Malware Trouble

OTViewIt.Txt

OTViewIt logfile created on: 12/15/2008 7:56:16 PM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\s.s.ram\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.73 Mb Total Physical Memory | 282.49 Mb Available Physical Memory | 56.19% Memory free
2.67 Gb Paging File | 2.41 Gb Available in Paging File | 90.27% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;D:\pagefile.sys 0 0;E:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 6.52 Gb Free Space | 33.36% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 1.92 Gb Free Space | 4.91% Space Free | Partition Type: NTFS
Drive E: | 90.45 Gb Total Space | 4.99 Gb Free Space | 5.52% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: s.s.ram
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/11/23 14:41:59 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/12/13 17:13:18 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2004/09/01 08:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2007/03/03 13:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2008/11/23 14:42:04 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2008/11/23 14:42:00 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2007/04/16 19:00:06 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008/12/04 22:50:23 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2008/12/13 17:13:19 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2005/10/30 20:09:40 | 00,393,216 | ---- | M] (AVerMedia Technologies, Inc.) -- C:\Program Files\AVerTV\QuickTV.exe
[2008/12/15 17:59:59 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\s.s.ram\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/09/08 17:13:12 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/11/23 14:42:00 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2008/11/23 14:41:59 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/04/19 13:45:26 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/11/02 18:36:32 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2008/12/13 17:13:18 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2007/03/03 13:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])

========== Driver Services ==========

[1999/09/10 12:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32 [System | Running])
[2006/12/14 09:04:40 | 01,171,456 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\WINDOWS\system32\drivers\AVerBDA3x.sys -- (AVerBDA3x [On_Demand | Stopped])
[2008/11/23 14:42:13 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/11/23 14:42:12 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/11/23 14:42:16 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running])
[2008/01/14 18:08:07 | 00,407,072 | ---- | M] (AVerMedia Technologies, Inc.) -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134 [On_Demand | Running])
[2006/09/19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped])
[2005/01/07 17:07:16 | 00,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/02/07 09:04:34 | 01,399,615 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2007/03/01 17:27:26 | 04,484,608 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2004/08/03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2004/08/03 23:10:14 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE [On_Demand | Stopped])
[2005/06/15 07:58:56 | 00,026,496 | R--- | M] (Panasonic ) -- C:\WINDOWS\system32\drivers\pacdcacm.sys -- (pacdcacm [On_Demand | Stopped])
[2008/01/14 18:08:07 | 00,057,152 | ---- | M] (AVerMedia Technologies, Inc.) -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune [On_Demand | Running])
[2007/10/08 19:07:32 | 00,018,432 | ---- | M] (Igor Nys) -- C:\WINDOWS\system32\drivers\prcmondrv1041.sys -- (prcmondrv [System | Running])
[2004/09/01 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/11/03 03:00:00 | 00,046,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Running])
[2004/09/01 08:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2007/05/11 15:10:18 | 00,007,424 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\SIODRV.SYS -- (SIODRV [Auto | Running])
[2004/06/07 09:13:52 | 00,036,484 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios [On_Demand | Running])
[2004/03/12 14:40:22 | 00,021,120 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp [On_Demand | Stopped])
[2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2008/09/05 11:21:38 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2008/02/29 16:13:49 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr7/*http://www.yahoo.com/ext/search/search.html
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}
"Start Page"=about:blank

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=intranet

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}
"Start Page"=about:blank

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=intranet

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{484FFC3E-5891-BD10-0BED-75DFED1D8FA1} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} (HKLM) -- C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{D0943516-5076-4020-A3B5-AEFAF26AB263}" (HKLM) -- C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\system32\kdneu.exe"=C:\WINDOWS\system32\kdneu.exe File not found
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S File not found

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S File not found

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"!CleanupNetMeetingDispDriver"="C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0 (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2005/10/30 20:09:40 | 00,393,216 | ---- | M] (AVerMedia Technologies, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickTV.lnk = C:\Program Files\AVerTV\QuickTV.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Control Panel]
"Colors"=0

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\policies\microsoft\internet explorer\Control Panel]
"Colors"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0
"NoDrives"=0
"NoViewOnDrive"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=91 00 00 00 [binary data]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=91 00 00 00 [binary data]

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0
"NoDrives"=0
"NoViewOnDrive"=0

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2001/02/16 01:05:38 | 09,164,192 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2001/02/16 01:05:38 | 09,164,192 | R--- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{4528BBE0-4E08-11D5-AD55-00010333D0AD}: Button: Messenger -- %ProgramFiles%\Yahoo!\Common\yhexbmesin.dll [2005/07/31 11:10:16 | 00,316,552 | ---- | M] (Yahoo! Inc.)
{4528BBE0-4E08-11D5-AD55-00010333D0AD}: Menu: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Common\yhexbmesin.dll [2005/07/31 11:10:16 | 00,316,552 | ---- | M] (Yahoo! Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yhexbmesin.dll [&Yahoo! Messenger] -> [2005/07/31 11:10:16 | 00,316,552 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{5E638779-1818-4754-A595-EF1C63B87A56} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yhexbmesin.dll [&Yahoo! Messenger] -> [2005/07/31 11:10:16 | 00,316,552 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{5E638779-1818-4754-A595-EF1C63B87A56} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab -- Office Genuine Advantage Validation Tool
{166B1BCA-3F9C-11CF-8075-444553540000}: http://active.macromedia.com/director/cabs/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object
{E8F628B5-259A-4734-97EE-BA914D7BE941}: http://driveragent.com/files/driveragent.cab -- Driver Agent ActiveX Control

========== (O17) DNS Name Servers ==========

{0CAAFC00-BA6C-4F38-BEA2-92377FB89AD2} (Servers: | Description: )
{1D730DA0-06BF-4DAA-83EA-299CE3C91929} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)
{84BDD19D-C5F9-421F-AB6B-EEC31C8E86BF} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)
{AF41E5CA-C467-4DF5-8678-1DB5D015B0C8} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)
{C54C42E9-4DED-4EA8-8C2D-B9103F042458} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\WINDOWS\system32\perfc000.dat,avgrsstx.dll
>File not found -- C:\WINDOWS\system32\perfc000.dat
>[2008/11/23 14:42:17 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autorun.inf [[autorun] | shellexecute="resycled\boot.com d:" | shell\Open\command="resycled\boot.com d:" | shell=Open | ]
[2008/11/08 21:29:27 | 00,000,103 | RHS- | M] () -- D:\autorun.inf -- [ NTFS ]

autorun.inf [[autorun] | shellexecute="resycled\boot.com e:" | shell\Open\command="resycled\boot.com e:" | shell=Open | ]
[2008/11/08 21:29:27 | 00,000,103 | RHS- | M] () -- E:\autorun.inf -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2613cc56-ea08-11db-894e-806d6172696f}\Shell]
""=Autorun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2613cc56-ea08-11db-894e-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2613cc56-ea08-11db-894e-806d6172696f}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2004/09/01 08:00:00 | 08,384,000 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2613cc56-ea08-11db-894e-806d6172696f}\Shell\Open\command]
""=resycled\boot.com d:

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2613cc57-ea08-11db-894e-806d6172696f}\Shell]
""=Autorun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2613cc57-ea08-11db-894e-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2613cc57-ea08-11db-894e-806d6172696f}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2004/09/01 08:00:00 | 08,384,000 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2613cc57-ea08-11db-894e-806d6172696f}\Shell\Open\command]
""=resycled\boot.com e:


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cec06588-e9e3-11db-b5f6-00e04d0504ea}\Shell\AutoRun\command]
""=H:\


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cec06588-e9e3-11db-b5f6-00e04d0504ea}\Shell\explore\Command]
""=RECYCLER\INFO.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cec06588-e9e3-11db-b5f6-00e04d0504ea}\Shell\open\Command]
""=RECYCLER\INFO.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8e706b1-4733-11dd-8154-00e04d0504ea}\Shell\AutoRun\command]
""=d.com


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8e706b1-4733-11dd-8154-00e04d0504ea}\Shell\explore\Command]
""=d.com


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8e706b1-4733-11dd-8154-00e04d0504ea}\Shell\open\Command]
""=d.com
 
OTViewIt.Txt

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2008/12/15 17:59:46 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\s.s.ram\Desktop\OTViewIt.exe
[2008/12/14 18:44:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\s.s.ram\Application Data\Malwarebytes
[2008/12/14 18:44:18 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/14 18:44:18 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/14 18:44:16 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/14 18:44:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/14 18:44:14 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/14 15:06:13 | 67,913,142 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-14-2008_15-06-13.mp3
[2008/12/14 13:47:39 | 71,345,631 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-14-2008_13-47-39.mp3
[2008/12/14 13:03:31 | 70,230,725 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-14-2008_13-03-31.mp3
[2008/12/13 22:54:09 | 00,008,598 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\KAS.html
[2008/12/13 17:22:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2008/12/13 17:13:12 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2008/12/13 17:04:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\s.s.ram\Application Data\Sun
[2008/12/13 13:31:25 | 00,090,905 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-13-2008_13-31-25.mp3
[2008/12/13 12:24:34 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_acm.acm
[2008/12/13 11:43:15 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/12/13 11:43:15 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/12/12 20:51:07 | 15,871,455 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\iPhone_User_Guide.pdf
[2008/12/12 20:20:36 | 00,128,071 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\untitled.JPG
[2008/12/12 18:33:16 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/12 10:30:29 | 47,342,2040 | ---- | C] () -- C:\TV_CH68_1212_103027.mpg
[2008/12/11 12:11:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\s.s.ram\Desktop\spybot
[2008/12/10 19:03:17 | 10,043,1872 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\Lupin_III_The_Secret_of_Twilight_Gemini.part20.rar
[2008/12/10 17:30:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\s.s.ram\My Documents\New Folder (4)
[2008/12/09 22:25:07 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2008/12/09 22:25:06 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2008/12/09 22:25:05 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2008/12/09 22:25:05 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2008/12/09 19:59:33 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/09 19:59:30 | 00,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2008/12/09 19:38:06 | 00,058,652 | ---- | C] () -- C:\Program Files\AMVapp-uninst.exe
[2008/12/09 19:36:40 | 00,067,895 | ---- | C] () -- C:\Program Files\Premiere AVS Plugin uninst.exe
[2008/12/08 19:08:39 | 00,000,000 | ---D | C] -- C:\Lop SD
[2008/12/08 17:01:22 | 59,323,5860 | ---- | C] () -- C:\TV_CH68_1208_170121.mpg
[2008/12/06 16:54:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\s.s.ram\Desktop\New Folder (7)
[2008/12/05 20:03:31 | 00,000,000 | ---D | C] -- C:\Program Files\avisplit
[2008/12/05 18:35:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\s.s.ram\My Documents\New Folder (3)
[2008/12/05 12:30:56 | 00,289,826 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\Rurouni%20Kenshin%20-%2013.jpg
[2008/12/03 19:32:15 | 00,000,000 | ---- | C] () -- C:\[TOMA] Lupin III - Walther P-38 [E9611B2C].mkv
[2008/12/03 19:20:01 | 00,000,000 | ---D | C] -- C:\[ILA] Lupin III - The Secret of Twilight Gemini
[2008/12/02 15:02:26 | 13,479,204 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\_video.flv
[2008/12/01 16:55:40 | 02,759,827 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\sbicard19nov08.rename_to_.mp3
[2008/11/29 19:24:03 | 00,000,698 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\ARWizard3.lnk
[2008/11/29 19:23:58 | 00,000,000 | ---D | C] -- C:\Program Files\ARWizard3
[2008/11/29 18:02:31 | 00,132,910 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_11-29-2008_18-02-31.mp3
[2008/11/29 18:01:59 | 00,106,578 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_11-29-2008_18-01-59.mp3
[2008/11/29 18:00:59 | 00,122,252 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_11-29-2008_18-00-59.mp3
[2008/11/29 17:55:49 | 00,541,047 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\g.mp3
[2008/11/23 18:13:09 | 00,009,474 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\AVG Scan Results.csv
[2008/11/23 15:26:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\s.s.ram\Desktop\AVG Update
[2008/11/23 15:09:10 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2008/11/23 14:42:17 | 00,001,511 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/11/23 14:42:16 | 00,076,040 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2008/11/23 14:42:16 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/11/23 14:42:13 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/11/23 14:42:12 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/11/23 14:42:04 | 30,712,898 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/11/23 14:42:04 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/11/23 14:42:04 | 00,334,743 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/11/23 14:42:04 | 00,091,203 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/11/23 14:42:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2008/11/23 14:41:59 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2008/11/23 14:41:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2008/11/21 12:28:29 | 00,001,738 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\HijackThis.lnk
[2008/11/21 12:28:29 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/11/20 20:31:06 | 00,000,937 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\Spybot - Search & Destroy.lnk
[2008/11/20 20:31:00 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/11/20 20:31:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/12/15 19:44:23 | 00,061,440 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/15 19:28:17 | 00,005,552 | ---- | M] () -- C:\WINDOWS\AVerTV.ini
[2008/12/15 19:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2008/12/15 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2008/12/15 17:59:59 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\s.s.ram\Desktop\OTViewIt.exe
[2008/12/15 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2008/12/15 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2008/12/15 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2008/12/15 14:53:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/15 14:53:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/15 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2008/12/15 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2008/12/15 10:16:24 | 00,000,111 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Application Data\AVSDVDPlayer.m3u
[2008/12/15 10:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2008/12/15 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2008/12/14 20:14:39 | 30,712,898 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/12/14 20:14:39 | 00,091,203 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/12/14 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2008/12/14 18:44:19 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/14 16:39:16 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/14 15:34:31 | 67,913,142 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-14-2008_15-06-13.mp3
[2008/12/14 14:17:23 | 71,345,631 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-14-2008_13-47-39.mp3
[2008/12/14 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2008/12/14 13:32:46 | 70,230,725 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-14-2008_13-03-31.mp3
[2008/12/14 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2008/12/14 10:42:12 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/12/13 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2008/12/13 22:54:10 | 00,008,598 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\KAS.html
[2008/12/13 22:00:06 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2008/12/13 21:00:05 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2008/12/13 14:53:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/13 13:31:29 | 00,090,905 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-13-2008_13-31-25.mp3
[2008/12/13 11:43:55 | 00,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/12/13 11:43:15 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/12/12 21:00:32 | 15,871,455 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\iPhone_User_Guide.pdf
[2008/12/12 20:20:36 | 00,128,071 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\untitled.JPG
[2008/12/12 10:54:22 | 47,342,2040 | ---- | M] () -- C:\TV_CH68_1212_103027.mpg
[2008/12/10 21:12:27 | 10,043,1872 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\Lupin_III_The_Secret_of_Twilight_Gemini.part20.rar
[2008/12/10 12:09:58 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/12/09 22:33:10 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/12/09 19:38:05 | 00,000,153 | ---- | M] () -- C:\WINDOWS\.java.policy
[2008/12/09 19:38:04 | 00,000,153 | ---- | M] () -- C:\WINDOWS\.java.policy.old
[2008/12/09 19:37:41 | 00,035,365 | ---- | M] () -- C:\WINDOWS\System32\uninstHelixYUV.exe
[2008/12/08 17:31:24 | 59,323,5860 | ---- | M] () -- C:\TV_CH68_1208_170121.mpg
[2008/12/05 12:13:43 | 00,289,826 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\Rurouni%20Kenshin%20-%2013.jpg
[2008/12/04 22:50:46 | 00,334,743 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/12/04 08:18:37 | 06,919,876 | -H-- | M] () -- C:\Documents and Settings\s.s.ram\Local Settings\Application Data\IconCache.db
[2008/12/03 19:59:06 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:59:02 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/03 19:32:15 | 00,000,000 | ---- | M] () -- C:\[TOMA] Lupin III - Walther P-38 [E9611B2C].mkv
[2008/12/02 15:15:50 | 13,479,204 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\_video.flv
[2008/12/01 16:55:40 | 02,759,827 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\sbicard19nov08.rename_to_.mp3
[2008/11/29 19:24:03 | 00,000,698 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\ARWizard3.lnk
[2008/11/29 18:02:37 | 00,132,910 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_11-29-2008_18-02-31.mp3
[2008/11/29 18:02:04 | 00,106,578 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_11-29-2008_18-01-59.mp3
[2008/11/29 18:01:04 | 00,122,252 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_11-29-2008_18-00-59.mp3
[2008/11/29 17:56:12 | 00,541,047 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\g.mp3
[2008/11/29 09:47:05 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/11/23 18:13:09 | 00,009,474 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\AVG Scan Results.csv
[2008/11/23 14:42:17 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/11/23 14:42:17 | 00,001,511 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/11/23 14:42:16 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2008/11/23 14:42:13 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/11/23 14:42:12 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/11/23 14:42:04 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/11/21 12:28:29 | 00,001,738 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\HijackThis.lnk
[2008/11/20 20:31:06 | 00,000,937 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\Spybot - Search & Destroy.lnk
< End of report >
 
Extrast.Txt

OTViewIt Extras logfile created on: 12/15/2008 7:56:17 PM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\s.s.ram\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.73 Mb Total Physical Memory | 282.49 Mb Available Physical Memory | 56.19% Memory free
2.67 Gb Paging File | 2.41 Gb Available in Paging File | 90.27% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;D:\pagefile.sys 0 0;E:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 6.52 Gb Free Space | 33.36% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 1.92 Gb Free Space | 4.91% Space Free | Partition Type: NTFS
Drive E: | 90.45 Gb Total Space | 4.99 Gb Free Space | 5.52% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: s.s.ram
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"MaxScriptStatements"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/09/01 13:30:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/09/01 13:30:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/08/31 12:54:26 | 03,084,288 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
[2005/08/31 12:54:26 | 00,053,248 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2004/09/01 13:30:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®
File not found -- C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui
File not found -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/01/22 03:25:24 | 00,872,448 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 03:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 03:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 03:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/02/23 18:36:24 | 07,436,272 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"{107254A0-0ADF-11D4-9397-00D0B7020B38}"=
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java(TM) 6 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{5B09BD67-4C99-46A1-8161-B7208CE18121}"=QuickTime
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}"=Adobe Stock Photos 1.0
"{8338BA06-E527-491B-9400-F51708FEE695}"=iPod for Windows 2005-11-17
"{88F9DA25-C383-4F59-B8FA-08DFCC26D521}"=Panasonic VS3_VS2_MX6_SA6 USB-Handset Manager
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel(R) Graphics Media Accelerator Driver
"{8DF56C91-281F-4C15-B954-F45FDC919568}"=TV
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer
"{90280409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Professional with FrontPage
"{AC76BA86-7AD7-1033-7B44-A81000000003}"=Adobe Reader 8.1.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}"=Adobe Bridge 1.0
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{D36DD326-7280-11D8-97C8-000129760CBE}"=PhotoNow! 1.0
"{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}"=iTunes
"{E9787678-1033-0000-8E67-000000000001}"=Adobe Help Center 1.0
"{EA23971F-2CEE-48FC-B64D-7F74A6EF90F0}"=XMLinst
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}"=VideoStudio
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"Adobe Shockwave Player"=Adobe Shockwave Player
"AMVapp"=AMVapp 2.1
"AMVapp Audio Apps"=AMVapp Audio Apps 2.0
"AMVappSupportTools"=AMVapp Support Tools 2.0
"Audio Record Wizard_is1"=Audio Record Wizard v3.98
"AvantBrowser"=Avant Browser (remove only)
"AVG8Uninstall"=AVG Free 8.0
"AVI MPEG WMV RM to MP3 Converter_is1"=AVI MPEG WMV RM to MP3 Converter 1.6.8
"AVI Splitter_is1"=AVI Splitter
"AviSynth"=AviSynth 2.5
"Avisynth Filters"=Avisynth Filters 2.5x
"AVS DVD Player_is1"=AVS DVD Player version 2.4
"dBpowerAMP"=dBpowerAMP
"dBpoweramp DSP Effects"=dBpoweramp DSP Effects
"dBpoweramp Music Converter"=dBpoweramp Music Converter
"DGMPEGDec"=DGMPEGDec 1.2.1
"DVD Decrypter"=DVD Decrypter (Remove Only)
"ffdshow_is1"=ffdshow [rev 1846] [2008-02-05]
"HelixYUVCodecs"=Helix YUV Codecs (remove only)
"HijackThis"=HijackThis 2.0.2
"HuffYUV"=Lossless Codecs
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"InstallShield_{8338BA06-E527-491B-9400-F51708FEE695}"=iPod for Windows 2005-11-17
"InstallShield_{8DF56C91-281F-4C15-B954-F45FDC919568}"=AVerTV GO 007 FM Plus
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}"=Ulead VideoStudio 11
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"MegauploadToolbar"=Megaupload Toolbar
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.4)"=Mozilla Firefox (3.0.4)
"MSNINST"=MSN
"NeroMultiInstaller!UninstallKey"=Nero Suite
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Premiere AVS Plugin"=PremiereAVSPlugin 1.5
"RealPlayer 6.0"=RealPlayer
"Replay Media Catcher2.10"=Replay Media Catcher
"VideoReDoTVSuite_is1"=VideoReDo TVSuite Version 3.1.4.549
"VirtualDubMod"=VirtualDubMod 1.5.4.1
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"WinRAR archiver"=WinRAR archiver
"XiphQT"=Xiph QuickTime Components
"Xvid_is1"=Xvid 1.1.3 final uninstall
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Customizations"=Yahoo! extras
"Yahoo! Messenger"=Yahoo! Messenger
"Yahoo! Toolbar"=Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IpWins"=IpWins

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IpWins"=IpWins

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/30/2008 9:23:21 AM | Computer Name = HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/3/2008 10:45:26 PM | Computer Name = HOME-PC | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see .

Error - 12/7/2008 3:42:25 AM | Computer Name = HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.5730.13, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/7/2008 10:55:20 AM | Computer Name = HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application VideoReDo3.exe, version 3.1.4.549, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/7/2008 11:02:49 AM | Computer Name = HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application VideoReDo3.exe, version 3.1.4.549, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/7/2008 11:04:01 AM | Computer Name = HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application VideoReDo3.exe, version 3.1.4.549, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/8/2008 7:30:57 AM | Computer Name = HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application AVerTV.exe, version 5.3.0.24, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/9/2008 1:01:06 AM | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module avsvideodecoderfilter.ax, version 1.0.0.158, fault address 0x00009e9c.

Error - 12/9/2008 12:59:05 PM | Computer Name = HOME-PC | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see .

Error - 12/11/2008 10:56:05 AM | Computer Name = HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.8.20081.2918, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/15/2008 5:24:45 AM | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7000
Description = The AVerMedia AVerTV WDM Video Capture (878) service failed to start
due to the following error: %%2

Error - 12/15/2008 5:24:45 AM | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7000
Description = The osaio service failed to start due to the following error: %%2

Error - 12/15/2008 5:28:39 AM | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 12/15/2008 5:30:00 AM | Computer Name = HOME-PC | Source = Schedule | ID = 7901
Description = The At16.job command failed to start due to the following error: %%2147942402

Error - 12/15/2008 6:30:00 AM | Computer Name = HOME-PC | Source = Schedule | ID = 7901
Description = The At17.job command failed to start due to the following error: %%2147942402

Error - 12/15/2008 7:18:53 AM | Computer Name = HOME-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.100.5 for the Network Card with network
address 00E04D0504EA has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 12/15/2008 7:30:00 AM | Computer Name = HOME-PC | Source = Schedule | ID = 7901
Description = The At18.job command failed to start due to the following error: %%2147942402

Error - 12/15/2008 7:56:36 AM | Computer Name = HOME-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.5 on
the Network Card with network address 00E04D0504EA.

Error - 12/15/2008 8:30:00 AM | Computer Name = HOME-PC | Source = Schedule | ID = 7901
Description = The At19.job command failed to start due to the following error: %%2147942402

Error - 12/15/2008 9:30:00 AM | Computer Name = HOME-PC | Source = Schedule | ID = 7901
Description = The At20.job command failed to start due to the following error: %%2147942402


< End of report >
 
Go to Start > Run
Type regedit and click OK.

  • On the leftside, click to highlight My Computer at the top.
  • Go up to "File > Export"
    • Make sure in that window there is a tick next to "All" under Export Branch.
    • Leave the "Save As Type" as \Registration Files".
    • Under "Filename" put backup
  • Choose to save it to C:\ or in somewhere else safe location so that you will remember where you put it (don't put it on the Desktop!)
  • Click Save and then go to File > Exit.

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: 
    :files
C:\Documents and Settings\s.s.ram\Desktop\New Folder (7)\mkvtoolnix-unicode-2.4.1-setup(3).exe 
C:\Documents and Settings\s.s.ram\Local Settings\Temp\sta1.exe
D:\autorun.inf 
D:\F\Neolder\Kumresearh\Cardcaptor Sakura\Pictures\ss1\ccsakura_ss.exe 
D:\F\Neolder\Kumresearh\Cardcaptor Sakura\Pictures\ss1.zip 
D:\mIRC 6.3 + keygen.rar 
D:\mIRC 6.31 + Crack.zip 
D:\Softwares\Active[1].File.Rec0very.Enterprise.v7.1_4all_jumpoo\fo-fr71e.exe 
D:\Softwares\Active[1].File.Rec0very.Enterprise.v7.1_4all_jumpoo.rar 
D:\Softwares\netpumper-1.23-setup.exe 
E:\autorun.inf 
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At24.job
c:\WINDOWS\tasks\At23.job
c:\WINDOWS\tasks\At22.job

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\WINDOWS\system32\kdneu.exe"=-

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2613cc56-ea08-11db-894e-806d6172696f}\Shell\Open\command]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2613cc57-ea08-11db-894e-806d6172696f}\Shell\Open\command]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cec06588-e9e3-11db-b5f6-00e04d0504ea}\Shell\explore\Command]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cec06588-e9e3-11db-b5f6-00e04d0504ea}\Shell\open\Command]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8e706b1-4733-11dd-8154-00e04d0504ea}\Shell\AutoRun\command]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8e706b1-4733-11dd-8154-00e04d0504ea}\Shell\explore\Command]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8e706b1-4733-11dd-8154-00e04d0504ea}\Shell\open\Command]

:commands
[EmptyTemp]
[reboot]
  • Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Re-run otviewit.

Post:

- otviewit logs
- otmoveit3 log
 
Re-otviewit

OTViewIt logfile created on: 12/17/2008 8:30:01 PM - Run 2
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\s.s.ram\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.73 Mb Total Physical Memory | 253.11 Mb Available Physical Memory | 50.35% Memory free
2.67 Gb Paging File | 2.43 Gb Available in Paging File | 90.95% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;D:\pagefile.sys 0 0;E:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 5.37 Gb Free Space | 27.49% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 1.88 Gb Free Space | 4.80% Space Free | Partition Type: NTFS
Drive E: | 90.45 Gb Total Space | 4.54 Gb Free Space | 5.02% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: s.s.ram
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/11/23 14:41:59 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/12/13 17:13:18 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2004/09/01 08:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2007/03/03 13:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2008/11/23 14:42:04 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2008/11/23 14:42:00 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2004/09/01 08:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\NOTEPAD.EXE
[2007/04/16 19:00:06 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008/12/04 22:50:23 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2008/12/13 17:13:19 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2005/10/30 20:09:40 | 00,393,216 | ---- | M] (AVerMedia Technologies, Inc.) -- C:\Program Files\AVerTV\QuickTV.exe
[2008/12/15 17:59:59 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\s.s.ram\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/09/08 17:13:12 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/11/23 14:42:00 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2008/11/23 14:41:59 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/04/19 13:45:26 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/11/02 18:36:32 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2008/12/13 17:13:18 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2007/03/03 13:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])

========== Driver Services ==========

[1999/09/10 12:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32 [System | Running])
[2006/12/14 09:04:40 | 01,171,456 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\WINDOWS\system32\drivers\AVerBDA3x.sys -- (AVerBDA3x [On_Demand | Stopped])
[2008/11/23 14:42:13 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/11/23 14:42:12 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/11/23 14:42:16 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running])
[2008/01/14 18:08:07 | 00,407,072 | ---- | M] (AVerMedia Technologies, Inc.) -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134 [On_Demand | Running])
[2006/09/19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped])
[2005/01/07 17:07:16 | 00,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/02/07 09:04:34 | 01,399,615 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running])
[2007/03/01 17:27:26 | 04,484,608 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2004/08/03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2004/08/03 23:10:14 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE [On_Demand | Stopped])
[2005/06/15 07:58:56 | 00,026,496 | R--- | M] (Panasonic ) -- C:\WINDOWS\system32\drivers\pacdcacm.sys -- (pacdcacm [On_Demand | Stopped])
[2008/01/14 18:08:07 | 00,057,152 | ---- | M] (AVerMedia Technologies, Inc.) -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune [On_Demand | Running])
[2007/10/08 19:07:32 | 00,018,432 | ---- | M] (Igor Nys) -- C:\WINDOWS\system32\drivers\prcmondrv1041.sys -- (prcmondrv [System | Running])
[2004/09/01 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/11/03 03:00:00 | 00,046,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Running])
[2004/09/01 08:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2007/05/11 15:10:18 | 00,007,424 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\SIODRV.SYS -- (SIODRV [Auto | Running])
[2004/06/07 09:13:52 | 00,036,484 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios [On_Demand | Running])
[2004/03/12 14:40:22 | 00,021,120 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp [On_Demand | Stopped])
[2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2008/09/05 11:21:38 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2008/02/29 16:13:49 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr7/*http://www.yahoo.com/ext/search/search.html
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}
"Start Page"=about:blank

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=intranet

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}
"Start Page"=about:blank

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=intranet

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{484FFC3E-5891-BD10-0BED-75DFED1D8FA1} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} (HKLM) -- C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{D0943516-5076-4020-A3B5-AEFAF26AB263}" (HKLM) -- C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S File not found

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S File not found

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"!CleanupNetMeetingDispDriver"="C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0 (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2005/10/30 20:09:40 | 00,393,216 | ---- | M] (AVerMedia Technologies, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickTV.lnk = C:\Program Files\AVerTV\QuickTV.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Control Panel]
"Colors"=0

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\policies\microsoft\internet explorer\Control Panel]
"Colors"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0
"NoDrives"=0
"NoViewOnDrive"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=91 00 00 00 [binary data]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=91 00 00 00 [binary data]

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0
"NoDrives"=0
"NoViewOnDrive"=0

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2001/02/16 01:05:38 | 09,164,192 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2001/02/16 01:05:38 | 09,164,192 | R--- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{4528BBE0-4E08-11D5-AD55-00010333D0AD}: Button: Messenger -- %ProgramFiles%\Yahoo!\Common\yhexbmesin.dll [2005/07/31 11:10:16 | 00,316,552 | ---- | M] (Yahoo! Inc.)
{4528BBE0-4E08-11D5-AD55-00010333D0AD}: Menu: Yahoo! Messenger -- %ProgramFiles%\Yahoo!\Common\yhexbmesin.dll [2005/07/31 11:10:16 | 00,316,552 | ---- | M] (Yahoo! Inc.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yhexbmesin.dll [&Yahoo! Messenger] -> [2005/07/31 11:10:16 | 00,316,552 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{5E638779-1818-4754-A595-EF1C63B87A56} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yhexbmesin.dll [&Yahoo! Messenger] -> [2005/07/31 11:10:16 | 00,316,552 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{5E638779-1818-4754-A595-EF1C63B87A56} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab -- Office Genuine Advantage Validation Tool
{166B1BCA-3F9C-11CF-8075-444553540000}: http://active.macromedia.com/director/cabs/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object
{E8F628B5-259A-4734-97EE-BA914D7BE941}: http://driveragent.com/files/driveragent.cab -- Driver Agent ActiveX Control

========== (O17) DNS Name Servers ==========

{0CAAFC00-BA6C-4F38-BEA2-92377FB89AD2} (Servers: | Description: )
{1D730DA0-06BF-4DAA-83EA-299CE3C91929} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)
{84BDD19D-C5F9-421F-AB6B-EEC31C8E86BF} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)
{AF41E5CA-C467-4DF5-8678-1DB5D015B0C8} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)
{C54C42E9-4DED-4EA8-8C2D-B9103F042458} (Servers: | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC)

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll
>[2008/11/23 14:42:17 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cec06588-e9e3-11db-b5f6-00e04d0504ea}\Shell\AutoRun\command]
""=H:\

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2008/12/17 20:22:46 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/12/17 20:16:39 | 12,229,2516 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\backup.reg
[2008/12/16 20:03:56 | 11,846,00900 | ---- | C] () -- C:\TV_CH68_1216_200356.mpg
[2008/12/16 19:37:58 | 03,024,618 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\Scan_2[1].bmp
[2008/12/15 17:59:46 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\s.s.ram\Desktop\OTViewIt.exe
[2008/12/14 18:44:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\s.s.ram\Application Data\Malwarebytes
[2008/12/14 18:44:18 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/14 18:44:18 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/14 18:44:16 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/14 18:44:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/14 18:44:14 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/14 15:06:13 | 67,913,142 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-14-2008_15-06-13.mp3
[2008/12/14 13:47:39 | 71,345,631 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-14-2008_13-47-39.mp3
[2008/12/14 13:03:31 | 70,230,725 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-14-2008_13-03-31.mp3
[2008/12/13 22:54:09 | 00,008,598 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\KAS.html
[2008/12/13 17:22:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2008/12/13 17:13:12 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2008/12/13 17:04:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\s.s.ram\Application Data\Sun
[2008/12/13 13:31:25 | 00,090,905 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-13-2008_13-31-25.mp3
[2008/12/13 12:24:34 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_acm.acm
[2008/12/13 11:43:15 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/12/13 11:43:15 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/12/12 20:51:07 | 15,871,455 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\iPhone_User_Guide.pdf
[2008/12/12 20:20:36 | 00,128,071 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\untitled.JPG
[2008/12/12 18:33:16 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/12 10:30:29 | 47,342,2040 | ---- | C] () -- C:\TV_CH68_1212_103027.mpg
[2008/12/11 12:11:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\s.s.ram\Desktop\spybot
[2008/12/10 19:03:17 | 10,043,1872 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\Lupin_III_The_Secret_of_Twilight_Gemini.part20.rar
[2008/12/09 22:25:07 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2008/12/09 22:25:06 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2008/12/09 22:25:05 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2008/12/09 22:25:05 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2008/12/09 19:59:33 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/09 19:59:30 | 00,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2008/12/09 19:38:06 | 00,058,652 | ---- | C] () -- C:\Program Files\AMVapp-uninst.exe
[2008/12/09 19:36:40 | 00,067,895 | ---- | C] () -- C:\Program Files\Premiere AVS Plugin uninst.exe
[2008/12/08 19:08:39 | 00,000,000 | ---D | C] -- C:\Lop SD
[2008/12/08 17:01:22 | 59,323,5860 | ---- | C] () -- C:\TV_CH68_1208_170121.mpg
[2008/12/06 16:54:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\s.s.ram\Desktop\New Folder (7)
[2008/12/05 20:03:31 | 00,000,000 | ---D | C] -- C:\Program Files\avisplit
[2008/12/05 12:30:56 | 00,289,826 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\Rurouni%20Kenshin%20-%2013.jpg
[2008/12/03 19:32:15 | 00,000,000 | ---- | C] () -- C:\[TOMA] Lupin III - Walther P-38 [E9611B2C].mkv
[2008/12/03 19:20:01 | 00,000,000 | ---D | C] -- C:\[ILA] Lupin III - The Secret of Twilight Gemini
[2008/12/02 15:02:26 | 13,479,204 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\_video.flv
[2008/12/01 16:55:40 | 02,759,827 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\sbicard19nov08.rename_to_.mp3
[2008/11/29 19:24:03 | 00,000,698 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\ARWizard3.lnk
[2008/11/29 19:23:58 | 00,000,000 | ---D | C] -- C:\Program Files\ARWizard3
[2008/11/29 18:02:31 | 00,132,910 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_11-29-2008_18-02-31.mp3
[2008/11/29 18:01:59 | 00,106,578 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_11-29-2008_18-01-59.mp3
[2008/11/29 18:00:59 | 00,122,252 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_11-29-2008_18-00-59.mp3
[2008/11/29 17:55:49 | 00,541,047 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\g.mp3
[2008/11/23 18:13:09 | 00,009,474 | ---- | C] () -- C:\Documents and Settings\s.s.ram\My Documents\AVG Scan Results.csv
[2008/11/23 15:26:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\s.s.ram\Desktop\AVG Update
[2008/11/23 15:09:10 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2008/11/23 14:42:17 | 00,001,511 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/11/23 14:42:16 | 00,076,040 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2008/11/23 14:42:16 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/11/23 14:42:13 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/11/23 14:42:12 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/11/23 14:42:04 | 30,741,716 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/11/23 14:42:04 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/11/23 14:42:04 | 00,334,743 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/11/23 14:42:04 | 00,093,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/11/23 14:42:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2008/11/23 14:41:59 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2008/11/23 14:41:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2008/11/21 12:28:29 | 00,001,738 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\HijackThis.lnk
[2008/11/21 12:28:29 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/11/20 20:31:06 | 00,000,937 | ---- | C] () -- C:\Documents and Settings\s.s.ram\Desktop\Spybot - Search & Destroy.lnk
[2008/11/20 20:31:00 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/11/20 20:31:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/12/17 20:26:47 | 00,005,553 | ---- | M] () -- C:\WINDOWS\AVerTV.ini
[2008/12/17 20:25:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/17 20:25:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/17 20:16:51 | 12,229,2516 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\backup.reg
[2008/12/17 16:54:12 | 30,741,716 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/12/17 16:54:12 | 00,093,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/12/17 15:32:28 | 00,070,144 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/17 14:00:02 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2008/12/17 12:20:55 | 00,000,111 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Application Data\AVSDVDPlayer.m3u
[2008/12/17 08:33:47 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/12/16 21:03:57 | 11,846,00900 | ---- | M] () -- C:\TV_CH68_1216_200356.mpg
[2008/12/15 17:59:59 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\s.s.ram\Desktop\OTViewIt.exe
[2008/12/14 18:44:19 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/14 16:39:16 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/14 15:34:31 | 67,913,142 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-14-2008_15-06-13.mp3
[2008/12/14 14:17:23 | 71,345,631 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-14-2008_13-47-39.mp3
[2008/12/14 13:32:46 | 70,230,725 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-14-2008_13-03-31.mp3
[2008/12/13 22:54:10 | 00,008,598 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\KAS.html
[2008/12/13 14:53:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/13 13:31:29 | 00,090,905 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_12-13-2008_13-31-25.mp3
[2008/12/13 11:43:55 | 00,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/12/13 11:43:15 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/12/12 21:00:32 | 15,871,455 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\iPhone_User_Guide.pdf
[2008/12/12 20:20:36 | 00,128,071 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\untitled.JPG
[2008/12/12 10:54:22 | 47,342,2040 | ---- | M] () -- C:\TV_CH68_1212_103027.mpg
[2008/12/10 21:12:27 | 10,043,1872 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\Lupin_III_The_Secret_of_Twilight_Gemini.part20.rar
[2008/12/10 12:09:58 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/12/09 22:33:10 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/12/09 19:38:05 | 00,000,153 | ---- | M] () -- C:\WINDOWS\.java.policy
[2008/12/09 19:38:04 | 00,000,153 | ---- | M] () -- C:\WINDOWS\.java.policy.old
[2008/12/09 19:37:41 | 00,035,365 | ---- | M] () -- C:\WINDOWS\System32\uninstHelixYUV.exe
[2008/12/08 17:31:24 | 59,323,5860 | ---- | M] () -- C:\TV_CH68_1208_170121.mpg
[2008/12/05 12:13:43 | 00,289,826 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\Rurouni%20Kenshin%20-%2013.jpg
[2008/12/04 22:50:46 | 00,334,743 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/12/04 08:18:37 | 06,919,876 | -H-- | M] () -- C:\Documents and Settings\s.s.ram\Local Settings\Application Data\IconCache.db
[2008/12/03 19:59:06 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:59:02 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/03 19:32:15 | 00,000,000 | ---- | M] () -- C:\[TOMA] Lupin III - Walther P-38 [E9611B2C].mkv
[2008/12/02 15:15:50 | 13,479,204 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\_video.flv
[2008/12/01 16:55:40 | 02,759,827 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\sbicard19nov08.rename_to_.mp3
[2008/11/29 19:24:03 | 00,000,698 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\ARWizard3.lnk
[2008/11/29 18:02:37 | 00,132,910 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_11-29-2008_18-02-31.mp3
[2008/11/29 18:02:04 | 00,106,578 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_11-29-2008_18-01-59.mp3
[2008/11/29 18:01:04 | 00,122,252 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\ARW_11-29-2008_18-00-59.mp3
[2008/11/29 17:56:12 | 00,541,047 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\g.mp3
[2008/11/29 09:47:05 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/11/23 18:13:09 | 00,009,474 | ---- | M] () -- C:\Documents and Settings\s.s.ram\My Documents\AVG Scan Results.csv
[2008/11/23 14:42:17 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/11/23 14:42:17 | 00,001,511 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/11/23 14:42:16 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2008/11/23 14:42:13 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/11/23 14:42:12 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/11/23 14:42:04 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/11/21 12:28:29 | 00,001,738 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\HijackThis.lnk
[2008/11/20 20:31:06 | 00,000,937 | ---- | M] () -- C:\Documents and Settings\s.s.ram\Desktop\Spybot - Search & Destroy.lnk
< End of report >
 
Re-Extras

OTViewIt Extras logfile created on: 12/17/2008 8:30:01 PM - Run 2
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\s.s.ram\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.73 Mb Total Physical Memory | 253.11 Mb Available Physical Memory | 50.35% Memory free
2.67 Gb Paging File | 2.43 Gb Available in Paging File | 90.95% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;D:\pagefile.sys 0 0;E:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 5.37 Gb Free Space | 27.49% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 1.88 Gb Free Space | 4.80% Space Free | Partition Type: NTFS
Drive E: | 90.45 Gb Total Space | 4.54 Gb Free Space | 5.02% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-PC
Current User Name: s.s.ram
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"MaxScriptStatements"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/09/01 13:30:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/09/01 13:30:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/08/31 12:54:26 | 03,084,288 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
[2005/08/31 12:54:26 | 00,053,248 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2004/09/01 13:30:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®
File not found -- C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui
File not found -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/01/22 03:25:24 | 00,872,448 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 03:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 03:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2001/02/12 03:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/02/23 18:36:24 | 07,436,272 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"{107254A0-0ADF-11D4-9397-00D0B7020B38}"=
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java(TM) 6 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{5B09BD67-4C99-46A1-8161-B7208CE18121}"=QuickTime
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}"=Adobe Stock Photos 1.0
"{8338BA06-E527-491B-9400-F51708FEE695}"=iPod for Windows 2005-11-17
"{88F9DA25-C383-4F59-B8FA-08DFCC26D521}"=Panasonic VS3_VS2_MX6_SA6 USB-Handset Manager
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel(R) Graphics Media Accelerator Driver
"{8DF56C91-281F-4C15-B954-F45FDC919568}"=TV
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer
"{90280409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Professional with FrontPage
"{AC76BA86-7AD7-1033-7B44-A81000000003}"=Adobe Reader 8.1.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}"=Adobe Bridge 1.0
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{D36DD326-7280-11D8-97C8-000129760CBE}"=PhotoNow! 1.0
"{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}"=iTunes
"{E9787678-1033-0000-8E67-000000000001}"=Adobe Help Center 1.0
"{EA23971F-2CEE-48FC-B64D-7F74A6EF90F0}"=XMLinst
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}"=VideoStudio
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"Adobe Shockwave Player"=Adobe Shockwave Player
"AMVapp"=AMVapp 2.1
"AMVapp Audio Apps"=AMVapp Audio Apps 2.0
"AMVappSupportTools"=AMVapp Support Tools 2.0
"Audio Record Wizard_is1"=Audio Record Wizard v3.98
"AvantBrowser"=Avant Browser (remove only)
"AVG8Uninstall"=AVG Free 8.0
"AVI MPEG WMV RM to MP3 Converter_is1"=AVI MPEG WMV RM to MP3 Converter 1.6.8
"AVI Splitter_is1"=AVI Splitter
"AviSynth"=AviSynth 2.5
"Avisynth Filters"=Avisynth Filters 2.5x
"AVS DVD Player_is1"=AVS DVD Player version 2.4
"dBpowerAMP"=dBpowerAMP
"dBpoweramp DSP Effects"=dBpoweramp DSP Effects
"dBpoweramp Music Converter"=dBpoweramp Music Converter
"DGMPEGDec"=DGMPEGDec 1.2.1
"DVD Decrypter"=DVD Decrypter (Remove Only)
"ffdshow_is1"=ffdshow [rev 1846] [2008-02-05]
"HelixYUVCodecs"=Helix YUV Codecs (remove only)
"HijackThis"=HijackThis 2.0.2
"HuffYUV"=Lossless Codecs
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}"=VeohTV BETA
"InstallShield_{8338BA06-E527-491B-9400-F51708FEE695}"=iPod for Windows 2005-11-17
"InstallShield_{8DF56C91-281F-4C15-B954-F45FDC919568}"=AVerTV GO 007 FM Plus
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}"=Ulead VideoStudio 11
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"MegauploadToolbar"=Megaupload Toolbar
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.4)"=Mozilla Firefox (3.0.4)
"MSNINST"=MSN
"NeroMultiInstaller!UninstallKey"=Nero Suite
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Premiere AVS Plugin"=PremiereAVSPlugin 1.5
"RealPlayer 6.0"=RealPlayer
"Replay Media Catcher2.10"=Replay Media Catcher
"VideoReDoTVSuite_is1"=VideoReDo TVSuite Version 3.1.4.549
"VirtualDubMod"=VirtualDubMod 1.5.4.1
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"WinRAR archiver"=WinRAR archiver
"XiphQT"=Xiph QuickTime Components
"Xvid_is1"=Xvid 1.1.3 final uninstall
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Customizations"=Yahoo! extras
"Yahoo! Messenger"=Yahoo! Messenger
"Yahoo! Toolbar"=Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IpWins"=IpWins

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1844237615-879983540-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IpWins"=IpWins

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/30/2008 9:23:21 AM | Computer Name = HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/3/2008 10:45:26 PM | Computer Name = HOME-PC | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see .

Error - 12/7/2008 3:42:25 AM | Computer Name = HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.5730.13, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/7/2008 10:55:20 AM | Computer Name = HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application VideoReDo3.exe, version 3.1.4.549, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/7/2008 11:02:49 AM | Computer Name = HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application VideoReDo3.exe, version 3.1.4.549, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/7/2008 11:04:01 AM | Computer Name = HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application VideoReDo3.exe, version 3.1.4.549, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/8/2008 7:30:57 AM | Computer Name = HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application AVerTV.exe, version 5.3.0.24, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/9/2008 1:01:06 AM | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module avsvideodecoderfilter.ax, version 1.0.0.158, fault address 0x00009e9c.

Error - 12/9/2008 12:59:05 PM | Computer Name = HOME-PC | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see .

Error - 12/11/2008 10:56:05 AM | Computer Name = HOME-PC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.8.20081.2918, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/17/2008 7:27:04 AM | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 12/17/2008 7:30:00 AM | Computer Name = HOME-PC | Source = Schedule | ID = 7901
Description = The At18.job command failed to start due to the following error: %%2147942402

Error - 12/17/2008 8:30:00 AM | Computer Name = HOME-PC | Source = Schedule | ID = 7901
Description = The At19.job command failed to start due to the following error: %%2147942402

Error - 12/17/2008 9:30:00 AM | Computer Name = HOME-PC | Source = Schedule | ID = 7901
Description = The At20.job command failed to start due to the following error: %%2147942402

Error - 12/17/2008 10:30:00 AM | Computer Name = HOME-PC | Source = Schedule | ID = 7901
Description = The At21.job command failed to start due to the following error: %%2147942402

Error - 12/17/2008 10:55:52 AM | Computer Name = HOME-PC | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 12/17/2008 10:55:52 AM | Computer Name = HOME-PC | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 12/17/2008 10:55:52 AM | Computer Name = HOME-PC | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 12/17/2008 10:57:08 AM | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7000
Description = The AVerMedia AVerTV WDM Video Capture (878) service failed to start
due to the following error: %%2

Error - 12/17/2008 10:57:08 AM | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7000
Description = The osaio service failed to start due to the following error: %%2


< End of report >
 
otmoveit3

========== FILES ==========
C:\Documents and Settings\s.s.ram\Desktop\New Folder (7)\mkvtoolnix-unicode-2.4.1-setup(3).exe moved successfully.
C:\Documents and Settings\s.s.ram\Local Settings\Temp\sta1.exe moved successfully.
D:\autorun.inf moved successfully.
D:\F\Neolder\Kumresearh\Cardcaptor Sakura\Pictures\ss1\ccsakura_ss.exe moved successfully.
D:\F\Neolder\Kumresearh\Cardcaptor Sakura\Pictures\ss1.zip moved successfully.
D:\mIRC 6.3 + keygen.rar moved successfully.
D:\mIRC 6.31 + Crack.zip moved successfully.
D:\Softwares\Active[1].File.Rec0very.Enterprise.v7.1_4all_jumpoo\fo-fr71e.exe moved successfully.
D:\Softwares\Active[1].File.Rec0very.Enterprise.v7.1_4all_jumpoo.rar moved successfully.
D:\Softwares\netpumper-1.23-setup.exe moved successfully.
E:\autorun.inf moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
c:\WINDOWS\tasks\At23.job moved successfully.
c:\WINDOWS\tasks\At22.job moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_Dlls"|"avgrsstx.dll" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\C:\WINDOWS\system32\kdneu.exe deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2613cc56-ea08-11db-894e-806d6172696f}\Shell\Open\command\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2613cc57-ea08-11db-894e-806d6172696f}\Shell\Open\command\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cec06588-e9e3-11db-b5f6-00e04d0504ea}\Shell\explore\Command\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cec06588-e9e3-11db-b5f6-00e04d0504ea}\Shell\open\Command\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8e706b1-4733-11dd-8154-00e04d0504ea}\Shell\AutoRun\command\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8e706b1-4733-11dd-8154-00e04d0504ea}\Shell\explore\Command\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8e706b1-4733-11dd-8154-00e04d0504ea}\Shell\open\Command\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\SS1611~1.RAM\LOCALS~1\Temp\etilqs_LgwOrabkOftAg6HgDm58 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_690.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\s.s.ram\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqzwukpa.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\s.s.ram\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqzwukpa.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\s.s.ram\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqzwukpa.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\s.s.ram\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqzwukpa.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\s.s.ram\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqzwukpa.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12172008_202246

Files moved on Reboot...
File C:\DOCUME~1\SS1611~1.RAM\LOCALS~1\Temp\etilqs_LgwOrabkOftAg6HgDm58 not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_690.dat not found!
C:\Documents and Settings\s.s.ram\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqzwukpa.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\s.s.ram\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqzwukpa.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\s.s.ram\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqzwukpa.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\s.s.ram\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqzwukpa.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\s.s.ram\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqzwukpa.default\urlclassifier3.sqlite moved successfully.
 
Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here
 
Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.
 
kaspersky hanging

Sorry for the delay, but i am not able to finish running kaspersky. It's getting hanged when it reaches about 505. Please Help And Thank you.
 
Thank you for update.

Please try this instead:

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

  1. Check (tick) this box: YES, I accept the Terms of Use.
  2. Click on the Start button next to it.
  3. When prompted to run ActiveX. click Yes.
  4. You will be asked to install an ActiveX. Click Install.
  5. Once installed, the scanner will be initialized.
  6. After the scanner is initialized, click Start.
  7. Uncheck (untick) Remove found threats box.
  8. Check (tick) Scan unwanted applications.
  9. Click on Scan.
  10. It will start scanning. Please be patient.
  11. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.
 
ESET Online scanner

ESET Online scanner is running for about 75% and the internet explorer window automatically closes down without crreating any log file in C:\Program Files\esetonlinescanner\log.txt. Please Help And Thank You.
 
Let me know if this works:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
 
Malwarebytes Anti-Malware Log

Malwarebytes' Anti-Malware 1.31
Database version: 1565
Windows 5.1.2600 Service Pack 2

12/29/2008 3:40:12 PM
mbam-log-2008-12-29 (15-40-12).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 154005
Time elapsed: 1 hour(s), 12 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Anti-Leech (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Anti-Leech\ALNN (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Anti-Leech\ALNN\alhlp.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Anti-Leech\ALNN\al2np.dll (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Anti-Leech\ALNN\npalnn.dll (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Program Files\Anti-Leech\ALNN\setup2.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
 
It's Fine Now

No, i think it's fine now. And can i use malwarebytes for scanning & removing adware, spyware and malwares or could you suggest anything else. And also i think there's some malware in my pendrve and in my laptop as well. Please Help And Thank you.
 
"And can i use malwarebytes for scanning & removing adware, spyware and malwares or could you suggest anything else"

Yes. I will give you a bit later more suggestions?

If you have malware on laptop and pendrive, I suggest that you format pendrive in laptop and post a new thread for laptop :)

Do you have issues with this computer?
 
Thanks shaba

No, i think all of the issues in y computer is cured. Thank you very much for comng this far and helping me in solving these issues with my computer. Thanks a lot shaba i will never forget your help.
 
Glad to hear :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor
3) PC Tools
4) Sunbelt/Kerio
5) ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Now lets uninstall ComboFix:

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

Next we remove all used tools.

Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

  • Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and re-enable system restore here:

    Windows XP System Restore Guide

Re-enable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
    You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean! :bigthumb:
 
You must log in or register to reply here.
Back
Top