Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Audio pop ups and Spam windows popping up randomly [RESOLVED]


  • This topic is locked This topic is locked

#1
jacknsherr

jacknsherr

    Member

  • Member
  • PipPip
  • 24 posts
For about the past week, I've been plagued with random popups, which include both IE windows and audio messages telling me I've variously won $1000 Walmart Gift Cards and iPods. I've run several scans (McAfee, Adaware, eWido, Spybot, Avast) and then resorted to the prescribed steps in your "must read before posting" instructions. Please help! I'm at wit's end!!!!!

Following is the HiJack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:28:09 PM, on 8/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ba614MPs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\user\LOCALS~1\Temp\2008822162431_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\user\LOCALS~1\Temp\2008822162422_mcinfo.exe /insfin
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - S-1-5-18 Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE (User 'Default user')
O4 - .DEFAULT Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE (User 'Default user')
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with Xilisoft YouTube to iPod Converter - C:\Program Files\Xilisoft\Youtube to iPod Converter\upod_link.HTM
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://www.dioceseaj.org/iNotes.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125037579875
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10871 bytes


And following is the "Uninstall List;"

32 Bit HP BiDi Channel Components Installer
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 7.0.9
AIM 6
AoA DVD Ripper
AoA MP4 Converter
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
Avanquest update
avast! Antivirus
AviSynth 2.5
Bejeweled 2 Deluxe 1.0
BitTorrent 4.24.0
CCleaner (remove only)
Cucusoft DVD to iPod + iPod Video Converter Suite 6.1.5.15
Cucusoft DVD to iPod Converter 6.01
Cucusoft iPod Video Converter 3.16
DivX
DivX Player
DivX Web Player
DVD Audio Extractor 4.1.1
Enable S3 for USB Device
ERUNT 1.1j
ewido security suite
Garmin WebUpdater
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
HP Deskjet 3900 series
HP Extended Capabilities 5.0
HP Image Zone Express
HP Imaging Device Functions 5.0
HP Software Update
HP Solution Center & Imaging Support Tools 5.0
Iomega DVD Wizard
Iomega HotBurn Pro
iPod for Windows 2005-10-12
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 4
Java™ 6 Update 7
Logitech QuickCam
Logitech QuickCam Driver Package
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Motorola Driver Installation 3.2.0
Motorola Phone Tools
Mozilla Firefox (2.0.0.16)
MPEG Video Wizard DVD
MySpaceIM
Nero - Burning Rom
NVIDIA Drivers
NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers
OpenOffice.org Installer 1.0
PowerDVD
QuickTime
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Safari
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Skype™ 3.6
Snood for Windows version 3.52-W
Sonic Express Labeler
Sonic Foundry Sound Forge 6.0d
Sonic MyDVD
Sonic Update Manager
Spybot - Search & Destroy 1.4
TrojanHunter 4.2
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
WinRAR archiver

Thanks!

Jackson
  • 0

Advertisements


#2
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello jacknsherr !

Welcome to the site! :) My name's Egwene and I'll be helping clean up your computer. :) I'm currently looking over your log. I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. I'll need a bit of time to research your log fully, so please bear with me.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal - HijackThis™ Logs Go Here.
  • Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
  • When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad click on Format | Uncheck Word Wrap)
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
  • Make sure you reply to this thread using the Add Reply button: Posted Image

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.
  • 0

#3
jacknsherr

jacknsherr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
All verified and understood. Thank you for your help!

---- Jackson
  • 0

#4
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey jacknsherr,

You're right, your computer is infected by some malwares, so let's go with the removal :)

--> Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Do not scan now !

--> Please download the OTMoveIt2 by OldTimer.
Save it to your desktop.

1) Disable real-time protection :

Please disable Avast! real-time protection, more help here : http://www.bleepingc...opic114351.html

2) Run OTMoveIT2 :
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\system32\ba614MPs.exe
    purity
    emptytemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.[/list]
3) Run MBAM :

  • Launch MBAM, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

4) Run OTviewIT :

Download OTViewIt to your desktop.
  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need to use two posts to get it all on the forum

Please post in your next answer :


- OTmoveIT2 repport
- MBAM repport
- Two OTviewIT repports.


Regards,
Egwene.
  • 0

#5
jacknsherr

jacknsherr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hey Egwene!

Thanks for your very clear and concise instructions!!!

Here is the OTMoveIt2 Log:

Explorer killed successfully
C:\WINDOWS\system32\ba614MPs.exe moved successfully.
< purity >
< emptytemp >
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DF3B62.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DF4635.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFE075.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\LVCOMSX.LOG scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_648.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08262008_093031

Files moved on Reboot...
C:\DOCUME~1\user\LOCALS~1\Temp\~DF3B62.tmp moved successfully.
C:\DOCUME~1\user\LOCALS~1\Temp\~DF4635.tmp moved successfully.
C:\DOCUME~1\user\LOCALS~1\Temp\~DFE075.tmp moved successfully.
C:\WINDOWS\temp\LVCOMSX.LOG moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_648.dat not found!


And the MBAM Log:

Malwarebytes' Anti-Malware 1.25
Database version: 1087
Windows 5.1.2600 Service Pack 2

9:47:49 AM 8/26/2008
mbam-log-08-26-2008 (09-47-49).txt

Scan type: Quick Scan
Objects scanned: 50531
Time elapsed: 7 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ba614MPs.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.


The OT ViewIT report:

OTViewIt logfile created on: 8/26/2008 9:49:44 AM - Run 1
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 210.32 Mb Available Physical Memory | 41.12% Memory free
1.22 Gb Paging File | 0.93 Gb Available in Paging File | 76.35% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 59.02 Gb Free Space | 79.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232.88 Gb Total Space | 136.44 Gb Free Space | 58.59% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-88A1E09A42
Current User Name: user
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[07/19/2008 09:25 AM | 00,016,056 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[07/19/2008 09:38 AM | 00,147,640 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashServ.exe
[10/19/2007 02:19 PM | 00,141,848 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
[10/31/2007 03:09 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[11/11/2004 06:53 PM | 00,016,448 | ---- | M] (ewido networks) - C:\Program Files\ewido\security suite\ewidoctrl.exe
[09/24/2003 10:00 AM | 00,073,728 | ---- | M] (Iomega Corporation) - C:\Program Files\Iomega\System32\AppServices.exe
[10/19/2007 02:17 PM | 00,186,904 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
[05/14/2004 02:47 AM | 00,067,072 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\SOUNDMAN.EXE
[06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[07/27/2004 05:50 PM | 00,081,920 | ---- | M] (InstallShield Software Corporation) - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[10/25/2007 05:33 PM | 00,563,984 | ---- | M] () - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[10/25/2007 05:37 PM | 02,178,832 | ---- | M] () - C:\Program Files\Logitech\QuickCam\Quickcam.exe
[03/30/2008 10:36 AM | 00,267,048 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[07/19/2008 09:38 AM | 00,078,008 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[12/18/2007 08:47 PM | 08,720,384 | ---- | M] () - C:\Program Files\MySpace\IM\MySpaceIM.exe
[09/30/2004 12:35 AM | 00,127,043 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe
[11/17/1996 12:00 AM | 00,051,984 | ---- | M] () - C:\Program Files\Microsoft Office\Office\OSA.EXE
[01/04/2007 04:38 PM | 00,024,652 | ---- | M] (Viewpoint Corporation) - C:\Program Files\Viewpoint\Common\ViewpointService.exe
[10/19/2007 02:17 PM | 00,186,904 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
[03/30/2008 10:36 AM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[10/25/2007 05:32 PM | 00,407,824 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
[12/18/2007 08:47 PM | 08,720,384 | ---- | M] () - C:\Program Files\MySpace\IM\MySpaceIM.exe
[01/04/2007 04:38 PM | 00,112,336 | ---- | M] (Viewpoint Corporation) - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
[08/26/2008 09:49 AM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\user\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[10/31/2007 03:09 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(aswUpdSv) avast! iAVS4 Control Service [Auto | Running]
[07/19/2008 09:25 AM | 00,016,056 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

(avast! Antivirus) avast! Antivirus [Auto | Running]
[07/19/2008 09:38 AM | 00,147,640 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashServ.exe

(avast! Mail Scanner) avast! Mail Scanner [On_Demand | Stopped]
[07/19/2008 09:38 AM | 00,250,040 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

(avast! Web Scanner) avast! Web Scanner [On_Demand | Stopped]
[07/23/2008 09:25 AM | 00,348,344 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[08/04/2004 07:00 AM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(ewido security suite control) ewido security suite control [Auto | Running]
[11/11/2004 06:53 PM | 00,016,448 | ---- | M] (ewido networks) - C:\Program Files\ewido\security suite\ewidoctrl.exe

(ewido security suite guard) ewido security suite guard [Disabled | Stopped]
[09/25/2005 01:55 PM | 00,163,904 | ---- | M] (ewido networks) - C:\Program Files\ewido\security suite\ewidoguard.exe

(gusvc) Google Updater Service [On_Demand | Stopped]
[08/19/2008 03:01 PM | 00,138,168 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

(HP Port Resolver) HP Port Resolver [On_Demand | Stopped]
[05/20/2005 11:37 AM | 00,081,920 | ---- | M] (Hewlett-Packard Company) - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

(HP Status Server) HP Status Server [On_Demand | Stopped]
[10/16/2004 06:31 AM | 00,073,728 | ---- | M] (Hewlett-Packard Company) - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

(IDriverT) InstallDriver Table Manager [On_Demand | Stopped]
[04/04/2005 01:41 AM | 00,069,632 | ---- | M] (Macrovision Corporation) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

(Iomega Activity Disk2) Iomega Activity Disk2 [Disabled | Stopped]
[08/26/2008 09:49 AM | ---D | M] - .

(Iomega App Services) Iomega App Services [Auto | Running]
[09/24/2003 10:00 AM | 00,073,728 | ---- | M] (Iomega Corporation) - C:\Program Files\Iomega\System32\AppServices.exe

(iPod Service) iPod Service [On_Demand | Running]
[03/30/2008 10:36 AM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(LVCOMSer) LVCOMSer [Auto | Running]
[10/19/2007 02:17 PM | 00,186,904 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

(LVPrcSrv) Process Monitor [Auto | Running]
[10/19/2007 02:19 PM | 00,141,848 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

(LVSrvLauncher) LVSrvLauncher [Auto | Stopped]
[10/19/2007 02:21 PM | 00,141,848 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

(NVSvc) NVIDIA Display Driver Service [Auto | Running]
[09/30/2004 12:35 AM | 00,127,043 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe

(PavPrSrv) Panda Process Protection Service [Auto | Stopped]
File not found - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

(Viewpoint Manager Service) Viewpoint Manager Service [Auto | Running]
[01/04/2007 04:38 PM | 00,024,652 | ---- | M] (Viewpoint Corporation) - C:\Program Files\Viewpoint\Common\ViewpointService.exe

===== Driver Services - Non-Microsoft Only =====

(Aavmker4) avast! Asynchronous Virus Monitor [System | Running]
[07/19/2008 09:32 AM | 00,026,944 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aavmker4.sys

(ALCXSENS) Service for WDM 3D Audio Driver [On_Demand | Running]
[02/23/2004 10:08 PM | 00,400,384 | ---- | M] (Sensaura) - C:\WINDOWS\system32\drivers\ALCXSENS.SYS

(ALCXWDM) Service for Realtek AC97 Audio (WDM) [On_Demand | Running]
[05/14/2004 10:24 AM | 00,622,172 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS

(ASPI32) ASPI32 [System | Running]
[07/17/2002 08:53 AM | 00,016,877 | ---- | M] (Adaptec) - C:\WINDOWS\System32\drivers\Aspi32.sys

(aswFsBlk) aswFsBlk [Auto | Running]
[07/19/2008 09:37 AM | 00,020,560 | ---- | M] (ALWIL Software) - C:\WINDOWS\system32\drivers\aswFsBlk.sys

(aswMon2) avast! Standard Shield Support [Auto | Running]
[07/19/2008 09:37 AM | 00,094,416 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswmon2.sys

(aswRdr) aswRdr [On_Demand | Running]
[07/19/2008 09:33 AM | 00,023,152 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswRdr.sys

(aswSP) avast! Self Protection [System | Running]
[07/19/2008 09:35 AM | 00,078,416 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswSP.sys

(aswTdi) avast! Network Shield Support [System | Running]
[07/19/2008 09:32 AM | 00,042,912 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswTdi.sys

(dmboot) dmboot [Disabled | Stopped]
[08/04/2004 07:00 AM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[08/04/2004 07:00 AM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Boot | Running]
[08/04/2004 07:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(DumaNT) NVIDIA Stereo Helper Service [System | Running]
[11/18/2002 04:29 PM | 00,399,700 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\dumant.sys

(ewido security suite driver) ewido security suite driver [System | Running]
[11/22/2004 09:15 AM | 00,003,072 | ---- | M] () - C:\Program Files\ewido\security suite\guard.sys

(GEARAspiWDM) GEARAspiWDM [On_Demand | Running]
[01/29/2008 12:01 PM | 00,016,168 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(GMSIPCI) GMSIPCI [On_Demand | Stopped]
File not found - D:\INSTALL\GMSIPCI.SYS

(IndiAvIn) TDK INDI AV-IN USB Device [On_Demand | Stopped]
[11/16/2002 07:03 PM | 00,086,016 | ---- | M] (Emuzed, Inc.) - C:\WINDOWS\system32\drivers\IndiAvIn.sys

(Intels51) Intel® 536EP V.92 Modem [On_Demand | Running]
[05/10/2002 08:31 AM | 00,633,220 | R--- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\Intels51.sys

(iomdisk) Iomega Devices Disk Filter Services [Boot | Running]
[09/24/2003 10:00 AM | 00,032,658 | ---- | M] (Iomega Corporation) - C:\WINDOWS\system32\drivers\IomDisk.sys

(iteraid) ITERAID_Service_Install [Boot | Running]
[02/25/2004 03:46 AM | 00,024,827 | R--- | M] (Integrated Technology Express, Inc.) - C:\WINDOWS\system32\drivers\iteraid.sys

(LVcKap) Logitech AEC Driver [On_Demand | Running]
[10/19/2007 02:16 PM | 02,109,976 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\Lvckap.sys

(LVMVDrv) Logitech Machine Vision Engine Loader [On_Demand | Stopped]
[10/11/2007 07:59 PM | 02,142,488 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LVMVdrv.sys

(LVPr2Mon) Logitech LVPr2Mon Driver [On_Demand | Running]
[10/11/2007 07:59 PM | 00,025,624 | ---- | M] () - C:\WINDOWS\system32\drivers\LVPr2Mon.sys

(LVUSBSta) Logitech USB Monitor Filter [On_Demand | Running]
[10/11/2007 09:00 PM | 00,041,752 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LVUSBSta.sys

(motmodem) Motorola USB CDC ACM Driver [On_Demand | Stopped]
[06/18/2007 02:18 PM | 00,023,680 | ---- | M] (Motorola) - C:\WINDOWS\system32\drivers\motmodem.sys

(nv) nv [On_Demand | Running]
[09/30/2004 12:35 AM | 02,743,840 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys

(nv_agp) NVIDIA nForce AGP Bus Filter [Boot | Running]
[03/19/2003 02:51 AM | 00,018,688 | R--- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv_agp.SYS

(PavProc) Panda Process Protection Driver [Auto | Stopped]
File not found - C:\WINDOWS\system32\DRIVERS\PavProc.sys

(pepifilter) Volume Adapter [On_Demand | Running]
[10/11/2007 08:55 PM | 00,013,848 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\lv302af.sys

(PID_PEPI) Logitech QuickCam IM(PID_PEPI) [On_Demand | Running]
[10/11/2007 08:55 PM | 01,279,000 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LV302V32.SYS

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/04/2004 07:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[11/17/2005 11:19 AM | 00,020,640 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\PxHelp20.sys

(RTL8023) Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver [On_Demand | Running]
[12/30/2003 10:58 PM | 00,069,504 | ---- | M] (Realtek Semiconductor Corporation ) - C:\WINDOWS\system32\drivers\Rtlnic51.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[11/13/2007 05:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(ShldDrv) Panda File Shield Driver [System | Stopped]
File not found - C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys

(SI3112r) Silicon Image SiI 3512 SATARaid Controller [Boot | Running]
[05/30/2003 03:05 AM | 00,089,610 | R--- | M] (Silicon Image, Inc) - C:\WINDOWS\system32\drivers\SI3112r.sys

(SiFilter) SATALink driver accelerator [Boot | Running]
[02/11/2003 11:37 PM | 00,009,600 | R--- | M] (Silicon Image, Inc.) - C:\WINDOWS\system32\drivers\SiWinAcc.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!" = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [07/19/2008 09:38 AM | 00,078,008 | ---- | M] (ALWIL Software)
"Cleanup" = C:\DOCUME~1\user\LOCALS~1\Temp\2008822162431_mcappins.exe /v=3 /cleanup File not found
"ISUSPM Startup" = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [07/27/2004 05:50 PM | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [07/27/2004 05:50 PM | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM | 00,267,048 | ---- | M] (Apple Inc.)
"LogitechCommunicationsManager" = "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 05:33 PM | 00,563,984 | ---- | M] ()
"LogitechQuickCamRibbon" = "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide [10/25/2007 05:37 PM | 02,178,832 | ---- | M] ()
"msci" = C:\DOCUME~1\user\LOCALS~1\Temp\2008822162422_mcinfo.exe /insfin File not found
"NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [09/30/2004 12:35 AM | 04,603,904 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [09/30/2004 12:35 AM | 00,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" = nwiz.exe /install [09/30/2004 12:35 AM | 00,921,600 | ---- | M] (NVIDIA Corporation)
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [03/28/2008 11:37 PM | 00,413,696 | ---- | M] (Apple Inc.)
"SoundMan" = SOUNDMAN.EXE [05/14/2004 02:47 AM | 00,067,072 | ---- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6" = File not found
"MySpaceIM" = C:\Program Files\MySpace\IM\MySpaceIM.exe [12/18/2007 08:47 PM | 08,720,384 | ---- | M] ()
"updateMgr" = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 [03/30/2006 04:45 PM | 00,313,472 | R--- | M] (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[09/23/2005 10:05 PM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[user Startup Folder - C:\Documents and Settings\user\Start Menu\Programs\Startup]
[11/17/1996 12:00 AM | 00,111,376 | ---- | M] () - C:\Documents and Settings\user\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
[11/17/1996 12:00 AM | 00,051,984 | ---- | M] () - C:\Documents and Settings\user\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [12/18/2006 04:16 AM | 00,059,032 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
HKLM CLSID: () - [05/31/2005 01:04 AM | 00,853,672 | ---- | M] (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
HKLM CLSID: (Google Toolbar Helper) - [01/19/2007 11:55 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/19/2007 11:55 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/19/2007 11:55 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (&Yahoo! Toolbar) - File not found Reg Error: Key does not exist or could not be opened.

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 07:00 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\1125036546\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1125036546\ee\AOLServiceHost.exe File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe [11/03/2006 02:17 AM | 00,010,800 | ---- | M] (AOL LLC)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe [08/01/2006 03:35 PM | 00,067,112 | ---- | M] (America Online, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 07:44 AM | 00,557,568 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 07:00 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\1125036546\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1125036546\ee\AOLServiceHost.exe File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe [11/03/2006 02:17 AM | 00,010,800 | ---- | M] (AOL LLC)
"C:\WINDOWS\system32\urprhaaun.exe" = C:\WINDOWS\system32\urprhaaun.exe File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe [10/13/2004 11:24 AM | 01,694,208 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe File not found
"C:\StubInstaller.exe" = C:\StubInstaller.exe [10/31/2005 10:56 AM | 00,700,416 | ---- | M] (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe File not found
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\iexplore.exe [06/23/2008 04:20 AM | 00,625,664 | ---- | M] (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe [09/29/2006 09:00 PM | 00,043,520 | ---- | M] ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe [08/01/2006 03:35 PM | 00,067,112 | ---- | M] (America Online, Inc.)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 07:44 AM | 00,557,568 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo! Games\Bejeweled 2 Deluxe\WinBej2.exe" = C:\Program Files\Yahoo! Games\Bejeweled 2 Deluxe\WinBej2.exe [11/18/2004 04:26 PM | 01,566,721 | ---- | M] (PopCap.com)
"C:\Program Files\Last.fm\LastFM.exe" = C:\Program Files\Last.fm\LastFM.exe File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe [01/03/2008 11:15 AM | 00,050,528 | ---- | M] (AOL LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [03/30/2008 10:36 AM | 20,638,504 | ---- | M] (Apple Inc.)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe [12/18/2007 08:47 PM | 08,720,384 | ---- | M] ()
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe [12/07/2007 04:08 PM | 21,686,568 | R--- | M] (Skype Technologies S.A.)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [06/13/2007 05:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [08/04/2004 07:00 AM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [08/04/2004 07:00 AM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [08/04/2004 07:00 AM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====
Unable to open key or key not present!


===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{7A4455E7-1E22-4CAB-B4F0-51FF2DCDE3CD}]
Servers: | Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{9B410874-7B7D-40FE-9EA6-F06094BD1DEC}]
Servers: | Description: 1394 Net Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{C4A502C0-106A-4D1B-ACB1-7F86FE35522F}]
Servers: | Description:

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

AUTOEXEC.BAT []
[07/15/2005 04:42 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e21-b1d5-11dc-831e-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e21-b1d5-11dc-831e-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e21-b1d5-11dc-831e-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e22-b1d5-11dc-831e-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e22-b1d5-11dc-831e-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e22-b1d5-11dc-831e-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14bd8f9f-9ab9-11db-82c0-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14bd8f9f-9ab9-11db-82c0-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14bd8f9f-9ab9-11db-82c0-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3834b87d-4f08-11dd-8367-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3834b87d-4f08-11dd-8367-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3834b87d-4f08-11dd-8367-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{448ad726-65a8-11dd-8371-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{448ad726-65a8-11dd-8371-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{448ad726-65a8-11dd-8371-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{779abd93-2efc-11db-8289-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{779abd93-2efc-11db-8289-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{779abd93-2efc-11db-8289-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b46a34a-7513-11da-823b-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b46a34a-7513-11da-823b-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b46a34a-7513-11da-823b-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9d4ac78-6499-11dd-8370-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9d4ac78-6499-11dd-8370-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9d4ac78-6499-11dd-8370-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc34a5a4-2dde-11dd-8352-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc34a5a4-2dde-11dd-8352-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc34a5a4-2dde-11dd-8352-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

===== Hosts File =====

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



[Files/Folders - Created Within 30 days]
[08/20/2008 08:39 AM | --SD | C] - C:\Microsoft
[08/26/2008 09:30 AM | ---D | C] - C:\_OTMoveIt
[08/26/2008 09:33 AM | 53,639,9872 | -HS- | C] () - C:\hiberfil.sys
[08/26/2008 09:48 AM | ---D | C] - C:\virus thing
[01/17/2008 11:34 AM | 00,093,264 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswmon.sys
[07/19/2008 09:32 AM | 00,026,944 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aavmker4.sys
[07/19/2008 09:32 AM | 00,042,912 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswTdi.sys
[07/19/2008 09:33 AM | 00,023,152 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswRdr.sys
[07/19/2008 09:35 AM | 00,078,416 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswSP.sys
[07/19/2008 09:37 AM | 00,020,560 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswFsBlk.sys
[07/19/2008 09:37 AM | 00,094,416 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswmon2.sys
[08/17/2008 03:01 PM | 00,017,144 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[01/09/2004 04:13 AM | 00,380,928 | ---- | C] () - C:\WINDOWS\System32\actskin4.ocx
[06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[06/10/2008 02:32 AM | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javacpl.cpl
[06/10/2008 02:32 AM | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[07/19/2008 09:30 AM | 00,094,392 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\AvastSS.scr
[07/19/2008 09:43 AM | 01,163,960 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\aswBoot.exe
[08/19/2008 03:34 AM | 00,029,760 | ---- | C] () - C:\WINDOWS\System32\33I0G12l.exe
[08/23/2008 06:15 PM | 00,082,434 | ---- | C] () - C:\WINDOWS\System32\ba614MPs.exe_
[08/23/2008 06:24 PM | ---D | C] - C:\WINDOWS\System32\CatRoot_bak
[08/10/2008 08:02 AM | 00,000,000 | ---- | C] () - C:\WINDOWS\initprog32.exe
[08/11/2008 02:16 AM | 00,090,305 | ---- | C] () - C:\WINDOWS\joke.gif
[08/22/2008 11:37 AM | ---D | C] - C:\WINDOWS\ERDNT
[08/25/2008 01:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At14.job
[08/25/2008 01:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At38.job
[08/25/2008 02:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At15.job
[08/25/2008 02:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At39.job
[08/25/2008 03:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At16.job
[08/25/2008 03:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At40.job
[08/25/2008 04:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At17.job
[08/25/2008 04:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At41.job
[08/25/2008 05:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At18.job
[08/25/2008 05:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At42.job
[08/25/2008 06:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At19.job
[08/25/2008 06:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At43.job
[08/25/2008 07:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At20.job
[08/25/2008 07:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At44.job
[08/25/2008 08:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At21.job
[08/25/2008 08:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At45.job
[08/25/2008 09:16 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At22.job
[08/25/2008 09:32 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At46.job
[08/25/2008 10:00 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At11.job
[08/25/2008 10:00 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At35.job
[08/25/2008 10:24 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At23.job
[08/25/2008 11:00 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At12.job
[08/25/2008 11:00 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At36.job
[08/25/2008 11:17 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At24.job
[08/25/2008 12:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At13.job
[08/25/2008 12:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At37.job
[08/26/2008 01:00 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At2.job
[08/26/2008 01:00 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At26.job
[08/26/2008 02:00 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At27.job
[08/26/2008 02:00 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At3.job
[08/26/2008 03:00 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At28.job
[08/26/2008 03:00 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At4.job
[08/26/2008 04:00 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At29.job
[08/26/2008 04:00 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At5.job
[08/26/2008 05:00 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At30.job
[08/26/2008 05:00 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At6.job
[08/26/2008 06:00 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At31.job
[08/26/2008 06:00 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At7.job
[08/26/2008 07:00 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At32.job
[08/26/2008 07:00 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At8.job
[08/26/2008 08:00 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At33.job
[08/26/2008 08:00 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At9.job
[08/26/2008 09:00 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At10.job
[08/26/2008 09:00 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At34.job
[08/26/2008 09:33 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At25.job
[08/26/2008 12:10 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At47.job
[08/26/2008 12:10 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At48.job
[08/26/2008 12:24 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At1.job
[08/19/2008 03:01 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Google
[08/21/2008 06:32 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/19/2008 03:29 PM | ---D | C] - C:\Documents and Settings\user\Application Data\Google
[08/21/2008 06:32 PM | ---D | C] - C:\Documents and Settings\user\Application Data\Malwarebytes
[08/16/2008 02:41 AM | 00,022,016 | ---- | C] () - C:\Documents and Settings\user\My Documents\For an occasion such as this.doc
[08/21/2008 10:12 PM | 00,001,709 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[08/26/2008 09:26 AM | 00,000,696 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/21/2008 06:31 PM | 00,128,368 | ---- | C] (Digital River) - C:\Documents and Settings\user\Desktop\Download_mbam-setup.exe
[08/22/2008 04:27 PM | 00,001,734 | ---- | C] () - C:\Documents and Settings\user\Desktop\HijackThis.lnk
[08/22/2008 11:28 AM | 00,050,688 | ---- | C] (Atribune.org) - C:\Documents and Settings\user\Desktop\ATF_Cleaner.exe
[08/22/2008 11:36 AM | 00,000,592 | ---- | C] () - C:\Documents and Settings\user\Desktop\ERUNT.lnk
[08/22/2008 11:36 AM | 00,000,611 | ---- | C] () - C:\Documents and Settings\user\Desktop\NTREGOPT.lnk
[08/26/2008 09:25 AM | 02,085,280 | ---- | C] (Malwarebytes Corporation ) - C:\Documents and Settings\user\Desktop\mbam-setup.exe
[08/26/2008 09:28 AM | 00,291,840 | ---- | C] (OldTimer Tools) - C:\Documents and Settings\user\Desktop\OTMoveIt2.exe
[08/26/2008 09:49 AM | 01,299,968 | ---- | C] (OldTimer Tools) - C:\Documents and Settings\user\Desktop\OTViewIt.exe
[08/21/2008 06:20 PM | ---D | C] - C:\Program Files\Common Files\Panda Software
[08/21/2008 06:31 PM | ---D | C] - C:\Program Files\Common Files\Download Manager
[08/21/2008 10:11 PM | ---D | C] - C:\Program Files\Alwil Software
[08/21/2008 10:13 PM | ---D | C] - C:\Program Files\Sun
[08/22/2008 04:27 PM | ---D | C] - C:\Program Files\Trend Micro
[08/22/2008 11:36 AM | ---D | C] - C:\Program Files\ERUNT
[08/26/2008 09:26 AM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware

[Files/Folders - Modified Within 30 days]
[08/20/2008 08:39 AM | --SD | M] - C:\Microsoft
[08/21/2008 10:13 PM | -H-D | M] - C:\Config.Msi
[08/22/2008 04:27 PM | R--D | M] - C:\Program Files
[08/24/2008 12:40 AM | ---D | M] - C:\WINDOWS
[08/26/2008 09:30 AM | ---D | M] - C:\_OTMoveIt
[08/26/2008 09:33 AM | 53,639,9872 | -HS- | M] () - C:\hiberfil.sys
[08/26/2008 09:48 AM | ---D | M] - C:\virus thing
[08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/11/2008 02:39 AM | 00,052,764 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[08/11/2008 02:39 AM | 00,380,350 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[08/11/2008 02:39 AM | 00,438,700 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[08/19/2008 03:34 AM | 00,029,760 | ---- | M] () - C:\WINDOWS\System32\33I0G12l.exe
[08/21/2008 10:12 PM | 00,002,626 | ---- | M] () - C:\WINDOWS\System32\CONFIG.NT
[08/22/2008 04:10 PM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/22/2008 11:05 AM | ---D | M] - C:\WINDOWS\System32\config
[08/23/2008 06:15 PM | 00,082,434 | ---- | M] () - C:\WINDOWS\System32\ba614MPs.exe_
[08/23/2008 06:24 PM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/23/2008 06:24 PM | ---D | M] - C:\WINDOWS\System32\CatRoot_bak
[08/26/2008 09:26 AM | ---D | M] - C:\WINDOWS\System32\drivers
[08/26/2008 09:31 AM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[08/26/2008 09:33 AM | 00,002,422 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/26/2008 09:33 AM | 00,007,883 | ---- | M] () - C:\WINDOWS\System32\nvapps.xml
[08/10/2008 08:02 AM | 00,000,000 | ---- | M] () - C:\WINDOWS\initprog32.exe
[08/11/2008 02:16 AM | 00,090,305 | ---- | M] () - C:\WINDOWS\joke.gif
[08/14/2008 03:03 AM | ---D | M] - C:\WINDOWS\ie7updates
[08/14/2008 03:06 AM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/15/2008 04:53 PM | 00,000,832 | ---- | M] () - C:\WINDOWS\win.ini
[08/15/2008 04:54 PM | 00,294,912 | ---- | M] () - C:\WINDOWS\outlook.pst
[08/19/2008 03:48 AM | --SD | M] - C:\WINDOWS\Tasks
[08/21/2008 10:13 PM | -HSD | M] - C:\WINDOWS\Installer
[08/22/2008 11:19 AM | ---D | M] - C:\WINDOWS\Debug
[08/22/2008 11:37 AM | ---D | M] - C:\WINDOWS\ERDNT
[08/24/2008 11:50 PM | -H-D | M] - C:\WINDOWS\inf
[08/26/2008 09:30 AM | ---D | M] - C:\WINDOWS\Prefetch
[08/26/2008 09:33 AM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/26/2008 09:33 AM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[08/26/2008 09:34 AM | ---D | M] - C:\WINDOWS\Temp
[08/26/2008 09:47 AM | ---D | M] - C:\WINDOWS\system32
[08/20/2008 11:44 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/25/2008 01:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At14.job
[08/25/2008 01:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At38.job
[08/25/2008 02:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At15.job
[08/25/2008 02:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At39.job
[08/25/2008 03:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At16.job
[08/25/2008 03:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At40.job
[08/25/2008 04:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At17.job
[08/25/2008 04:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At41.job
[08/25/2008 05:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At18.job
[08/25/2008 05:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At42.job
[08/25/2008 06:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At19.job
[08/25/2008 06:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At43.job
[08/25/2008 07:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At20.job
[08/25/2008 07:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At44.job
[08/25/2008 08:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At21.job
[08/25/2008 08:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At45.job
[08/25/2008 09:16 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At22.job
[08/25/2008 09:32 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At46.job
[08/25/2008 10:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At11.job
[08/25/2008 10:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At35.job
[08/25/2008 10:24 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At23.job
[08/25/2008 11:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At12.job
[08/25/2008 11:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At36.job
[08/25/2008 11:17 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At24.job
[08/25/2008 12:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At13.job
[08/25/2008 12:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At37.job
[08/26/2008 01:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At2.job
[08/26/2008 01:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At26.job
[08/26/2008 02:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At27.job
[08/26/2008 02:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At3.job
[08/26/2008 03:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At28.job
[08/26/2008 03:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At4.job
[08/26/2008 04:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At29.job
[08/26/2008 04:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At5.job
[08/26/2008 05:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At30.job
[08/26/2008 05:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At6.job
[08/26/2008 06:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At31.job
[08/26/2008 06:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At7.job
[08/26/2008 07:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At32.job
[08/26/2008 07:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At8.job
[08/26/2008 08:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At33.job
[08/26/2008 08:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At9.job
[08/26/2008 09:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At10.job
[08/26/2008 09:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At34.job
[08/26/2008 09:33 AM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/26/2008 09:33 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At25.job
[08/26/2008 12:10 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At47.job
[08/26/2008 12:10 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At48.job
[08/26/2008 12:24 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At1.job
[08/19/2008 03:01 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Google
[08/21/2008 01:08 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[08/21/2008 06:32 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/22/2008 04:24 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\McAfee.com
[08/18/2008 09:18 AM | ---D | M] - C:\Documents and Settings\user\Application Data\BitTorrent
[08/19/2008 03:29 PM | ---D | M] - C:\Documents and Settings\user\Application Data\Google
[08/21/2008 06:32 PM | ---D | M] - C:\Documents and Settings\user\Application Data\Malwarebytes
[08/26/2008 08:00 AM | ---D | M] - C:\Documents and Settings\user\Application Data\skypePM
[08/26/2008 08:59 AM | ---D | M] - C:\Documents and Settings\user\Application Data\Skype
[08/19/2008 03:29 PM | ---D | M] - C:\Documents and Settings\user\Local Settings\Application Data\Google
[08/21/2008 01:05 PM | 03,755,134 | -H-- | M] () - C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[08/25/2008 11:39 AM | 00,098,304 | ---- | M] () - C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/08/2008 05:58 PM | R--D | M] - C:\Documents and Settings\All Users\Documents\My Music
[08/16/2008 02:41 AM | 00,022,016 | ---- | M] () - C:\Documents and Settings\user\My Documents\For an occasion such as this.doc
[08/21/2008 10:12 PM | 00,001,709 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[08/26/2008 09:12 AM | 00,002,137 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[08/26/2008 09:26 AM | 00,000,696 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/26/2008 12:59 AM | 00,002,257 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Skype.lnk
[08/21/2008 06:31 PM | 00,128,368 | ---- | M] (Digital River) - C:\Documents and Settings\user\Desktop\Download_mbam-setup.exe
[08/22/2008 04:27 PM | 00,001,734 | ---- | M] () - C:\Documents and Settings\user\Desktop\HijackThis.lnk
[08/22/2008 11:28 AM | 00,050,688 | ---- | M] (Atribune.org) - C:\Documents and Settings\user\Desktop\ATF_Cleaner.exe
[08/22/2008 11:36 AM | 00,000,592 | ---- | M] () - C:\Documents and Settings\user\Desktop\ERUNT.lnk
[08/22/2008 11:36 AM | 00,000,611 | ---- | M] () - C:\Documents and Settings\user\Desktop\NTREGOPT.lnk
[08/25/2008 01:44 AM | 00,002,445 | ---- | M] () - C:\Documents and Settings\user\Desktop\Logitech QuickCam.lnk
[08/26/2008 09:25 AM | 02,085,280 | ---- | M] (Malwarebytes Corporation ) - C:\Documents and Settings\user\Desktop\mbam-setup.exe
[08/26/2008 09:28 AM | 00,291,840 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\user\Desktop\OTMoveIt2.exe
[08/26/2008 09:49 AM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\user\Desktop\OTViewIt.exe
[08/21/2008 06:20 PM | ---D | M] - C:\Program Files\Common Files\Panda Software
[08/21/2008 06:31 PM | ---D | M] - C:\Program Files\Common Files\Download Manager

< End of report >


and, finally, the extras report:

OTViewIt Extras logfile created on: 8/26/200
  • 0

#6
jacknsherr

jacknsherr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Sorry -- just went back and saw my last post truncated (just like you said it might....)

Here's the extras report:

OTViewIt Extras logfile created on: 8/26/2008 9:49:44 AM - Run 1
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 210.32 Mb Available Physical Memory | 41.12% Memory free
1.22 Gb Paging File | 0.93 Gb Available in Paging File | 76.35% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 59.02 Gb Free Space | 79.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232.88 Gb Total Space | 136.44 Gb Free Space | 58.59% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

===== File Associations =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = comfile] - File not found -
.exe [@ = exefile] - File not found -
.html [@ = FirefoxHTML] - [07/17/2008 01:38 PM | 07,667,312 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -

===== Uninstall List =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685A56F8-75B6-44AD-B3DA-FB0A3266B47C}" = Adobe Flash Player 9 ActiveX
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F1C5D75-E232-4C2B-A394-E5FB7FBB3D66}" = Sonic Foundry Sound Forge 6.0d
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C53CCE8A-8DEE-4E2C-8A4D-425F0FF70471}" = Iomega DVD Wizard
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB1507A-AAEA-4778-AC4B-DD5EAB1A961E}" = Iomega HotBurn Pro
"{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"AIM_6" = AIM 6
"AoA DVD Ripper_is1" = AoA DVD Ripper
"AoA MP4 Converter_is1" = AoA MP4 Converter
"AOL Instant Messenger" = AOL Instant Messenger
"avast!" = avast! Antivirus
"AviSynth" = AviSynth 2.5
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"BitTorrent" = BitTorrent 4.24.0
"CCleaner" = CCleaner (remove only)
"Cucusoft DVD to iPod + iPod Video Converter Suite_is1" = Cucusoft DVD to iPod + iPod Video Converter Suite 6.1.5.15
"Cucusoft DVD to iPod Converter_is1" = Cucusoft DVD to iPod Converter 6.01
"Cucusoft iPod Video Converter_is1" = Cucusoft iPod Video Converter 3.16
"DVD Audio Extractor_is1" = DVD Audio Extractor 4.1.1
"Enable S3 for USB Device" = Enable S3 for USB Device
"ERUNT_is1" = ERUNT 1.1j
"ewidosecuritysuite" = ewido security suite
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"KB873333" = Windows XP Hotfix - KB873333
"KB873339" = Windows XP Hotfix - KB873339
"KB885250" = Windows XP Hotfix - KB885250
"KB885835" = Windows XP Hotfix - KB885835
"KB885836" = Windows XP Hotfix - KB885836
"KB886185" = Windows XP Hotfix - KB886185
"KB887472" = Windows XP Hotfix - KB887472
"KB887742" = Windows XP Hotfix - KB887742
"KB888113" = Windows XP Hotfix - KB888113
"KB888302" = Windows XP Hotfix - KB888302
"KB890046" = Security Update for Windows XP (KB890046)
"KB890859" = Windows XP Hotfix - KB890859
"KB891781" = Windows XP Hotfix - KB891781
"KB893066" = Security Update for Windows XP (KB893066)
"KB893086" = Windows XP Hotfix - KB893086
"KB893756" = Security Update for Windows XP (KB893756)
"KB893803v2" = Windows Installer 3.1 (KB893803)
"KB894391" = Update for Windows XP (KB894391)
"KB896358" = Security Update for Windows XP (KB896358)
"KB896422" = Security Update for Windows XP (KB896422)
"KB896423" = Security Update for Windows XP (KB896423)
"KB896424" = Security Update for Windows XP (KB896424)
"KB896428" = Security Update for Windows XP (KB896428)
"KB896688" = Security Update for Windows XP (KB896688)
"KB896727" = Update for Windows XP (KB896727)
"KB898461" = Update for Windows XP (KB898461)
"KB899587" = Security Update for Windows XP (KB899587)
"KB899588" = Security Update for Windows XP (KB899588)
"KB899589" = Security Update for Windows XP (KB899589)
"KB899591" = Security Update for Windows XP (KB899591)
"KB900485" = Update for Windows XP (KB900485)
"KB900725" = Security Update for Windows XP (KB900725)
"KB901017" = Security Update for Windows XP (KB901017)
"KB901214" = Security Update for Windows XP (KB901214)
"KB902400" = Security Update for Windows XP (KB902400)
"KB904706" = Security Update for Windows XP (KB904706)
"KB904942" = Update for Windows XP (KB904942)
"KB905414" = Security Update for Windows XP (KB905414)
"KB905749" = Security Update for Windows XP (KB905749)
"KB905915" = Security Update for Windows XP (KB905915)
"KB908519" = Security Update for Windows XP (KB908519)
"KB908531" = Security Update for Windows XP (KB908531)
"KB910437" = Update for Windows XP (KB910437)
"KB911280" = Security Update for Windows XP (KB911280)
"KB911562" = Security Update for Windows XP (KB911562)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB911565" = Security Update for Windows Media Player 10 (KB911565)
"KB911567" = Security Update for Windows XP (KB911567)
"KB911927" = Security Update for Windows XP (KB911927)
"KB912812" = Security Update for Windows XP (KB912812)
"KB912919" = Security Update for Windows XP (KB912919)
"KB913446" = Security Update for Windows XP (KB913446)
"KB913580" = Security Update for Windows XP (KB913580)
"KB914388" = Security Update for Windows XP (KB914388)
"KB914389" = Security Update for Windows XP (KB914389)
"KB914440" = Hotfix for Windows XP (KB914440)
"KB915865" = Hotfix for Windows XP (KB915865)
"KB916281" = Security Update for Windows XP (KB916281)
"KB916595" = Update for Windows XP (KB916595)
"KB917159" = Security Update for Windows XP (KB917159)
"KB917344" = Security Update for Windows XP (KB917344)
"KB917422" = Security Update for Windows XP (KB917422)
"KB917734_WMP10" = Security Update for Windows Media Player 10 (KB917734)
"KB917953" = Security Update for Windows XP (KB917953)
"KB918118" = Security Update for Windows XP (KB918118)
"KB918439" = Security Update for Windows XP (KB918439)
"KB918899" = Security Update for Windows XP (KB918899)
"KB919007" = Security Update for Windows XP (KB919007)
"KB920213" = Security Update for Windows XP (KB920213)
"KB920214" = Security Update for Windows XP (KB920214)
"KB920670" = Security Update for Windows XP (KB920670)
"KB920683" = Security Update for Windows XP (KB920683)
"KB920685" = Security Update for Windows XP (KB920685)
"KB920872" = Update for Windows XP (KB920872)
"KB921398" = Security Update for Windows XP (KB921398)
"KB921503" = Security Update for Windows XP (KB921503)
"KB921883" = Security Update for Windows XP (KB921883)
"KB922582" = Update for Windows XP (KB922582)
"KB922616" = Security Update for Windows XP (KB922616)
"KB922760" = Security Update for Windows XP (KB922760)
"KB922819" = Security Update for Windows XP (KB922819)
"KB923191" = Security Update for Windows XP (KB923191)
"KB923414" = Security Update for Windows XP (KB923414)
"KB923689" = Security Update for Windows XP (KB923689)
"KB923694" = Security Update for Windows XP (KB923694)
"KB923980" = Security Update for Windows XP (KB923980)
"KB924191" = Security Update for Windows XP (KB924191)
"KB924270" = Security Update for Windows XP (KB924270)
"KB924496" = Security Update for Windows XP (KB924496)
"KB924667" = Security Update for Windows XP (KB924667)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB925454" = Security Update for Windows XP (KB925454)
"KB925486" = Security Update for Windows XP (KB925486)
"KB925902" = Security Update for Windows XP (KB925902)
"KB926255" = Security Update for Windows XP (KB926255)
"KB926436" = Security Update for Windows XP (KB926436)
"KB927779" = Security Update for Windows XP (KB927779)
"KB927802" = Security Update for Windows XP (KB927802)
"KB927891" = Update for Windows XP (KB927891)
"KB928090-IE7" = Security Update for Windows Internet Explorer 7 (KB928090)
"KB928255" = Security Update for Windows XP (KB928255)
"KB928843" = Security Update for Windows XP (KB928843)
"KB929123" = Security Update for Windows XP (KB929123)
"KB929338" = Update for Windows XP (KB929338)
"KB929969" = Security Update for Windows Internet Explorer 7 (KB929969)
"KB930178" = Security Update for Windows XP (KB930178)
"KB930916" = Update for Windows XP (KB930916)
"KB931261" = Security Update for Windows XP (KB931261)
"KB931768-IE7" = Security Update for Windows Internet Explorer 7 (KB931768)
"KB931784" = Security Update for Windows XP (KB931784)
"KB931836" = Update for Windows XP (KB931836)
"KB932168" = Security Update for Windows XP (KB932168)
"KB932823-v3" = Update for Windows XP (KB932823-v3)
"KB933360" = Update for Windows XP (KB933360)
"KB933566-IE7" = Security Update for Windows Internet Explorer 7 (KB933566)
"KB933729" = Security Update for Windows XP (KB933729)
"KB935839" = Security Update for Windows XP (KB935839)
"KB935840" = Security Update for Windows XP (KB935840)
"KB936021" = Security Update for Windows XP (KB936021)
"KB936782_WMP10" = Security Update for Windows Media Player 10 (KB936782)
"KB937143-IE7" = Security Update for Windows Internet Explorer 7 (KB937143)
"KB937894" = Security Update for Windows XP (KB937894)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
"KB938828" = Update for Windows XP (KB938828)
"KB938829" = Security Update for Windows XP (KB938829)
"KB939653-IE7" = Security Update for Windows Internet Explorer 7 (KB939653)
"KB941202" = Security Update for Windows XP (KB941202)
"KB941568" = Security Update for Windows XP (KB941568)
"KB941569" = Security Update for Windows XP (KB941569)
"KB941644" = Security Update for Windows XP (KB941644)
"KB941693" = Security Update for Windows XP (KB941693)
"KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615)
"KB942763" = Update for Windows XP (KB942763)
"KB943055" = Security Update for Windows XP (KB943055)
"KB943460" = Security Update for Windows XP (KB943460)
"KB943485" = Security Update for Windows XP (KB943485)
"KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533)
"KB944653" = Security Update for Windows XP (KB944653)
"KB945553" = Security Update for Windows XP (KB945553)
"KB946026" = Security Update for Windows XP (KB946026)
"KB946648" = Security Update for Windows XP (KB946648)
"KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864)
"KB948590" = Security Update for Windows XP (KB948590)
"KB948881" = Security Update for Windows XP (KB948881)
"KB950749" = Security Update for Windows XP (KB950749)
"KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376" = Security Update for Windows XP (KB951376)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (2.0.0.16)" = Mozilla Firefox (2.0.0.16)
"MPEG Video Wizard DVD" = MPEG Video Wizard DVD
"MySpaceIM" = MySpaceIM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers
"Office8.0" = Microsoft Office 97, Professional Edition
"Snood_is1" = Snood for Windows version 3.52-W
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"TrojanHunter_is1" = TrojanHunter 4.2
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WgaNotify" = Windows Genuine Advantage Notifications (KB905474)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver

===== Uninstall List =====


===== Winsock2 Catalogs =====

===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Handlers =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKLM - IEProtocolHandler Class]
[12/07/2007 04:08 PM | 01,934,672 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll

===== Protocol Filters =====

< End of report >




Again, Egwene.... Thank you!!!!
  • 0

#7
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey jacknsherr,

Let's go on with removal, there are some bad files remaining :)

1) Uninstall some programs :

Please go Start > Control Panel > Add/Remove Programs and remove the following (if present):

* Viewpoint Manager
* ViewpointMediaPlayer


Optional Removals :
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.co...cle.php/3561546


Please note any other programs that you don't recognize in that list in your next response.

2) Run OTMoveIT2 :
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\System32\33I0G12l.exe
    C:\WINDOWS\System32\ba614MPs.exe_
    C:\WINDOWS\initprog32.exe
    C:\WINDOWS\joke.gif
    C:\WINDOWS\tasks\At?.job
    C:\WINDOWS\tasks\At??.job
    purity
    emptytemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.[/list]
3) Run JavaRa :

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Please post :

- OTmoveIT2 repport.
- Two fresh OTviewIT repports.


And tell me please how your computer is running. :)

Regards,
Egwene.
  • 0

#8
jacknsherr

jacknsherr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I'm working off of two different computers, so I powered down the one with the malware while I was doing other work. When I received notification of your reply, I went in and booted up the computer with the malware, and the following happened while I was refreshing my coffee:

1. I got another pop up.

2. Avast enabled with the boot-up and found and deleted what it described as another trojan virus.

I've deleted the two viewpoint items so far. In order to proceed beyond that point, shall I again disable Avast?

Thanks!

Jack
  • 0

#9
jacknsherr

jacknsherr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Okay -- so far, so good....

Here's the OTMoveit2 report:

Explorer killed successfully
C:\WINDOWS\System32\33I0G12l.exe moved successfully.
File/Folder C:\WINDOWS\System32\ba614MPs.exe_ not found.
C:\WINDOWS\initprog32.exe moved successfully.
C:\WINDOWS\joke.gif moved successfully.
< C:\WINDOWS\tasks\At?.job >
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
< C:\WINDOWS\tasks\At??.job >
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
< purity >
< emptytemp >
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DF38B1.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_634.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08262008_113630

Files moved on Reboot...
C:\DOCUME~1\user\LOCALS~1\Temp\~DF38B1.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_634.dat not found!
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!


Here's the OTViewIT report:

OTViewIt logfile created on: 8/26/2008 12:12:22 PM - Run 3
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\user\Desktop\virus thing
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 269.01 Mb Available Physical Memory | 52.59% Memory free
1.22 Gb Paging File | 0.91 Gb Available in Paging File | 74.68% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 58.41 Gb Free Space | 78.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232.88 Gb Total Space | 136.44 Gb Free Space | 58.59% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-88A1E09A42
Current User Name: user
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[07/19/2008 09:25 AM | 00,016,056 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[07/19/2008 09:38 AM | 00,147,640 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashServ.exe
[10/19/2007 02:19 PM | 00,141,848 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
[05/14/2004 02:47 AM | 00,067,072 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\SOUNDMAN.EXE
[07/27/2004 05:50 PM | 00,081,920 | ---- | M] (InstallShield Software Corporation) - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[10/25/2007 05:33 PM | 00,563,984 | ---- | M] () - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[10/25/2007 05:37 PM | 02,178,832 | ---- | M] () - C:\Program Files\Logitech\QuickCam\Quickcam.exe
[03/30/2008 10:36 AM | 00,267,048 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[07/19/2008 09:38 AM | 00,078,008 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[12/18/2007 08:47 PM | 08,720,384 | ---- | M] () - C:\Program Files\MySpace\IM\MySpaceIM.exe
[10/31/2007 03:09 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[11/11/2004 06:53 PM | 00,016,448 | ---- | M] (ewido networks) - C:\Program Files\ewido\security suite\ewidoctrl.exe
[09/24/2003 10:00 AM | 00,073,728 | ---- | M] (Iomega Corporation) - C:\Program Files\Iomega\System32\AppServices.exe
[11/17/1996 12:00 AM | 00,051,984 | ---- | M] () - C:\Program Files\Microsoft Office\Office\OSA.EXE
[10/19/2007 02:17 PM | 00,186,904 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
[09/30/2004 12:35 AM | 00,127,043 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe
[07/19/2008 09:38 AM | 00,250,040 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[07/23/2008 09:25 AM | 00,348,344 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[10/19/2007 02:17 PM | 00,186,904 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
[03/30/2008 10:36 AM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[12/18/2007 08:47 PM | 08,720,384 | ---- | M] () - C:\Program Files\MySpace\IM\MySpaceIM.exe
[10/25/2007 05:32 PM | 00,407,824 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
[12/15/2006 04:23 AM | 00,075,520 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
[08/26/2008 09:49 AM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\user\Desktop\virus thing\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[10/31/2007 03:09 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(aswUpdSv) avast! iAVS4 Control Service [Auto | Running]
[07/19/2008 09:25 AM | 00,016,056 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

(avast! Antivirus) avast! Antivirus [Auto | Running]
[07/19/2008 09:38 AM | 00,147,640 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashServ.exe

(avast! Mail Scanner) avast! Mail Scanner [On_Demand | Running]
[07/19/2008 09:38 AM | 00,250,040 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

(avast! Web Scanner) avast! Web Scanner [On_Demand | Running]
[07/23/2008 09:25 AM | 00,348,344 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[08/04/2004 07:00 AM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(ewido security suite control) ewido security suite control [Auto | Running]
[11/11/2004 06:53 PM | 00,016,448 | ---- | M] (ewido networks) - C:\Program Files\ewido\security suite\ewidoctrl.exe

(ewido security suite guard) ewido security suite guard [Disabled | Stopped]
[09/25/2005 01:55 PM | 00,163,904 | ---- | M] (ewido networks) - C:\Program Files\ewido\security suite\ewidoguard.exe

(gusvc) Google Updater Service [On_Demand | Stopped]
[08/19/2008 03:01 PM | 00,138,168 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

(HP Port Resolver) HP Port Resolver [On_Demand | Stopped]
[05/20/2005 11:37 AM | 00,081,920 | ---- | M] (Hewlett-Packard Company) - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

(HP Status Server) HP Status Server [On_Demand | Stopped]
[10/16/2004 06:31 AM | 00,073,728 | ---- | M] (Hewlett-Packard Company) - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

(IDriverT) InstallDriver Table Manager [On_Demand | Stopped]
[04/04/2005 01:41 AM | 00,069,632 | ---- | M] (Macrovision Corporation) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

(Iomega Activity Disk2) Iomega Activity Disk2 [Disabled | Stopped]
[08/26/2008 12:10 PM | ---D | M] - .

(Iomega App Services) Iomega App Services [Auto | Running]
[09/24/2003 10:00 AM | 00,073,728 | ---- | M] (Iomega Corporation) - C:\Program Files\Iomega\System32\AppServices.exe

(iPod Service) iPod Service [On_Demand | Running]
[03/30/2008 10:36 AM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(LVCOMSer) LVCOMSer [Auto | Running]
[10/19/2007 02:17 PM | 00,186,904 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

(LVPrcSrv) Process Monitor [Auto | Running]
[10/19/2007 02:19 PM | 00,141,848 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

(LVSrvLauncher) LVSrvLauncher [Auto | Stopped]
[10/19/2007 02:21 PM | 00,141,848 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

(NVSvc) NVIDIA Display Driver Service [Auto | Running]
[09/30/2004 12:35 AM | 00,127,043 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe

(PavPrSrv) Panda Process Protection Service [Auto | Stopped]
File not found - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

===== Driver Services - Non-Microsoft Only =====

(Aavmker4) avast! Asynchronous Virus Monitor [System | Running]
[07/19/2008 09:32 AM | 00,026,944 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aavmker4.sys

(ALCXSENS) Service for WDM 3D Audio Driver [On_Demand | Running]
[02/23/2004 10:08 PM | 00,400,384 | ---- | M] (Sensaura) - C:\WINDOWS\system32\drivers\ALCXSENS.SYS

(ALCXWDM) Service for Realtek AC97 Audio (WDM) [On_Demand | Running]
[05/14/2004 10:24 AM | 00,622,172 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS

(ASPI32) ASPI32 [System | Running]
[07/17/2002 08:53 AM | 00,016,877 | ---- | M] (Adaptec) - C:\WINDOWS\System32\drivers\Aspi32.sys

(aswFsBlk) aswFsBlk [Auto | Running]
[07/19/2008 09:37 AM | 00,020,560 | ---- | M] (ALWIL Software) - C:\WINDOWS\system32\drivers\aswFsBlk.sys

(aswMon2) avast! Standard Shield Support [Auto | Running]
[07/19/2008 09:37 AM | 00,094,416 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswmon2.sys

(aswRdr) aswRdr [On_Demand | Running]
[07/19/2008 09:33 AM | 00,023,152 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswRdr.sys

(aswSP) avast! Self Protection [System | Running]
[07/19/2008 09:35 AM | 00,078,416 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswSP.sys

(aswTdi) avast! Network Shield Support [System | Running]
[07/19/2008 09:32 AM | 00,042,912 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswTdi.sys

(dmboot) dmboot [Disabled | Stopped]
[08/04/2004 07:00 AM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[08/04/2004 07:00 AM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Boot | Running]
[08/04/2004 07:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(DumaNT) NVIDIA Stereo Helper Service [System | Running]
[11/18/2002 04:29 PM | 00,399,700 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\dumant.sys

(ewido security suite driver) ewido security suite driver [System | Running]
[11/22/2004 09:15 AM | 00,003,072 | ---- | M] () - C:\Program Files\ewido\security suite\guard.sys

(GEARAspiWDM) GEARAspiWDM [On_Demand | Running]
[01/29/2008 12:01 PM | 00,016,168 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(GMSIPCI) GMSIPCI [On_Demand | Stopped]
File not found - D:\INSTALL\GMSIPCI.SYS

(IndiAvIn) TDK INDI AV-IN USB Device [On_Demand | Stopped]
[11/16/2002 07:03 PM | 00,086,016 | ---- | M] (Emuzed, Inc.) - C:\WINDOWS\system32\drivers\IndiAvIn.sys

(Intels51) Intel® 536EP V.92 Modem [On_Demand | Running]
[05/10/2002 08:31 AM | 00,633,220 | R--- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\Intels51.sys

(iomdisk) Iomega Devices Disk Filter Services [Boot | Running]
[09/24/2003 10:00 AM | 00,032,658 | ---- | M] (Iomega Corporation) - C:\WINDOWS\system32\drivers\IomDisk.sys

(iteraid) ITERAID_Service_Install [Boot | Running]
[02/25/2004 03:46 AM | 00,024,827 | R--- | M] (Integrated Technology Express, Inc.) - C:\WINDOWS\system32\drivers\iteraid.sys

(LVcKap) Logitech AEC Driver [On_Demand | Running]
[10/19/2007 02:16 PM | 02,109,976 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\Lvckap.sys

(LVMVDrv) Logitech Machine Vision Engine Loader [On_Demand | Stopped]
[10/11/2007 07:59 PM | 02,142,488 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LVMVdrv.sys

(LVPr2Mon) Logitech LVPr2Mon Driver [On_Demand | Running]
[10/11/2007 07:59 PM | 00,025,624 | ---- | M] () - C:\WINDOWS\system32\drivers\LVPr2Mon.sys

(LVUSBSta) Logitech USB Monitor Filter [On_Demand | Running]
[10/11/2007 09:00 PM | 00,041,752 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LVUSBSta.sys

(motmodem) Motorola USB CDC ACM Driver [On_Demand | Stopped]
[06/18/2007 02:18 PM | 00,023,680 | ---- | M] (Motorola) - C:\WINDOWS\system32\drivers\motmodem.sys

(nv) nv [On_Demand | Running]
[09/30/2004 12:35 AM | 02,743,840 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys

(nv_agp) NVIDIA nForce AGP Bus Filter [Boot | Running]
[03/19/2003 02:51 AM | 00,018,688 | R--- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv_agp.SYS

(PavProc) Panda Process Protection Driver [Auto | Stopped]
File not found - C:\WINDOWS\system32\DRIVERS\PavProc.sys

(pepifilter) Volume Adapter [On_Demand | Running]
[10/11/2007 08:55 PM | 00,013,848 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\lv302af.sys

(PID_PEPI) Logitech QuickCam IM(PID_PEPI) [On_Demand | Running]
[10/11/2007 08:55 PM | 01,279,000 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LV302V32.SYS

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/04/2004 07:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[11/17/2005 11:19 AM | 00,020,640 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\PxHelp20.sys

(RTL8023) Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver [On_Demand | Running]
[12/30/2003 10:58 PM | 00,069,504 | ---- | M] (Realtek Semiconductor Corporation ) - C:\WINDOWS\system32\drivers\Rtlnic51.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[11/13/2007 05:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(ShldDrv) Panda File Shield Driver [System | Stopped]
File not found - C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys

(SI3112r) Silicon Image SiI 3512 SATARaid Controller [Boot | Running]
[05/30/2003 03:05 AM | 00,089,610 | R--- | M] (Silicon Image, Inc) - C:\WINDOWS\system32\drivers\SI3112r.sys

(SiFilter) SATALink driver accelerator [Boot | Running]
[02/11/2003 11:37 PM | 00,009,600 | R--- | M] (Silicon Image, Inc.) - C:\WINDOWS\system32\drivers\SiWinAcc.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!" = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [07/19/2008 09:38 AM | 00,078,008 | ---- | M] (ALWIL Software)
"Cleanup" = C:\DOCUME~1\user\LOCALS~1\Temp\2008822162431_mcappins.exe /v=3 /cleanup File not found
"ISUSPM Startup" = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [07/27/2004 05:50 PM | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [07/27/2004 05:50 PM | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM | 00,267,048 | ---- | M] (Apple Inc.)
"LogitechCommunicationsManager" = "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 05:33 PM | 00,563,984 | ---- | M] ()
"LogitechQuickCamRibbon" = "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide [10/25/2007 05:37 PM | 02,178,832 | ---- | M] ()
"msci" = C:\DOCUME~1\user\LOCALS~1\Temp\2008822162422_mcinfo.exe /insfin File not found
"NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [09/30/2004 12:35 AM | 04,603,904 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [09/30/2004 12:35 AM | 00,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" = nwiz.exe /install [09/30/2004 12:35 AM | 00,921,600 | ---- | M] (NVIDIA Corporation)
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [03/28/2008 11:37 PM | 00,413,696 | ---- | M] (Apple Inc.)
"SoundMan" = SOUNDMAN.EXE [05/14/2004 02:47 AM | 00,067,072 | ---- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6" = File not found
"MySpaceIM" = C:\Program Files\MySpace\IM\MySpaceIM.exe [12/18/2007 08:47 PM | 08,720,384 | ---- | M] ()
"updateMgr" = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 [03/30/2006 04:45 PM | 00,313,472 | R--- | M] (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[09/23/2005 10:05 PM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[user Startup Folder - C:\Documents and Settings\user\Start Menu\Programs\Startup]
[11/17/1996 12:00 AM | 00,111,376 | ---- | M] () - C:\Documents and Settings\user\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
[11/17/1996 12:00 AM | 00,051,984 | ---- | M] () - C:\Documents and Settings\user\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [12/18/2006 04:16 AM | 00,059,032 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
HKLM CLSID: () - [05/31/2005 01:04 AM | 00,853,672 | ---- | M] (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
HKLM CLSID: (Google Toolbar Helper) - [01/19/2007 11:55 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/19/2007 11:55 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/19/2007 11:55 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (&Yahoo! Toolbar) - File not found Reg Error: Key does not exist or could not be opened.

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 07:00 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\1125036546\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1125036546\ee\AOLServiceHost.exe File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe [11/03/2006 02:17 AM | 00,010,800 | ---- | M] (AOL LLC)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe [08/01/2006 03:35 PM | 00,067,112 | ---- | M] (America Online, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 07:44 AM | 00,557,568 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 07:00 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\1125036546\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1125036546\ee\AOLServiceHost.exe File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe [11/03/2006 02:17 AM | 00,010,800 | ---- | M] (AOL LLC)
"C:\WINDOWS\system32\urprhaaun.exe" = C:\WINDOWS\system32\urprhaaun.exe File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe [10/13/2004 11:24 AM | 01,694,208 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe File not found
"C:\StubInstaller.exe" = C:\StubInstaller.exe [10/31/2005 10:56 AM | 00,700,416 | ---- | M] (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe File not found
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\iexplore.exe [06/23/2008 04:20 AM | 00,625,664 | ---- | M] (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe [09/29/2006 09:00 PM | 00,043,520 | ---- | M] ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe [08/01/2006 03:35 PM | 00,067,112 | ---- | M] (America Online, Inc.)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 07:44 AM | 00,557,568 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo! Games\Bejeweled 2 Deluxe\WinBej2.exe" = C:\Program Files\Yahoo! Games\Bejeweled 2 Deluxe\WinBej2.exe [11/18/2004 04:26 PM | 01,566,721 | ---- | M] (PopCap.com)
"C:\Program Files\Last.fm\LastFM.exe" = C:\Program Files\Last.fm\LastFM.exe File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe [01/03/2008 11:15 AM | 00,050,528 | ---- | M] (AOL LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [03/30/2008 10:36 AM | 20,638,504 | ---- | M] (Apple Inc.)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe [12/18/2007 08:47 PM | 08,720,384 | ---- | M] ()
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe [12/07/2007 04:08 PM | 21,686,568 | R--- | M] (Skype Technologies S.A.)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [06/13/2007 05:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [08/04/2004 07:00 AM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [08/04/2004 07:00 AM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [08/04/2004 07:00 AM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====
Unable to open key or key not present!


===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{7A4455E7-1E22-4CAB-B4F0-51FF2DCDE3CD}]
Servers: | Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{9B410874-7B7D-40FE-9EA6-F06094BD1DEC}]
Servers: | Description: 1394 Net Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{C4A502C0-106A-4D1B-ACB1-7F86FE35522F}]
Servers: | Description:

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

AUTOEXEC.BAT []
[07/15/2005 04:42 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e21-b1d5-11dc-831e-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e21-b1d5-11dc-831e-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e21-b1d5-11dc-831e-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e22-b1d5-11dc-831e-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e22-b1d5-11dc-831e-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e22-b1d5-11dc-831e-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14bd8f9f-9ab9-11db-82c0-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14bd8f9f-9ab9-11db-82c0-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14bd8f9f-9ab9-11db-82c0-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3834b87d-4f08-11dd-8367-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3834b87d-4f08-11dd-8367-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3834b87d-4f08-11dd-8367-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{448ad726-65a8-11dd-8371-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{448ad726-65a8-11dd-8371-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{448ad726-65a8-11dd-8371-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{779abd93-2efc-11db-8289-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{779abd93-2efc-11db-8289-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{779abd93-2efc-11db-8289-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b46a34a-7513-11da-823b-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b46a34a-7513-11da-823b-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b46a34a-7513-11da-823b-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9d4ac78-6499-11dd-8370-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9d4ac78-6499-11dd-8370-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9d4ac78-6499-11dd-8370-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc34a5a4-2dde-11dd-8352-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc34a5a4-2dde-11dd-8352-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc34a5a4-2dde-11dd-8352-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

===== Hosts File =====

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



[Files/Folders - Created Within 30 days]
[08/20/2008 08:39 AM | --SD | C] - C:\Microsoft
[08/26/2008 09:30 AM | ---D | C] - C:\_OTMoveIt
[08/26/2008 11:38 AM | 53,639,9872 | -HS- | C] () - C:\hiberfil.sys
[01/17/2008 11:34 AM | 00,093,264 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswmon.sys
[07/19/2008 09:32 AM | 00,026,944 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aavmker4.sys
[07/19/2008 09:32 AM | 00,042,912 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswTdi.sys
[07/19/2008 09:33 AM | 00,023,152 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswRdr.sys
[07/19/2008 09:35 AM | 00,078,416 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswSP.sys
[07/19/2008 09:37 AM | 00,020,560 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswFsBlk.sys
[07/19/2008 09:37 AM | 00,094,416 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswmon2.sys
[08/17/2008 03:01 PM | 00,017,144 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[01/09/2004 04:13 AM | 00,380,928 | ---- | C] () - C:\WINDOWS\System32\actskin4.ocx
[06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[06/10/2008 02:32 AM | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javacpl.cpl
[06/10/2008 02:32 AM | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[07/19/2008 09:30 AM | 00,094,392 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\AvastSS.scr
[07/19/2008 09:43 AM | 01,163,960 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\aswBoot.exe
[08/23/2008 06:24 PM | ---D | C] - C:\WINDOWS\System32\CatRoot_bak
[08/26/2008 11:11 AM | 00,000,000 | ---- | C] () - C:\WINDOWS\System32\ba614MPs.exe.a_a
[08/26/2008 11:11 AM | 00,082,946 | ---- | C] () - C:\WINDOWS\System32\ba614MPs.exe
[08/22/2008 11:37 AM | ---D | C] - C:\WINDOWS\ERDNT
[08/19/2008 03:01 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Google
[08/21/2008 06:32 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/19/2008 03:29 PM | ---D | C] - C:\Documents and Settings\user\Application Data\Google
[08/21/2008 06:32 PM | ---D | C] - C:\Documents and Settings\user\Application Data\Malwarebytes
[08/16/2008 02:41 AM | 00,022,016 | ---- | C] () - C:\Documents and Settings\user\My Documents\For an occasion such as this.doc
[08/21/2008 10:12 PM | 00,001,709 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[08/21/2008 06:31 PM | 00,128,368 | ---- | C] (Digital River) - C:\Documents and Settings\user\Desktop\Download_mbam-setup.exe
[08/26/2008 11:38 AM | ---D | C] - C:\Documents and Settings\user\Desktop\08262008_113630
[08/26/2008 12:10 PM | ---D | C] - C:\Documents and Settings\user\Desktop\virus thing
[08/21/2008 06:20 PM | ---D | C] - C:\Program Files\Common Files\Panda Software
[08/21/2008 06:31 PM | ---D | C] - C:\Program Files\Common Files\Download Manager
[08/21/2008 10:11 PM | ---D | C] - C:\Program Files\Alwil Software
[08/22/2008 04:27 PM | ---D | C] - C:\Program Files\Trend Micro
[08/22/2008 11:36 AM | ---D | C] - C:\Program Files\ERUNT
[08/26/2008 09:26 AM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[08/26/2008 12:07 PM | ---D | C] - C:\Program Files\Sun

[Files/Folders - Modified Within 30 days]
[08/20/2008 08:39 AM | --SD | M] - C:\Microsoft
[08/22/2008 04:27 PM | R--D | M] - C:\Program Files
[08/26/2008 09:30 AM | ---D | M] - C:\_OTMoveIt
[08/26/2008 11:36 AM | ---D | M] - C:\WINDOWS
[08/26/2008 11:38 AM | 53,639,9872 | -HS- | M] () - C:\hiberfil.sys
[08/26/2008 12:07 PM | -H-D | M] - C:\Config.Msi
[08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/11/2008 02:39 AM | 00,052,764 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[08/11/2008 02:39 AM | 00,380,350 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[08/11/2008 02:39 AM | 00,438,700 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[08/21/2008 10:12 PM | 00,002,626 | ---- | M] () - C:\WINDOWS\System32\CONFIG.NT
[08/22/2008 04:10 PM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/22/2008 11:05 AM | ---D | M] - C:\WINDOWS\System32\config
[08/23/2008 06:24 PM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/23/2008 06:24 PM | ---D | M] - C:\WINDOWS\System32\CatRoot_bak
[08/26/2008 09:26 AM | ---D | M] - C:\WINDOWS\System32\drivers
[08/26/2008 09:31 AM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[08/26/2008 11:11 AM | 00,000,000 | ---- | M] () - C:\WINDOWS\System32\ba614MPs.exe.a_a
[08/26/2008 11:11 AM | 00,082,946 | ---- | M] () - C:\WINDOWS\System32\ba614MPs.exe
[08/26/2008 11:38 AM | 00,002,422 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/26/2008 11:38 AM | 00,007,883 | ---- | M] () - C:\WINDOWS\System32\nvapps.xml
[08/14/2008 03:03 AM | ---D | M] - C:\WINDOWS\ie7updates
[08/14/2008 03:06 AM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/15/2008 04:53 PM | 00,000,832 | ---- | M] () - C:\WINDOWS\win.ini
[08/15/2008 04:54 PM | 00,294,912 | ---- | M] () - C:\WINDOWS\outlook.pst
[08/22/2008 11:19 AM | ---D | M] - C:\WINDOWS\Debug
[08/22/2008 11:37 AM | ---D | M] - C:\WINDOWS\ERDNT
[08/24/2008 11:50 PM | -H-D | M] - C:\WINDOWS\inf
[08/26/2008 11:36 AM | --SD | M] - C:\WINDOWS\Tasks
[08/26/2008 11:38 AM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/26/2008 11:38 AM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[08/26/2008 11:38 AM | ---D | M] - C:\WINDOWS\Temp
[08/26/2008 12:07 PM | ---D | M] - C:\WINDOWS\system32
[08/26/2008 12:07 PM | -HSD | M] - C:\WINDOWS\Installer
[08/26/2008 12:08 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/20/2008 11:44 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/26/2008 11:38 AM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/19/2008 03:01 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Google
[08/21/2008 01:08 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[08/21/2008 06:32 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/22/2008 04:24 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\McAfee.com
[08/26/2008 11:27 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Viewpoint
[08/18/2008 09:18 AM | ---D | M] - C:\Documents and Settings\user\Application Data\BitTorrent
[08/19/2008 03:29 PM | ---D | M] - C:\Documents and Settings\user\Application Data\Google
[08/21/2008 06:32 PM | ---D | M] - C:\Documents and Settings\user\Application Data\Malwarebytes
[08/26/2008 08:00 AM | ---D | M] - C:\Documents and Settings\user\Application Data\skypePM
[08/26/2008 08:59 AM | ---D | M] - C:\Documents and Settings\user\Application Data\Skype
[08/26/2008 11:27 AM | ---D | M] - C:\Documents and Settings\user\Application Data\Viewpoint
[08/19/2008 03:29 PM | ---D | M] - C:\Documents and Settings\user\Local Settings\Application Data\Google
[08/21/2008 01:05 PM | 03,755,134 | -H-- | M] () - C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[08/25/2008 11:39 AM | 00,098,304 | ---- | M] () - C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/08/2008 05:58 PM | R--D | M] - C:\Documents and Settings\All Users\Documents\My Music
[08/16/2008 02:41 AM | 00,022,016 | ---- | M] () - C:\Documents and Settings\user\My Documents\For an occasion such as this.doc
[08/21/2008 10:12 PM | 00,001,709 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[08/26/2008 09:12 AM | 00,002,137 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[08/26/2008 12:59 AM | 00,002,257 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Skype.lnk
[08/21/2008 06:31 PM | 00,128,368 | ---- | M] (Digital River) - C:\Documents and Settings\user\Desktop\Download_mbam-setup.exe
[08/25/2008 01:44 AM | 00,002,445 | ---- | M] () - C:\Documents and Settings\user\Desktop\Logitech QuickCam.lnk
[08/26/2008 11:38 AM | ---D | M] - C:\Documents and Settings\user\Desktop\08262008_113630
[08/26/2008 12:10 PM | ---D | M] - C:\Documents and Settings\user\Desktop\virus thing
[08/21/2008 06:20 PM | ---D | M] - C:\Program Files\Common Files\Panda Software
[08/21/2008 06:31 PM | ---D | M] - C:\Program Files\Common Files\Download Manager

< End of report >


And here's the EXTRAS report:

OTViewIt Extras logfile created on: 8/26/2008 12:12:22 PM - Run 3
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\user\Desktop\virus thing
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 269.01 Mb Available Physical Memory | 52.59% Memory free
1.22 Gb Paging File | 0.91 Gb Available in Paging File | 74.68% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 58.41 Gb Free Space | 78.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232.88 Gb Total Space | 136.44 Gb Free Space | 58.59% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

===== File Associations =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = comfile] - File not found -
.exe [@ = exefile] - File not found -
.html [@ = FirefoxHTML] - [07/17/2008 01:38 PM | 07,667,312 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -

===== Uninstall List =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java™ SE Development Kit 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685A56F8-75B6-44AD-B3DA-FB0A3266B47C}" = Adobe Flash Player 9 ActiveX
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F1C5D75-E232-4C2B-A394-E5FB7FBB3D66}" = Sonic Foundry Sound Forge 6.0d
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C53CCE8A-8DEE-4E2C-8A4D-425F0FF70471}" = Iomega DVD Wizard
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB1507A-AAEA-4778-AC4B-DD5EAB1A961E}" = Iomega HotBurn Pro
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"AIM_6" = AIM 6
"AoA DVD Ripper_is1" = AoA DVD Ripper
"AoA MP4 Converter_is1" = AoA MP4 Converter
"AOL Instant Messenger" = AOL Instant Messenger
"avast!" = avast! Antivirus
"AviSynth" = AviSynth 2.5
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"BitTorrent" = BitTorrent 4.24.0
"CCleaner" = CCleaner (remove only)
"Cucusoft DVD to iPod + iPod Video Converter Suite_is1" = Cucusoft DVD to iPod + iPod Video Converter Suite 6.1.5.15
"Cucusoft DVD to iPod Converter_is1" = Cucusoft DVD to iPod Converter 6.01
"Cucusoft iPod Video Converter_is1" = Cucusoft iPod Video Converter 3.16
"DVD Audio Extractor_is1" = DVD Audio Extractor 4.1.1
"Enable S3 for USB Device" = Enable S3 for USB Device
"ERUNT_is1" = ERUNT 1.1j
"ewidosecuritysuite" = ewido security suite
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"KB873333" = Windows XP Hotfix - KB873333
"KB873339" = Windows XP Hotfix - KB873339
"KB885250" = Windows XP Hotfix - KB885250
"KB885835" = Windows XP Hotfix - KB885835
"KB885836" = Windows XP Hotfix - KB885836
"KB886185" = Windows XP Hotfix - KB886185
"KB887472" = Windows XP Hotfix - KB887472
"KB887742" = Windows XP Hotfix - KB887742
"KB888113" = Windows XP Hotfix - KB888113
"KB888302" = Windows XP Hotfix - KB888302
"KB890046" = Security Update for Windows XP (KB890046)
"KB890859" = Windows XP Hotfix - KB890859
"KB891781" = Windows XP Hotfix - KB891781
"KB893066" = Security Update for Windows XP (KB893066)
"KB893086" = Windows XP Hotfix - KB893086
"KB893756" = Security Update for Windows XP (KB893756)
"KB893803v2" = Windows Installer 3.1 (KB893803)
"KB894391" = Update for Windows XP (KB894391)
"KB896358" = Security Update for Windows XP (KB896358)
"KB896422" = Security Update for Windows XP (KB896422)
"KB896423" = Security Update for Windows XP (KB896423)
"KB896424" = Security Update for Windows XP (KB896424)
"KB896428" = Security Update for Windows XP (KB896428)
"KB896688" = Security Update for Windows XP (KB896688)
"KB896727" = Update for Windows XP (KB896727)
"KB898461" = Update for Windows XP (KB898461)
"KB899587" = Security Update for Windows XP (KB899587)
"KB899588" = Security Update for Windows XP (KB899588)
"KB899589" = Security Update for Windows XP (KB89958
  • 0

#10
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey,

Could please post OTviewIt repport in a new post ? It seems incomplete.

:)
  • 0

Advertisements


#11
jacknsherr

jacknsherr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Yeah... sorry... I just noticed that, too, and was in the process of copying when your message popped up....

here it is again:

OTViewIt Extras logfile created on: 8/26/2008 12:12:22 PM - Run 3
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\user\Desktop\virus thing
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 269.01 Mb Available Physical Memory | 52.59% Memory free
1.22 Gb Paging File | 0.91 Gb Available in Paging File | 74.68% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 58.41 Gb Free Space | 78.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232.88 Gb Total Space | 136.44 Gb Free Space | 58.59% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

===== File Associations =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = comfile] - File not found -
.exe [@ = exefile] - File not found -
.html [@ = FirefoxHTML] - [07/17/2008 01:38 PM | 07,667,312 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -

===== Uninstall List =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java™ SE Development Kit 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685A56F8-75B6-44AD-B3DA-FB0A3266B47C}" = Adobe Flash Player 9 ActiveX
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F1C5D75-E232-4C2B-A394-E5FB7FBB3D66}" = Sonic Foundry Sound Forge 6.0d
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C53CCE8A-8DEE-4E2C-8A4D-425F0FF70471}" = Iomega DVD Wizard
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB1507A-AAEA-4778-AC4B-DD5EAB1A961E}" = Iomega HotBurn Pro
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"AIM_6" = AIM 6
"AoA DVD Ripper_is1" = AoA DVD Ripper
"AoA MP4 Converter_is1" = AoA MP4 Converter
"AOL Instant Messenger" = AOL Instant Messenger
"avast!" = avast! Antivirus
"AviSynth" = AviSynth 2.5
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"BitTorrent" = BitTorrent 4.24.0
"CCleaner" = CCleaner (remove only)
"Cucusoft DVD to iPod + iPod Video Converter Suite_is1" = Cucusoft DVD to iPod + iPod Video Converter Suite 6.1.5.15
"Cucusoft DVD to iPod Converter_is1" = Cucusoft DVD to iPod Converter 6.01
"Cucusoft iPod Video Converter_is1" = Cucusoft iPod Video Converter 3.16
"DVD Audio Extractor_is1" = DVD Audio Extractor 4.1.1
"Enable S3 for USB Device" = Enable S3 for USB Device
"ERUNT_is1" = ERUNT 1.1j
"ewidosecuritysuite" = ewido security suite
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"KB873333" = Windows XP Hotfix - KB873333
"KB873339" = Windows XP Hotfix - KB873339
"KB885250" = Windows XP Hotfix - KB885250
"KB885835" = Windows XP Hotfix - KB885835
"KB885836" = Windows XP Hotfix - KB885836
"KB886185" = Windows XP Hotfix - KB886185
"KB887472" = Windows XP Hotfix - KB887472
"KB887742" = Windows XP Hotfix - KB887742
"KB888113" = Windows XP Hotfix - KB888113
"KB888302" = Windows XP Hotfix - KB888302
"KB890046" = Security Update for Windows XP (KB890046)
"KB890859" = Windows XP Hotfix - KB890859
"KB891781" = Windows XP Hotfix - KB891781
"KB893066" = Security Update for Windows XP (KB893066)
"KB893086" = Windows XP Hotfix - KB893086
"KB893756" = Security Update for Windows XP (KB893756)
"KB893803v2" = Windows Installer 3.1 (KB893803)
"KB894391" = Update for Windows XP (KB894391)
"KB896358" = Security Update for Windows XP (KB896358)
"KB896422" = Security Update for Windows XP (KB896422)
"KB896423" = Security Update for Windows XP (KB896423)
"KB896424" = Security Update for Windows XP (KB896424)
"KB896428" = Security Update for Windows XP (KB896428)
"KB896688" = Security Update for Windows XP (KB896688)
"KB896727" = Update for Windows XP (KB896727)
"KB898461" = Update for Windows XP (KB898461)
"KB899587" = Security Update for Windows XP (KB899587)
"KB899588" = Security Update for Windows XP (KB899588)
"KB899589" = Security Update for Windows XP (KB899589)
"KB899591" = Security Update for Windows XP (KB899591)
"KB900485" = Update for Windows XP (KB900485)
"KB900725" = Security Update for Windows XP (KB900725)
"KB901017" = Security Update for Windows XP (KB901017)
"KB901214" = Security Update for Windows XP (KB901214)
"KB902400" = Security Update for Windows XP (KB902400)
"KB904706" = Security Update for Windows XP (KB904706)
"KB904942" = Update for Windows XP (KB904942)
"KB905414" = Security Update for Windows XP (KB905414)
"KB905749" = Security Update for Windows XP (KB905749)
"KB905915" = Security Update for Windows XP (KB905915)
"KB908519" = Security Update for Windows XP (KB908519)
"KB908531" = Security Update for Windows XP (KB908531)
"KB910437" = Update for Windows XP (KB910437)
"KB911280" = Security Update for Windows XP (KB911280)
"KB911562" = Security Update for Windows XP (KB911562)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB911565" = Security Update for Windows Media Player 10 (KB911565)
"KB911567" = Security Update for Windows XP (KB911567)
"KB911927" = Security Update for Windows XP (KB911927)
"KB912812" = Security Update for Windows XP (KB912812)
"KB912919" = Security Update for Windows XP (KB912919)
"KB913446" = Security Update for Windows XP (KB913446)
"KB913580" = Security Update for Windows XP (KB913580)
"KB914388" = Security Update for Windows XP (KB914388)
"KB914389" = Security Update for Windows XP (KB914389)
"KB914440" = Hotfix for Windows XP (KB914440)
"KB915865" = Hotfix for Windows XP (KB915865)
"KB916281" = Security Update for Windows XP (KB916281)
"KB916595" = Update for Windows XP (KB916595)
"KB917159" = Security Update for Windows XP (KB917159)
"KB917344" = Security Update for Windows XP (KB917344)
"KB917422" = Security Update for Windows XP (KB917422)
"KB917734_WMP10" = Security Update for Windows Media Player 10 (KB917734)
"KB917953" = Security Update for Windows XP (KB917953)
"KB918118" = Security Update for Windows XP (KB918118)
"KB918439" = Security Update for Windows XP (KB918439)
"KB918899" = Security Update for Windows XP (KB918899)
"KB919007" = Security Update for Windows XP (KB919007)
"KB920213" = Security Update for Windows XP (KB920213)
"KB920214" = Security Update for Windows XP (KB920214)
"KB920670" = Security Update for Windows XP (KB920670)
"KB920683" = Security Update for Windows XP (KB920683)
"KB920685" = Security Update for Windows XP (KB920685)
"KB920872" = Update for Windows XP (KB920872)
"KB921398" = Security Update for Windows XP (KB921398)
"KB921503" = Security Update for Windows XP (KB921503)
"KB921883" = Security Update for Windows XP (KB921883)
"KB922582" = Update for Windows XP (KB922582)
"KB922616" = Security Update for Windows XP (KB922616)
"KB922760" = Security Update for Windows XP (KB922760)
"KB922819" = Security Update for Windows XP (KB922819)
"KB923191" = Security Update for Windows XP (KB923191)
"KB923414" = Security Update for Windows XP (KB923414)
"KB923689" = Security Update for Windows XP (KB923689)
"KB923694" = Security Update for Windows XP (KB923694)
"KB923980" = Security Update for Windows XP (KB923980)
"KB924191" = Security Update for Windows XP (KB924191)
"KB924270" = Security Update for Windows XP (KB924270)
"KB924496" = Security Update for Windows XP (KB924496)
"KB924667" = Security Update for Windows XP (KB924667)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB925454" = Security Update for Windows XP (KB925454)
"KB925486" = Security Update for Windows XP (KB925486)
"KB925902" = Security Update for Windows XP (KB925902)
"KB926255" = Security Update for Windows XP (KB926255)
"KB926436" = Security Update for Windows XP (KB926436)
"KB927779" = Security Update for Windows XP (KB927779)
"KB927802" = Security Update for Windows XP (KB927802)
"KB927891" = Update for Windows XP (KB927891)
"KB928090-IE7" = Security Update for Windows Internet Explorer 7 (KB928090)
"KB928255" = Security Update for Windows XP (KB928255)
"KB928843" = Security Update for Windows XP (KB928843)
"KB929123" = Security Update for Windows XP (KB929123)
"KB929338" = Update for Windows XP (KB929338)
"KB929969" = Security Update for Windows Internet Explorer 7 (KB929969)
"KB930178" = Security Update for Windows XP (KB930178)
"KB930916" = Update for Windows XP (KB930916)
"KB931261" = Security Update for Windows XP (KB931261)
"KB931768-IE7" = Security Update for Windows Internet Explorer 7 (KB931768)
"KB931784" = Security Update for Windows XP (KB931784)
"KB931836" = Update for Windows XP (KB931836)
"KB932168" = Security Update for Windows XP (KB932168)
"KB932823-v3" = Update for Windows XP (KB932823-v3)
"KB933360" = Update for Windows XP (KB933360)
"KB933566-IE7" = Security Update for Windows Internet Explorer 7 (KB933566)
"KB933729" = Security Update for Windows XP (KB933729)
"KB935839" = Security Update for Windows XP (KB935839)
"KB935840" = Security Update for Windows XP (KB935840)
"KB936021" = Security Update for Windows XP (KB936021)
"KB936782_WMP10" = Security Update for Windows Media Player 10 (KB936782)
"KB937143-IE7" = Security Update for Windows Internet Explorer 7 (KB937143)
"KB937894" = Security Update for Windows XP (KB937894)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
"KB938828" = Update for Windows XP (KB938828)
"KB938829" = Security Update for Windows XP (KB938829)
"KB939653-IE7" = Security Update for Windows Internet Explorer 7 (KB939653)
"KB941202" = Security Update for Windows XP (KB941202)
"KB941568" = Security Update for Windows XP (KB941568)
"KB941569" = Security Update for Windows XP (KB941569)
"KB941644" = Security Update for Windows XP (KB941644)
"KB941693" = Security Update for Windows XP (KB941693)
"KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615)
"KB942763" = Update for Windows XP (KB942763)
"KB943055" = Security Update for Windows XP (KB943055)
"KB943460" = Security Update for Windows XP (KB943460)
"KB943485" = Security Update for Windows XP (KB943485)
"KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533)
"KB944653" = Security Update for Windows XP (KB944653)
"KB945553" = Security Update for Windows XP (KB945553)
"KB946026" = Security Update for Windows XP (KB946026)
"KB946648" = Security Update for Windows XP (KB946648)
"KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864)
"KB948590" = Security Update for Windows XP (KB948590)
"KB948881" = Security Update for Windows XP (KB948881)
"KB950749" = Security Update for Windows XP (KB950749)
"KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376" = Security Update for Windows XP (KB951376)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (2.0.0.16)" = Mozilla Firefox (2.0.0.16)
"MPEG Video Wizard DVD" = MPEG Video Wizard DVD
"MySpaceIM" = MySpaceIM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers
"Office8.0" = Microsoft Office 97, Professional Edition
"Snood_is1" = Snood for Windows version 3.52-W
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"TrojanHunter_is1" = TrojanHunter 4.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WgaNotify" = Windows Genuine Advantage Notifications (KB905474)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver

===== Uninstall List =====


===== Winsock2 Catalogs =====

===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Handlers =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKLM - IEProtocolHandler Class]
[12/07/2007 04:08 PM | 01,934,672 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll

===== Protocol Filters =====

< End of report >
  • 0

#12
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey jacknsherr,

Your log appears quite good, but there are still some leftovers, so we will deal with them now. :)

1) Uninstall some programs :

Please go Start > Control Panel > Add/Remove Programs and remove the following (if present):

* J2SE Runtime Environment 5.0 Update 4
* J2SE Runtime Environment 5.0 Update 11


2) Backing Up Your Registry :

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Posted Image

3) Run OTMoveIT2 :
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\System32\ba614MPs.exe.a_a
    C:\WINDOWS\System32\ba614MPs.exe
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e21-b1d5-11dc-831e-000fea36508b}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e22-b1d5-11dc-831e-000fea36508b}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14bd8f9f-9ab9-11db-82c0-000fea36508b}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3834b87d-4f08-11dd-8367-000fea36508b}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{448ad726-65a8-11dd-8371-000fea36508b}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{779abd93-2efc-11db-8289-000fea36508b}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b46a34a-7513-11da-823b-000fea36508b}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9d4ac78-6499-11dd-8370-000fea36508b}
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc34a5a4-2dde-11dd-8352-000fea36508b}
    purity
    emptytemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.[/list]
Please post :

- OTmoveIT2 repport.
- Two fresh OTviewIT repports.


And tell me please how your computer is running. :)

Regards,
Egwene.
  • 0

#13
jacknsherr

jacknsherr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Well, for starters, I can't find the OTmoveIT2 report.... The one I have seems to be the one from before:

OTViewIt logfile created on: 8/26/2008 12:12:22 PM - Run 3
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\user\Desktop\virus thing
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 269.01 Mb Available Physical Memory | 52.59% Memory free
1.22 Gb Paging File | 0.91 Gb Available in Paging File | 74.68% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 58.41 Gb Free Space | 78.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232.88 Gb Total Space | 136.44 Gb Free Space | 58.59% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-88A1E09A42
Current User Name: user
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[07/19/2008 09:25 AM | 00,016,056 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[07/19/2008 09:38 AM | 00,147,640 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashServ.exe
[10/19/2007 02:19 PM | 00,141,848 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
[05/14/2004 02:47 AM | 00,067,072 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\SOUNDMAN.EXE
[07/27/2004 05:50 PM | 00,081,920 | ---- | M] (InstallShield Software Corporation) - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[10/25/2007 05:33 PM | 00,563,984 | ---- | M] () - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[10/25/2007 05:37 PM | 02,178,832 | ---- | M] () - C:\Program Files\Logitech\QuickCam\Quickcam.exe
[03/30/2008 10:36 AM | 00,267,048 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[07/19/2008 09:38 AM | 00,078,008 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[12/18/2007 08:47 PM | 08,720,384 | ---- | M] () - C:\Program Files\MySpace\IM\MySpaceIM.exe
[10/31/2007 03:09 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[11/11/2004 06:53 PM | 00,016,448 | ---- | M] (ewido networks) - C:\Program Files\ewido\security suite\ewidoctrl.exe
[09/24/2003 10:00 AM | 00,073,728 | ---- | M] (Iomega Corporation) - C:\Program Files\Iomega\System32\AppServices.exe
[11/17/1996 12:00 AM | 00,051,984 | ---- | M] () - C:\Program Files\Microsoft Office\Office\OSA.EXE
[10/19/2007 02:17 PM | 00,186,904 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
[09/30/2004 12:35 AM | 00,127,043 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe
[07/19/2008 09:38 AM | 00,250,040 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[07/23/2008 09:25 AM | 00,348,344 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[10/19/2007 02:17 PM | 00,186,904 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
[03/30/2008 10:36 AM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[12/18/2007 08:47 PM | 08,720,384 | ---- | M] () - C:\Program Files\MySpace\IM\MySpaceIM.exe
[10/25/2007 05:32 PM | 00,407,824 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
[12/15/2006 04:23 AM | 00,075,520 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
[08/26/2008 09:49 AM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\user\Desktop\virus thing\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[10/31/2007 03:09 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(aswUpdSv) avast! iAVS4 Control Service [Auto | Running]
[07/19/2008 09:25 AM | 00,016,056 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

(avast! Antivirus) avast! Antivirus [Auto | Running]
[07/19/2008 09:38 AM | 00,147,640 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashServ.exe

(avast! Mail Scanner) avast! Mail Scanner [On_Demand | Running]
[07/19/2008 09:38 AM | 00,250,040 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

(avast! Web Scanner) avast! Web Scanner [On_Demand | Running]
[07/23/2008 09:25 AM | 00,348,344 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[08/04/2004 07:00 AM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(ewido security suite control) ewido security suite control [Auto | Running]
[11/11/2004 06:53 PM | 00,016,448 | ---- | M] (ewido networks) - C:\Program Files\ewido\security suite\ewidoctrl.exe

(ewido security suite guard) ewido security suite guard [Disabled | Stopped]
[09/25/2005 01:55 PM | 00,163,904 | ---- | M] (ewido networks) - C:\Program Files\ewido\security suite\ewidoguard.exe

(gusvc) Google Updater Service [On_Demand | Stopped]
[08/19/2008 03:01 PM | 00,138,168 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

(HP Port Resolver) HP Port Resolver [On_Demand | Stopped]
[05/20/2005 11:37 AM | 00,081,920 | ---- | M] (Hewlett-Packard Company) - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

(HP Status Server) HP Status Server [On_Demand | Stopped]
[10/16/2004 06:31 AM | 00,073,728 | ---- | M] (Hewlett-Packard Company) - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

(IDriverT) InstallDriver Table Manager [On_Demand | Stopped]
[04/04/2005 01:41 AM | 00,069,632 | ---- | M] (Macrovision Corporation) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

(Iomega Activity Disk2) Iomega Activity Disk2 [Disabled | Stopped]
[08/26/2008 12:10 PM | ---D | M] - .

(Iomega App Services) Iomega App Services [Auto | Running]
[09/24/2003 10:00 AM | 00,073,728 | ---- | M] (Iomega Corporation) - C:\Program Files\Iomega\System32\AppServices.exe

(iPod Service) iPod Service [On_Demand | Running]
[03/30/2008 10:36 AM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(LVCOMSer) LVCOMSer [Auto | Running]
[10/19/2007 02:17 PM | 00,186,904 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

(LVPrcSrv) Process Monitor [Auto | Running]
[10/19/2007 02:19 PM | 00,141,848 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

(LVSrvLauncher) LVSrvLauncher [Auto | Stopped]
[10/19/2007 02:21 PM | 00,141,848 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

(NVSvc) NVIDIA Display Driver Service [Auto | Running]
[09/30/2004 12:35 AM | 00,127,043 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe

(PavPrSrv) Panda Process Protection Service [Auto | Stopped]
File not found - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

===== Driver Services - Non-Microsoft Only =====

(Aavmker4) avast! Asynchronous Virus Monitor [System | Running]
[07/19/2008 09:32 AM | 00,026,944 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aavmker4.sys

(ALCXSENS) Service for WDM 3D Audio Driver [On_Demand | Running]
[02/23/2004 10:08 PM | 00,400,384 | ---- | M] (Sensaura) - C:\WINDOWS\system32\drivers\ALCXSENS.SYS

(ALCXWDM) Service for Realtek AC97 Audio (WDM) [On_Demand | Running]
[05/14/2004 10:24 AM | 00,622,172 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS

(ASPI32) ASPI32 [System | Running]
[07/17/2002 08:53 AM | 00,016,877 | ---- | M] (Adaptec) - C:\WINDOWS\System32\drivers\Aspi32.sys

(aswFsBlk) aswFsBlk [Auto | Running]
[07/19/2008 09:37 AM | 00,020,560 | ---- | M] (ALWIL Software) - C:\WINDOWS\system32\drivers\aswFsBlk.sys

(aswMon2) avast! Standard Shield Support [Auto | Running]
[07/19/2008 09:37 AM | 00,094,416 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswmon2.sys

(aswRdr) aswRdr [On_Demand | Running]
[07/19/2008 09:33 AM | 00,023,152 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswRdr.sys

(aswSP) avast! Self Protection [System | Running]
[07/19/2008 09:35 AM | 00,078,416 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswSP.sys

(aswTdi) avast! Network Shield Support [System | Running]
[07/19/2008 09:32 AM | 00,042,912 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswTdi.sys

(dmboot) dmboot [Disabled | Stopped]
[08/04/2004 07:00 AM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[08/04/2004 07:00 AM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Boot | Running]
[08/04/2004 07:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(DumaNT) NVIDIA Stereo Helper Service [System | Running]
[11/18/2002 04:29 PM | 00,399,700 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\dumant.sys

(ewido security suite driver) ewido security suite driver [System | Running]
[11/22/2004 09:15 AM | 00,003,072 | ---- | M] () - C:\Program Files\ewido\security suite\guard.sys

(GEARAspiWDM) GEARAspiWDM [On_Demand | Running]
[01/29/2008 12:01 PM | 00,016,168 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(GMSIPCI) GMSIPCI [On_Demand | Stopped]
File not found - D:\INSTALL\GMSIPCI.SYS

(IndiAvIn) TDK INDI AV-IN USB Device [On_Demand | Stopped]
[11/16/2002 07:03 PM | 00,086,016 | ---- | M] (Emuzed, Inc.) - C:\WINDOWS\system32\drivers\IndiAvIn.sys

(Intels51) Intel® 536EP V.92 Modem [On_Demand | Running]
[05/10/2002 08:31 AM | 00,633,220 | R--- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\Intels51.sys

(iomdisk) Iomega Devices Disk Filter Services [Boot | Running]
[09/24/2003 10:00 AM | 00,032,658 | ---- | M] (Iomega Corporation) - C:\WINDOWS\system32\drivers\IomDisk.sys

(iteraid) ITERAID_Service_Install [Boot | Running]
[02/25/2004 03:46 AM | 00,024,827 | R--- | M] (Integrated Technology Express, Inc.) - C:\WINDOWS\system32\drivers\iteraid.sys

(LVcKap) Logitech AEC Driver [On_Demand | Running]
[10/19/2007 02:16 PM | 02,109,976 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\Lvckap.sys

(LVMVDrv) Logitech Machine Vision Engine Loader [On_Demand | Stopped]
[10/11/2007 07:59 PM | 02,142,488 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LVMVdrv.sys

(LVPr2Mon) Logitech LVPr2Mon Driver [On_Demand | Running]
[10/11/2007 07:59 PM | 00,025,624 | ---- | M] () - C:\WINDOWS\system32\drivers\LVPr2Mon.sys

(LVUSBSta) Logitech USB Monitor Filter [On_Demand | Running]
[10/11/2007 09:00 PM | 00,041,752 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LVUSBSta.sys

(motmodem) Motorola USB CDC ACM Driver [On_Demand | Stopped]
[06/18/2007 02:18 PM | 00,023,680 | ---- | M] (Motorola) - C:\WINDOWS\system32\drivers\motmodem.sys

(nv) nv [On_Demand | Running]
[09/30/2004 12:35 AM | 02,743,840 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys

(nv_agp) NVIDIA nForce AGP Bus Filter [Boot | Running]
[03/19/2003 02:51 AM | 00,018,688 | R--- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv_agp.SYS

(PavProc) Panda Process Protection Driver [Auto | Stopped]
File not found - C:\WINDOWS\system32\DRIVERS\PavProc.sys

(pepifilter) Volume Adapter [On_Demand | Running]
[10/11/2007 08:55 PM | 00,013,848 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\lv302af.sys

(PID_PEPI) Logitech QuickCam IM(PID_PEPI) [On_Demand | Running]
[10/11/2007 08:55 PM | 01,279,000 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LV302V32.SYS

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/04/2004 07:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[11/17/2005 11:19 AM | 00,020,640 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\PxHelp20.sys

(RTL8023) Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver [On_Demand | Running]
[12/30/2003 10:58 PM | 00,069,504 | ---- | M] (Realtek Semiconductor Corporation ) - C:\WINDOWS\system32\drivers\Rtlnic51.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[11/13/2007 05:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(ShldDrv) Panda File Shield Driver [System | Stopped]
File not found - C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys

(SI3112r) Silicon Image SiI 3512 SATARaid Controller [Boot | Running]
[05/30/2003 03:05 AM | 00,089,610 | R--- | M] (Silicon Image, Inc) - C:\WINDOWS\system32\drivers\SI3112r.sys

(SiFilter) SATALink driver accelerator [Boot | Running]
[02/11/2003 11:37 PM | 00,009,600 | R--- | M] (Silicon Image, Inc.) - C:\WINDOWS\system32\drivers\SiWinAcc.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!" = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [07/19/2008 09:38 AM | 00,078,008 | ---- | M] (ALWIL Software)
"Cleanup" = C:\DOCUME~1\user\LOCALS~1\Temp\2008822162431_mcappins.exe /v=3 /cleanup File not found
"ISUSPM Startup" = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [07/27/2004 05:50 PM | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [07/27/2004 05:50 PM | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM | 00,267,048 | ---- | M] (Apple Inc.)
"LogitechCommunicationsManager" = "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 05:33 PM | 00,563,984 | ---- | M] ()
"LogitechQuickCamRibbon" = "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide [10/25/2007 05:37 PM | 02,178,832 | ---- | M] ()
"msci" = C:\DOCUME~1\user\LOCALS~1\Temp\2008822162422_mcinfo.exe /insfin File not found
"NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [09/30/2004 12:35 AM | 04,603,904 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [09/30/2004 12:35 AM | 00,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" = nwiz.exe /install [09/30/2004 12:35 AM | 00,921,600 | ---- | M] (NVIDIA Corporation)
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [03/28/2008 11:37 PM | 00,413,696 | ---- | M] (Apple Inc.)
"SoundMan" = SOUNDMAN.EXE [05/14/2004 02:47 AM | 00,067,072 | ---- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6" = File not found
"MySpaceIM" = C:\Program Files\MySpace\IM\MySpaceIM.exe [12/18/2007 08:47 PM | 08,720,384 | ---- | M] ()
"updateMgr" = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 [03/30/2006 04:45 PM | 00,313,472 | R--- | M] (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[09/23/2005 10:05 PM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[user Startup Folder - C:\Documents and Settings\user\Start Menu\Programs\Startup]
[11/17/1996 12:00 AM | 00,111,376 | ---- | M] () - C:\Documents and Settings\user\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
[11/17/1996 12:00 AM | 00,051,984 | ---- | M] () - C:\Documents and Settings\user\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [12/18/2006 04:16 AM | 00,059,032 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
HKLM CLSID: () - [05/31/2005 01:04 AM | 00,853,672 | ---- | M] (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
HKLM CLSID: (Google Toolbar Helper) - [01/19/2007 11:55 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/19/2007 11:55 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/19/2007 11:55 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (&Yahoo! Toolbar) - File not found Reg Error: Key does not exist or could not be opened.

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 07:00 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\1125036546\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1125036546\ee\AOLServiceHost.exe File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe [11/03/2006 02:17 AM | 00,010,800 | ---- | M] (AOL LLC)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe [08/01/2006 03:35 PM | 00,067,112 | ---- | M] (America Online, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 07:44 AM | 00,557,568 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 07:00 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\1125036546\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1125036546\ee\AOLServiceHost.exe File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe [11/03/2006 02:17 AM | 00,010,800 | ---- | M] (AOL LLC)
"C:\WINDOWS\system32\urprhaaun.exe" = C:\WINDOWS\system32\urprhaaun.exe File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe [10/13/2004 11:24 AM | 01,694,208 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe File not found
"C:\StubInstaller.exe" = C:\StubInstaller.exe [10/31/2005 10:56 AM | 00,700,416 | ---- | M] (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe File not found
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\iexplore.exe [06/23/2008 04:20 AM | 00,625,664 | ---- | M] (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe [09/29/2006 09:00 PM | 00,043,520 | ---- | M] ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe [08/01/2006 03:35 PM | 00,067,112 | ---- | M] (America Online, Inc.)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 07:44 AM | 00,557,568 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo! Games\Bejeweled 2 Deluxe\WinBej2.exe" = C:\Program Files\Yahoo! Games\Bejeweled 2 Deluxe\WinBej2.exe [11/18/2004 04:26 PM | 01,566,721 | ---- | M] (PopCap.com)
"C:\Program Files\Last.fm\LastFM.exe" = C:\Program Files\Last.fm\LastFM.exe File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe [01/03/2008 11:15 AM | 00,050,528 | ---- | M] (AOL LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [03/30/2008 10:36 AM | 20,638,504 | ---- | M] (Apple Inc.)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe [12/18/2007 08:47 PM | 08,720,384 | ---- | M] ()
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe [12/07/2007 04:08 PM | 21,686,568 | R--- | M] (Skype Technologies S.A.)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [06/13/2007 05:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [08/04/2004 07:00 AM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [08/04/2004 07:00 AM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [08/04/2004 07:00 AM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====
Unable to open key or key not present!


===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{7A4455E7-1E22-4CAB-B4F0-51FF2DCDE3CD}]
Servers: | Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{9B410874-7B7D-40FE-9EA6-F06094BD1DEC}]
Servers: | Description: 1394 Net Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{C4A502C0-106A-4D1B-ACB1-7F86FE35522F}]
Servers: | Description:

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

AUTOEXEC.BAT []
[07/15/2005 04:42 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e21-b1d5-11dc-831e-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e21-b1d5-11dc-831e-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e21-b1d5-11dc-831e-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e22-b1d5-11dc-831e-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e22-b1d5-11dc-831e-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eae2e22-b1d5-11dc-831e-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14bd8f9f-9ab9-11db-82c0-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14bd8f9f-9ab9-11db-82c0-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14bd8f9f-9ab9-11db-82c0-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3834b87d-4f08-11dd-8367-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3834b87d-4f08-11dd-8367-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3834b87d-4f08-11dd-8367-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{448ad726-65a8-11dd-8371-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{448ad726-65a8-11dd-8371-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{448ad726-65a8-11dd-8371-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{779abd93-2efc-11db-8289-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{779abd93-2efc-11db-8289-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{779abd93-2efc-11db-8289-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b46a34a-7513-11da-823b-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b46a34a-7513-11da-823b-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b46a34a-7513-11da-823b-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9d4ac78-6499-11dd-8370-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9d4ac78-6499-11dd-8370-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9d4ac78-6499-11dd-8370-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc34a5a4-2dde-11dd-8352-000fea36508b}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc34a5a4-2dde-11dd-8352-000fea36508b}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/25/2007 10:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc34a5a4-2dde-11dd-8352-000fea36508b}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

===== Hosts File =====

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



[Files/Folders - Created Within 30 days]
[08/20/2008 08:39 AM | --SD | C] - C:\Microsoft
[08/26/2008 09:30 AM | ---D | C] - C:\_OTMoveIt
[08/26/2008 11:38 AM | 53,639,9872 | -HS- | C] () - C:\hiberfil.sys
[01/17/2008 11:34 AM | 00,093,264 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswmon.sys
[07/19/2008 09:32 AM | 00,026,944 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aavmker4.sys
[07/19/2008 09:32 AM | 00,042,912 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswTdi.sys
[07/19/2008 09:33 AM | 00,023,152 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswRdr.sys
[07/19/2008 09:35 AM | 00,078,416 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswSP.sys
[07/19/2008 09:37 AM | 00,020,560 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswFsBlk.sys
[07/19/2008 09:37 AM | 00,094,416 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswmon2.sys
[08/17/2008 03:01 PM | 00,017,144 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[01/09/2004 04:13 AM | 00,380,928 | ---- | C] () - C:\WINDOWS\System32\actskin4.ocx
[06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[06/10/2008 02:32 AM | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javacpl.cpl
[06/10/2008 02:32 AM | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[07/19/2008 09:30 AM | 00,094,392 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\AvastSS.scr
[07/19/2008 09:43 AM | 01,163,960 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\aswBoot.exe
[08/23/2008 06:24 PM | ---D | C] - C:\WINDOWS\System32\CatRoot_bak
[08/26/2008 11:11 AM | 00,000,000 | ---- | C] () - C:\WINDOWS\System32\ba614MPs.exe.a_a
[08/26/2008 11:11 AM | 00,082,946 | ---- | C] () - C:\WINDOWS\System32\ba614MPs.exe
[08/22/2008 11:37 AM | ---D | C] - C:\WINDOWS\ERDNT
[08/19/2008 03:01 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Google
[08/21/2008 06:32 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/19/2008 03:29 PM | ---D | C] - C:\Documents and Settings\user\Application Data\Google
[08/21/2008 06:32 PM | ---D | C] - C:\Documents and Settings\user\Application Data\Malwarebytes
[08/16/2008 02:41 AM | 00,022,016 | ---- | C] () - C:\Documents and Settings\user\My Documents\For an occasion such as this.doc
[08/21/2008 10:12 PM | 00,001,709 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[08/21/2008 06:31 PM | 00,128,368 | ---- | C] (Digital River) - C:\Documents and Settings\user\Desktop\Download_mbam-setup.exe
[08/26/2008 11:38 AM | ---D | C] - C:\Documents and Settings\user\Desktop\08262008_113630
[08/26/2008 12:10 PM | ---D | C] - C:\Documents and Settings\user\Desktop\virus thing
[08/21/2008 06:20 PM | ---D | C] - C:\Program Files\Common Files\Panda Software
[08/21/2008 06:31 PM | ---D | C] - C:\Program Files\Common Files\Download Manager
[08/21/2008 10:11 PM | ---D | C] - C:\Program Files\Alwil Software
[08/22/2008 04:27 PM | ---D | C] - C:\Program Files\Trend Micro
[08/22/2008 11:36 AM | ---D | C] - C:\Program Files\ERUNT
[08/26/2008 09:26 AM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[08/26/2008 12:07 PM | ---D | C] - C:\Program Files\Sun

[Files/Folders - Modified Within 30 days]
[08/20/2008 08:39 AM | --SD | M] - C:\Microsoft
[08/22/2008 04:27 PM | R--D | M] - C:\Program Files
[08/26/2008 09:30 AM | ---D | M] - C:\_OTMoveIt
[08/26/2008 11:36 AM | ---D | M] - C:\WINDOWS
[08/26/2008 11:38 AM | 53,639,9872 | -HS- | M] () - C:\hiberfil.sys
[08/26/2008 12:07 PM | -H-D | M] - C:\Config.Msi
[08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/11/2008 02:39 AM | 00,052,764 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[08/11/2008 02:39 AM | 00,380,350 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[08/11/2008 02:39 AM | 00,438,700 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[08/21/2008 10:12 PM | 00,002,626 | ---- | M] () - C:\WINDOWS\System32\CONFIG.NT
[08/22/2008 04:10 PM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/22/2008 11:05 AM | ---D | M] - C:\WINDOWS\System32\config
[08/23/2008 06:24 PM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/23/2008 06:24 PM | ---D | M] - C:\WINDOWS\System32\CatRoot_bak
[08/26/2008 09:26 AM | ---D | M] - C:\WINDOWS\System32\drivers
[08/26/2008 09:31 AM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[08/26/2008 11:11 AM | 00,000,000 | ---- | M] () - C:\WINDOWS\System32\ba614MPs.exe.a_a
[08/26/2008 11:11 AM | 00,082,946 | ---- | M] () - C:\WINDOWS\System32\ba614MPs.exe
[08/26/2008 11:38 AM | 00,002,422 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/26/2008 11:38 AM | 00,007,883 | ---- | M] () - C:\WINDOWS\System32\nvapps.xml
[08/14/2008 03:03 AM | ---D | M] - C:\WINDOWS\ie7updates
[08/14/2008 03:06 AM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/15/2008 04:53 PM | 00,000,832 | ---- | M] () - C:\WINDOWS\win.ini
[08/15/2008 04:54 PM | 00,294,912 | ---- | M] () - C:\WINDOWS\outlook.pst
[08/22/2008 11:19 AM | ---D | M] - C:\WINDOWS\Debug
[08/22/2008 11:37 AM | ---D | M] - C:\WINDOWS\ERDNT
[08/24/2008 11:50 PM | -H-D | M] - C:\WINDOWS\inf
[08/26/2008 11:36 AM | --SD | M] - C:\WINDOWS\Tasks
[08/26/2008 11:38 AM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/26/2008 11:38 AM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[08/26/2008 11:38 AM | ---D | M] - C:\WINDOWS\Temp
[08/26/2008 12:07 PM | ---D | M] - C:\WINDOWS\system32
[08/26/2008 12:07 PM | -HSD | M] - C:\WINDOWS\Installer
[08/26/2008 12:08 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/20/2008 11:44 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/26/2008 11:38 AM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/19/2008 03:01 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Google
[08/21/2008 01:08 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[08/21/2008 06:32 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/22/2008 04:24 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\McAfee.com
[08/26/2008 11:27 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Viewpoint
[08/18/2008 09:18 AM | ---D | M] - C:\Documents and Settings\user\Application Data\BitTorrent
[08/19/2008 03:29 PM | ---D | M] - C:\Documents and Settings\user\Application Data\Google
[08/21/2008 06:32 PM | ---D | M] - C:\Documents and Settings\user\Application Data\Malwarebytes
[08/26/2008 08:00 AM | ---D | M] - C:\Documents and Settings\user\Application Data\skypePM
[08/26/2008 08:59 AM | ---D | M] - C:\Documents and Settings\user\Application Data\Skype
[08/26/2008 11:27 AM | ---D | M] - C:\Documents and Settings\user\Application Data\Viewpoint
[08/19/2008 03:29 PM | ---D | M] - C:\Documents and Settings\user\Local Settings\Application Data\Google
[08/21/2008 01:05 PM | 03,755,134 | -H-- | M] () - C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[08/25/2008 11:39 AM | 00,098,304 | ---- | M] () - C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/08/2008 05:58 PM | R--D | M] - C:\Documents and Settings\All Users\Documents\My Music
[08/16/2008 02:41 AM | 00,022,016 | ---- | M] () - C:\Documents and Settings\user\My Documents\For an occasion such as this.doc
[08/21/2008 10:12 PM | 00,001,709 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[08/26/2008 09:12 AM | 00,002,137 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[08/26/2008 12:59 AM | 00,002,257 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Skype.lnk
[08/21/2008 06:31 PM | 00,128,368 | ---- | M] (Digital River) - C:\Documents and Settings\user\Desktop\Download_mbam-setup.exe
[08/25/2008 01:44 AM | 00,002,445 | ---- | M] () - C:\Documents and Settings\user\Desktop\Logitech QuickCam.lnk
[08/26/2008 11:38 AM | ---D | M] - C:\Documents and Settings\user\Desktop\08262008_113630
[08/26/2008 12:10 PM | ---D | M] - C:\Documents and Settings\user\Desktop\virus thing
[08/21/2008 06:20 PM | ---D | M] - C:\Program Files\Common Files\Panda Software
[08/21/2008 06:31 PM | ---D | M] - C:\Program Files\Common Files\Download Manager

< End of report >


The EXTRAS file also appears to be the same as before:

OTViewIt Extras logfile created on: 8/26/2008 12:12:22 PM - Run 3
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\user\Desktop\virus thing
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 269.01 Mb Available Physical Memory | 52.59% Memory free
1.22 Gb Paging File | 0.91 Gb Available in Paging File | 74.68% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 58.41 Gb Free Space | 78.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232.88 Gb Total Space | 136.44 Gb Free Space | 58.59% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

===== File Associations =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = comfile] - File not found -
.exe [@ = exefile] - File not found -
.html [@ = FirefoxHTML] - [07/17/2008 01:38 PM | 07,667,312 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -

===== Uninstall List =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java™ SE Development Kit 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685A56F8-75B6-44AD-B3DA-FB0A3266B47C}" = Adobe Flash Player 9 ActiveX
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F1C5D75-E232-4C2B-A394-E5FB7FBB3D66}" = Sonic Foundry Sound Forge 6.0d
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C53CCE8A-8DEE-4E2C-8A4D-425F0FF70471}" = Iomega DVD Wizard
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB1507A-AAEA-4778-AC4B-DD5EAB1A961E}" = Iomega HotBurn Pro
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"AIM_6" = AIM 6
"AoA DVD Ripper_is1" = AoA DVD Ripper
"AoA MP4 Converter_is1" = AoA MP4 Converter
"AOL Instant Messenger" = AOL Instant Messenger
"avast!" = avast! Antivirus
"AviSynth" = AviSynth 2.5
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"BitTorrent" = BitTorrent 4.24.0
"CCleaner" = CCleaner (remove only)
"Cucusoft DVD to iPod + iPod Video Converter Suite_is1" = Cucusoft DVD to iPod + iPod Video Converter Suite 6.1.5.15
"Cucusoft DVD to iPod Converter_is1" = Cucusoft DVD to iPod Converter 6.01
"Cucusoft iPod Video Converter_is1" = Cucusoft iPod Video Converter 3.16
"DVD Audio Extractor_is1" = DVD Audio Extractor 4.1.1
"Enable S3 for USB Device" = Enable S3 for USB Device
"ERUNT_is1" = ERUNT 1.1j
"ewidosecuritysuite" = ewido security suite
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"KB873333" = Windows XP Hotfix - KB873333
"KB873339" = Windows XP Hotfix - KB873339
"KB885250" = Windows XP Hotfix - KB885250
"KB885835" = Windows XP Hotfix - KB885835
"KB885836" = Windows XP Hotfix - KB885836
"KB886185" = Windows XP Hotfix - KB886185
"KB887472" = Windows XP Hotfix - KB887472
"KB887742" = Windows XP Hotfix - KB887742
"KB888113" = Windows XP Hotfix - KB888113
"KB888302" = Windows XP Hotfix - KB888302
"KB890046" = Security Update for Windows XP (KB890046)
"KB890859" = Windows XP Hotfix - KB890859
"KB891781" = Windows XP Hotfix - KB891781
"KB893066" = Security Update for Windows XP (KB893066)
"KB893086" = Windows XP Hotfix - KB893086
"KB893756" = Security Update for Windows XP (KB893756)
"KB893803v2" = Windows Installer 3.1 (KB893803)
"KB894391" = Update for Windows XP (KB894391)
"KB896358" = Security Update for Windows XP (KB896358)
"KB896422" = Security Update for Windows XP (KB896422)
"KB896423" = Security Update for Windows XP (KB896423)
"KB896424" = Security Update for Windows XP (KB896424)
"KB896428" = Security Update for Windows XP (KB896428)
"KB896688" = Security Update for Windows XP (KB896688)
"KB896727" = Update for Windows XP (KB896727)
"KB898461" = Update for Windows XP (KB898461)
"KB899587" = Security Update for Windows XP (KB899587)
"KB899588" = Security Update for Windows XP (KB899588)
"KB899589" = Security Update for Windows XP (KB899589)
"KB899591" = Security Update for Windows XP (KB899591)
"KB900485" = Update for Windows XP (KB900485)
"KB900725" = Security Update for Windows XP (KB900725)
"KB901017" = Security Update for Windows XP (KB901017)
"KB901214" = Security Update for Windows XP (KB901214)
"KB902400" = Security Update for Windows XP (KB902400)
"KB904706" = Security Update for Windows XP (KB904706)
"KB904942" = Update for Windows XP (KB904942)
"KB905414" = Security Update for Windows XP (KB905414)
"KB905749" = Security Update for Windows XP (KB905749)
"KB905915" = Security Update for Windows XP (KB905915)
"KB908519" = Security Update for Windows XP (KB908519)
"KB908531" = Security Update for Windows XP (KB908531)
"KB910437" = Update for Windows XP (KB910437)
"KB911280" = Security Update for Windows XP (KB911280)
"KB911562" = Security Update for Windows XP (KB911562)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB911565" = Security Update for Windows Media Player 10 (KB911565)
"KB911567" = Security Update for Windows XP (KB911567)
"KB911927" = Security Update for Windows XP (KB911927)
"KB912812" = Security Update for Windows XP (KB912812)
"KB912919" = Security Update for Windows XP (KB912919)
"KB913446" = Security Update for Windows XP (KB913446)
"KB913580" = Security Update for Windows XP (KB913580)
"KB914388" = Security Update for Windows XP (KB914388)
"KB914389" = Security Update for Windows XP (KB914389)
"KB914440" = Hotfix for Windows XP (KB914440)
"KB915865" = Hotfix for Windows XP (KB915865)
"KB916281" = Security Update for Windows XP (KB916281)
"KB916595" = Update for Windows XP (KB916595)
"KB917159" = Security Update for Windows XP (KB917159)
"KB917344" = Security Update for Windows XP (KB917344)
"KB917422" = Security Update for Windows XP (KB917422)
"KB917734_WMP10" = Security Update for Windows Media Player 10 (KB917734)
"KB917953" = Security Update for Windows XP (KB917953)
"KB918118" = Security Update for Windows XP (KB918118)
"KB918439" = Security Update for Windows XP (KB918439)
"KB918899" = Security Update for Windows XP (KB918899)
"KB919007" = Security Update for Windows XP (KB919007)
"KB920213" = Security Update for Windows XP (KB920213)
"KB920214" = Security Update for Windows XP (KB920214)
"KB920670" = Security Update for Windows XP (KB920670)
"KB920683" = Security Update for Windows XP (KB920683)
"KB920685" = Security Update for Windows XP (KB920685)
"KB920872" = Update for Windows XP (KB920872)
"KB921398" = Security Update for Windows XP (KB921398)
"KB921503" = Security Update for Windows XP (KB921503)
"KB921883" = Security Update for Windows XP (KB921883)
"KB922582" = Update for Windows XP (KB922582)
"KB922616" = Security Update for Windows XP (KB922616)
"KB922760" = Security Update for Windows XP (KB922760)
"KB922819" = Security Update for Windows XP (KB922819)
"KB923191" = Security Update for Windows XP (KB923191)
"KB923414" = Security Update for Windows XP (KB923414)
"KB923689" = Security Update for Windows XP (KB923689)
"KB923694" = Security Update for Windows XP (KB923694)
"KB923980" = Security Update for Windows XP (KB923980)
"KB924191" = Security Update for Windows XP (KB924191)
"KB924270" = Security Update for Windows XP (KB924270)
"KB924496" = Security Update for Windows XP (KB924496)
"KB924667" = Security Update for Windows XP (KB924667)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB925454" = Security Update for Windows XP (KB925454)
"KB925486" = Security Upda
  • 0

#14
jacknsherr

jacknsherr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Try again with the EXTRAS:

OTViewIt Extras logfile created on: 8/26/2008 12:12:22 PM - Run 3
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\user\Desktop\virus thing
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 269.01 Mb Available Physical Memory | 52.59% Memory free
1.22 Gb Paging File | 0.91 Gb Available in Paging File | 74.68% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 58.41 Gb Free Space | 78.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232.88 Gb Total Space | 136.44 Gb Free Space | 58.59% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

===== File Associations =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = comfile] - File not found -
.exe [@ = exefile] - File not found -
.html [@ = FirefoxHTML] - [07/17/2008 01:38 PM | 07,667,312 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -

===== Uninstall List =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java™ SE Development Kit 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685A56F8-75B6-44AD-B3DA-FB0A3266B47C}" = Adobe Flash Player 9 ActiveX
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F1C5D75-E232-4C2B-A394-E5FB7FBB3D66}" = Sonic Foundry Sound Forge 6.0d
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C53CCE8A-8DEE-4E2C-8A4D-425F0FF70471}" = Iomega DVD Wizard
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB1507A-AAEA-4778-AC4B-DD5EAB1A961E}" = Iomega HotBurn Pro
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"AIM_6" = AIM 6
"AoA DVD Ripper_is1" = AoA DVD Ripper
"AoA MP4 Converter_is1" = AoA MP4 Converter
"AOL Instant Messenger" = AOL Instant Messenger
"avast!" = avast! Antivirus
"AviSynth" = AviSynth 2.5
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"BitTorrent" = BitTorrent 4.24.0
"CCleaner" = CCleaner (remove only)
"Cucusoft DVD to iPod + iPod Video Converter Suite_is1" = Cucusoft DVD to iPod + iPod Video Converter Suite 6.1.5.15
"Cucusoft DVD to iPod Converter_is1" = Cucusoft DVD to iPod Converter 6.01
"Cucusoft iPod Video Converter_is1" = Cucusoft iPod Video Converter 3.16
"DVD Audio Extractor_is1" = DVD Audio Extractor 4.1.1
"Enable S3 for USB Device" = Enable S3 for USB Device
"ERUNT_is1" = ERUNT 1.1j
"ewidosecuritysuite" = ewido security suite
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"KB873333" = Windows XP Hotfix - KB873333
"KB873339" = Windows XP Hotfix - KB873339
"KB885250" = Windows XP Hotfix - KB885250
"KB885835" = Windows XP Hotfix - KB885835
"KB885836" = Windows XP Hotfix - KB885836
"KB886185" = Windows XP Hotfix - KB886185
"KB887472" = Windows XP Hotfix - KB887472
"KB887742" = Windows XP Hotfix - KB887742
"KB888113" = Windows XP Hotfix - KB888113
"KB888302" = Windows XP Hotfix - KB888302
"KB890046" = Security Update for Windows XP (KB890046)
"KB890859" = Windows XP Hotfix - KB890859
"KB891781" = Windows XP Hotfix - KB891781
"KB893066" = Security Update for Windows XP (KB893066)
"KB893086" = Windows XP Hotfix - KB893086
"KB893756" = Security Update for Windows XP (KB893756)
"KB893803v2" = Windows Installer 3.1 (KB893803)
"KB894391" = Update for Windows XP (KB894391)
"KB896358" = Security Update for Windows XP (KB896358)
"KB896422" = Security Update for Windows XP (KB896422)
"KB896423" = Security Update for Windows XP (KB896423)
"KB896424" = Security Update for Windows XP (KB896424)
"KB896428" = Security Update for Windows XP (KB896428)
"KB896688" = Security Update for Windows XP (KB896688)
"KB896727" = Update for Windows XP (KB896727)
"KB898461" = Update for Windows XP (KB898461)
"KB899587" = Security Update for Windows XP (KB899587)
"KB899588" = Security Update for Windows XP (KB899588)
"KB899589" = Security Update for Windows XP (KB899589)
"KB899591" = Security Update for Windows XP (KB899591)
"KB900485" = Update for Windows XP (KB900485)
"KB900725" = Security Update for Windows XP (KB900725)
"KB901017" = Security Update for Windows XP (KB901017)
"KB901214" = Security Update for Windows XP (KB901214)
"KB902400" = Security Update for Windows XP (KB902400)
"KB904706" = Security Update for Windows XP (KB904706)
"KB904942" = Update for Windows XP (KB904942)
"KB905414" = Security Update for Windows XP (KB905414)
"KB905749" = Security Update for Windows XP (KB905749)
"KB905915" = Security Update for Windows XP (KB905915)
"KB908519" = Security Update for Windows XP (KB908519)
"KB908531" = Security Update for Windows XP (KB908531)
"KB910437" = Update for Windows XP (KB910437)
"KB911280" = Security Update for Windows XP (KB911280)
"KB911562" = Security Update for Windows XP (KB911562)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB911565" = Security Update for Windows Media Player 10 (KB911565)
"KB911567" = Security Update for Windows XP (KB911567)
"KB911927" = Security Update for Windows XP (KB911927)
"KB912812" = Security Update for Windows XP (KB912812)
"KB912919" = Security Update for Windows XP (KB912919)
"KB913446" = Security Update for Windows XP (KB913446)
"KB913580" = Security Update for Windows XP (KB913580)
"KB914388" = Security Update for Windows XP (KB914388)
"KB914389" = Security Update for Windows XP (KB914389)
"KB914440" = Hotfix for Windows XP (KB914440)
"KB915865" = Hotfix for Windows XP (KB915865)
"KB916281" = Security Update for Windows XP (KB916281)
"KB916595" = Update for Windows XP (KB916595)
"KB917159" = Security Update for Windows XP (KB917159)
"KB917344" = Security Update for Windows XP (KB917344)
"KB917422" = Security Update for Windows XP (KB917422)
"KB917734_WMP10" = Security Update for Windows Media Player 10 (KB917734)
"KB917953" = Security Update for Windows XP (KB917953)
"KB918118" = Security Update for Windows XP (KB918118)
"KB918439" = Security Update for Windows XP (KB918439)
"KB918899" = Security Update for Windows XP (KB918899)
"KB919007" = Security Update for Windows XP (KB919007)
"KB920213" = Security Update for Windows XP (KB920213)
"KB920214" = Security Update for Windows XP (KB920214)
"KB920670" = Security Update for Windows XP (KB920670)
"KB920683" = Security Update for Windows XP (KB920683)
"KB920685" = Security Update for Windows XP (KB920685)
"KB920872" = Update for Windows XP (KB920872)
"KB921398" = Security Update for Windows XP (KB921398)
"KB921503" = Security Update for Windows XP (KB921503)
"KB921883" = Security Update for Windows XP (KB921883)
"KB922582" = Update for Windows XP (KB922582)
"KB922616" = Security Update for Windows XP (KB922616)
"KB922760" = Security Update for Windows XP (KB922760)
"KB922819" = Security Update for Windows XP (KB922819)
"KB923191" = Security Update for Windows XP (KB923191)
"KB923414" = Security Update for Windows XP (KB923414)
"KB923689" = Security Update for Windows XP (KB923689)
"KB923694" = Security Update for Windows XP (KB923694)
"KB923980" = Security Update for Windows XP (KB923980)
"KB924191" = Security Update for Windows XP (KB924191)
"KB924270" = Security Update for Windows XP (KB924270)
"KB924496" = Security Update for Windows XP (KB924496)
"KB924667" = Security Update for Windows XP (KB924667)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB925454" = Security Update for Windows XP (KB925454)
"KB925486" = Security Update for Windows XP (KB925486)
"KB925902" = Security Update for Windows XP (KB925902)
"KB926255" = Security Update for Windows XP (KB926255)
"KB926436" = Security Update for Windows XP (KB926436)
"KB927779" = Security Update for Windows XP (KB927779)
"KB927802" = Security Update for Windows XP (KB927802)
"KB927891" = Update for Windows XP (KB927891)
"KB928090-IE7" = Security Update for Windows Internet Explorer 7 (KB928090)
"KB928255" = Security Update for Windows XP (KB928255)
"KB928843" = Security Update for Windows XP (KB928843)
"KB929123" = Security Update for Windows XP (KB929123)
"KB929338" = Update for Windows XP (KB929338)
"KB929969" = Security Update for Windows Internet Explorer 7 (KB929969)
"KB930178" = Security Update for Windows XP (KB930178)
"KB930916" = Update for Windows XP (KB930916)
"KB931261" = Security Update for Windows XP (KB931261)
"KB931768-IE7" = Security Update for Windows Internet Explorer 7 (KB931768)
"KB931784" = Security Update for Windows XP (KB931784)
"KB931836" = Update for Windows XP (KB931836)
"KB932168" = Security Update for Windows XP (KB932168)
"KB932823-v3" = Update for Windows XP (KB932823-v3)
"KB933360" = Update for Windows XP (KB933360)
"KB933566-IE7" = Security Update for Windows Internet Explorer 7 (KB933566)
"KB933729" = Security Update for Windows XP (KB933729)
"KB935839" = Security Update for Windows XP (KB935839)
"KB935840" = Security Update for Windows XP (KB935840)
"KB936021" = Security Update for Windows XP (KB936021)
"KB936782_WMP10" = Security Update for Windows Media Player 10 (KB936782)
"KB937143-IE7" = Security Update for Windows Internet Explorer 7 (KB937143)
"KB937894" = Security Update for Windows XP (KB937894)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
"KB938828" = Update for Windows XP (KB938828)
"KB938829" = Security Update for Windows XP (KB938829)
"KB939653-IE7" = Security Update for Windows Internet Explorer 7 (KB939653)
"KB941202" = Security Update for Windows XP (KB941202)
"KB941568" = Security Update for Windows XP (KB941568)
"KB941569" = Security Update for Windows XP (KB941569)
"KB941644" = Security Update for Windows XP (KB941644)
"KB941693" = Security Update for Windows XP (KB941693)
"KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615)
"KB942763" = Update for Windows XP (KB942763)
"KB943055" = Security Update for Windows XP (KB943055)
"KB943460" = Security Update for Windows XP (KB943460)
"KB943485" = Security Update for Windows XP (KB943485)
"KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533)
"KB944653" = Security Update for Windows XP (KB944653)
"KB945553" = Security Update for Windows XP (KB945553)
"KB946026" = Security Update for Windows XP (KB946026)
"KB946648" = Security Update for Windows XP (KB946648)
"KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864)
"KB948590" = Security Update for Windows XP (KB948590)
"KB948881" = Security Update for Windows XP (KB948881)
"KB950749" = Security Update for Windows XP (KB950749)
"KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376" = Security Update for Windows XP (KB951376)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (2.0.0.16)" = Mozilla Firefox (2.0.0.16)
"MPEG Video Wizard DVD" = MPEG Video Wizard DVD
"MySpaceIM" = MySpaceIM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers
"Office8.0" = Microsoft Office 97, Professional Edition
"Snood_is1" = Snood for Windows version 3.52-W
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"TrojanHunter_is1" = TrojanHunter 4.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WgaNotify" = Windows Genuine Advantage Notifications (KB905474)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver

===== Uninstall List =====


===== Winsock2 Catalogs =====

===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Handlers =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKLM - IEProtocolHandler Class]
[12/07/2007 04:08 PM | 01,934,672 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll

===== Protocol Filters =====

< End of report >
  • 0

#15
Egwene

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Did you have run OTmoveIT2 as i advised you ?

It appears that not :)

Please do again my last handling with OTmoveIT2 and post me its repport please.

:)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP