[2004/09/10 20:17:56 | 000,163,936 | RH-- | M] () -- D:\Program Files\SKU026.CAB
[2004/09/10 20:17:58 | 003,533,058 | RH-- | M] () -- D:\Program Files\SKU0A4.CAB
[2004/09/10 20:17:58 | 002,084,690 | RH-- | M] () -- D:\Program Files\TR103621.CAB
[2004/09/10 20:18:00 | 002,056,750 | RH-- | M] () -- D:\Program Files\TR308222.CAB
[2004/09/10 20:18:00 | 002,057,146 | RH-- | M] () -- D:\Program Files\V3561403.CAB
[2004/09/10 20:18:04 | 006,270,298 | RH-- | M] () -- D:\Program Files\W2561405.CAB
[2004/09/10 20:18:06 | 002,642,875 | RH-- | M] () -- D:\Program Files\W3561405.CAB
[2004/09/10 20:18:58 | 001,038,975 | RH-- | M] () -- D:\Program Files\W4561405.CAB
[2004/09/10 20:19:00 | 002,948,275 | RH-- | M] () -- D:\Program Files\WV561405.CAB
[2004/09/10 20:19:04 | 009,298,714 | RH-- | M] () -- D:\Program Files\X2561401.CAB
[2004/09/10 20:19:06 | 001,013,663 | RH-- | M] () -- D:\Program Files\X3561401.CAB
[2004/09/10 20:19:10 | 008,114,251 | RH-- | M] () -- D:\Program Files\YA561403.CAB
[2004/09/10 20:19:12 | 008,012,757 | RH-- | M] () -- D:\Program Files\YB561408.CAB
[2004/09/10 20:19:14 | 000,614,643 | RH-- | M] () -- D:\Program Files\YC561403.CAB
[2004/09/10 20:19:16 | 004,475,718 | RH-- | M] () -- D:\Program Files\YH561403.CAB
[2004/09/10 20:19:16 | 001,440,029 | RH-- | M] () -- D:\Program Files\YI561401.CAB
[2004/09/10 20:19:16 | 001,539,271 | RH-- | M] () -- D:\Program Files\YL561402.CAB
[2004/09/10 20:19:16 | 000,063,208 | RH-- | M] () -- D:\Program Files\YM561403.CAB
[2004/09/10 20:19:18 | 000,821,637 | RH-- | M] () -- D:\Program Files\YO561403.CAB
[2004/09/10 20:19:38 | 047,671,800 | RH-- | M] () -- D:\Program Files\YS561401.CAB
[2004/09/10 20:19:38 | 000,014,446 | RH-- | M] () -- D:\Program Files\YT561401.CAB
[2004/09/10 20:19:38 | 000,192,632 | RH-- | M] () -- D:\Program Files\ZA561401.CAB
[2004/09/10 20:19:40 | 002,679,261 | RH-- | M] () -- D:\Program Files\ZC561402.CAB
[2004/09/10 20:19:40 | 001,692,636 | RH-- | M] () -- D:\Program Files\ZD561402.CAB
[2004/09/10 20:19:40 | 000,763,821 | RH-- | M] () -- D:\Program Files\ZE561406.CAB
[2004/09/10 20:18:56 | 002,266,659 | RH-- | M] () -- D:\Program Files\ZF612702.CAB
[2004/09/10 20:18:56 | 000,047,824 | RH-- | M] () -- D:\Program Files\ZG561401.CAB
[2004/09/10 20:18:56 | 000,243,555 | RH-- | M] () -- D:\Program Files\ZH561403.CAB
[2004/09/10 20:18:56 | 000,083,634 | RH-- | M] () -- D:\Program Files\ZI561402.CAB
[2004/09/10 20:18:56 | 000,103,723 | RH-- | M] () -- D:\Program Files\ZJ561401.CAB
[2004/09/10 20:18:56 | 000,147,457 | RH-- | M] () -- D:\Program Files\ZK561401.CAB
[2004/09/10 20:18:56 | 000,107,454 | RH-- | M] () -- D:\Program Files\ZM561401.CAB
[2004/09/10 20:18:56 | 000,274,001 | RH-- | M] () -- D:\Program Files\ZN561401.CAB
[2004/09/10 20:18:56 | 000,310,133 | RH-- | M] () -- D:\Program Files\ZO561401.CAB
[2004/09/10 20:18:56 | 000,668,276 | RH-- | M] () -- D:\Program Files\ZQ561401.CAB
[2004/09/10 20:18:58 | 000,027,929 | RH-- | M] () -- D:\Program Files\ZR561403.CAB
[2004/09/10 20:18:58 | 000,441,429 | RH-- | M] () -- D:\Program Files\ZS561401.CAB
[2004/09/10 20:18:58 | 000,353,051 | RH-- | M] () -- D:\Program Files\ZT561401.CAB
[2004/09/10 20:18:58 | 000,017,922 | RH-- | M] () -- D:\Program Files\ZU561401.CAB
[2004/09/10 20:18:58 | 000,091,858 | RH-- | M] () -- D:\Program Files\ZV561401.CAB
[2004/09/10 20:18:58 | 000,456,846 | RH-- | M] () -- D:\Program Files\ZY561401.CAB
[2004/09/10 20:18:58 | 000,006,291 | RH-- | M] () -- D:\Program Files\ZZ561401.CAB

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/04/02 23:33:54 | 000,094,208 | ---- | M] () -- D:\WINDOWS\system32\config\default.sav
[2008/04/02 23:33:53 | 000,659,456 | ---- | M] () -- D:\WINDOWS\system32\config\software.sav
[2008/04/02 23:33:53 | 000,434,176 | ---- | M] () -- D:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/03/14 22:20:09 | 000,000,209 | -HS- | M] () -- D:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/04/03 08:06:02 | 000,000,119 | -HS- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2011/01/11 00:33:50 | 000,000,232 | ---- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.url
[2008/04/03 08:06:01 | 000,000,079 | ---- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/01/07 19:51:10 | 005,997,256 | ---- | M] (OPSWAT, Inc.) -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\AppRemover.exe
[2008/09/24 17:14:51 | 000,050,688 | ---- | M] (Atribune.org) -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\ATF-Cleaner.exe
[2011/03/05 13:48:37 | 004,280,953 | R--- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\ComboFix.exe
[2011/01/07 19:45:38 | 000,296,448 | ---- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\GMER.exe
[2011/01/07 19:45:54 | 000,080,384 | ---- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\MBRCheck.exe
[2010/10/30 20:46:27 | 042,515,122 | ---- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\MyScribeSetup.exe
[2011/01/07 19:57:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\OTL.exe
[2011/01/07 20:03:34 | 000,879,028 | ---- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\SecurityCheck.exe
[2010/04/02 22:19:41 | 012,816,592 | ---- | M] (TeamSpeak Systems GmbH) -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\TeamSpeak3-Client-win32-3.0.0-beta18.exe
[2010/04/02 22:16:18 | 014,788,904 | ---- | M] (TeamSpeak Systems GmbH) -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\TeamSpeak3-Client-win64-3.0.0-beta18.exe
[2011/01/07 19:44:02 | 000,446,464 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Nelson Ramon Arucas\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/04/03 08:06:01 | 000,000,122 | -HS- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Favorites\Desktop.ini
[2008/04/03 08:39:28 | 000,001,288 | ---- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Favorites\Microsoft bCentral.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/08/14 12:19:46 | 000,001,132 | RHS- | M] () -- D:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2008/04/03 17:52:23 | 000,000,067 | -HS- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Cookies\desktop.ini
[2011/03/05 18:39:43 | 001,048,576 | -HS- | M] () -- D:\Documents and Settings\Nelson Ramon Arucas\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2005/01/28 16:44:28 | 000,192,512 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >
[2009/09/10 20:53:38 | 000,582,175 | ---- | M] (tzuk) -- D:\WINDOWS\Installer\SandboxieInstall.exe
[2011/01/18 18:43:26 | 000,861,120 | ---- | M] (SANDBOXIE L.T.D) -- D:\WINDOWS\Installer\SandboxieInstall32.exe
[8 D:\WINDOWS\Installer\*.tmp files -> D:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Messenger\custsat.dll
[2004/08/03 19:07:00 | 000,004,821 | ---- | M] () -- D:\Program Files\Messenger\logowin.gif
[2004/08/04 04:06:34 | 000,007,047 | ---- | M] () -- D:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Messenger\msmsgs.exe
[2004/08/03 19:07:00 | 000,002,882 | ---- | M] () -- D:\Program Files\Messenger\newalert.wav
[2004/08/03 19:07:00 | 000,006,156 | ---- | M] () -- D:\Program Files\Messenger\newemail.wav
[2004/08/03 19:07:00 | 000,006,160 | ---- | M] () -- D:\Program Files\Messenger\online.wav
[2004/08/04 04:06:36 | 000,004,454 | ---- | M] () -- D:\Program Files\Messenger\type.wav
[2004/08/04 04:06:36 | 000,115,981 | ---- | M] () -- D:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"AutoInstallMinorUpdates" = 1
"NoAutoRebootWithLoggedOnUsers" = 1
"NoAutoUpdate" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >

 

no "extra" text file was made when the otl program was finished.

 

All processes killed
========== OTL ==========
Service EagleNT stopped successfully!
Service EagleNT deleted successfully!
File D:\WINDOWS\System32\drivers\EagleNT.sys not found.
HKU\S-1-5-21-343818398-813497703-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
D:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File D:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-343818398-813497703-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File D:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-343818398-813497703-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run\\LDM deleted successfully.
Registry value HKEY_USERS\S-1-5-21-343818398-813497703-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Run\\LDM deleted successfully.
Registry value HKEY_USERS\S-1-5-21-343818398-813497703-682003330-1006\Software\Microsoft\Windows\CurrentVersion\Run\\LDM deleted successfully.
Registry value HKEY_USERS\S-1-5-21-343818398-813497703-682003330-1007\Software\Microsoft\Windows\CurrentVersion\Run\\LDM deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WUAppSetup deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WUAppSetup not found.
Registry value HKEY_USERS\S-1-5-21-343818398-813497703-682003330-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Adam Arucas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Javier Pelligrini
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Nelson (Dad) Arucas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nelson Ramon Arucas
->Temp folder emptied: 995859 bytes
->Temporary Internet Files folder emptied: 103417426 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1268 bytes

User: NetworkService
->Temp folder emptied: 4440 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Niomi June Arucas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42922 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 100.00 mb


[EMPTYFLASH]

User: Adam Arucas

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Javier Pelligrini

User: LocalService

User: Nelson (Dad) Arucas

User: Nelson Ramon Arucas
->Flash cache emptied: 0 bytes

User: NetworkService

User: Niomi June Arucas
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.1 log created on 03082011_132737

Files\Folders moved on Reboot...
D:\Documents and Settings\Nelson Ramon Arucas\Local Settings\Temp\~DF9D9B.tmp moved successfully.
D:\Documents and Settings\Nelson Ramon Arucas\Local Settings\Temp\~DFF4B6.tmp moved successfully.
D:\Documents and Settings\Nelson Ramon Arucas\Local Settings\Temporary Internet Files\Content.IE5\G873TEMV\1034849195[1].gif moved successfully.
D:\Documents and Settings\Nelson Ramon Arucas\Local Settings\Temporary Internet Files\Content.IE5\G873TEMV\98049-active-checking-room-pc-problems-2[1].html moved successfully.
D:\Documents and Settings\Nelson Ramon Arucas\Local Settings\Temporary Internet Files\Content.IE5\5DEHKBRG\00b42e3a-b809-49b2-b433-cc45b2bc89d33rd_party_BBS[1].htm moved successfully.
D:\Documents and Settings\Nelson Ramon Arucas\Local Settings\Temporary Internet Files\Content.IE5\5DEHKBRG\1034849195[1].gif moved successfully.
D:\Documents and Settings\Nelson Ramon Arucas\Local Settings\Temporary Internet Files\Content.IE5\5DEHKBRG\711869221[1].htm moved successfully.
D:\Documents and Settings\Nelson Ramon Arucas\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
File\Folder D:\WINDOWS\temp\_avast_\Webshlock.txt not found!
File\Folder D:\WINDOWS\temp\ZLT0633a.TMP not found!

Registry entries deleted on Reboot...

 

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
avast! Free Antivirus
ESET Online Scanner v3
McAfee Security Scan Plus
ZoneAlarm
ZoneAlarm Spy Blocker
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 24
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player
Adobe Reader X
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
Windows Defender MsMpEng.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
Zone Labs ZoneAlarm zlclient.exe
``````````End of Log````````````

 

D:\Documents and Settings\All Users\Desktop\eBay.url Win32/Adware.ADON application
D:\Documents and Settings\All Users\Start Menu\Programs\eBay.url Win32/Adware.ADON application
D:\Documents and Settings\Nelson Ramon Arucas\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.url Win32/Adware.ADON application
D:\_OTL\MovedFiles\01112011_012143\D_Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL Win32/Toolbar.MyWebSearch application
D:\_OTL\MovedFiles\01112011_012143\D_Program Files\ZoneAlarmSB\bar\1.bin\Z4PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application

 

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
D:\Documents and Settings\All Users\Desktop\eBay.url moved successfully.
D:\Documents and Settings\All Users\Start Menu\Programs\eBay.url moved successfully.
D:\Documents and Settings\Nelson Ramon Arucas\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.url moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Adam Arucas

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Javier Pelligrini

User: LocalService

User: Nelson (Dad) Arucas

User: Nelson Ramon Arucas
->Java cache emptied: 0 bytes
->Flash cache emptied: 617 bytes

User: NetworkService

User: Niomi June Arucas
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2425873 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.00 mb


[EMPTYFLASH]

User: Adam Arucas

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Javier Pelligrini

User: LocalService

User: Nelson (Dad) Arucas

User: Nelson Ramon Arucas
->Flash cache emptied: 0 bytes

User: NetworkService

User: Niomi June Arucas
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.1 log created on 03082011_193111

Files\Folders moved on Reboot...
File\Folder D:\WINDOWS\temp\ZLT00a79.TMP not found!

Registry entries deleted on Reboot...

 

The following are things that I've found while running other scans during the weekend. My pc is not clean yet, there is something that is making my system not smooth. Just not that long ago, I had my pc stall, where I couldn't even shut down my pc, but the mouse was still functional. Even the Task Manager froze. I've noticed the following processes within my task manager when this problem popped up.

Sf.bin
Silverlight.Configuration.exe
SaUpdate.exe
SaiPrf.Dll
hpqkygrp.exe

On a side note. Through out this whole thing, I think that there is personally something that is freezing up my pc because it is conflicting with my antivirus. What that may be, I am not sure. This is why I need help. The above items are processes that I have not seen within my Task Manager before.

The following are screen shots of things that I have seen as I have been doing scans.

In addition, I did the procedure to get rid of McAfee through OTL, yet the icon is still on my desktop. The Ebay one is gone though.

http://img694.imageshack.us/i/regmechscanonmar82011.jpg/
http://img233.imageshack.us/i/satmar52011regmechscanr.jpg/

http://img571.imageshack.us/i/regmechscanonmar82011.jpg/
http://img714.imageshack.us/i/regmechscanonmar82011pt.jpg/

The following is the main one that I wanted to show you. This was found by avast antivirus.

http://img196.imageshack.us/i/satmar52011avastscanaft.jpg/
http://img833.imageshack.us/i/satmar52011avastscanaft.jpg/

The following thing I always have to bypass when I have to uninstall and then reinstall avast antivirus on my room pc.

http://img140.imageshack.us/i/satmar52011avastinstall.jpg/
http://img812.imageshack.us/i/satmar52011avastinstall.jpg/

Please look into this, because even though it may seem like my pc is clean. The freeze that occurs tells me that there is something that is there which doesn't want to go away.

 

Ok, now I know the source of the problem with my pc lies with avast antivirus. I uninstalled the antivirus, and ran my game. It ran normally as it used to. and even some things that needed to update, like the games hackshield, all through my zone alarm fire wall, asked to access the internet. I allowed it, because I reconized the things that asked to access the internet were associated with the game I play. Why this problem comes up with avast? I have no idea why. Why does avast antivirus give me problems? This is the main source of the problem when I try to use large programs such as games freezes my pc. I have no idea how to fix avast. I uninstall it, and I make sure that no trace is left in the my system. I restart, then reinstall the avast program. I didn't take a screen shot of the following before, but I got a screen shot of a hint of the problem now. The following is started to occur with reinstalling avast when this problem first popped up, and I used the method of uninstalling then reinstalling avast.

http://img203.imageshack.us/i/infoonavastreinstallfor.jpg/

So, with this now confirmed through trial and error. I would like to ask for help in figuring out how to get avast fixed so that this bug of freezing every so often when I try to play a game, or just log in to my pc. I like avast. I have used it for years. If I can help it, I would like to continue using it.