Everything went fine.
Step 2:
When I ran OTMoveIt3.exe, I got the following three errors:
The application or DLL C:\WINDOWS\system32\serauth2.dll is not a valid Windows image. Please check this against your installation diskette.
The application or DLL C:\WINDOWS\system32\serauth1.dll is not a valid Windows image. Please check this against your installation diskette.
The application or DLL C:\WINDOWS\system32\nsprs.dll is not a valid Windows image. Please check this against your installation diskette.
Step 3: ok
Step 4:
This didn't work as you described. I had to open a command prompt and type it in manually. It worked just fine then.
Here are the logs you asked for:
OTMoveIt3 log:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
LoadLibrary failed for C:\WINDOWS\system32\serauth2.dll
C:\WINDOWS\system32\serauth2.dll NOT unregistered.
C:\WINDOWS\system32\serauth2.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\serauth1.dll
C:\WINDOWS\system32\serauth1.dll NOT unregistered.
C:\WINDOWS\system32\serauth1.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\nsprs.dll
C:\WINDOWS\system32\nsprs.dll NOT unregistered.
C:\WINDOWS\system32\nsprs.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\tmpPrst.dll
C:\WINDOWS\system32\tmpPrst.dll NOT unregistered.
C:\WINDOWS\system32\tmpPrst.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\lsprst7.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\lsprst7.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\p2pnetwork.exe not found.
File/Folder C:\Documents and Settings\Administrator\Incomplete\T-4223976-hawaiian christmas CD quality.mp3 not found.
File/Folder C:\Documents and Settings\Administrator\Shared\calexico - greatest hits.mp3 not found.
File/Folder C:\WINDOWS\system32\wdmaud.sys not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\p2pnetwork.exe not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\"aux"|"wdmaud.drv" /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_nzyJhyoQ7EKMoMj scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF7A5A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFCE3F.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\hsperfdata_SYSTEM\604 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\hlktmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_76c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 01022009_112947
Files moved on Reboot...
LoadLibrary failed for C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\lsprst7.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\lsprst7.dll scheduled to be moved on reboot.
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_nzyJhyoQ7EKMoMj not found!
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF7A5A.tmp not found!
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFCE3F.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\hsperfdata_SYSTEM\604 not found!
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_76c.dat not found!
Check.bat log:
-c----w 60,800 2004-08-04 05:15:56 C:\WINDOWS\$NtServicePackUninstall$\sysaudio.sys
------w 60,800 2008-04-13 19:15:55 C:\WINDOWS\ServicePackFiles\i386\sysaudio.sys
----a-w 60,800 2008-04-13 19:15:55 C:\WINDOWS\system32\drivers\sysaudio.sys
Look.txt:
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\drivers32
midimapper REG_SZ midimap.dll
msacm.imaadpcm REG_SZ imaadp32.acm
msacm.msadpcm REG_SZ msadp32.acm
msacm.msg711 REG_SZ msg711.acm
msacm.msgsm610 REG_SZ msgsm32.acm
msacm.trspch REG_SZ tssoft32.acm
vidc.cvid REG_SZ iccvid.dll
VIDC.I420 REG_SZ msh263.drv
vidc.iv31 REG_SZ ir32_32.dll
vidc.iv32 REG_SZ ir32_32.dll
vidc.iv41 REG_SZ ir41_32.ax
VIDC.IYUV REG_SZ iyuv_32.dll
vidc.mrle REG_SZ msrle32.dll
vidc.msvc REG_SZ msvidc32.dll
VIDC.UYVY REG_SZ msyuv.dll
VIDC.YUY2 REG_SZ msyuv.dll
VIDC.YVU9 REG_SZ tsbyuv.dll
VIDC.YVYU REG_SZ msyuv.dll
wavemapper REG_SZ msacm32.drv
msacm.msg723 REG_SZ msg723.acm
vidc.M263 REG_SZ msh263.drv
vidc.M261 REG_SZ msh261.drv
msacm.msaudio1 REG_SZ msaud32.acm
msacm.sl_anet REG_SZ sl_anet.acm
msacm.iac2 REG_SZ C:\WINDOWS\system32\iac25_32.ax
vidc.iv50 REG_SZ ir50_32.dll
msacm.l3acm REG_SZ C:\WINDOWS\system32\l3codeca.acm
SENTINEL REG_SZ snti386.dll
VIDC.HFYU REG_SZ huffyuv.dll
VIDC.VIFP REG_SZ VFCodec.dll
msacm.voxacm160 REG_SZ vct3216.acm
MSVideo8 REG_SZ VfWWDM32.dll
msacm.siren REG_SZ sirenacm.dll
wave REG_SZ wdmaud.drv
midi REG_SZ wdmaud.drv
mixer REG_SZ wdmaud.drv
vidc.DIVX REG_SZ DivX.dll
vidc.yv12 REG_SZ DivX.dll
vidc.tscc REG_SZ tsccvid.dll
wave1 REG_SZ wdmaud.drv
midi1 REG_SZ wdmaud.drv
mixer1 REG_SZ wdmaud.drv
aux REG_SZ wdmaud.drv
aux2 REG_SZ wdmaud.sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\drivers32\Terminal Server
RSIT log:
Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrator at 2009-01-02 11:18:30
Microsoft Windows XP Professional Service Pack 3
System drive C: has 33 GB (42%) free of 79 GB
Total RAM: 2047 MB (76% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18, on 2009-01-02
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Rainbow Technologies\SentinelLM 7.2.0 Server\English\lservnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\Program Files\Tyan Computer Corp\Tyan System Monitor Server Agent\TSMDataEngine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Alias\Alias SketchBook Pro 1.1\AliasSketchSnap.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\hijack_this\Administrator.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alias SketchBook Snapshot.lnk = C:\Program Files\Alias\Alias SketchBook Pro 1.1\AliasSketchSnap.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} (SonyOnlineInstallerX) - http://freerealms-livetest.station.sony ... taller.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0810866375
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SentinelLM - Rainbow Technologies, Inc. - C:\Program Files\Rainbow Technologies\SentinelLM 7.2.0 Server\English\lservnt.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TSMDataEngine - Tyan Computer Corp - C:\Program Files\Tyan Computer Corp\Tyan System Monitor Server Agent\TSMDataEngine.exe
--
End of file - 9761 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-372829268-496393314-3364022493-500.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-27 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 324416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-05 652784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-27 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-27 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-11-04 7204864]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-11-17 577536]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-12-25 590848]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-27 136600]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"Google Update"=C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 133104]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd.exe [2003-08-04 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2005-11-04 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe [2005-06-02 36975]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe [2005-05-26 100056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2005-09-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Alias SketchBook Snapshot.lnk]
C:\PROGRA~1\Alias\ALIASS~1.0\ALIASS~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
C:\PROGRA~1\WinZip\WZQKPICK.EXE [2004-12-17 118784]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Alias SketchBook Snapshot.lnk - C:\Program Files\Alias\Alias SketchBook Pro 1.1\AliasSketchSnap.exe
Monitor.lnk - C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
TabUserW.exe.lnk - C:\WINDOWS\system32\Wtablet\TabUserW.exe
VPN Client.lnk - C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AceBIT\WISE-FTP\wise_ftp.exe"="C:\Program Files\AceBIT\WISE-FTP\wise_ftp.exe:*:Enabled:WISE-FTP ausfuhrbare Datei"
"C:\Program Files\Alias\DirectConnect 1.0\java\bin\java.exe"="C:\Program Files\Alias\DirectConnect 1.0\java\bin\java.exe:*:Enabled:java"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\SmartFTP\SmartFTP.exe"="C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP"
"C:\Program Files\Flash MX\Flash.exe"="C:\Program Files\Flash MX\Flash.exe:*:Disabled:Flash 6.0 r25"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Next Limit\RealFlow3\realflow.exe"="C:\Program Files\Next Limit\RealFlow3\realflow.exe:*:Enabled:realflow"
"C:\Program Files\Call of Duty\CoDMP.exe"="C:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP"
"C:\Documents and Settings\Administrator\Desktop\NDRServer.exe"="C:\Documents and Settings\Administrator\Desktop\NDRServer.exe:*:Enabled:NDRServer"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe"="C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:*:Disabled:Battlefield 2"
"C:\Program Files\Alias\Maya7.0\bin\maya.exe"="C:\Program Files\Alias\Maya7.0\bin\maya.exe:LocalSubNet:Enabled:Maya"
"C:\Program Files\Alias\Maya6.5\bin\maya.exe"="C:\Program Files\Alias\Maya6.5\bin\maya.exe:LocalSubNet:Enabled:Maya"
"C:\Program Files\mayaNetRenderServer.exe"="C:\Program Files\mayaNetRenderServer.exe:LocalSubNet:Enabled:mayaNetRenderServer"
"C:\Program Files\Alias\Maya6.5\bin\mayabatch.exe"="C:\Program Files\Alias\Maya6.5\bin\mayabatch.exe:*:Enabled:MayaBatch"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG7\avgemc.exe"="C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Next Limit\RealFlow4\realflow.exe"="C:\Program Files\Next Limit\RealFlow4\realflow.exe:*:Enabled:realflow"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Autodesk\Maya2008\bin\maya.exe"="C:\Program Files\Autodesk\Maya2008\bin\maya.exe:*:Enabled:Maya"
"C:\Program Files\Give\Project Overlord Server\POserver.exe"="C:\Program Files\Give\Project Overlord Server\POserver.exe:*:Enabled:Project Overlord Server"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe"="C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\UT2004\System\UT2004.exe"="C:\UT2004\System\UT2004.exe:*:Enabled:UT2004"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfbc9ac3-5070-11da-8650-00e0812f1ae1}]
shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d99c7751-cd1c-11db-92e9-00e0812f1ae1}]
shell\AutoRun\command - F:\Autorun.exe /run
shell\Shell00\command - F:\Autorun.exe /run
shell\Shell01\command - F:\Autorun.exe /action
shell\Shell02\command - F:\Autorun.exe /uninstall
======List of files/folders created in the last 1 months======
2009-01-02 11:18:30 ----D---- C:\rsit
2009-01-02 11:17:44 ----A---- C:\look.txt
2009-01-02 11:10:52 ----A---- C:\WINDOWS\system32\serauth2.dll
2009-01-02 11:10:52 ----A---- C:\WINDOWS\system32\serauth1.dll
2009-01-02 11:10:52 ----A---- C:\WINDOWS\system32\nsprs.dll
2009-01-01 12:33:22 ----D---- C:\bintheredunthat
2009-01-01 12:19:18 ----D---- C:\BFU
2008-12-31 18:02:33 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-31 16:06:31 ----A---- C:\mbam-log-2008-12-31 (16-06-29).txt
2008-12-31 14:11:32 ----A---- C:\WINDOWS\system32\lsprst7.dll
2008-12-31 13:54:55 ----A---- C:\WINDOWS\PSEXESVC.EXE
2008-12-31 13:52:31 ----D---- C:\ComboFix
2008-12-31 13:52:31 ----A---- C:\WINDOWS\system32\CF19194.exe
2008-12-31 13:51:33 ----A---- C:\Boot.bak
2008-12-31 13:51:25 ----D---- C:\cmdcons
2008-12-31 13:50:18 ----A---- C:\WINDOWS\zip.exe
2008-12-31 13:50:18 ----A---- C:\WINDOWS\VFIND.exe
2008-12-31 13:50:18 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-31 13:50:18 ----A---- C:\WINDOWS\SWSC.exe
2008-12-31 13:50:18 ----A---- C:\WINDOWS\SWREG.exe
2008-12-31 13:50:18 ----A---- C:\WINDOWS\sed.exe
2008-12-31 13:50:18 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-31 13:50:18 ----A---- C:\WINDOWS\grep.exe
2008-12-31 13:50:18 ----A---- C:\WINDOWS\fdsv.exe
2008-12-31 13:50:13 ----D---- C:\WINDOWS\ERDNT
2008-12-31 13:50:13 ----D---- C:\Qoobox
2008-12-31 13:36:24 ----A---- C:\mbam-log-2008-12-31 (13-36-08).txt
2008-12-31 11:19:46 ----A---- C:\WINDOWS\gmer.ini
2008-12-31 11:19:45 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-12-31 11:19:45 ----A---- C:\WINDOWS\gmer.exe
2008-12-31 11:19:45 ----A---- C:\WINDOWS\gmer.dll
2008-12-31 11:18:23 ----A---- C:\SDfixreport.txt
2008-12-31 11:08:02 ----D---- C:\Documents and Settings\Administrator\Application Data\WinRAR
2008-12-31 10:56:42 ----D---- C:\WINDOWS\ERUNT
2008-12-31 10:53:54 ----D---- C:\SDFix
2008-12-30 11:01:05 ----D---- C:\_OTMoveIt
2008-12-27 19:39:13 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-25 19:12:43 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-12-25 19:12:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-25 19:12:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-25 19:10:48 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-25 18:36:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-25 17:43:28 ----D---- C:\Program Files\jv16 PowerTools 2008
2008-12-21 23:16:03 ----D---- C:\share
2008-12-21 22:17:02 ----D---- C:\finalburner
2008-12-21 22:17:02 ----D---- C:\Documents and Settings\Administrator\Application Data\FinalBurner Video DVD
2008-12-21 22:16:34 ----D---- C:\Program Files\FinalBurner
2008-12-19 23:38:03 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-19 23:38:01 ----D---- C:\Program Files\SpywareBlaster
2008-12-19 22:42:22 ----D---- C:\WINDOWS\ie8updates
2008-12-19 19:17:23 ----HDC---- C:\WINDOWS\ie8
2008-12-19 02:24:00 ----D---- C:\Program Files\CCleaner
2008-12-18 21:41:53 ----D---- C:\hijack_this
2008-12-18 21:29:46 ----D---- C:\WINDOWS\ie7updates
2008-12-18 21:29:20 ----D---- C:\WINDOWS\WBEM
2008-12-18 21:28:59 ----HDC---- C:\WINDOWS\ie7
2008-12-18 21:28:48 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-12-18 21:28:20 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-12-18 08:33:19 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-09 22:42:44 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-09 22:42:36 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-09 22:42:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-09 22:42:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-09 22:42:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
======List of files/folders modified in the last 1 months======
2009-01-02 11:15:28 ----D---- C:\WINDOWS\Prefetch
2009-01-02 11:11:36 ----D---- C:\WINDOWS\Temp
2009-01-02 11:11:00 ----AD---- C:\WINDOWS\system32
2009-01-01 23:39:14 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-01-01 12:38:38 ----D---- C:\Program Files\pspvideo9
2008-12-31 19:59:42 ----D---- C:\WINDOWS
2008-12-31 19:59:41 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-31 17:57:26 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-31 16:10:54 ----D---- C:\WINDOWS\Debug
2008-12-31 14:03:35 ----D---- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-12-31 14:02:56 ----RHD---- C:\$VAULT$.AVG
2008-12-31 13:58:02 ----A---- C:\WINDOWS\system.ini
2008-12-31 13:56:11 ----D---- C:\WINDOWS\system32\drivers
2008-12-31 13:55:13 ----D---- C:\WINDOWS\system32\config
2008-12-31 13:53:58 ----D---- C:\WINDOWS\AppPatch
2008-12-31 13:53:58 ----D---- C:\Program Files\Common Files
2008-12-31 13:51:33 ----RASH---- C:\boot.ini
2008-12-31 13:50:14 ----SHD---- C:\System Volume Information
2008-12-31 13:50:14 ----D---- C:\WINDOWS\system32\Restore
2008-12-31 11:08:17 ----RD---- C:\Program Files
2008-12-31 10:59:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-30 22:12:53 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-30 22:07:46 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-12-30 18:21:06 ----D---- C:\Bishop_Animation
2008-12-29 23:57:19 ----D---- C:\Program Files\Mozilla Thunderbird
2008-12-29 17:41:57 ----SD---- C:\WINDOWS\Tasks
2008-12-29 14:14:51 ----SHD---- C:\WINDOWS\Installer
2008-12-28 09:48:43 ----HD---- C:\Config.Msi
2008-12-27 19:40:33 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-27 19:39:01 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-27 19:39:01 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-27 19:39:01 ----A---- C:\WINDOWS\system32\java.exe
2008-12-27 19:38:58 ----D---- C:\Program Files\Java
2008-12-27 17:13:49 ----D---- C:\WINDOWS\system32\DirectX
2008-12-27 17:13:43 ----HD---- C:\WINDOWS\msdownld.tmp
2008-12-27 17:13:42 ----HD---- C:\WINDOWS\inf
2008-12-27 17:13:30 ----D---- C:\Program Files\Sony Online Entertainment
2008-12-25 19:11:08 ----D---- C:\Program Files\Lavasoft
2008-12-25 19:11:07 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-25 19:11:07 ----D---- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-12-25 19:10:26 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-25 18:36:21 ----D---- C:\WINDOWS\Internet Logs
2008-12-25 18:15:40 ----D---- C:\Documents and Settings\Administrator\Application Data\SmartFTP
2008-12-25 18:01:51 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-25 17:50:38 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-25 16:42:29 ----D---- C:\WINDOWS\system
2008-12-25 16:42:26 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
2008-12-25 13:42:33 ----D---- C:\Projects
2008-12-25 00:54:30 ----RSD---- C:\WINDOWS\Fonts
2008-12-22 01:29:56 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-21 11:47:40 ----D---- C:\SOE
2008-12-19 22:42:21 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-19 22:42:19 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-19 19:22:17 ----D---- C:\WINDOWS\system32\en-us
2008-12-19 19:22:17 ----D---- C:\WINDOWS\Media
2008-12-19 19:22:17 ----D---- C:\WINDOWS\Help
2008-12-19 19:22:17 ----D---- C:\Program Files\Internet Explorer
2008-12-19 02:33:14 ----D---- C:\WINDOWS\Minidump
2008-12-18 21:07:05 ----D---- C:\Program Files\Mozilla Firefox
2008-12-18 21:07:04 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-12-14 05:59:44 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-10-25 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-02-20 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-02-23 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2008-12-25 10760]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2007-02-20 4960]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 IPMI_Driver;IPMI_Driver; \??\C:\WINDOWS\system32\Drivers\ipmidrv.sys []
R2 MaVctrl;MaVctrl; C:\WINDOWS\system32\DRIVERS\MaVc2K.sys [2007-01-16 11986]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 tyansmb;tyansmb; \??\C:\WINDOWS\system32\Drivers\tyansmb.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-01-25 4027456]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 E1000;Intel(R) PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2004-11-22 176128]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-01-29 16168]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-12-16 51120]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-12-16 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-12-16 21744]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-11-04 3519360]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 DS1410D;DS1410D; \??\C:\WINDOWS\system32\drivers\ds1410d.sys []
S2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2001-06-21 73728]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-01-07 404736]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CA561;ICatch (VI) PC Camera; C:\WINDOWS\System32\Drivers\SPCA561.SYS [2002-10-01 119798]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-31 85969]
S3 mamotou;mamotou; C:\WINDOWS\system32\DRIVERS\mamotou.sys [2007-02-02 49377]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 Sntnlusb;Rainbow USB SuperPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2001-06-21 20032]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2005-04-05 11512]
S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2005-04-05 173208]
S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2005-04-05 36984]
S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2005-04-05 47192]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
S3 Tcpiam12r;Tcpiam12r; C:\WINDOWS\system32\drivers\Tcpiam12r.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2007-10-25 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2007-02-20 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2008-12-25 406528]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-07-16 1524512]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-05 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-27 152984]
R2 maya70docserver;Maya 7.0 Documentation Server; C:\Program Files\Alias\Maya7.0\docs\wrapper.exe [2004-07-16 126976]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-11-04 143427]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 SentinelLM;SentinelLM; C:\Program Files\Rainbow Technologies\SentinelLM 7.2.0 Server\English\lservnt.exe [2002-04-08 675840]
R2 TabletService;TabletService; C:\WINDOWS\system32\Tablet.exe [2003-12-04 634880]
R2 TSMDataEngine;TSMDataEngine; C:\Program Files\Tyan Computer Corp\Tyan System Monitor Server Agent\TSMDataEngine.exe [2004-10-12 98304]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2005-04-29 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
-----------------EOF-----------------