PDA

View Full Version : Malware Trouble



yukukuhi
2008-12-05, 17:24
My PC is infected with Mallware and some other junks as well. Please Help. Please Reply And Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:50 PM, on 12/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AVerTV\QuickTV.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://server.toolbar.rediff.com/toolbar/3.0/sidesearch.html?mode=toolbar
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ofb1 - {3E1500AC-87A5-416b-A211-82E848649DA9} - C:\PROGRA~1\Ofb1\Ofb1.dll (file missing)
O2 - BHO: (no name) - {484FFC3E-5891-BD10-0BED-75DFED1D8FA1} - (no file)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A75E294E-C047-4D29-B07E-37B792881BEF} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdneu.exe] C:\WINDOWS\system32\kdneu.exe
O4 - HKLM\..\Run: [Amok web bash obj] C:\Documents and Settings\All Users\Application Data\seek film amok web\Mail proc.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DOES WEB] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\For That Data.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV\QuickTV.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat,avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7456 bytes

Link to my previous thread: http://forums.spybot.info/showthread.php?p=261228

Shaba
2008-12-08, 13:06
Hi yukukuhi

Disable resident protections (Antivirus...); you'll re-enable them after the scan

DownloadLop S&D here (http://eric.71.mespages.googlepages.com/LopSD.exe)

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (C:\lopR.txt)

yukukuhi
2008-12-08, 16:13
--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : BIOS Date: 02/22/06 23:50:09 Ver: 08.00.10
USER : s.s.ram ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:19 Go (Free:7 Go)
D:\ (Local Disk) - NTFS - Total:39 Go (Free:2 Go)
E:\ (Local Disk) - NTFS - Total:90 Go (Free:2 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( Mon 12/08/2008|19:40 )

--------------------\\ Listing folders in APPLIC~1

[09/08/2007|04:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[09/08/2007|04:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe Systems
[04/15/2007|06:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead
[01/13/2008|04:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[01/12/2008|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[01/12/2008|04:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[11/15/2007|04:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[11/15/2007|04:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[11/23/2008|04:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[05/05/2007|09:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AVS4YOU
[09/25/2007|09:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[04/19/2007|01:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[11/22/2008|07:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Grisoft
[06/04/2007|08:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[09/03/2007|01:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InterVideo
[01/14/2008|10:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Metacafe
[04/13/2007|09:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[03/05/2008|03:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Office Genuine Advantage
[04/14/2007|09:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Plan log bias support
[06/17/2007|09:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Roxio
[11/22/2008|06:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> seek film amok web
[06/04/2007|08:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[11/21/2008|09:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[04/15/2007|03:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[12/07/2008|08:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[09/03/2007|01:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ulead Systems
[04/15/2007|03:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[04/13/2007|11:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> yahoo!
[05/02/2007|06:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[04/13/2007|09:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[11/23/2008|02:38] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[06/04/2007|08:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Roxio

[11/23/2008|02:38] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[04/16/2007|06:31] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> .BitTornado
[09/16/2007|06:56] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> AccurateRip
[07/05/2008|12:12] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Adobe
[04/16/2007|09:20] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Ahead
[04/14/2007|09:19] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> ANTI SCR HOLE
[01/13/2008|04:06] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> AOL
[04/20/2007|09:35] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Apple Computer
[12/08/2008|06:59] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Avant Browser
[04/16/2007|02:18] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> AVS Video Converter
[04/22/2007|01:35] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> AVSMedia
[11/22/2008|06:38] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> bleh bat
[04/01/2008|05:51] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Cuttermaran
[09/25/2007|09:47] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> CyberLink
[09/05/2008|11:21] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> DAEMON Tools
[02/28/2008|09:57] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> dBpoweramp
[05/12/2007|09:06] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> DivX
[02/09/2008|09:02] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Dr. DivX 2.0 OSS
[02/11/2008|02:45] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> FLV Extract
[10/10/2007|02:28] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> GetRightToGo
[04/19/2007|03:25] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Google
[04/18/2007|03:00] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Help
[04/13/2007|10:21] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Identities
[03/25/2008|11:32] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> iLike
[03/01/2008|08:29] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Jasc
[09/01/2007|10:11] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> LEAPS
[05/15/2008|06:04] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Macromedia
[02/09/2008|08:36] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Media Player Classic
[12/08/2008|07:01] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> MegauploadToolbar
[11/23/2008|02:38] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Microsoft
[11/11/2007|04:14] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Moyea
[02/06/2008|08:22] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Mozilla
[04/16/2007|09:47] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> NetPumper
[09/08/2007|04:59] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Opera
[06/05/2008|11:05] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Orbit
[04/24/2007|05:16] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Pegasys Inc
[04/14/2007|09:18] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Proxy Byte Rule
[03/31/2008|02:07] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Real
[10/16/2007|10:44] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Rediff.com
[06/04/2007|08:12] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Roxio
[04/15/2007|03:17] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> SUPERAntiSpyware.com
[10/06/2007|06:31] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Symantec
[12/07/2008|12:46] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> U3
[09/03/2007|02:29] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Ulead Systems
[05/02/2008|02:28] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Uniblue
[05/06/2007|10:35] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> VideoReDoPlus
[12/07/2008|08:32] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> VideoReDo-TVSuite
[04/14/2007|09:47] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> WinRAR
[11/11/2007|06:19] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Xilisoft Corporation
[04/14/2007|02:32] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> yahoo!


--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[12/08/2008 07:00 PM][--ah-----] C:\WINDOWS\tasks\AFB1EB1C918E9C84.job
[12/06/2008 02:53 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[12/02/2008 09:00 PM][--a------] C:\WINDOWS\tasks\At22.job
[10/23/2008 11:00 PM][--a------] C:\WINDOWS\tasks\At24.job
[11/22/2008 10:00 PM][--a------] C:\WINDOWS\tasks\At23.job
[12/08/2008 07:00 PM][--a------] C:\WINDOWS\tasks\At20.job
[12/07/2008 08:00 PM][--a------] C:\WINDOWS\tasks\At21.job
[12/08/2008 06:00 PM][--a------] C:\WINDOWS\tasks\At19.job
[12/08/2008 05:00 PM][--a------] C:\WINDOWS\tasks\At18.job
[12/07/2008 01:00 PM][--a------] C:\WINDOWS\tasks\At14.job
[12/07/2008 02:00 PM][--a------] C:\WINDOWS\tasks\At15.job
[12/08/2008 03:00 PM][--a------] C:\WINDOWS\tasks\At16.job
[12/08/2008 04:00 PM][--a------] C:\WINDOWS\tasks\At17.job
[12/08/2008 12:00 PM][--a------] C:\WINDOWS\tasks\At13.job
[12/08/2008 10:00 AM][--a------] C:\WINDOWS\tasks\At11.job
[12/08/2008 11:00 AM][--a------] C:\WINDOWS\tasks\At12.job
[09/02/2007 11:47 AM][--a------] C:\WINDOWS\tasks\At7.job
[09/15/2008 08:00 AM][--a------] C:\WINDOWS\tasks\At9.job
[12/05/2008 09:00 AM][--a------] C:\WINDOWS\tasks\At10.job
[04/30/2008 07:00 AM][--a------] C:\WINDOWS\tasks\At8.job
[09/02/2007 11:47 AM][--a------] C:\WINDOWS\tasks\At5.job
[09/02/2007 11:47 AM][--a------] C:\WINDOWS\tasks\At6.job
[09/02/2007 11:47 AM][--a------] C:\WINDOWS\tasks\At4.job
[09/02/2007 11:47 AM][--a------] C:\WINDOWS\tasks\At3.job
[11/14/2008 01:00 AM][--a------] C:\WINDOWS\tasks\At2.job
[10/22/2008 12:00 AM][--a------] C:\WINDOWS\tasks\At1.job
[12/08/2008 02:34 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[09/01/2004 01:30 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( AFB1EB1C918E9C84.job )=( c:\docume~1\ss1611~1.ram\applic~1\blehba~1\livehidecity.exe )

--------------------\\ Listing Folders in C:\Program Files

[09/08/2007|05:16] C:\Program Files\<DIR> Adobe
[08/13/2007|02:24] C:\Program Files\<DIR> Ahead
[06/05/2008|11:59] C:\Program Files\<DIR> AMVapp
[04/10/2008|02:32] C:\Program Files\<DIR> Anti-Leech
[11/15/2007|04:00] C:\Program Files\<DIR> Apple Software Update
[11/29/2008|07:23] C:\Program Files\<DIR> ARWizard3
[06/28/2008|05:28] C:\Program Files\<DIR> Avant Browser
[06/22/2007|11:17] C:\Program Files\<DIR> AVerMedia
[11/29/2008|08:18] C:\Program Files\<DIR> AVerTV
[11/23/2008|02:41] C:\Program Files\<DIR> AVG
[06/17/2007|04:46] C:\Program Files\<DIR> AVI MPEG WMV RM to MP3 Converter
[12/05/2008|08:03] C:\Program Files\<DIR> avisplit
[06/05/2008|11:58] C:\Program Files\<DIR> AviSynth 2.5
[03/02/2008|02:11] C:\Program Files\<DIR> AVSMedia
[04/14/2007|05:40] C:\Program Files\<DIR> BitTornado
[11/22/2008|06:33] C:\Program Files\<DIR> bleh bat
[03/30/2008|01:12] C:\Program Files\<DIR> Boilsoft Video Joiner
[03/28/2008|08:52] C:\Program Files\<DIR> Boilsoft Video Splitter
[11/09/2008|11:57] C:\Program Files\<DIR> Common Files
[11/07/2007|03:14] C:\Program Files\<DIR> Coolwallpaper
[10/01/2007|06:40] C:\Program Files\<DIR> CyberLink
[09/05/2008|11:05] C:\Program Files\<DIR> Disciples Demo
[01/28/2008|06:16] C:\Program Files\<DIR> DivX
[04/02/2008|08:10] C:\Program Files\<DIR> DVD Decrypter
[06/04/2008|07:27] C:\Program Files\<DIR> ffdshow
[05/07/2008|04:01] C:\Program Files\<DIR> Google
[02/16/2008|04:37] C:\Program Files\<DIR> Illustrate
[04/01/2008|11:43] C:\Program Files\<DIR> InstallShield Installation Information
[11/09/2008|11:58] C:\Program Files\<DIR> Intel
[02/11/2008|02:40] C:\Program Files\<DIR> Internet Explorer
[11/15/2007|04:03] C:\Program Files\<DIR> iPod
[05/17/2007|01:08] C:\Program Files\<DIR> Ipwindows
[06/03/2008|10:57] C:\Program Files\<DIR> iTunes
[09/01/2007|01:03] C:\Program Files\<DIR> MegauploadToolbar
[04/13/2007|10:06] C:\Program Files\<DIR> Messenger
[04/13/2007|10:24] C:\Program Files\<DIR> Microsoft ActiveSync
[04/13/2007|10:11] C:\Program Files\<DIR> microsoft frontpage
[11/09/2008|11:56] C:\Program Files\<DIR> Microsoft Games
[04/13/2007|10:23] C:\Program Files\<DIR> Microsoft Office
[06/17/2007|08:04] C:\Program Files\<DIR> Mobile Action
[04/13/2007|10:08] C:\Program Files\<DIR> Movie Maker
[12/08/2008|07:04] C:\Program Files\<DIR> Mozilla Firefox
[10/14/2007|02:16] C:\Program Files\<DIR> MSN
[04/13/2007|10:06] C:\Program Files\<DIR> MSN Gaming Zone
[02/11/2008|10:44] C:\Program Files\<DIR> NetMeeting
[11/23/2008|05:29] C:\Program Files\<DIR> NetPumper
[06/05/2008|11:47] C:\Program Files\<DIR> New Folder
[04/13/2007|10:06] C:\Program Files\<DIR> Online Services
[04/13/2007|10:07] C:\Program Files\<DIR> Outlook Express
[11/09/2008|02:07] C:\Program Files\<DIR> Panda Security
[11/15/2007|04:02] C:\Program Files\<DIR> QuickTime
[04/16/2007|07:00] C:\Program Files\<DIR> Real
[05/12/2007|02:36] C:\Program Files\<DIR> Realtek
[07/11/2008|06:31] C:\Program Files\<DIR> Replay Media Catcher
[06/04/2008|08:59] C:\Program Files\<DIR> Smallvideosoft
[04/04/2008|08:21] C:\Program Files\<DIR> SourceForge
[11/20/2008|08:39] C:\Program Files\<DIR> Spybot - Search & Destroy
[11/21/2008|12:28] C:\Program Files\<DIR> Trend Micro
[09/03/2007|01:40] C:\Program Files\<DIR> Ulead Systems
[04/13/2007|10:21] C:\Program Files\<DIR> Uninstall Information
[11/13/2007|11:32] C:\Program Files\<DIR> Veoh Networks
[10/13/2008|04:19] C:\Program Files\<DIR> VideoReDoTVSuite
[09/03/2007|01:42] C:\Program Files\<DIR> Windows Media Components
[04/13/2007|10:06] C:\Program Files\<DIR> Windows Media Player
[04/13/2007|10:05] C:\Program Files\<DIR> Windows NT
[04/13/2007|10:09] C:\Program Files\<DIR> WindowsUpdate
[04/14/2007|09:46] C:\Program Files\<DIR> WinRAR
[04/01/2008|05:13] C:\Program Files\<DIR> Womble Multimedia
[04/13/2007|10:11] C:\Program Files\<DIR> xerox
[06/04/2008|02:13] C:\Program Files\<DIR> Xilisoft
[06/05/2008|11:49] C:\Program Files\<DIR> Xvid
[04/13/2007|11:30] C:\Program Files\<DIR> Yahoo!
[03/28/2008|03:34] C:\Program Files\<DIR> Yamb

--------------------\\ Listing Folders in C:\Program Files\Common Files

[09/08/2007|05:15] C:\Program Files\Common Files\<DIR> Adobe
[09/08/2007|05:13] C:\Program Files\Common Files\<DIR> Adobe Systems Shared
[08/13/2007|02:17] C:\Program Files\Common Files\<DIR> Ahead
[06/22/2007|11:17] C:\Program Files\Common Files\<DIR> AVerMedia
[09/13/2007|06:26] C:\Program Files\Common Files\<DIR> AVSMedia
[04/13/2007|10:24] C:\Program Files\Common Files\<DIR> Designer
[06/17/2007|09:40] C:\Program Files\Common Files\<DIR> InstallShield
[02/11/2008|02:40] C:\Program Files\Common Files\<DIR> Microsoft Shared
[04/13/2007|10:08] C:\Program Files\Common Files\<DIR> MSSoap
[04/15/2007|06:51] C:\Program Files\Common Files\<DIR> Nero
[04/13/2007|09:58] C:\Program Files\Common Files\<DIR> ODBC
[04/16/2007|07:00] C:\Program Files\Common Files\<DIR> Real
[06/17/2007|09:40] C:\Program Files\Common Files\<DIR> Roxio Shared
[04/15/2007|05:28] C:\Program Files\Common Files\<DIR> Scanner
[04/13/2007|10:08] C:\Program Files\Common Files\<DIR> Services
[04/13/2007|09:58] C:\Program Files\Common Files\<DIR> SpeechEngines
[01/02/2008|03:45] C:\Program Files\Common Files\<DIR> SWF Studio
[11/11/2007|01:59] C:\Program Files\Common Files\<DIR> Symantec Shared
[04/13/2007|10:07] C:\Program Files\Common Files\<DIR> System
[01/14/2008|06:08] C:\Program Files\Common Files\<DIR> TV
[09/03/2007|01:41] C:\Program Files\Common Files\<DIR> Ulead Systems
[04/16/2007|07:00] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 33 Processes )

IEXPLORE.EXE ~ [PID:1664]
IEXPLORE.EXE ~ [PID:2212]

--------------------\\ Searching with S_Lop

C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\bweibtvz.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\digmqanm.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\For That Data.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\hvauqfgi.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\hweabytw.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\kmqiwkzb.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\livehidecity.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\mjbboleg.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\mqbdiwdq.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\shzydvaz.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\trjopohz.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\ydntujqc.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\ztslisjw.exe

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\ALLUSE~1\APPLIC~1\seek film amok web
C:\DOCUME~1\ALLUSE~1\APPLIC~1\seek film amok web\Mail proc.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\bweibtvz.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\digmqanm.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\For That Data.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\hvauqfgi.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\hweabytw.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\kmqiwkzb.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\livehidecity.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\mjbboleg.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\mqbdiwdq.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\shzydvaz.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\trjopohz.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\ydntujqc.exe
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\ztslisjw.exe
C:\Program Files\blehba~1
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\NetPumper
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\NetPumper
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\NetPumper\s.s.ram.1.ini
C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\NetPumper\s.s.ram.ini
C:\Program Files\NetPumper
C:\Program Files\NetPumper\AddUrl.htm
C:\Program Files\NetPumper\Anti-Leech
C:\Program Files\NetPumper\help
C:\Program Files\NetPumper\NetPumper.exe
C:\Program Files\NetPumper\README.txt
C:\Program Files\NetPumper\unins000.dat
C:\Program Files\NetPumper\unins000.exe
C:\Program Files\NetPumper\x.bat
C:\Program Files\NetPumper\ZM
C:\WINDOWS\Tasks\AFB1EB1C918E9C84.job

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spam start build]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\SS1611~1.RAM\\APPLIC~1\\BLEHBA~1\\For That Data.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DOES WEB"="C:\\DOCUME~1\\SS1611~1.RAM\\APPLIC~1\\BLEHBA~1\\For That Data.exe"
"DOES WEB"="C:\\DOCUME~1\\SS1611~1.RAM\\APPLIC~1\\BLEHBA~1\\For That Data.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Amok web bash obj"="C:\\Documents and Settings\\All Users\\Application Data\\seek film amok web\\Mail proc.exe"

--------------------\\ Checking the Hosts file

Hosts file MODIFIED

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

-> 72 [ 70 ## added by CiD ]

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 19:41:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job



[F:43][D:103]-> C:\DOCUME~1\SS1611~1.RAM\LOCALS~1\Temp
[F:6][D:0]-> C:\DOCUME~1\SS1611~1.RAM\Cookies
[F:636][D:4]-> C:\DOCUME~1\SS1611~1.RAM\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - Mon 12/08/2008|19:42 - Option : [1]

--------------------\\ Scan completed at 19:42:06

Shaba
2008-12-08, 16:41
Restart Lop S&D

This time choose Option 2 (Fix + Hosts)
Don't close the window during suppression!
Post the log which is created: (C:\lopR.txt)

yukukuhi
2008-12-10, 08:46
--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : BIOS Date: 02/22/06 23:50:09 Ver: 08.00.10
USER : s.s.ram ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:19 Go (Free:7 Go)
D:\ (Local Disk) - NTFS - Total:39 Go (Free:2 Go)
E:\ (Local Disk) - NTFS - Total:90 Go (Free:4 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( Wed 12/10/2008|12:09 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\seek film amok web\Mail proc.exe
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\bweibtvz.exe
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\digmqanm.exe
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\For That Data.exe
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\hvauqfgi.exe
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\hweabytw.exe
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\kmqiwkzb.exe
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\livehidecity.exe
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\mjbboleg.exe
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\mqbdiwdq.exe
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\shzydvaz.exe
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\trjopohz.exe
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\ydntujqc.exe
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1\ztslisjw.exe
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\NetPumper\s.s.ram.1.ini
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\NetPumper\s.s.ram.ini
Deleted! - C:\Program Files\NetPumper\AddUrl.htm
Deleted! - C:\Program Files\NetPumper\Anti-Leech
Deleted! - C:\Program Files\NetPumper\help
Deleted! - C:\Program Files\NetPumper\NetPumper.exe
Deleted! - C:\Program Files\NetPumper\README.txt
Deleted! - C:\Program Files\NetPumper\unins000.dat
Deleted! - C:\Program Files\NetPumper\unins000.exe
Deleted! - C:\Program Files\NetPumper\x.bat
Deleted! - C:\Program Files\NetPumper\ZM
Deleted! - C:\WINDOWS\Tasks\AFB1EB1C918E9C84.job
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\seek film amok web
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\blehba~1
Deleted! - C:\Program Files\blehba~1
Deleted! - C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\NetPumper
Deleted! - C:\Program Files\NetPumper
-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1

[09/08/2007|04:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[09/08/2007|04:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe Systems
[04/15/2007|06:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead
[01/13/2008|04:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[01/12/2008|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[01/12/2008|04:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[11/15/2007|04:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[11/15/2007|04:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[11/23/2008|04:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[05/05/2007|09:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AVS4YOU
[09/25/2007|09:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[04/19/2007|01:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[11/22/2008|07:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Grisoft
[06/04/2007|08:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[09/03/2007|01:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InterVideo
[01/14/2008|10:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Metacafe
[04/13/2007|09:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[03/05/2008|03:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Office Genuine Advantage
[04/14/2007|09:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Plan log bias support
[06/17/2007|09:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Roxio
[06/04/2007|08:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[11/21/2008|09:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[04/15/2007|03:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[12/07/2008|08:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[09/03/2007|01:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ulead Systems
[04/15/2007|03:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[04/13/2007|11:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> yahoo!
[05/02/2007|06:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[04/13/2007|09:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[11/23/2008|02:38] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[06/04/2007|08:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Roxio

[11/23/2008|02:38] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[04/16/2007|06:31] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> .BitTornado
[09/16/2007|06:56] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> AccurateRip
[07/05/2008|12:12] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Adobe
[04/16/2007|09:20] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Ahead
[04/14/2007|09:19] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> ANTI SCR HOLE
[01/13/2008|04:06] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> AOL
[04/20/2007|09:35] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Apple Computer
[12/10/2008|10:08] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Avant Browser
[04/16/2007|02:18] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> AVS Video Converter
[04/22/2007|01:35] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> AVSMedia
[04/01/2008|05:51] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Cuttermaran
[09/25/2007|09:47] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> CyberLink
[09/05/2008|11:21] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> DAEMON Tools
[02/28/2008|09:57] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> dBpoweramp
[05/12/2007|09:06] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> DivX
[02/09/2008|09:02] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Dr. DivX 2.0 OSS
[02/11/2008|02:45] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> FLV Extract
[10/10/2007|02:28] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> GetRightToGo
[04/19/2007|03:25] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Google
[04/18/2007|03:00] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Help
[04/13/2007|10:21] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Identities
[03/25/2008|11:32] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> iLike
[03/01/2008|08:29] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Jasc
[09/01/2007|10:11] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> LEAPS
[05/15/2008|06:04] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Macromedia
[02/09/2008|08:36] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Media Player Classic
[12/10/2008|12:06] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> MegauploadToolbar
[11/23/2008|02:38] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Microsoft
[11/11/2007|04:14] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Moyea
[02/06/2008|08:22] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Mozilla
[09/08/2007|04:59] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Opera
[06/05/2008|11:05] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Orbit
[04/24/2007|05:16] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Pegasys Inc
[04/14/2007|09:18] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Proxy Byte Rule
[03/31/2008|02:07] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Real
[10/16/2007|10:44] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Rediff.com
[06/04/2007|08:12] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Roxio
[04/15/2007|03:17] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> SUPERAntiSpyware.com
[10/06/2007|06:31] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Symantec
[12/07/2008|12:46] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> U3
[09/03/2007|02:29] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Ulead Systems
[05/02/2008|02:28] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Uniblue
[05/06/2007|10:35] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> VideoReDoPlus
[12/07/2008|08:32] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> VideoReDo-TVSuite
[04/14/2007|09:47] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> WinRAR
[11/11/2007|06:19] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> Xilisoft Corporation
[04/14/2007|02:32] C:\DOCUME~1\SS1611~1.RAM\APPLIC~1\<DIR> yahoo!


--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[12/06/2008 02:53 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[12/09/2008 09:00 PM][--a------] C:\WINDOWS\tasks\At22.job
[12/09/2008 11:00 PM][--a------] C:\WINDOWS\tasks\At24.job
[11/22/2008 10:00 PM][--a------] C:\WINDOWS\tasks\At23.job
[12/09/2008 07:00 PM][--a------] C:\WINDOWS\tasks\At20.job
[12/09/2008 08:00 PM][--a------] C:\WINDOWS\tasks\At21.job
[12/09/2008 05:00 PM][--a------] C:\WINDOWS\tasks\At18.job
[12/09/2008 06:00 PM][--a------] C:\WINDOWS\tasks\At19.job
[12/07/2008 01:00 PM][--a------] C:\WINDOWS\tasks\At14.job
[12/07/2008 02:00 PM][--a------] C:\WINDOWS\tasks\At15.job
[12/09/2008 03:00 PM][--a------] C:\WINDOWS\tasks\At16.job
[12/09/2008 04:00 PM][--a------] C:\WINDOWS\tasks\At17.job
[12/10/2008 12:00 PM][--a------] C:\WINDOWS\tasks\At13.job
[12/10/2008 10:00 AM][--a------] C:\WINDOWS\tasks\At11.job
[12/10/2008 11:00 AM][--a------] C:\WINDOWS\tasks\At12.job
[09/02/2007 11:47 AM][--a------] C:\WINDOWS\tasks\At7.job
[09/15/2008 08:00 AM][--a------] C:\WINDOWS\tasks\At9.job
[04/30/2008 07:00 AM][--a------] C:\WINDOWS\tasks\At8.job
[12/05/2008 09:00 AM][--a------] C:\WINDOWS\tasks\At10.job
[09/02/2007 11:47 AM][--a------] C:\WINDOWS\tasks\At5.job
[09/02/2007 11:47 AM][--a------] C:\WINDOWS\tasks\At6.job
[09/02/2007 11:47 AM][--a------] C:\WINDOWS\tasks\At4.job
[09/02/2007 11:47 AM][--a------] C:\WINDOWS\tasks\At3.job
[11/14/2008 01:00 AM][--a------] C:\WINDOWS\tasks\At2.job
[10/22/2008 12:00 AM][--a------] C:\WINDOWS\tasks\At1.job
[12/10/2008 09:15 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[09/01/2004 01:30 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[09/08/2007|05:16] C:\Program Files\<DIR> Adobe
[08/13/2007|02:24] C:\Program Files\<DIR> Ahead
[12/09/2008|07:38] C:\Program Files\<DIR> AMVapp
[04/10/2008|02:32] C:\Program Files\<DIR> Anti-Leech
[11/15/2007|04:00] C:\Program Files\<DIR> Apple Software Update
[11/29/2008|07:23] C:\Program Files\<DIR> ARWizard3
[06/28/2008|05:28] C:\Program Files\<DIR> Avant Browser
[06/22/2007|11:17] C:\Program Files\<DIR> AVerMedia
[11/29/2008|08:18] C:\Program Files\<DIR> AVerTV
[11/23/2008|02:41] C:\Program Files\<DIR> AVG
[06/17/2007|04:46] C:\Program Files\<DIR> AVI MPEG WMV RM to MP3 Converter
[12/05/2008|08:03] C:\Program Files\<DIR> avisplit
[12/09/2008|07:35] C:\Program Files\<DIR> AviSynth 2.5
[03/02/2008|02:11] C:\Program Files\<DIR> AVSMedia
[04/14/2007|05:40] C:\Program Files\<DIR> BitTornado
[03/30/2008|01:12] C:\Program Files\<DIR> Boilsoft Video Joiner
[03/28/2008|08:52] C:\Program Files\<DIR> Boilsoft Video Splitter
[11/09/2008|11:57] C:\Program Files\<DIR> Common Files
[11/07/2007|03:14] C:\Program Files\<DIR> Coolwallpaper
[10/01/2007|06:40] C:\Program Files\<DIR> CyberLink
[09/05/2008|11:05] C:\Program Files\<DIR> Disciples Demo
[01/28/2008|06:16] C:\Program Files\<DIR> DivX
[04/02/2008|08:10] C:\Program Files\<DIR> DVD Decrypter
[12/09/2008|07:59] C:\Program Files\<DIR> ffdshow
[05/07/2008|04:01] C:\Program Files\<DIR> Google
[02/16/2008|04:37] C:\Program Files\<DIR> Illustrate
[04/01/2008|11:43] C:\Program Files\<DIR> InstallShield Installation Information
[11/09/2008|11:58] C:\Program Files\<DIR> Intel
[02/11/2008|02:40] C:\Program Files\<DIR> Internet Explorer
[11/15/2007|04:03] C:\Program Files\<DIR> iPod
[05/17/2007|01:08] C:\Program Files\<DIR> Ipwindows
[06/03/2008|10:57] C:\Program Files\<DIR> iTunes
[09/01/2007|01:03] C:\Program Files\<DIR> MegauploadToolbar
[04/13/2007|10:06] C:\Program Files\<DIR> Messenger
[04/13/2007|10:24] C:\Program Files\<DIR> Microsoft ActiveSync
[04/13/2007|10:11] C:\Program Files\<DIR> microsoft frontpage
[11/09/2008|11:56] C:\Program Files\<DIR> Microsoft Games
[04/13/2007|10:23] C:\Program Files\<DIR> Microsoft Office
[12/09/2008|06:52] C:\Program Files\<DIR> MKVtoolnix
[06/17/2007|08:04] C:\Program Files\<DIR> Mobile Action
[04/13/2007|10:08] C:\Program Files\<DIR> Movie Maker
[12/10/2008|12:06] C:\Program Files\<DIR> Mozilla Firefox
[10/14/2007|02:16] C:\Program Files\<DIR> MSN
[04/13/2007|10:06] C:\Program Files\<DIR> MSN Gaming Zone
[02/11/2008|10:44] C:\Program Files\<DIR> NetMeeting
[06/05/2008|11:47] C:\Program Files\<DIR> New Folder
[04/13/2007|10:06] C:\Program Files\<DIR> Online Services
[04/13/2007|10:07] C:\Program Files\<DIR> Outlook Express
[11/09/2008|02:07] C:\Program Files\<DIR> Panda Security
[11/15/2007|04:02] C:\Program Files\<DIR> QuickTime
[04/16/2007|07:00] C:\Program Files\<DIR> Real
[05/12/2007|02:36] C:\Program Files\<DIR> Realtek
[07/11/2008|06:31] C:\Program Files\<DIR> Replay Media Catcher
[06/04/2008|08:59] C:\Program Files\<DIR> Smallvideosoft
[04/04/2008|08:21] C:\Program Files\<DIR> SourceForge
[11/20/2008|08:39] C:\Program Files\<DIR> Spybot - Search & Destroy
[11/21/2008|12:28] C:\Program Files\<DIR> Trend Micro
[09/03/2007|01:40] C:\Program Files\<DIR> Ulead Systems
[04/13/2007|10:21] C:\Program Files\<DIR> Uninstall Information
[11/13/2007|11:32] C:\Program Files\<DIR> Veoh Networks
[10/13/2008|04:19] C:\Program Files\<DIR> VideoReDoTVSuite
[09/03/2007|01:42] C:\Program Files\<DIR> Windows Media Components
[04/13/2007|10:06] C:\Program Files\<DIR> Windows Media Player
[04/13/2007|10:05] C:\Program Files\<DIR> Windows NT
[04/13/2007|10:09] C:\Program Files\<DIR> WindowsUpdate
[04/14/2007|09:46] C:\Program Files\<DIR> WinRAR
[04/01/2008|05:13] C:\Program Files\<DIR> Womble Multimedia
[04/13/2007|10:11] C:\Program Files\<DIR> xerox
[06/04/2008|02:13] C:\Program Files\<DIR> Xilisoft
[06/05/2008|11:49] C:\Program Files\<DIR> Xvid
[04/13/2007|11:30] C:\Program Files\<DIR> Yahoo!
[03/28/2008|03:34] C:\Program Files\<DIR> Yamb

--------------------\\ Listing Folders in C:\Program Files\Common Files

[09/08/2007|05:15] C:\Program Files\Common Files\<DIR> Adobe
[09/08/2007|05:13] C:\Program Files\Common Files\<DIR> Adobe Systems Shared
[08/13/2007|02:17] C:\Program Files\Common Files\<DIR> Ahead
[06/22/2007|11:17] C:\Program Files\Common Files\<DIR> AVerMedia
[09/13/2007|06:26] C:\Program Files\Common Files\<DIR> AVSMedia
[04/13/2007|10:24] C:\Program Files\Common Files\<DIR> Designer
[06/17/2007|09:40] C:\Program Files\Common Files\<DIR> InstallShield
[02/11/2008|02:40] C:\Program Files\Common Files\<DIR> Microsoft Shared
[04/13/2007|10:08] C:\Program Files\Common Files\<DIR> MSSoap
[04/15/2007|06:51] C:\Program Files\Common Files\<DIR> Nero
[04/13/2007|09:58] C:\Program Files\Common Files\<DIR> ODBC
[04/16/2007|07:00] C:\Program Files\Common Files\<DIR> Real
[06/17/2007|09:40] C:\Program Files\Common Files\<DIR> Roxio Shared
[04/15/2007|05:28] C:\Program Files\Common Files\<DIR> Scanner
[04/13/2007|10:08] C:\Program Files\Common Files\<DIR> Services
[04/13/2007|09:58] C:\Program Files\Common Files\<DIR> SpeechEngines
[01/02/2008|03:45] C:\Program Files\Common Files\<DIR> SWF Studio
[11/11/2007|01:59] C:\Program Files\Common Files\<DIR> Symantec Shared
[04/13/2007|10:07] C:\Program Files\Common Files\<DIR> System
[01/14/2008|06:08] C:\Program Files\Common Files\<DIR> TV
[09/03/2007|01:41] C:\Program Files\Common Files\<DIR> Ulead Systems
[04/16/2007|07:00] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 32 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\SS1611~1.RAM\LOCALS~1\Temp\nsisdt.dll

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 12:11:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job



[F:49][D:103]-> C:\DOCUME~1\SS1611~1.RAM\LOCALS~1\Temp
[F:28][D:0]-> C:\DOCUME~1\SS1611~1.RAM\Cookies
[F:1683][D:4]-> C:\DOCUME~1\SS1611~1.RAM\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - Mon 12/08/2008|19:42 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Wed 12/10/2008|12:11 - Option : [2]

--------------------\\ Scan completed at 12:11:45

Shaba
2008-12-10, 12:21
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

yukukuhi
2008-12-11, 08:38
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.1
Adobe Shockwave Player
Adobe Stock Photos 1.0
AMVapp 2.1
AMVapp Audio Apps 2.0
AMVapp Support Tools 2.0
Apple Software Update
Audio Record Wizard v3.98
Avant Browser (remove only)
AVerTV GO 007 FM Plus
AVG Free 8.0
AVI MPEG WMV RM to MP3 Converter 1.6.8
AVI Splitter
AviSynth 2.5
Avisynth Filters 2.5x
AVS DVD Player version 2.4
BitTornado 0.3.8
Boilsoft Video Joiner 5.01
Boilsoft Video Splitter 5.01
dBpowerAMP
dBpoweramp DSP Effects
dBpoweramp Music Converter
DGMPEGDec 1.2.1
DivX Web Player
DVD Decrypter (Remove Only)
ffdshow [rev 1846] [2008-02-05]
Google Toolbar for Internet Explorer
Helix YUV Codecs (remove only)
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Intel(R) Graphics Media Accelerator Driver
iPod for Windows 2005-11-17
iTunes
Lossless Codecs
Megaupload Toolbar
Microsoft .NET Framework 2.0
Microsoft Age of Empires Trial
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
MKVtoolnix 2.4.1
Mozilla Firefox (2.0.0.18)
MSN
Nero Suite
Panasonic VS3_VS2_MX6_SA6 USB-Handset Manager
Panda ActiveScan 2.0
PhotoNow! 1.0
PremiereAVSPlugin 1.5
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Replay Media Catcher
Spybot - Search & Destroy
Ulead VideoStudio 11
VeohTV BETA
VideoReDo TVSuite Version 3.1.4.549
VirtualDubMod 1.5.4.1
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
Xiph QuickTime Components
XMLinst
Xvid 1.1.3 final uninstall
Yahoo! extras
Yahoo! Messenger
Yahoo! Toolbar

Shaba
2008-12-11, 11:24
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTornado 0.3.8

I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new uninstall list scan when finished and post the log back here.

yukukuhi
2008-12-11, 16:28
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.1
Adobe Shockwave Player
Adobe Stock Photos 1.0
AMVapp 2.1
AMVapp Audio Apps 2.0
AMVapp Support Tools 2.0
Apple Software Update
Audio Record Wizard v3.98
Avant Browser (remove only)
AVerTV GO 007 FM Plus
AVG Free 8.0
AVI MPEG WMV RM to MP3 Converter 1.6.8
AVI Splitter
AviSynth 2.5
Avisynth Filters 2.5x
AVS DVD Player version 2.4
dBpowerAMP
dBpoweramp DSP Effects
dBpoweramp Music Converter
DGMPEGDec 1.2.1
DivX Web Player
DVD Decrypter (Remove Only)
ffdshow [rev 1846] [2008-02-05]
Google Toolbar for Internet Explorer
Helix YUV Codecs (remove only)
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Intel(R) Graphics Media Accelerator Driver
iPod for Windows 2005-11-17
iTunes
Lossless Codecs
Megaupload Toolbar
Microsoft .NET Framework 2.0
Microsoft Age of Empires Trial
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.18)
MSN
Nero Suite
Panasonic VS3_VS2_MX6_SA6 USB-Handset Manager
PhotoNow! 1.0
PremiereAVSPlugin 1.5
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Replay Media Catcher
Spybot - Search & Destroy
Ulead VideoStudio 11
VeohTV BETA
VideoReDo TVSuite Version 3.1.4.549
VirtualDubMod 1.5.4.1
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
Xiph QuickTime Components
XMLinst
Xvid 1.1.3 final uninstall
Yahoo! extras
Yahoo! Messenger
Yahoo! Toolbar

Shaba
2008-12-11, 16:48
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

yukukuhi
2008-12-12, 17:00
RSIT.exe is not working when it's running: Performing Registry Dump .

Autolt Error

Line -1:
Error: Error parsing function call.

Shaba
2008-12-12, 18:56
Please then try this instead.

Please download DDS (http://download.bleepingcomputer.com/sUBs/dds.scr) and save it to your desktop.
Disable any script blocking protection Double click dds.scr to run the tool. When done, DDS.txt will open. Click Yes at the next prompt for Optional Scan. Save both reports to your desktop.---------------------------------------------------

Please copy/paste the contents of the following reports in your next reply:

DDS.txt
Attach.txt

yukukuhi
2008-12-13, 11:42
DDS.txt


DDS (Version 1.0.1) - NTFSx86
Run by s.s.ram at 15:03:08.03 on Sat 12/13/2008
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.204 [GMT 5.5:30]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVerTV\QuickTV.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Documents and Settings\s.s.ram\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mWinlogon: System=kdneu.exe
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3E1500AC-87A5-416b-A211-82E848649DA9} - c:\progra~1\ofb1\Ofb1.dll
BHO: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - c:\progra~1\megaup~1\MEGAUP~1.DLL
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - c:\progra~1\megaup~1\MEGAUP~1.DLL
TB: {D0943516-5076-4020-A3B5-AEFAF26AB263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - c:\progra~1\megaup~1\MEGAUP~1.DLL
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [<NO NAME>]
uRun: c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [c:\windows\system32\kdneu.exe] c:\windows\system32\kdneu.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicktv.lnk - c:\program files\avertv\QuickTV.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\progra~1\yahoo!\common\yhexbmesin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\perfc000.dat,avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ss1611~1.ram\applic~1\mozilla\firefox\profiles\aqzwukpa.default\

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-23 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-23 26824]
R1 prcmondrv;prcmondrv;\??\c:\windows\system32\drivers\prcmondrv1041.sys [2007-10-8 18432]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-11-23 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-11-23 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-23 76040]
R3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [2008-1-14 57152]
S2 BT848;AVerMedia AVerTV WDM Video Capture (878);c:\windows\system32\drivers\Bt848.sys []
S2 osaio;osaio;c:\windows\system32\drivers\osaio.sys []
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2007-6-22 1171456]
S3 pacdcacm;pacdcacm;c:\windows\system32\drivers\pacdcacm.sys [2007-6-17 26496]

============== File Associations ===============

scrfile="%1" %*

=============== Created Last 30 ================

2008-12-13 12:24 6,144 a------- c:\windows\system32\ff_acm.acm
2008-12-13 11:43 54,156 a---h--- c:\windows\QTFont.qfn
2008-12-13 11:43 1,409 a------- c:\windows\QTFont.for
2008-12-12 10:30 473,422,040 a------- C:\TV_CH68_1212_103027.mpg
2008-12-09 22:25 5,632 a------- c:\windows\system32\ptpusb.dll
2008-12-09 22:25 159,232 a------- c:\windows\system32\ptpusd.dll
2008-12-09 22:25 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2008-12-09 22:25 15,104 a------- c:\windows\system32\dllcache\usbscan.sys
2008-12-09 19:59 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2008-12-09 19:59 7,680 a------- c:\windows\system32\ff_vfw.dll
2008-12-09 19:59 <DIR> --d----- c:\program files\ffdshow
2008-12-09 19:38 58,652 a------- c:\program files\AMVapp-uninst.exe
2008-12-09 19:36 67,895 a------- c:\program files\Premiere AVS Plugin uninst.exe
2008-12-09 18:50 <DIR> --d----- c:\program files\MKVtoolnix
2008-12-08 19:08 <DIR> --d----- C:\Lop SD
2008-12-08 17:01 593,235,860 a------- C:\TV_CH68_1208_170121.mpg
2008-12-05 20:03 <DIR> --d----- c:\program files\avisplit
2008-12-03 19:32 0 a------- C:\[TOMA] Lupin III - Walther P-38 [E9611B2C].mkv
2008-12-03 19:20 <DIR> --d----- C:\[ILA] Lupin III - The Secret of Twilight Gemini
2008-11-29 19:23 <DIR> --d----- c:\program files\ARWizard3
2008-11-23 15:09 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-11-23 14:42 76,040 a------- c:\windows\system32\drivers\avgtdix.sys
2008-11-23 14:42 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-11-23 14:42 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2008-11-23 14:42 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-11-23 14:41 <DIR> --d----- c:\program files\AVG
2008-11-23 14:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-11-21 12:28 <DIR> --d----- c:\program files\Trend Micro
2008-11-20 20:31 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-11-20 20:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

==================== Find3M ====================

2008-12-09 19:37 35,365 a------- c:\windows\system32\uninstHelixYUV.exe
2008-03-09 08:18 39,208 a------- c:\docume~1\ss1611~1.ram\applic~1\GDIPFONTCACHEV1.DAT
2004-05-08 12:11 53,361 a------- c:\program files\Premiere AVS GUI.exe
2004-05-07 03:27 57,344 a------- c:\program files\IM-Avisynth.prm
2007-10-01 18:36 56 ---shr-- c:\windows\system32\FFBD8F5B1A.sys
2007-10-01 18:36 5,018 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 15:03:32.70 ===============


[U]Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/13/2007 10:18:31 PM
System Uptime: 12/13/2008 2:59:51 PM (1 hours ago)

Motherboard: Intel Corporation | | D915GAV
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | J2E1 | 3000/200mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | J2E1 | 3000/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 20 GiB total, 6.68 GiB free.
D: is FIXED (NTFS) - 39 GiB total, 1.981 GiB free.
E: is FIXED (NTFS) - 90 GiB total, 1.623 GiB free.
F: is CDROM ()
G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&2D2D400&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&2D2D400&0
Service: i8042prt

==== System Restore Points ===================

RP399: 11/9/2008 11:57:07 AM - Removed InterVideo DeviceService
RP400: 11/9/2008 11:57:50 AM - Removed Intel(R) PROSet for Wired Connections
RP401: 11/9/2008 11:58:31 AM - Removed Intel(R) PROSafe for Wired Connections
RP402: 11/10/2008 11:59:01 AM - System Checkpoint
RP403: 11/12/2008 10:21:13 AM - System Checkpoint
RP404: 11/13/2008 11:14:18 AM - System Checkpoint
RP405: 11/14/2008 12:47:51 PM - System Checkpoint
RP406: 11/16/2008 1:40:52 PM - System Checkpoint
RP407: 11/18/2008 9:52:12 AM - System Checkpoint
RP408: 11/19/2008 9:56:05 AM - System Checkpoint
RP409: 11/20/2008 10:04:39 AM - System Checkpoint
RP410: 11/21/2008 11:12:32 AM - System Checkpoint
RP411: 11/22/2008 4:31:32 PM - System Checkpoint
RP412: 11/22/2008 7:58:55 PM - Removed AVG 7.5
RP413: 11/22/2008 8:00:03 PM - Installed AVG 7.5
RP414: 11/23/2008 2:41:55 PM - Installed AVG Free 8.0
RP415: 11/23/2008 4:07:19 PM - Avg8 Update
RP416: 11/24/2008 5:20:48 PM - System Checkpoint
RP417: 11/27/2008 11:20:17 AM - System Checkpoint
RP418: 11/29/2008 10:24:27 AM - System Checkpoint
RP419: 11/30/2008 1:16:10 PM - System Checkpoint
RP420: 12/1/2008 1:44:05 PM - System Checkpoint
RP421: 12/2/2008 4:19:24 PM - System Checkpoint
RP422: 12/4/2008 12:49:26 PM - System Checkpoint
RP423: 12/4/2008 10:50:52 PM - Avg8 Update
RP424: 12/6/2008 9:41:49 AM - System Checkpoint
RP425: 12/7/2008 2:01:52 PM - System Checkpoint
RP426: 12/9/2008 10:05:47 AM - System Checkpoint
RP427: 12/10/2008 5:49:56 PM - System Checkpoint
RP428: 12/11/2008 6:39:53 PM - System Checkpoint
RP429: 12/12/2008 7:45:09 PM - System Checkpoint
RP430: 12/13/2008 3:02:24 PM - Avg8 Update

==== Installed Programs ======================


Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.1
Adobe Shockwave Player
Adobe Stock Photos 1.0
AMVapp 2.1
AMVapp Audio Apps 2.0
AMVapp Support Tools 2.0
Apple Software Update
Audio Record Wizard v3.98
Avant Browser (remove only)
AVerTV GO 007 FM Plus
AVG Free 8.0
AVI MPEG WMV RM to MP3 Converter 1.6.8
AVI Splitter
AviSynth 2.5
Avisynth Filters 2.5x
AVS DVD Player version 2.4
dBpowerAMP
dBpoweramp DSP Effects
dBpoweramp Music Converter
DGMPEGDec 1.2.1
DivX Web Player
DVD Decrypter (Remove Only)
ffdshow [rev 1846] [2008-02-05]
Google Toolbar for Internet Explorer
Helix YUV Codecs (remove only)
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Intel(R) Graphics Media Accelerator Driver
iPod for Windows 2005-11-17
IpWins
iTunes
Lossless Codecs
Megaupload Toolbar
Microsoft .NET Framework 2.0
Microsoft Age of Empires Trial
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
MKVtoolnix 2.4.1
Mozilla Firefox (2.0.0.18)
MSN
Nero Suite
Panasonic VS3_VS2_MX6_SA6 USB-Handset Manager
PhotoNow! 1.0
PremiereAVSPlugin 1.5
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Replay Media Catcher
Spybot - Search & Destroy
TV
Ulead VideoStudio 11
VeohTV BETA
VideoReDo TVSuite Version 3.1.4.549
VideoStudio
VirtualDubMod 1.5.4.1
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
Xiph QuickTime Components
XMLinst
Xvid 1.1.3 final uninstall
Yahoo! extras
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages ===================

12/9/2008 12:00:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
12/9/2008 11:00:02 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
12/9/2008 10:36:12 AM, error: NetBT [4311] - Initialization failed because the driver device could not be created.
12/9/2008 10:00:02 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
12/9/2008 9:37:20 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
12/9/2008 9:33:07 AM, error: Service Control Manager [7000] - The osaio service failed to start due to the following error: The system cannot find the file specified.
12/9/2008 9:33:07 AM, error: Service Control Manager [7000] - The AVerMedia AVerTV WDM Video Capture (878) service failed to start due to the following error: The system cannot find the file specified.
12/8/2008 8:00:03 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
12/8/2008 7:00:02 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
12/8/2008 6:00:02 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
12/8/2008 5:00:03 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
12/8/2008 4:00:02 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
12/8/2008 3:00:02 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
12/7/2008 7:34:16 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00E04D0504EA. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
12/7/2008 6:40:07 PM, error: Dhcp [1002] - The IP address lease 192.168.100.5 for the Network Card with network address 00E04D0504EA has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/7/2008 2:00:02 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
12/7/2008 1:00:02 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
12/9/2008 9:00:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
12/9/2008 11:00:02 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
12/10/2008 10:00:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
12/13/2008 12:56:48 PM, error: Dhcp [1002] - The IP address lease 210.18.189.79 for the Network Card with network address 00E04D0504EA has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

Shaba
2008-12-13, 12:08
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)

yukukuhi
2008-12-13, 19:39
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, December 13, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, December 13, 2008 10:49:55
Records in database: 1457562
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 112734
Threat name: 11
Infected objects: 28
Suspicious objects: 0
Duration of the scan: 04:05:00


File name / Threat name / Threats count
C:\Documents and Settings\s.s.ram\Desktop\New Folder (7)\mkvtoolnix-unicode-2.4.1-setup(3).exe Infected: Backdoor.Win32.Small.gvb 1
C:\Documents and Settings\s.s.ram\Local Settings\Temp\sta1.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1\seek film amok web\Mail proc.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\bweibtvz.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\digmqanm.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\For That Data.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\hvauqfgi.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\hweabytw.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\kmqiwkzb.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\livehidecity.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\mjbboleg.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\mqbdiwdq.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\shzydvaz.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\trjopohz.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\ydntujqc.exe Infected: Trojan.Win32.Obfuscated.gen 1
C:\Lop SD\Backup-Lop\DOCUME~1\SS1611~1.RAM\APPLIC~1\BLEHBA~1\ztslisjw.exe Infected: Trojan.Win32.Obfuscated.gen 1
D:\autorun.inf Infected: Worm.Win32.AutoRun.onp 1
D:\F\Neolder\Kumresearh\Cardcaptor Sakura\Pictures\ss1\ccsakura_ss.exe Infected: not-a-virus:AdWare.Win32.Gator.3013 1
D:\F\Neolder\Kumresearh\Cardcaptor Sakura\Pictures\ss1.zip Infected: not-a-virus:AdWare.Win32.Gator.3013 1
D:\mIRC 6.3 + keygen.rar Infected: not-a-virus:Client-IRC.Win32.mIRC.63 1
D:\mIRC 6.31 + Crack.zip Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
D:\Softwares\Active[1].File.Rec0very.Enterprise.v7.1_4all_jumpoo\fo-fr71e.exe Infected: not-a-virus:FraudTool.Win32.ContaVir.d 1
D:\Softwares\Active[1].File.Rec0very.Enterprise.v7.1_4all_jumpoo.rar Infected: not-a-virus:FraudTool.Win32.ContaVir.d 1
D:\Softwares\gc2003.exe Infected: not-a-virus:WebToolbar.Win32.VB.e 1
D:\Softwares\keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a 2
D:\Softwares\netpumper-1.23-setup.exe Infected: Packed.Win32.PolyCrypt.d 1
E:\autorun.inf Infected: Worm.Win32.AutoRun.oni 1

The selected area was scanned.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:50 PM, on 12/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVerTV\QuickTV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://server.toolbar.rediff.com/toolbar/3.0/sidesearch.html?mode=toolbar
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ofb1 - {3E1500AC-87A5-416b-A211-82E848649DA9} - C:\PROGRA~1\Ofb1\Ofb1.dll (file missing)
O2 - BHO: (no name) - {484FFC3E-5891-BD10-0BED-75DFED1D8FA1} - (no file)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {A75E294E-C047-4D29-B07E-37B792881BEF} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdneu.exe] C:\WINDOWS\system32\kdneu.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV\QuickTV.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat,avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7159 bytes

Shaba
2008-12-13, 19:44
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

yukukuhi
2008-12-14, 16:50
Malwarebytes' Anti-Malware 1.31
Database version: 1499
Windows 5.1.2600 Service Pack 2

12/14/2008 8:10:21 PM
mbam-log-2008-12-14 (20-10-21).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 147301
Time elapsed: 1 hour(s), 20 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 7
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\ofb1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ofb1.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7be6b643-6201-4cf7-b8b1-d79ffae57cba} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9504ae8f-1019-4258-a047-c04ccc5301e6} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a1789eb6-b263-4bd6-8830-d3daaf78949a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e1500ac-87a5-416b-a211-82e848649da9} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e7467507-dd40-4123-be49-7b7df5db80c6} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{58696980-c6b3-4ad2-ab53-718f1c3c57ca} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c1bc108b-b3ef-4e18-8ee6-cf3c381e3783} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a93a1ba9-9ee8-469f-a9fe-fd1c26700bda} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a75e294e-c047-4d29-b07e-37b792881bef} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3e1500ac-87a5-416b-a211-82e848649da9} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a75e294e-c047-4d29-b07e-37b792881bef} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3e1500ac-87a5-416b-a211-82e848649da9} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sexvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\AleWinSecure.EXE (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ofb1= (Trojan.Clicker) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{12f02779-6d88-4958-8ad3-83c12d86adc7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{12f02779-6d88-4958-8ad3-83c12d86adc7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{12f02779-6d88-4958-8ad3-83c12d86adc7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{12f02779-6d88-4958-8ad3-83c12d86adc7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Netscape\Netscape Navigator\Automation Protocols\ftp (Adware.NetPumper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Netscape\Netscape Navigator\Automation Protocols\http (Adware.NetPumper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.starsdoor.com (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdneu.exe -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Ipwindows (Trojan.Rond) -> Quarantined and deleted successfully.
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\wr.txt (Malware.Trace) -> Quarantined and deleted successfully.

Shaba
2008-12-14, 17:38
Re-run DDS.

Post back fresh DDS logs, please.

yukukuhi
2008-12-15, 08:34
DDS.txt


DDS (Version 1.0.1) - NTFSx86
Run by s.s.ram at 11:58:15.54 on Mon 12/15/2008
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.182 [GMT 5.5:30]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVerTV\QuickTV.exe
C:\Documents and Settings\s.s.ram\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - c:\progra~1\megaup~1\MEGAUP~1.DLL
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - c:\progra~1\megaup~1\MEGAUP~1.DLL
TB: {D0943516-5076-4020-A3B5-AEFAF26AB263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - c:\progra~1\megaup~1\MEGAUP~1.DLL
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [<NO NAME>]
uRun: c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [c:\windows\system32\kdneu.exe] c:\windows\system32\kdneu.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicktv.lnk - c:\program files\avertv\QuickTV.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\progra~1\yahoo!\common\yhexbmesin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\perfc000.dat,avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ss1611~1.ram\applic~1\mozilla\firefox\profiles\aqzwukpa.default\

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-23 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-23 26824]
R1 prcmondrv;prcmondrv;\??\c:\windows\system32\drivers\prcmondrv1041.sys [2007-10-8 18432]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-11-23 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-11-23 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-23 76040]
R3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [2008-1-14 57152]
S2 BT848;AVerMedia AVerTV WDM Video Capture (878);c:\windows\system32\drivers\Bt848.sys []
S2 osaio;osaio;c:\windows\system32\drivers\osaio.sys []
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2007-6-22 1171456]
S3 pacdcacm;pacdcacm;c:\windows\system32\drivers\pacdcacm.sys [2007-6-17 26496]

============== File Associations ===============

scrfile="%1" %*

=============== Created Last 30 ================

2008-12-14 18:44 <DIR> --d----- c:\docume~1\ss1611~1.ram\applic~1\Malwarebytes
2008-12-14 18:44 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-14 18:44 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 18:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-14 18:44 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-13 17:13 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-13 17:13 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-13 12:24 6,144 a------- c:\windows\system32\ff_acm.acm
2008-12-13 11:43 54,156 a---h--- c:\windows\QTFont.qfn
2008-12-13 11:43 1,409 a------- c:\windows\QTFont.for
2008-12-12 10:30 473,422,040 a------- C:\TV_CH68_1212_103027.mpg
2008-12-09 22:25 5,632 a------- c:\windows\system32\ptpusb.dll
2008-12-09 22:25 159,232 a------- c:\windows\system32\ptpusd.dll
2008-12-09 22:25 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2008-12-09 22:25 15,104 a------- c:\windows\system32\dllcache\usbscan.sys
2008-12-09 20:00 1,183,043,820 a------- C:\TV_CH68_1209_200008.mpg
2008-12-09 19:59 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2008-12-09 19:59 7,680 a------- c:\windows\system32\ff_vfw.dll
2008-12-09 19:59 <DIR> --d----- c:\program files\ffdshow
2008-12-09 19:38 58,652 a------- c:\program files\AMVapp-uninst.exe
2008-12-09 19:36 67,895 a------- c:\program files\Premiere AVS Plugin uninst.exe
2008-12-08 19:08 <DIR> --d----- C:\Lop SD
2008-12-08 17:01 593,235,860 a------- C:\TV_CH68_1208_170121.mpg
2008-12-05 20:03 <DIR> --d----- c:\program files\avisplit
2008-12-03 19:32 0 a------- C:\[TOMA] Lupin III - Walther P-38 [E9611B2C].mkv
2008-12-03 19:20 <DIR> --d----- C:\[ILA] Lupin III - The Secret of Twilight Gemini
2008-11-29 19:23 <DIR> --d----- c:\program files\ARWizard3
2008-11-23 15:09 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-11-23 14:42 76,040 a------- c:\windows\system32\drivers\avgtdix.sys
2008-11-23 14:42 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-11-23 14:42 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2008-11-23 14:42 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-11-23 14:41 <DIR> --d----- c:\program files\AVG
2008-11-23 14:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-11-21 12:28 <DIR> --d----- c:\program files\Trend Micro
2008-11-20 20:31 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-11-20 20:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

==================== Find3M ====================

2008-12-09 19:37 35,365 a------- c:\windows\system32\uninstHelixYUV.exe
2008-03-09 08:18 39,208 a------- c:\docume~1\ss1611~1.ram\applic~1\GDIPFONTCACHEV1.DAT
2004-05-08 12:11 53,361 a------- c:\program files\Premiere AVS GUI.exe
2004-05-07 03:27 57,344 a------- c:\program files\IM-Avisynth.prm
2007-10-01 18:36 56 ---shr-- c:\windows\system32\FFBD8F5B1A.sys
2007-10-01 18:36 5,018 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 11:58:45.76 ===============


[U]Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/13/2007 10:18:31 PM
System Uptime: 12/15/2008 8:45:36 AM (3 hours ago)

Motherboard: Intel Corporation | | D915GAV
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | J2E1 | 3000/200mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | J2E1 | 3000/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 20 GiB total, 5.188 GiB free.
D: is FIXED (NTFS) - 39 GiB total, 1.921 GiB free.
E: is FIXED (NTFS) - 90 GiB total, 6.36 GiB free.
F: is CDROM ()
G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&2D2D400&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&2D2D400&0
Service: i8042prt

==== System Restore Points ===================

RP399: 11/9/2008 11:57:07 AM - Removed InterVideo DeviceService
RP400: 11/9/2008 11:57:50 AM - Removed Intel(R) PROSet for Wired Connections
RP401: 11/9/2008 11:58:31 AM - Removed Intel(R) PROSafe for Wired Connections
RP402: 11/10/2008 11:59:01 AM - System Checkpoint
RP403: 11/12/2008 10:21:13 AM - System Checkpoint
RP404: 11/13/2008 11:14:18 AM - System Checkpoint
RP405: 11/14/2008 12:47:51 PM - System Checkpoint
RP406: 11/16/2008 1:40:52 PM - System Checkpoint
RP407: 11/18/2008 9:52:12 AM - System Checkpoint
RP408: 11/19/2008 9:56:05 AM - System Checkpoint
RP409: 11/20/2008 10:04:39 AM - System Checkpoint
RP410: 11/21/2008 11:12:32 AM - System Checkpoint
RP411: 11/22/2008 4:31:32 PM - System Checkpoint
RP412: 11/22/2008 7:58:55 PM - Removed AVG 7.5
RP413: 11/22/2008 8:00:03 PM - Installed AVG 7.5
RP414: 11/23/2008 2:41:55 PM - Installed AVG Free 8.0
RP415: 11/23/2008 4:07:19 PM - Avg8 Update
RP416: 11/24/2008 5:20:48 PM - System Checkpoint
RP417: 11/27/2008 11:20:17 AM - System Checkpoint
RP418: 11/29/2008 10:24:27 AM - System Checkpoint
RP419: 11/30/2008 1:16:10 PM - System Checkpoint
RP420: 12/1/2008 1:44:05 PM - System Checkpoint
RP421: 12/2/2008 4:19:24 PM - System Checkpoint
RP422: 12/4/2008 12:49:26 PM - System Checkpoint
RP423: 12/4/2008 10:50:52 PM - Avg8 Update
RP424: 12/6/2008 9:41:49 AM - System Checkpoint
RP425: 12/7/2008 2:01:52 PM - System Checkpoint
RP426: 12/9/2008 10:05:47 AM - System Checkpoint
RP427: 12/10/2008 5:49:56 PM - System Checkpoint
RP428: 12/11/2008 6:39:53 PM - System Checkpoint
RP429: 12/12/2008 7:45:09 PM - System Checkpoint
RP430: 12/13/2008 3:02:24 PM - Avg8 Update
RP431: 12/13/2008 5:13:09 PM - Installed Java(TM) 6 Update 11

==== Installed Programs ======================


Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.1
Adobe Shockwave Player
Adobe Stock Photos 1.0
AMVapp 2.1
AMVapp Audio Apps 2.0
AMVapp Support Tools 2.0
Apple Software Update
Audio Record Wizard v3.98
Avant Browser (remove only)
AVerTV GO 007 FM Plus
AVG Free 8.0
AVI MPEG WMV RM to MP3 Converter 1.6.8
AVI Splitter
AviSynth 2.5
Avisynth Filters 2.5x
AVS DVD Player version 2.4
dBpowerAMP
dBpoweramp DSP Effects
dBpoweramp Music Converter
DGMPEGDec 1.2.1
DivX Web Player
DVD Decrypter (Remove Only)
ffdshow [rev 1846] [2008-02-05]
Google Toolbar for Internet Explorer
Helix YUV Codecs (remove only)
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Intel(R) Graphics Media Accelerator Driver
iPod for Windows 2005-11-17
IpWins
iTunes
Java(TM) 6 Update 11
Lossless Codecs
Malwarebytes' Anti-Malware
Megaupload Toolbar
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.4)
MSN
Nero Suite
Panasonic VS3_VS2_MX6_SA6 USB-Handset Manager
PhotoNow! 1.0
PremiereAVSPlugin 1.5
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Replay Media Catcher
Spybot - Search & Destroy
TV
Ulead VideoStudio 11
VeohTV BETA
VideoReDo TVSuite Version 3.1.4.549
VideoStudio
VirtualDubMod 1.5.4.1
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
Xiph QuickTime Components
XMLinst
Xvid 1.1.3 final uninstall
Yahoo! extras
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages ===================

12/10/2008 12:00:02 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
12/10/2008 11:00:03 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
12/10/2008 10:00:02 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
12/10/2008 9:20:09 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
12/10/2008 9:16:20 AM, error: Service Control Manager [7000] - The osaio service failed to start due to the following error: The system cannot find the file specified.
12/10/2008 9:16:20 AM, error: Service Control Manager [7000] - The AVerMedia AVerTV WDM Video Capture (878) service failed to start due to the following error: The system cannot find the file specified.
12/10/2008 9:15:04 AM, error: NetBT [4311] - Initialization failed because the driver device could not be created.
12/9/2008 11:00:02 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
12/9/2008 9:00:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
12/9/2008 8:00:03 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
12/9/2008 7:00:03 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
12/9/2008 6:00:03 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
12/9/2008 5:00:03 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
12/9/2008 4:00:02 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
12/9/2008 3:00:03 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
12/10/2008 10:00:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
12/11/2008 1:00:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
12/13/2008 12:56:48 PM, error: Dhcp [1002] - The IP address lease 210.18.189.79 for the Network Card with network address 00E04D0504EA has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/13/2008 2:00:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
12/15/2008 9:00:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402

==== End Of File ===========================

Shaba
2008-12-15, 11:45
Let's check this next:

Please download OTViewIt (http://oldtimer.geekstogo.com/OTViewIt.exe) by OldTimer and save it to your Desktop.
Close all applications and windows.
Double-click on the OTViewIt.exeto start OTViewIt.
Place a checkmark in the blue-colored "Scan All Users" checkbox.
Click the blue Run Scan button.
OTViewIt will now start its scan.
When the scan is complete, two text files will be created, OTViewIt.Txt <- this one will be opened in Notepad and Extras.txt, on Desktop.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTViewIt.Txt and the Extras.txt to your post.

yukukuhi
2008-12-16, 08:30
OTViewIt logfile created on: 12/15/2008 7:56:16 PM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\s.s.ram\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.73 Mb Total Physical Memory | 282.49 Mb Available Physical Memory | 56.19% Memory free
2.67 Gb Paging File | 2.41 Gb Available in Paging File | 90.27% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;D:\pagefile.sys 0 0;E:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 6.52 Gb Free Space | 33.36% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 1.92 Gb Free Space | 4.91% Space Free | Partition Type: NTFS
Drive E: | 90.45 Gb Total Space | 4.99 Gb Free Space | 5.52% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: s.s.ram
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/11/23 14:41:59 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/12/13 17:13:18 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2004/09/01 08:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2007/03/03 13:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2008/11/23 14:42:04 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2008/11/23 14:42:00 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2007/04/16 19:00:06 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008/12/04 22:50:23 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2008/12/13 17:13:19 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2005/10/30 20:09:40 | 00,393,216 | ---- | M] (AVerMedia Technologies, Inc.) -- C:\Program Files\AVerTV\QuickTV.exe
[2008/12/15 17:59:59 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\s.s.ram\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/09/08 17:13:12 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/11/23 14:42:00 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2008/11/23 14:41:59 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/04/19 13:45:26 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/11/02 18:36:32 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2008/12/13 17:13:18 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2007/03/03 13:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])

========== Driver Services ==========

[1999/09/10 12:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32 [System | Running])
[2006/12/14 09:04:40 | 01,171,456 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\WINDOWS\system32\drivers\AVerBDA3x.sys -- (AVerBDA3x [On_Demand | Stopped])
[2008/11/23 14:42:13 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/11/23 14:42:12 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/11/23 14:42:16 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running])
[2008/01/14 18:08:07 | 00,407,072 | ---- | M] (AVerMedia Technologies, Inc.) -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134 [On_Demand | Running])
[2006/09/19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped])
[2005/01/07 17:07:16 | 00,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/02/07 09:04:34 | 01,399,615 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2007/03/01 17:27:26 | 04,484,608 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2004/08/03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2004/08/03 23:10:14 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE [On_Demand | Stopped])
[2005/06/15 07:58:56 | 00,026,496 | R--- | M] (Panasonic ) -- C:\WINDOWS\system32\drivers\pacdcacm.sys -- (pacdcacm [On_Demand | Stopped])
[2008/01/14 18:08:07 | 00,057,152 | ---- | M] (AVerMedia Technologies, Inc.) -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune [On_Demand | Running])
[2007/10/08 19:07:32 | 00,018,432 | ---- | M] (Igor Nys) -- C:\WINDOWS\system32\drivers\prcmondrv1041.sys -- (prcmondrv [System | Running])
[2004/09/01 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/11/03 03:00:00 | 00,046,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Running])
[2004/09/01 08:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2007/05/11 15:10:18 | 00,007,424 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\SIODRV.SYS -- (SIODRV [Auto | Running])
[2004/06/07 09:13:52 | 00,036,484 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios [On_Demand | Running])
[2004/03/12 14:40:22 | 00,021,120 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp [On_Demand | Stopped])
[2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2008/09/05 11:21:38 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2008/02/29 16:13:49 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr7/*http://www.yahoo.com/ext/search/search.html
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}
"Start Page"=about:blank

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=intranet

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}
"Start Page"=about:blank

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=intranet

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{484FFC3E-5891-BD10-0BED-75DFED1D8FA1} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} (HKLM) -- C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{D0943516-5076-4020-A3B5-AEFAF26AB263}" (HKLM) -- C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\system32\kdneu.exe"=C:\WINDOWS\system32\kdneu.exe File not found
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S File not found

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S File not found

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"!CleanupNetMeetingDispDriver"="C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0 (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2005/10/30 20:09:40 | 00,393,216 | ---- | M] (AVerMedia Technologies, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickTV.lnk = C:\Program Files\AVerTV\QuickTV.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Control Panel]
"Colors"=0

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\policies\microsoft\internet explorer\Control Panel]
"Colors"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0
"NoDrives"=0
"NoViewOnDrive"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=91 00 00 00 [binary data]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=91 00 00 00 [binary data]

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0
"NoDrives"=0
"NoViewOnDrive"=0

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2001/02/16 01:05:38 | 09,164,192 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2001/02/16 01:05:38 | 09,164,192 | R--- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{4528BBE0-4E08-11D5-AD55-00010333D0AD}: Button: Messenger -- %ProgramFiles%\Yahoo!\Common\yhexbmesin.dll [2005/07/31 11:10:16 | 00,316,552 | ---- | M] (Yahoo! Inc.)
{4528BBE0-4E08-11D5-AD55-00010333D0AD}: Menu: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Common\yhexbmesin.dll [2005/07/31 11:10:16 | 00,316,552 | ---- | M] (Yahoo! Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yhexbmesin.dll [&Yahoo! Messenger] -> [2005/07/31 11:10:16 | 00,316,552 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{5E638779-1818-4754-A595-EF1C63B87A56} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yhexbmesin.dll [&Yahoo! Messenger] -> [2005/07/31 11:10:16 | 00,316,552 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{5E638779-1818-4754-A595-EF1C63B87A56} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab -- Office Genuine Advantage Validation Tool
{166B1BCA-3F9C-11CF-8075-444553540000}: http://active.macromedia.com/director/cabs/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object
{E8F628B5-259A-4734-97EE-BA914D7BE941}: http://driveragent.com/files/driveragent.cab -- Driver Agent ActiveX Control

========== (O17) DNS Name Servers ==========

{0CAAFC00-BA6C-4F38-BEA2-92377FB89AD2} (Servers: | Description: )
{1D730DA0-06BF-4DAA-83EA-299CE3C91929} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)
{84BDD19D-C5F9-421F-AB6B-EEC31C8E86BF} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)
{AF41E5CA-C467-4DF5-8678-1DB5D015B0C8} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)
{C54C42E9-4DED-4EA8-8C2D-B9103F042458} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\WINDOWS\system32\perfc000.dat,avgrsstx.dll
>File not found -- C:\WINDOWS\system32\perfc000.dat
>[2008/11/23 14:42:17 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autorun.inf [[autorun] | shellexecute="resycled\boot.com d:" | shell\Open\command="resycled\boot.com d:" | shell=Open | ]
[2008/11/08 21:29:27 | 00,000,103 | RHS- | M] () -- D:\autorun.inf -- [ NTFS ]

autorun.inf [[autorun] | shellexecute="resycled\boot.com e:" | shell\Open\command="resycled\boot.com e:" | shell=Open | ]
[2008/11/08 21:29:27 | 00,000,103 | RHS- | M] () -- E:\autorun.inf -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2613cc56-ea08-11db-894e-806d6172696f}\Shell]
""=Autorun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2613cc56-ea08-11db-894e-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2613cc56-ea08-11db-894e-806d6172696f}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2004/09/01 08:00:00 | 08,384,000 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2613cc56-ea08-11db-894e-806d6172696f}\Shell\Open\command]
""=resycled\boot.com d:

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2613cc57-ea08-11db-894e-806d6172696f}\Shell]
""=Autorun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2613cc57-ea08-11db-894e-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2613cc57-ea08-11db-894e-806d6172696f}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2004/09/01 08:00:00 | 08,384,000 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2613cc57-ea08-11db-894e-806d6172696f}\Shell\Open\command]
""=resycled\boot.com e:


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cec06588-e9e3-11db-b5f6-00e04d0504ea}\Shell\AutoRun\command]
""=H:\


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cec06588-e9e3-11db-b5f6-00e04d0504ea}\Shell\explore\Command]
""=RECYCLER\INFO.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cec06588-e9e3-11db-b5f6-00e04d0504ea}\Shell\open\Command]
""=RECYCLER\INFO.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8e706b1-4733-11dd-8154-00e04d0504ea}\Shell\AutoRun\command]
""=d.com


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8e706b1-4733-11dd-8154-00e04d0504ea}\Shell\explore\Command]
""=d.com


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8e706b1-4733-11dd-8154-00e04d0504ea}\Shell\open\Command]
""=d.com

yukukuhi
2008-12-16, 08:32
========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2008/12/15 17:59:46 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\s.s.ram\Desktop\OTViewIt.exe
[2008/12/14 18:44:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\s.s.ram\Application Data\Malwarebytes
[2008/12/14 18:44:18 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/14 18:44:18 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/14 18:44:16 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/14 18:44:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/14 18:44:14 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/14 15:06:13 | 67,913,142 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-14-2008_15-06-13.mp3
[2008/12/14 13:47:39 | 71,345,631 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-14-2008_13-47-39.mp3
[2008/12/14 13:03:31 | 70,230,725 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-14-2008_13-03-31.mp3
[2008/12/13 22:54:09 | 00,008,598 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\KAS.html
[2008/12/13 17:22:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2008/12/13 17:13:12 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2008/12/13 17:04:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\s.s.ram\Application Data\Sun
[2008/12/13 13:31:25 | 00,090,905 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-13-2008_13-31-25.mp3
[2008/12/13 12:24:34 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_acm.acm
[2008/12/13 11:43:15 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/12/13 11:43:15 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/12/12 20:51:07 | 15,871,455 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\iPhone_User_Guide.pdf
[2008/12/12 20:20:36 | 00,128,071 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\untitled.JPG
[2008/12/12 18:33:16 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/12 10:30:29 | 47,342,2040 | ---- | C] () -- C:\TV_CH68_1212_103027.mpg
[2008/12/11 12:11:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\s.s.ram\Desktop\spybot
[2008/12/10 19:03:17 | 10,043,1872 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\Lupin_III_The_Secret_of_Twilight_Gemini.part20.rar
[2008/12/10 17:30:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\s.s.ram\My Documents\New Folder (4)
[2008/12/09 22:25:07 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2008/12/09 22:25:06 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2008/12/09 22:25:05 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2008/12/09 22:25:05 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2008/12/09 19:59:33 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/09 19:59:30 | 00,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2008/12/09 19:38:06 | 00,058,652 | ---- | C] () -- C:\Program Files\AMVapp-uninst.exe
[2008/12/09 19:36:40 | 00,067,895 | ---- | C] () -- C:\Program Files\Premiere AVS Plugin uninst.exe
[2008/12/08 19:08:39 | 00,000,000 | ---D | C] -- C:\Lop SD
[2008/12/08 17:01:22 | 59,323,5860 | ---- | C] () -- C:\TV_CH68_1208_170121.mpg
[2008/12/06 16:54:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\s.s.ram\Desktop\New Folder (7)
[2008/12/05 20:03:31 | 00,000,000 | ---D | C] -- C:\Program Files\avisplit
[2008/12/05 18:35:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\s.s.ram\My Documents\New Folder (3)
[2008/12/05 12:30:56 | 00,289,826 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\Rurouni%20Kenshin%20-%2013.jpg
[2008/12/03 19:32:15 | 00,000,000 | ---- | C] () -- C:\[TOMA] Lupin III - Walther P-38 [E9611B2C].mkv
[2008/12/03 19:20:01 | 00,000,000 | ---D | C] -- C:\[ILA] Lupin III - The Secret of Twilight Gemini
[2008/12/02 15:02:26 | 13,479,204 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\_video.flv
[2008/12/01 16:55:40 | 02,759,827 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\sbicard19nov08.rename_to_.mp3
[2008/11/29 19:24:03 | 00,000,698 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\ARWizard3.lnk
[2008/11/29 19:23:58 | 00,000,000 | ---D | C] -- C:\Program Files\ARWizard3
[2008/11/29 18:02:31 | 00,132,910 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_11-29-2008_18-02-31.mp3
[2008/11/29 18:01:59 | 00,106,578 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_11-29-2008_18-01-59.mp3
[2008/11/29 18:00:59 | 00,122,252 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_11-29-2008_18-00-59.mp3
[2008/11/29 17:55:49 | 00,541,047 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\g.mp3
[2008/11/23 18:13:09 | 00,009,474 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\AVG Scan Results.csv
[2008/11/23 15:26:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\s.s.ram\Desktop\AVG Update
[2008/11/23 15:09:10 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2008/11/23 14:42:17 | 00,001,511 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/11/23 14:42:16 | 00,076,040 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2008/11/23 14:42:16 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/11/23 14:42:13 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/11/23 14:42:12 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/11/23 14:42:04 | 30,712,898 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/11/23 14:42:04 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/11/23 14:42:04 | 00,334,743 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/11/23 14:42:04 | 00,091,203 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/11/23 14:42:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2008/11/23 14:41:59 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2008/11/23 14:41:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2008/11/21 12:28:29 | 00,001,738 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\HijackThis.lnk
[2008/11/21 12:28:29 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/11/20 20:31:06 | 00,000,937 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\Spybot - Search & Destroy.lnk
[2008/11/20 20:31:00 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/11/20 20:31:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/12/15 19:44:23 | 00,061,440 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/15 19:28:17 | 00,005,552 | ---- | M] () -- C:\WINDOWS\AVerTV.ini
[2008/12/15 19:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2008/12/15 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2008/12/15 17:59:59 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\s.s.ram\Desktop\OTViewIt.exe
[2008/12/15 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2008/12/15 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2008/12/15 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2008/12/15 14:53:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/15 14:53:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/15 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2008/12/15 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2008/12/15 10:16:24 | 00,000,111 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Application Data\AVSDVDPlayer.m3u
[2008/12/15 10:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2008/12/15 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2008/12/14 20:14:39 | 30,712,898 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/12/14 20:14:39 | 00,091,203 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/12/14 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2008/12/14 18:44:19 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/14 16:39:16 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/14 15:34:31 | 67,913,142 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-14-2008_15-06-13.mp3
[2008/12/14 14:17:23 | 71,345,631 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-14-2008_13-47-39.mp3
[2008/12/14 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2008/12/14 13:32:46 | 70,230,725 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-14-2008_13-03-31.mp3
[2008/12/14 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2008/12/14 10:42:12 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/12/13 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2008/12/13 22:54:10 | 00,008,598 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\KAS.html
[2008/12/13 22:00:06 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2008/12/13 21:00:05 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2008/12/13 14:53:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/13 13:31:29 | 00,090,905 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-13-2008_13-31-25.mp3
[2008/12/13 11:43:55 | 00,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/12/13 11:43:15 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/12/12 21:00:32 | 15,871,455 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\iPhone_User_Guide.pdf
[2008/12/12 20:20:36 | 00,128,071 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\untitled.JPG
[2008/12/12 10:54:22 | 47,342,2040 | ---- | M] () -- C:\TV_CH68_1212_103027.mpg
[2008/12/10 21:12:27 | 10,043,1872 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\Lupin_III_The_Secret_of_Twilight_Gemini.part20.rar
[2008/12/10 12:09:58 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/12/09 22:33:10 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/12/09 19:38:05 | 00,000,153 | ---- | M] () -- C:\WINDOWS\.java.policy
[2008/12/09 19:38:04 | 00,000,153 | ---- | M] () -- C:\WINDOWS\.java.policy.old
[2008/12/09 19:37:41 | 00,035,365 | ---- | M] () -- C:\WINDOWS\System32\uninstHelixYUV.exe
[2008/12/08 17:31:24 | 59,323,5860 | ---- | M] () -- C:\TV_CH68_1208_170121.mpg
[2008/12/05 12:13:43 | 00,289,826 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\Rurouni%20Kenshin%20-%2013.jpg
[2008/12/04 22:50:46 | 00,334,743 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/12/04 08:18:37 | 06,919,876 | -H-- | M] () -- C:\Documents and Settings\s.s.ram\Local Settings\Application Data\IconCache.db
[2008/12/03 19:59:06 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:59:02 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/03 19:32:15 | 00,000,000 | ---- | M] () -- C:\[TOMA] Lupin III - Walther P-38 [E9611B2C].mkv
[2008/12/02 15:15:50 | 13,479,204 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\_video.flv
[2008/12/01 16:55:40 | 02,759,827 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\sbicard19nov08.rename_to_.mp3
[2008/11/29 19:24:03 | 00,000,698 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\ARWizard3.lnk
[2008/11/29 18:02:37 | 00,132,910 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_11-29-2008_18-02-31.mp3
[2008/11/29 18:02:04 | 00,106,578 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_11-29-2008_18-01-59.mp3
[2008/11/29 18:01:04 | 00,122,252 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_11-29-2008_18-00-59.mp3
[2008/11/29 17:56:12 | 00,541,047 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\g.mp3
[2008/11/29 09:47:05 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/11/23 18:13:09 | 00,009,474 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\AVG Scan Results.csv
[2008/11/23 14:42:17 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/11/23 14:42:17 | 00,001,511 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/11/23 14:42:16 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2008/11/23 14:42:13 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/11/23 14:42:12 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/11/23 14:42:04 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/11/21 12:28:29 | 00,001,738 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\HijackThis.lnk
[2008/11/20 20:31:06 | 00,000,937 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\Spybot - Search & Destroy.lnk
< End of report >

yukukuhi
2008-12-16, 08:33
OTViewIt Extras logfile created on: 12/15/2008 7:56:17 PM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\s.s.ram\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.73 Mb Total Physical Memory | 282.49 Mb Available Physical Memory | 56.19% Memory free
2.67 Gb Paging File | 2.41 Gb Available in Paging File | 90.27% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;D:\pagefile.sys 0 0;E:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 6.52 Gb Free Space | 33.36% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 1.92 Gb Free Space | 4.91% Space Free | Partition Type: NTFS
Drive E: | 90.45 Gb Total Space | 4.99 Gb Free Space | 5.52% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: s.s.ram
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"MaxScriptStatements"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/09/01 13:30:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/09/01 13:30:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/08/31 12:54:26 | 03,084,288 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
[2005/08/31 12:54:26 | 00,053,248 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2004/09/01 13:30:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®
File not found -- C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui
File not found -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/01/22 03:25:24 | 00,872,448 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 03:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 03:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 03:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/02/23 18:36:24 | 07,436,272 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"{107254A0-0ADF-11D4-9397-00D0B7020B38}"=
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java(TM) 6 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{5B09BD67-4C99-46A1-8161-B7208CE18121}"=QuickTime
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}"=Adobe Stock Photos 1.0
"{8338BA06-E527-491B-9400-F51708FEE695}"=iPod for Windows 2005-11-17
"{88F9DA25-C383-4F59-B8FA-08DFCC26D521}"=Panasonic VS3_VS2_MX6_SA6 USB-Handset Manager
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel(R) Graphics Media Accelerator Driver
"{8DF56C91-281F-4C15-B954-F45FDC919568}"=TV
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer
"{90280409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Professional with FrontPage
"{AC76BA86-7AD7-1033-7B44-A81000000003}"=Adobe Reader 8.1.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}"=Adobe Bridge 1.0
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{D36DD326-7280-11D8-97C8-000129760CBE}"=PhotoNow! 1.0
"{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}"=iTunes
"{E9787678-1033-0000-8E67-000000000001}"=Adobe Help Center 1.0
"{EA23971F-2CEE-48FC-B64D-7F74A6EF90F0}"=XMLinst
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}"=VideoStudio
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"Adobe Shockwave Player"=Adobe Shockwave Player
"AMVapp"=AMVapp 2.1
"AMVapp Audio Apps"=AMVapp Audio Apps 2.0
"AMVappSupportTools"=AMVapp Support Tools 2.0
"Audio Record Wizard_is1"=Audio Record Wizard v3.98
"AvantBrowser"=Avant Browser (remove only)
"AVG8Uninstall"=AVG Free 8.0
"AVI MPEG WMV RM to MP3 Converter_is1"=AVI MPEG WMV RM to MP3 Converter 1.6.8
"AVI Splitter_is1"=AVI Splitter
"AviSynth"=AviSynth 2.5
"Avisynth Filters"=Avisynth Filters 2.5x
"AVS DVD Player_is1"=AVS DVD Player version 2.4
"dBpowerAMP"=dBpowerAMP
"dBpoweramp DSP Effects"=dBpoweramp DSP Effects
"dBpoweramp Music Converter"=dBpoweramp Music Converter
"DGMPEGDec"=DGMPEGDec 1.2.1
"DVD Decrypter"=DVD Decrypter (Remove Only)
"ffdshow_is1"=ffdshow [rev 1846] [2008-02-05]
"HelixYUVCodecs"=Helix YUV Codecs (remove only)
"HijackThis"=HijackThis 2.0.2
"HuffYUV"=Lossless Codecs
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"InstallShield_{8338BA06-E527-491B-9400-F51708FEE695}"=iPod for Windows 2005-11-17
"InstallShield_{8DF56C91-281F-4C15-B954-F45FDC919568}"=AVerTV GO 007 FM Plus
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}"=Ulead VideoStudio 11
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"MegauploadToolbar"=Megaupload Toolbar
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.4)"=Mozilla Firefox (3.0.4)
"MSNINST"=MSN
"NeroMultiInstaller!UninstallKey"=Nero Suite
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Premiere AVS Plugin"=PremiereAVSPlugin 1.5
"RealPlayer 6.0"=RealPlayer
"Replay Media Catcher2.10"=Replay Media Catcher
"VideoReDoTVSuite_is1"=VideoReDo TVSuite Version 3.1.4.549
"VirtualDubMod"=VirtualDubMod 1.5.4.1
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"WinRAR archiver"=WinRAR archiver
"XiphQT"=Xiph QuickTime Components
"Xvid_is1"=Xvid 1.1.3 final uninstall
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Customizations"=Yahoo! extras
"Yahoo! Messenger"=Yahoo! Messenger
"Yahoo! Toolbar"=Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IpWins"=IpWins

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IpWins"=IpWins

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/30/2008 9:23:21 AM | Computer Name = HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/3/2008 10:45:26 PM | Computer Name = HOME-PC | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see .

Error - 12/7/2008 3:42:25 AM | Computer Name = HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.5730.13, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/7/2008 10:55:20 AM | Computer Name = HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application VideoReDo3.exe, version 3.1.4.549, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/7/2008 11:02:49 AM | Computer Name = HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application VideoReDo3.exe, version 3.1.4.549, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/7/2008 11:04:01 AM | Computer Name = HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application VideoReDo3.exe, version 3.1.4.549, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/8/2008 7:30:57 AM | Computer Name = HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application AVerTV.exe, version 5.3.0.24, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/9/2008 1:01:06 AM | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module avsvideodecoderfilter.ax, version 1.0.0.158, fault address 0x00009e9c.

Error - 12/9/2008 12:59:05 PM | Computer Name = HOME-PC | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see .

Error - 12/11/2008 10:56:05 AM | Computer Name = HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.8.20081.2918, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/15/2008 5:24:45 AM | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7000
Description = The AVerMedia AVerTV WDM Video Capture (878) service failed to start
due to the following error: %%2

Error - 12/15/2008 5:24:45 AM | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7000
Description = The osaio service failed to start due to the following error: %%2

Error - 12/15/2008 5:28:39 AM | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 12/15/2008 5:30:00 AM | Computer Name = HOME-PC | Source = Schedule | ID = 7901
Description = The At16.job command failed to start due to the following error: %%2147942402

Error - 12/15/2008 6:30:00 AM | Computer Name = HOME-PC | Source = Schedule | ID = 7901
Description = The At17.job command failed to start due to the following error: %%2147942402

Error - 12/15/2008 7:18:53 AM | Computer Name = HOME-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.5 for the Network Card with network
address 00E04D0504EA has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 12/15/2008 7:30:00 AM | Computer Name = HOME-PC | Source = Schedule | ID = 7901
Description = The At18.job command failed to start due to the following error: %%2147942402

Error - 12/15/2008 7:56:36 AM | Computer Name = HOME-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.5 on
the Network Card with network address 00E04D0504EA.

Error - 12/15/2008 8:30:00 AM | Computer Name = HOME-PC | Source = Schedule | ID = 7901
Description = The At19.job command failed to start due to the following error: %%2147942402

Error - 12/15/2008 9:30:00 AM | Computer Name = HOME-PC | Source = Schedule | ID = 7901
Description = The At20.job command failed to start due to the following error: %%2147942402


< End of report >

Shaba
2008-12-16, 16:11
Go to Start > Run
Type regedit and click OK.

On the leftside, click to highlight My Computer at the top.
Go up to "File > Export"
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as \Registration Files".
Under "Filename" put backup
Choose to save it to C:\ or in somewhere else safe location so that you will remember where you put it (don't put it on the Desktop!)
Click Save and then go to File > Exit.

Please download the OTMoveIt3 by OldTimer (http://oldtimer.geekstogo.com/OTMoveIt3.exe).

Save it to your desktop.
Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):



:files
C:\Documents and Settings\s.s.ram\Desktop\New Folder (7)\mkvtoolnix-unicode-2.4.1-setup(3).exe
C:\Documents and Settings\s.s.ram\Local Settings\Temp\sta1.exe
D:\autorun.inf
D:\F\Neolder\Kumresearh\Cardcaptor Sakura\Pictures\ss1\ccsakura_ss.exe
D:\F\Neolder\Kumresearh\Cardcaptor Sakura\Pictures\ss1.zip
D:\mIRC 6.3 + keygen.rar
D:\mIRC 6.31 + Crack.zip
D:\Softwares\Active[1].File.Rec0very.Enterprise.v7.1_4all_jumpoo\fo-fr71e.exe
D:\Softwares\Active[1].File.Rec0very.Enterprise.v7.1_4all_jumpoo.rar
D:\Softwares\netpumper-1.23-setup.exe
E:\autorun.inf
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At24.job
c:\WINDOWS\tasks\At23.job
c:\WINDOWS\tasks\At22.job

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\WINDOWS\system32\kdneu.exe"=-

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2613cc56-ea08-11db-894e-806d6172696f}\Shell\Open\command]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2613cc57-ea08-11db-894e-806d6172696f}\Shell\Open\command]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cec06588-e9e3-11db-b5f6-00e04d0504ea}\Shell\explore\Command]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cec06588-e9e3-11db-b5f6-00e04d0504ea}\Shell\open\Command]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8e706b1-4733-11dd-8154-00e04d0504ea}\Shell\AutoRun\command]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8e706b1-4733-11dd-8154-00e04d0504ea}\Shell\explore\Command]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8e706b1-4733-11dd-8154-00e04d0504ea}\Shell\open\Command]

:commands
[EmptyTemp]
[reboot]


Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Re-run otviewit.

Post:

- otviewit logs
- otmoveit3 log

yukukuhi
2008-12-17, 17:03
OTViewIt logfile created on: 12/17/2008 8:30:01 PM - Run 2
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\s.s.ram\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.73 Mb Total Physical Memory | 253.11 Mb Available Physical Memory | 50.35% Memory free
2.67 Gb Paging File | 2.43 Gb Available in Paging File | 90.95% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;D:\pagefile.sys 0 0;E:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 5.37 Gb Free Space | 27.49% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 1.88 Gb Free Space | 4.80% Space Free | Partition Type: NTFS
Drive E: | 90.45 Gb Total Space | 4.54 Gb Free Space | 5.02% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: s.s.ram
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/11/23 14:41:59 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/12/13 17:13:18 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2004/09/01 08:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2007/03/03 13:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2008/11/23 14:42:04 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2008/11/23 14:42:00 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2004/09/01 08:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\NOTEPAD.EXE
[2007/04/16 19:00:06 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008/12/04 22:50:23 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2008/12/13 17:13:19 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2005/10/30 20:09:40 | 00,393,216 | ---- | M] (AVerMedia Technologies, Inc.) -- C:\Program Files\AVerTV\QuickTV.exe
[2008/12/15 17:59:59 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\s.s.ram\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/09/08 17:13:12 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/11/23 14:42:00 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2008/11/23 14:41:59 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/04/19 13:45:26 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/11/02 18:36:32 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2008/12/13 17:13:18 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2007/03/03 13:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])

========== Driver Services ==========

[1999/09/10 12:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32 [System | Running])
[2006/12/14 09:04:40 | 01,171,456 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\WINDOWS\system32\drivers\AVerBDA3x.sys -- (AVerBDA3x [On_Demand | Stopped])
[2008/11/23 14:42:13 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/11/23 14:42:12 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/11/23 14:42:16 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running])
[2008/01/14 18:08:07 | 00,407,072 | ---- | M] (AVerMedia Technologies, Inc.) -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134 [On_Demand | Running])
[2006/09/19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped])
[2005/01/07 17:07:16 | 00,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/02/07 09:04:34 | 01,399,615 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2007/03/01 17:27:26 | 04,484,608 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2004/08/03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2004/08/03 23:10:14 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE [On_Demand | Stopped])
[2005/06/15 07:58:56 | 00,026,496 | R--- | M] (Panasonic ) -- C:\WINDOWS\system32\drivers\pacdcacm.sys -- (pacdcacm [On_Demand | Stopped])
[2008/01/14 18:08:07 | 00,057,152 | ---- | M] (AVerMedia Technologies, Inc.) -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune [On_Demand | Running])
[2007/10/08 19:07:32 | 00,018,432 | ---- | M] (Igor Nys) -- C:\WINDOWS\system32\drivers\prcmondrv1041.sys -- (prcmondrv [System | Running])
[2004/09/01 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/11/03 03:00:00 | 00,046,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Running])
[2004/09/01 08:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2007/05/11 15:10:18 | 00,007,424 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\SIODRV.SYS -- (SIODRV [Auto | Running])
[2004/06/07 09:13:52 | 00,036,484 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios [On_Demand | Running])
[2004/03/12 14:40:22 | 00,021,120 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp [On_Demand | Stopped])
[2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2008/09/05 11:21:38 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2008/02/29 16:13:49 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr7/*http://www.yahoo.com/ext/search/search.html
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}
"Start Page"=about:blank

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=intranet

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}
"Start Page"=about:blank

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=intranet

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{484FFC3E-5891-BD10-0BED-75DFED1D8FA1} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} (HKLM) -- C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{D0943516-5076-4020-A3B5-AEFAF26AB263}" (HKLM) -- C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S File not found

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S File not found

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"!CleanupNetMeetingDispDriver"="C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0 (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2005/10/30 20:09:40 | 00,393,216 | ---- | M] (AVerMedia Technologies, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickTV.lnk = C:\Program Files\AVerTV\QuickTV.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Control Panel]
"Colors"=0

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\policies\microsoft\internet explorer\Control Panel]
"Colors"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0
"NoDrives"=0
"NoViewOnDrive"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=91 00 00 00 [binary data]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=91 00 00 00 [binary data]

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0
"NoDrives"=0
"NoViewOnDrive"=0

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2001/02/16 01:05:38 | 09,164,192 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2001/02/16 01:05:38 | 09,164,192 | R--- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{4528BBE0-4E08-11D5-AD55-00010333D0AD}: Button: Messenger -- %ProgramFiles%\Yahoo!\Common\yhexbmesin.dll [2005/07/31 11:10:16 | 00,316,552 | ---- | M] (Yahoo! Inc.)
{4528BBE0-4E08-11D5-AD55-00010333D0AD}: Menu: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Common\yhexbmesin.dll [2005/07/31 11:10:16 | 00,316,552 | ---- | M] (Yahoo! Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yhexbmesin.dll [&Yahoo! Messenger] -> [2005/07/31 11:10:16 | 00,316,552 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{5E638779-1818-4754-A595-EF1C63B87A56} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yhexbmesin.dll [&Yahoo! Messenger] -> [2005/07/31 11:10:16 | 00,316,552 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{5E638779-1818-4754-A595-EF1C63B87A56} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab -- Office Genuine Advantage Validation Tool
{166B1BCA-3F9C-11CF-8075-444553540000}: http://active.macromedia.com/director/cabs/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object
{E8F628B5-259A-4734-97EE-BA914D7BE941}: http://driveragent.com/files/driveragent.cab -- Driver Agent ActiveX Control

========== (O17) DNS Name Servers ==========

{0CAAFC00-BA6C-4F38-BEA2-92377FB89AD2} (Servers: | Description: )
{1D730DA0-06BF-4DAA-83EA-299CE3C91929} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)
{84BDD19D-C5F9-421F-AB6B-EEC31C8E86BF} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)
{AF41E5CA-C467-4DF5-8678-1DB5D015B0C8} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)
{C54C42E9-4DED-4EA8-8C2D-B9103F042458} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll
>[2008/11/23 14:42:17 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cec06588-e9e3-11db-b5f6-00e04d0504ea}\Shell\AutoRun\command]
""=H:\

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2008/12/17 20:22:46 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/12/17 20:16:39 | 12,229,2516 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\backup.reg
[2008/12/16 20:03:56 | 11,846,00900 | ---- | C] () -- C:\TV_CH68_1216_200356.mpg
[2008/12/16 19:37:58 | 03,024,618 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\Scan_2[1].bmp
[2008/12/15 17:59:46 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\s.s.ram\Desktop\OTViewIt.exe
[2008/12/14 18:44:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\s.s.ram\Application Data\Malwarebytes
[2008/12/14 18:44:18 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/14 18:44:18 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/14 18:44:16 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/14 18:44:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/14 18:44:14 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/14 15:06:13 | 67,913,142 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-14-2008_15-06-13.mp3
[2008/12/14 13:47:39 | 71,345,631 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-14-2008_13-47-39.mp3
[2008/12/14 13:03:31 | 70,230,725 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-14-2008_13-03-31.mp3
[2008/12/13 22:54:09 | 00,008,598 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\KAS.html
[2008/12/13 17:22:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2008/12/13 17:13:12 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2008/12/13 17:04:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\s.s.ram\Application Data\Sun
[2008/12/13 13:31:25 | 00,090,905 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-13-2008_13-31-25.mp3
[2008/12/13 12:24:34 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_acm.acm
[2008/12/13 11:43:15 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/12/13 11:43:15 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/12/12 20:51:07 | 15,871,455 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\iPhone_User_Guide.pdf
[2008/12/12 20:20:36 | 00,128,071 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\untitled.JPG
[2008/12/12 18:33:16 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/12 10:30:29 | 47,342,2040 | ---- | C] () -- C:\TV_CH68_1212_103027.mpg
[2008/12/11 12:11:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\s.s.ram\Desktop\spybot
[2008/12/10 19:03:17 | 10,043,1872 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\Lupin_III_The_Secret_of_Twilight_Gemini.part20.rar
[2008/12/09 22:25:07 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2008/12/09 22:25:06 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2008/12/09 22:25:05 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2008/12/09 22:25:05 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2008/12/09 19:59:33 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/09 19:59:30 | 00,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2008/12/09 19:38:06 | 00,058,652 | ---- | C] () -- C:\Program Files\AMVapp-uninst.exe
[2008/12/09 19:36:40 | 00,067,895 | ---- | C] () -- C:\Program Files\Premiere AVS Plugin uninst.exe
[2008/12/08 19:08:39 | 00,000,000 | ---D | C] -- C:\Lop SD
[2008/12/08 17:01:22 | 59,323,5860 | ---- | C] () -- C:\TV_CH68_1208_170121.mpg
[2008/12/06 16:54:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\s.s.ram\Desktop\New Folder (7)
[2008/12/05 20:03:31 | 00,000,000 | ---D | C] -- C:\Program Files\avisplit
[2008/12/05 12:30:56 | 00,289,826 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\Rurouni%20Kenshin%20-%2013.jpg
[2008/12/03 19:32:15 | 00,000,000 | ---- | C] () -- C:\[TOMA] Lupin III - Walther P-38 [E9611B2C].mkv
[2008/12/03 19:20:01 | 00,000,000 | ---D | C] -- C:\[ILA] Lupin III - The Secret of Twilight Gemini
[2008/12/02 15:02:26 | 13,479,204 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\_video.flv
[2008/12/01 16:55:40 | 02,759,827 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\sbicard19nov08.rename_to_.mp3
[2008/11/29 19:24:03 | 00,000,698 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\ARWizard3.lnk
[2008/11/29 19:23:58 | 00,000,000 | ---D | C] -- C:\Program Files\ARWizard3
[2008/11/29 18:02:31 | 00,132,910 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_11-29-2008_18-02-31.mp3
[2008/11/29 18:01:59 | 00,106,578 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_11-29-2008_18-01-59.mp3
[2008/11/29 18:00:59 | 00,122,252 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_11-29-2008_18-00-59.mp3
[2008/11/29 17:55:49 | 00,541,047 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\g.mp3
[2008/11/23 18:13:09 | 00,009,474 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\AVG Scan Results.csv
[2008/11/23 15:26:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\s.s.ram\Desktop\AVG Update
[2008/11/23 15:09:10 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2008/11/23 14:42:17 | 00,001,511 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/11/23 14:42:16 | 00,076,040 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2008/11/23 14:42:16 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/11/23 14:42:13 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/11/23 14:42:12 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/11/23 14:42:04 | 30,741,716 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/11/23 14:42:04 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/11/23 14:42:04 | 00,334,743 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/11/23 14:42:04 | 00,093,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/11/23 14:42:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2008/11/23 14:41:59 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2008/11/23 14:41:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2008/11/21 12:28:29 | 00,001,738 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\HijackThis.lnk
[2008/11/21 12:28:29 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/11/20 20:31:06 | 00,000,937 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\Spybot - Search & Destroy.lnk
[2008/11/20 20:31:00 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/11/20 20:31:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/12/17 20:26:47 | 00,005,553 | ---- | M] () -- C:\WINDOWS\AVerTV.ini
[2008/12/17 20:25:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/17 20:25:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/17 20:16:51 | 12,229,2516 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\backup.reg
[2008/12/17 16:54:12 | 30,741,716 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/12/17 16:54:12 | 00,093,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/12/17 15:32:28 | 00,070,144 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/17 14:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2008/12/17 12:20:55 | 00,000,111 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Application Data\AVSDVDPlayer.m3u
[2008/12/17 08:33:47 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/12/16 21:03:57 | 11,846,00900 | ---- | M] () -- C:\TV_CH68_1216_200356.mpg
[2008/12/15 17:59:59 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\s.s.ram\Desktop\OTViewIt.exe
[2008/12/14 18:44:19 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/14 16:39:16 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/14 15:34:31 | 67,913,142 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-14-2008_15-06-13.mp3
[2008/12/14 14:17:23 | 71,345,631 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-14-2008_13-47-39.mp3
[2008/12/14 13:32:46 | 70,230,725 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-14-2008_13-03-31.mp3
[2008/12/13 22:54:10 | 00,008,598 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\KAS.html
[2008/12/13 14:53:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/13 13:31:29 | 00,090,905 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-13-2008_13-31-25.mp3
[2008/12/13 11:43:55 | 00,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/12/13 11:43:15 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/12/12 21:00:32 | 15,871,455 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\iPhone_User_Guide.pdf
[2008/12/12 20:20:36 | 00,128,071 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\untitled.JPG
[2008/12/12 10:54:22 | 47,342,2040 | ---- | M] () -- C:\TV_CH68_1212_103027.mpg
[2008/12/10 21:12:27 | 10,043,1872 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\Lupin_III_The_Secret_of_Twilight_Gemini.part20.rar
[2008/12/10 12:09:58 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/12/09 22:33:10 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/12/09 19:38:05 | 00,000,153 | ---- | M] () -- C:\WINDOWS\.java.policy
[2008/12/09 19:38:04 | 00,000,153 | ---- | M] () -- C:\WINDOWS\.java.policy.old
[2008/12/09 19:37:41 | 00,035,365 | ---- | M] () -- C:\WINDOWS\System32\uninstHelixYUV.exe
[2008/12/08 17:31:24 | 59,323,5860 | ---- | M] () -- C:\TV_CH68_1208_170121.mpg
[2008/12/05 12:13:43 | 00,289,826 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\Rurouni%20Kenshin%20-%2013.jpg
[2008/12/04 22:50:46 | 00,334,743 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/12/04 08:18:37 | 06,919,876 | -H-- | M] () -- C:\Documents and Settings\s.s.ram\Local Settings\Application Data\IconCache.db
[2008/12/03 19:59:06 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:59:02 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/03 19:32:15 | 00,000,000 | ---- | M] () -- C:\[TOMA] Lupin III - Walther P-38 [E9611B2C].mkv
[2008/12/02 15:15:50 | 13,479,204 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\_video.flv
[2008/12/01 16:55:40 | 02,759,827 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\sbicard19nov08.rename_to_.mp3
[2008/11/29 19:24:03 | 00,000,698 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\ARWizard3.lnk
[2008/11/29 18:02:37 | 00,132,910 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_11-29-2008_18-02-31.mp3
[2008/11/29 18:02:04 | 00,106,578 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_11-29-2008_18-01-59.mp3
[2008/11/29 18:01:04 | 00,122,252 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_11-29-2008_18-00-59.mp3
[2008/11/29 17:56:12 | 00,541,047 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\g.mp3
[2008/11/29 09:47:05 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/11/23 18:13:09 | 00,009,474 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\AVG Scan Results.csv
[2008/11/23 14:42:17 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/11/23 14:42:17 | 00,001,511 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/11/23 14:42:16 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2008/11/23 14:42:13 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/11/23 14:42:12 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/11/23 14:42:04 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/11/21 12:28:29 | 00,001,738 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\HijackThis.lnk
[2008/11/20 20:31:06 | 00,000,937 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\Spybot - Search & Destroy.lnk
< End of report >

yukukuhi
2008-12-17, 17:06
OTViewIt Extras logfile created on: 12/17/2008 8:30:01 PM - Run 2
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\s.s.ram\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.73 Mb Total Physical Memory | 253.11 Mb Available Physical Memory | 50.35% Memory free
2.67 Gb Paging File | 2.43 Gb Available in Paging File | 90.95% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;D:\pagefile.sys 0 0;E:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 5.37 Gb Free Space | 27.49% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 1.88 Gb Free Space | 4.80% Space Free | Partition Type: NTFS
Drive E: | 90.45 Gb Total Space | 4.54 Gb Free Space | 5.02% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: s.s.ram
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"MaxScriptStatements"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/09/01 13:30:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/09/01 13:30:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/08/31 12:54:26 | 03,084,288 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
[2005/08/31 12:54:26 | 00,053,248 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2004/09/01 13:30:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®
File not found -- C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui
File not found -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/01/22 03:25:24 | 00,872,448 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 03:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 03:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 03:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/02/23 18:36:24 | 07,436,272 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"{107254A0-0ADF-11D4-9397-00D0B7020B38}"=
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java(TM) 6 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{5B09BD67-4C99-46A1-8161-B7208CE18121}"=QuickTime
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}"=Adobe Stock Photos 1.0
"{8338BA06-E527-491B-9400-F51708FEE695}"=iPod for Windows 2005-11-17
"{88F9DA25-C383-4F59-B8FA-08DFCC26D521}"=Panasonic VS3_VS2_MX6_SA6 USB-Handset Manager
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel(R) Graphics Media Accelerator Driver
"{8DF56C91-281F-4C15-B954-F45FDC919568}"=TV
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer
"{90280409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Professional with FrontPage
"{AC76BA86-7AD7-1033-7B44-A81000000003}"=Adobe Reader 8.1.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}"=Adobe Bridge 1.0
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{D36DD326-7280-11D8-97C8-000129760CBE}"=PhotoNow! 1.0
"{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}"=iTunes
"{E9787678-1033-0000-8E67-000000000001}"=Adobe Help Center 1.0
"{EA23971F-2CEE-48FC-B64D-7F74A6EF90F0}"=XMLinst
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}"=VideoStudio
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"Adobe Shockwave Player"=Adobe Shockwave Player
"AMVapp"=AMVapp 2.1
"AMVapp Audio Apps"=AMVapp Audio Apps 2.0
"AMVappSupportTools"=AMVapp Support Tools 2.0
"Audio Record Wizard_is1"=Audio Record Wizard v3.98
"AvantBrowser"=Avant Browser (remove only)
"AVG8Uninstall"=AVG Free 8.0
"AVI MPEG WMV RM to MP3 Converter_is1"=AVI MPEG WMV RM to MP3 Converter 1.6.8
"AVI Splitter_is1"=AVI Splitter
"AviSynth"=AviSynth 2.5
"Avisynth Filters"=Avisynth Filters 2.5x
"AVS DVD Player_is1"=AVS DVD Player version 2.4
"dBpowerAMP"=dBpowerAMP
"dBpoweramp DSP Effects"=dBpoweramp DSP Effects
"dBpoweramp Music Converter"=dBpoweramp Music Converter
"DGMPEGDec"=DGMPEGDec 1.2.1
"DVD Decrypter"=DVD Decrypter (Remove Only)
"ffdshow_is1"=ffdshow [rev 1846] [2008-02-05]
"HelixYUVCodecs"=Helix YUV Codecs (remove only)
"HijackThis"=HijackThis 2.0.2
"HuffYUV"=Lossless Codecs
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"InstallShield_{8338BA06-E527-491B-9400-F51708FEE695}"=iPod for Windows 2005-11-17
"InstallShield_{8DF56C91-281F-4C15-B954-F45FDC919568}"=AVerTV GO 007 FM Plus
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}"=Ulead VideoStudio 11
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"MegauploadToolbar"=Megaupload Toolbar
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.4)"=Mozilla Firefox (3.0.4)
"MSNINST"=MSN
"NeroMultiInstaller!UninstallKey"=Nero Suite
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Premiere AVS Plugin"=PremiereAVSPlugin 1.5
"RealPlayer 6.0"=RealPlayer
"Replay Media Catcher2.10"=Replay Media Catcher
"VideoReDoTVSuite_is1"=VideoReDo TVSuite Version 3.1.4.549
"VirtualDubMod"=VirtualDubMod 1.5.4.1
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"WinRAR archiver"=WinRAR archiver
"XiphQT"=Xiph QuickTime Components
"Xvid_is1"=Xvid 1.1.3 final uninstall
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Customizations"=Yahoo! extras
"Yahoo! Messenger"=Yahoo! Messenger
"Yahoo! Toolbar"=Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IpWins"=IpWins

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IpWins"=IpWins

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/30/2008 9:23:21 AM | Computer Name = HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/3/2008 10:45:26 PM | Computer Name = HOME-PC | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see .

Error - 12/7/2008 3:42:25 AM | Computer Name = HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.5730.13, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/7/2008 10:55:20 AM | Computer Name = HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application VideoReDo3.exe, version 3.1.4.549, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/7/2008 11:02:49 AM | Computer Name = HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application VideoReDo3.exe, version 3.1.4.549, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/7/2008 11:04:01 AM | Computer Name = HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application VideoReDo3.exe, version 3.1.4.549, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/8/2008 7:30:57 AM | Computer Name = HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application AVerTV.exe, version 5.3.0.24, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/9/2008 1:01:06 AM | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module avsvideodecoderfilter.ax, version 1.0.0.158, fault address 0x00009e9c.

Error - 12/9/2008 12:59:05 PM | Computer Name = HOME-PC | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see .

Error - 12/11/2008 10:56:05 AM | Computer Name = HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.8.20081.2918, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/17/2008 7:27:04 AM | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 12/17/2008 7:30:00 AM | Computer Name = HOME-PC | Source = Schedule | ID = 7901
Description = The At18.job command failed to start due to the following error: %%2147942402

Error - 12/17/2008 8:30:00 AM | Computer Name = HOME-PC | Source = Schedule | ID = 7901
Description = The At19.job command failed to start due to the following error: %%2147942402

Error - 12/17/2008 9:30:00 AM | Computer Name = HOME-PC | Source = Schedule | ID = 7901
Description = The At20.job command failed to start due to the following error: %%2147942402

Error - 12/17/2008 10:30:00 AM | Computer Name = HOME-PC | Source = Schedule | ID = 7901
Description = The At21.job command failed to start due to the following error: %%2147942402

Error - 12/17/2008 10:55:52 AM | Computer Name = HOME-PC | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 12/17/2008 10:55:52 AM | Computer Name = HOME-PC | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 12/17/2008 10:55:52 AM | Computer Name = HOME-PC | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 12/17/2008 10:57:08 AM | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7000
Description = The AVerMedia AVerTV WDM Video Capture (878) service failed to start
due to the following error: %%2

Error - 12/17/2008 10:57:08 AM | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7000
Description = The osaio service failed to start due to the following error: %%2


< End of report >

yukukuhi
2008-12-17, 17:08
========== FILES ==========
C:\Documents and Settings\s.s.ram\Desktop\New Folder (7)\mkvtoolnix-unicode-2.4.1-setup(3).exe moved successfully.
C:\Documents and Settings\s.s.ram\Local Settings\Temp\sta1.exe moved successfully.
D:\autorun.inf moved successfully.
D:\F\Neolder\Kumresearh\Cardcaptor Sakura\Pictures\ss1\ccsakura_ss.exe moved successfully.
D:\F\Neolder\Kumresearh\Cardcaptor Sakura\Pictures\ss1.zip moved successfully.
D:\mIRC 6.3 + keygen.rar moved successfully.
D:\mIRC 6.31 + Crack.zip moved successfully.
D:\Softwares\Active[1].File.Rec0very.Enterprise.v7.1_4all_jumpoo\fo-fr71e.exe moved successfully.
D:\Softwares\Active[1].File.Rec0very.Enterprise.v7.1_4all_jumpoo.rar moved successfully.
D:\Softwares\netpumper-1.23-setup.exe moved successfully.
E:\autorun.inf moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
c:\WINDOWS\tasks\At23.job moved successfully.
c:\WINDOWS\tasks\At22.job moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_Dlls"|"avgrsstx.dll" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\C:\WINDOWS\system32\kdneu.exe deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2613cc56-ea08-11db-894e-806d6172696f}\Shell\Open\command\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2613cc57-ea08-11db-894e-806d6172696f}\Shell\Open\command\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cec06588-e9e3-11db-b5f6-00e04d0504ea}\Shell\explore\Command\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cec06588-e9e3-11db-b5f6-00e04d0504ea}\Shell\open\Command\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8e706b1-4733-11dd-8154-00e04d0504ea}\Shell\AutoRun\command\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8e706b1-4733-11dd-8154-00e04d0504ea}\Shell\explore\Command\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8e706b1-4733-11dd-8154-00e04d0504ea}\Shell\open\Command\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\SS1611~1.RAM\LOCALS~1\Temp\etilqs_LgwOrabkOftAg6HgDm58 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_690.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\s.s.ram\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqzwukpa.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\s.s.ram\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqzwukpa.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\s.s.ram\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqzwukpa.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\s.s.ram\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqzwukpa.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\s.s.ram\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqzwukpa.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12172008_202246

Files moved on Reboot...
File C:\DOCUME~1\SS1611~1.RAM\LOCALS~1\Temp\etilqs_LgwOrabkOftAg6HgDm58 not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_690.dat not found!
C:\Documents and Settings\s.s.ram\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqzwukpa.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\s.s.ram\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqzwukpa.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\s.s.ram\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqzwukpa.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\s.s.ram\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqzwukpa.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\s.s.ram\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqzwukpa.default\urlclassifier3.sqlite moved successfully.

Shaba
2008-12-17, 17:09
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)

Shaba
2008-12-21, 12:07
Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.

Shaba
2008-12-21, 13:33
Re-opened upon request.

yukukuhi
2008-12-25, 05:47
Sorry for the delay, but i am not able to finish running kaspersky. It's getting hanged when it reaches about 505. Please Help And Thank you.

Shaba
2008-12-25, 13:33
Thank you for update.

Please try this instead:

Please go to Eset website (http://www.eset.com/onlinescan/) to perform an online scan. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Uncheck (untick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.

yukukuhi
2008-12-28, 06:41
ESET Online scanner is running for about 75% and the internet explorer window automatically closes down without crreating any log file in C:\Program Files\esetonlinescanner\log.txt. Please Help And Thank You.

Shaba
2008-12-28, 12:19
Let me know if this works:

Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

yukukuhi
2008-12-29, 17:05
Malwarebytes' Anti-Malware 1.31
Database version: 1565
Windows 5.1.2600 Service Pack 2

12/29/2008 3:40:12 PM
mbam-log-2008-12-29 (15-40-12).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 154005
Time elapsed: 1 hour(s), 12 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Anti-Leech (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Anti-Leech\ALNN (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Anti-Leech\ALNN\alhlp.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Anti-Leech\ALNN\al2np.dll (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Anti-Leech\ALNN\npalnn.dll (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Anti-Leech\ALNN\setup2.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.

Shaba
2008-12-29, 17:08
That looks good :)

Still problems?

yukukuhi
2008-12-30, 09:01
No, i think it's fine now. And can i use malwarebytes for scanning & removing adware, spyware and malwares or could you suggest anything else. And also i think there's some malware in my pendrve and in my laptop as well. Please Help And Thank you.

Shaba
2008-12-30, 15:41
"And can i use malwarebytes for scanning & removing adware, spyware and malwares or could you suggest anything else"

Yes. I will give you a bit later more suggestions?

If you have malware on laptop and pendrive, I suggest that you format pendrive in laptop and post a new thread for laptop :)

Do you have issues with this computer?

yukukuhi
2008-12-30, 16:59
No, i think all of the issues in y computer is cured. Thank you very much for comng this far and helping me in solving these issues with my computer. Thanks a lot shaba i will never forget your help.

Shaba
2008-12-30, 17:07
Glad to hear :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (http://www.personalfirewall.comodo.com/download_firewall.html) (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor (http://www.tallemu.com/online_armor_free.html)
3) PC Tools (http://www.pctools.com/firewall/download/)
4) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
5) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za) (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Now lets uninstall ComboFix:

Click START then RUN
Now type Combofix /u in the runbox and click OK

Next we remove all used tools.

Please download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)

Re-enable system restore with instructions from tutorial above

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here (http://malwareremoval.com/forum/viewtopic.php?t=22187)
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)

Happy surfing and stay clean! :bigthumb:

Shaba
2009-01-01, 11:58
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.