Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Lots of SVChosts.exe and windows problems [RESOLVED]

Started by Ichmonji , Aug 22 2008 12:22 PM

  • This topic is locked This topic is locked

#1
Ichmonji
Posted 22 August 2008 - 12:22 PM

Ichmonji

    Member

  • Member
  • PipPip
  • 13 posts
When I installed my XP OS, I had 3 SVC hosts to begin with, but now I have 5 or more. I've been informed that this is bad. My system also keeps restarting itself (I located a hacktool in my 32, from Nirsoft, which found passwords etc, and since I deleted it, my computer has been running pretty smoothly, bar the odd restart). Also at certain times, my internet slows down to a crawl. Now this is at random intervals, so Im not too sure if this is my ISP or someone potentially connecting to my computer and doing stuff which results in my net slowing).

Heres my HijackThis logfile.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:53, on 22/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Glass2k\Glass2k.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ABIT\ABIT uGuru\OCGuru.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Glass2k] C:\Program Files\Glass2k\Glass2k.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Shortcut to OCGuru.lnk = C:\Program Files\ABIT\ABIT uGuru\OCGuru.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1187860805562
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1182428051671
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Buzzsaw_Defragmentation - SpyderComm, Inc. - C:\Program Files\MATCO\BuzzSawService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 9447 bytes



Thanks a lot for any assistance you can offer me.

Ichmonji
  • 0

Advertisements

#2
Egwene
Posted 26 August 2008 - 01:30 PM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hello Ichmonji !

Welcome to the site! :) My name's Egwene and I'll be helping clean up your computer. :) I'm currently looking over your log. I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. I'll need a bit of time to research your log fully, so please bear with me.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal - HijackThis™ Logs Go Here.
  • Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
  • When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad click on Format | Uncheck Word Wrap)
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
  • Make sure you reply to this thread using the Add Reply button: Posted Image

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.
  • 0

#3
Egwene
Posted 26 August 2008 - 03:51 PM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey Ichmonji,

No problem, you're welcome :)

I see nothing bad in your HijackThis log, but we will do a deeper scan.

Download OTViewIt to your desktop.
  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need to use two posts to get it all on the forum

Regards,
Egwene.
  • 0

#4
Ichmonji
Posted 27 August 2008 - 03:45 AM

Ichmonji

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Egwene :), heres the OTviewIT log you requested. The file you mentioned named extras didn't appear though. I hope this doesn't hinder you in any way.

Once again, thank you very much.



OTViewIt logfile created on: 27/08/2008 10:40:44 - Run 2
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\mt\Local Settings\Temporary Internet Files\Content.IE5\72EL4C2U
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 548.40 Mb Available Physical Memory | 53.58% Memory free
2.40 Gb Paging File | 1.99 Gb Available in Paging File | 82.92% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 12.81 Gb Free Space | 16.70% Space Free | Partition Type: NTFS
Drive D: | 153.38 Gb Total Space | 1.63 Gb Free Space | 1.06% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MT-3552FF02766B
Current User Name: mt
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

===== Processes - Non-Microsoft Only =====

[09/29/2007 02:56 AM | 00,483,328 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\ati2evxx.exe
[09/29/2007 02:56 AM | 00,483,328 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\ati2evxx.exe
[11/26/2006 09:43 PM | 00,327,680 | ---- | M] (SpyderComm, Inc.) - C:\Program Files\MATCO\BuzzSawService.exe
[12/21/2007 09:21 AM | 00,468,224 | ---- | M] (ESET) - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
[03/09/2005 08:50 PM | 00,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) - C:\WINDOWS\system32\libusbd-nt.exe
[06/08/2008 09:31 AM | 00,877,864 | ---- | M] (Nero AG) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
[12/19/2006 10:30 AM | 00,081,920 | ---- | M] (Prolific Technology Inc.) - C:\WINDOWS\system32\IoctlSvc.exe
[09/13/2004 09:37 PM | 01,695,827 | ---- | M] (ABIT Computer Corporation) - C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
[06/29/2005 09:09 AM | 00,032,768 | ---- | M] (ATI Technologies Inc.) - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[12/13/2003 07:43 AM | 00,056,325 | ---- | M] (Chime Softwares) - C:\Program Files\Glass2k\Glass2k.exe
[08/14/2004 01:42 AM | 00,229,376 | ---- | M] (ABIT Computer Corp.) - C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
[09/20/2004 09:27 AM | 00,065,536 | ---- | M] () - C:\Program Files\LClock\LClock.exe
[12/21/2007 09:21 AM | 01,443,072 | ---- | M] (ESET) - C:\Program Files\ESET\ESET Smart Security\egui.exe
[01/07/2006 02:36 AM | 00,081,920 | ---- | M] () - C:\Program Files\Sony\SonicStage\SSAAD.exe
[06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[04/16/2007 03:28 PM | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\SOUNDMAN.EXE
[07/13/2007 02:09 PM | 00,068,856 | ---- | M] (Google Inc.) - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[06/29/2005 09:09 AM | 00,032,768 | ---- | M] (ATI Technologies Inc.) - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[12/10/2004 11:33 PM | 02,220,032 | ---- | M] (ABIT Computer Corporation) - C:\Program Files\ABIT\ABIT uGuru\OCGuru.exe
[06/29/2005 09:09 AM | 00,032,768 | ---- | M] (ATI Technologies Inc.) - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[08/27/2008 10:38 AM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\mt\Local Settings\Temporary Internet Files\Content.IE5\72EL4C2U\OTViewIt[1].exe

===== Win32 Services - Non-Microsoft Only =====

(Adobe LM Service) Adobe LM Service [On_Demand | Stopped]
[10/15/2007 11:14 AM | 00,072,704 | ---- | M] (Adobe Systems) - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

(Ati HotKey Poller) Ati HotKey Poller [Auto | Running]
[09/29/2007 02:56 AM | 00,483,328 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\ati2evxx.exe

(ATI Smart) ATI Smart [Auto | Stopped]
[06/29/2005 05:05 AM | 00,516,096 | ---- | M] () - C:\WINDOWS\system32\ati2sgag.exe

(Buzzsaw_Defragmentation) Buzzsaw_Defragmentation [Auto | Running]
[11/26/2006 09:43 PM | 00,327,680 | ---- | M] (SpyderComm, Inc.) - C:\Program Files\MATCO\BuzzSawService.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[04/14/2008 01:12 AM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(EhttpSrv) Eset HTTP Server [On_Demand | Stopped]
[12/21/2007 09:22 AM | 00,019,200 | ---- | M] (ESET) - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

(ekrn) Eset Service [Auto | Running]
[12/21/2007 09:21 AM | 00,468,224 | ---- | M] (ESET) - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

(gusvc) Google Updater Service [On_Demand | Stopped]
[06/21/2007 01:13 PM | 00,138,168 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

(IDriverT) InstallDriver Table Manager [On_Demand | Stopped]
[11/14/2005 01:06 AM | 00,069,632 | ---- | M] (Macrovision Corporation) - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

(libusbd) LibUsb-Win32 - Daemon, Version 0.1.10.1 [Auto | Running]
[03/09/2005 08:50 PM | 00,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) - C:\WINDOWS\system32\libusbd-nt.exe

(MSCSPTISRV) MSCSPTISRV [On_Demand | Stopped]
[11/24/2005 05:03 PM | 00,053,337 | ---- | M] (Sony Corporation) - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

(Nero BackItUp Scheduler 3) Nero BackItUp Scheduler 3 [Auto | Running]
[06/08/2008 09:31 AM | 00,877,864 | ---- | M] (Nero AG) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

(NMIndexingService) NMIndexingService [On_Demand | Stopped]
[06/24/2008 04:05 PM | 00,537,896 | ---- | M] (Nero AG) - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

(PACSPTISVR) PACSPTISVR [On_Demand | Stopped]
[11/24/2005 04:57 PM | 00,053,337 | ---- | M] (Sony Corporation) - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

(PLFlash DeviceIoControl Service) PLFlash DeviceIoControl Service [Auto | Running]
[12/19/2006 10:30 AM | 00,081,920 | ---- | M] (Prolific Technology Inc.) - C:\WINDOWS\system32\IoctlSvc.exe

(ServiceLayer) ServiceLayer [On_Demand | Stopped]
[06/15/2007 05:55 PM | 00,300,544 | ---- | M] (Nokia.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

(SPTISRV) Sony SPTI Service [On_Demand | Stopped]
[11/24/2005 04:47 PM | 00,069,718 | ---- | M] (Sony Corporation) - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

(SSScsiSV) SonicStage SCSI Service [On_Demand | Stopped]
[01/06/2006 10:25 PM | 00,069,632 | ---- | M] (Sony Corporation) - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

===== Driver Services - Non-Microsoft Only =====

(ALCXWDM) Service for Realtek AC97 Audio (WDM) [On_Demand | Running]
[01/24/2008 04:36 PM | 04,127,488 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS

(AmdK8) AMD Processor Driver [System | Running]
[08/12/2004 12:30 AM | 00,039,424 | ---- | M] (Advanced Micro Devices) - C:\WINDOWS\system32\drivers\AmdK8.sys

(ati2mtag) ati2mtag [On_Demand | Running]
[09/29/2007 03:06 AM | 02,456,064 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\drivers\ati2mtag.sys

(atinrvxx) ATI WDM Rage Theater Video [On_Demand | Stopped]
[08/04/2004 02:08 AM | 00,105,984 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\drivers\atinrvxx.sys

(cvintdrv) cvintdrv [Auto | Running]
[06/10/2005 10:01 AM | 00,007,140 | ---- | M] () - C:\WINDOWS\System32\drivers\cvintdrv.sys

(dmboot) dmboot [Disabled | Stopped]
[04/13/2008 07:44 PM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) dmio [Disabled | Stopped]
[04/13/2008 07:44 PM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Disabled | Stopped]
[02/28/2006 01:00 PM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(eamon) eamon [Auto | Running]
[12/21/2007 09:19 AM | 00,039,944 | ---- | M] (ESET) - C:\WINDOWS\system32\drivers\eamon.sys

(easdrv) easdrv [System | Running]
[12/21/2007 09:20 AM | 00,030,216 | ---- | M] (ESET) - C:\WINDOWS\system32\drivers\easdrv.sys

(epfw) epfw [Auto | Running]
[12/21/2007 09:21 AM | 00,071,176 | ---- | M] (ESET) - C:\WINDOWS\system32\drivers\epfw.sys

(Epfwndis) Eset Personal Firewall [On_Demand | Running]
[12/21/2007 09:21 AM | 00,030,728 | ---- | M] (ESET) - C:\WINDOWS\system32\drivers\epfwndis.sys

(epfwtdi) epfwtdi [System | Running]
[12/21/2007 09:21 AM | 00,053,768 | ---- | M] (ESET) - C:\WINDOWS\system32\drivers\epfwtdi.sys

(GETNDIS) VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver [On_Demand | Running]
[10/21/2004 04:01 AM | 00,046,080 | ---- | M] (VIA Networking Technologies, Inc. ) - C:\WINDOWS\system32\drivers\getnd5b.sys

(ggflt) SEMC USB Flash Driver Filter [On_Demand | Stopped]
[01/05/2008 06:55 PM | 00,013,352 | ---- | M] (Sony Ericsson Mobile Communications) - C:\WINDOWS\system32\drivers\ggflt.sys

(ggsemc) SEMC USB Flash Driver [On_Demand | Stopped]
[01/05/2008 06:55 PM | 00,020,520 | ---- | M] (Sony Ericsson Mobile Communications) - C:\WINDOWS\system32\drivers\ggsemc.sys

(k750bus) Sony Ericsson 750 driver (WDM) [On_Demand | Stopped]
[03/13/2006 05:35 PM | 00,055,216 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\k750bus.sys

(k750mdfl) Sony Ericsson 750 USB WMC Modem Filter [On_Demand | Stopped]
[03/13/2006 05:35 PM | 00,006,576 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\k750mdfl.sys

(k750mdm) Sony Ericsson 750 USB WMC Modem Drivers [On_Demand | Stopped]
[03/13/2006 05:35 PM | 00,089,872 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\k750mdm.sys

(k750mgmt) Sony Ericsson 750 USB WMC Device Management Drivers [On_Demand | Stopped]
[03/13/2006 05:35 PM | 00,081,728 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\k750mgmt.sys

(k750obex) Sony Ericsson 750 USB WMC OBEX Interface Drivers [On_Demand | Stopped]
[03/13/2006 05:35 PM | 00,079,488 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\k750obex.sys

(libusb0) LibUsb-Win32 - Kernel Driver, Version 0.1.10.1 [On_Demand | Running]
[03/09/2005 08:50 PM | 00,033,792 | ---- | M] () - C:\WINDOWS\system32\drivers\libusb0.sys

(mcdbus) Driver for MagicISO SCSI Host Controller [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\DRIVERS\mcdbus.sys

(Memctl) Memctl [On_Demand | Stopped]
[11/29/2001 12:49 PM | 00,004,047 | ---- | M] () - C:\Program Files\ABIT\ABIT uGuru\MEMCTL.SYS

(MVDCODEC) ATI WDM Specialized MVD Codec [On_Demand | Stopped]
[08/04/2004 02:08 AM | 00,013,824 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\drivers\atinmdxx.sys

(nidsark) nidsark [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\drivers\nidsark.dll

(nmwcd) Nokia USB Phone Parent [On_Demand | Stopped]
[02/22/2007 12:15 PM | 00,137,216 | ---- | M] (Nokia) - C:\WINDOWS\system32\drivers\nmwcd.sys

(nmwcdc) Nokia USB Generic [On_Demand | Stopped]
[02/22/2007 12:15 PM | 00,008,320 | ---- | M] (Nokia) - C:\WINDOWS\system32\drivers\nmwcdc.sys

(nmwcdcj) Nokia USB Port [On_Demand | Stopped]
[02/22/2007 12:15 PM | 00,012,288 | ---- | M] (Nokia) - C:\WINDOWS\system32\drivers\nmwcdcj.sys

(nmwcdcm) Nokia USB Modem [On_Demand | Stopped]
[02/22/2007 12:15 PM | 00,012,288 | ---- | M] (Nokia) - C:\WINDOWS\system32\drivers\nmwcdcm.sys

(NTSIM) NTSIM [On_Demand | Stopped]
[07/16/2003 05:10 PM | 00,007,040 | R--- | M] (VIA Networking Technologies, Inc. ) - C:\WINDOWS\system32\ntsim.sys

(ovt519) EyeToy [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\Drivers\ov519vid.sys

(Pcouffin) Low level access layer for CD devices [On_Demand | Running]
[10/27/2007 03:27 PM | 00,047,360 | ---- | M] (VSO Software) - C:\WINDOWS\system32\drivers\Pcouffin.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[02/28/2006 01:00 PM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[03/08/2007 12:51 AM | 00,043,528 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\PxHelp20.sys

(SASENUM) SASENUM [On_Demand | Running]
[02/16/2006 04:51 PM | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

(SASKUTIL) SASKUTIL [System | Running]
[02/27/2007 11:39 AM | 00,032,256 | ---- | M] () - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

(SCDEmu) SCDEmu [System | Running]
[04/09/2007 01:27 PM | 00,031,548 | ---- | M] (PowerISO Computing, Inc.) - C:\WINDOWS\System32\drivers\scdemu.sys

(scrcap) scrcap [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\DRIVERS\scrcap.sys

(SE27bus) Sony Ericsson Device 039 Driver driver (WDM) [On_Demand | Stopped]
[09/18/2006 02:58 PM | 00,061,600 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE27bus.sys

(SE27mdfl) Sony Ericsson Device 039 USB WMC Modem Filter [On_Demand | Stopped]
[09/18/2006 02:58 PM | 00,009,360 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE27mdfl.sys

(SE27mdm) Sony Ericsson Device 039 USB WMC Modem Driver [On_Demand | Stopped]
[09/18/2006 02:58 PM | 00,097,184 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE27mdm.sys

(SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) [On_Demand | Stopped]
[09/18/2006 02:58 PM | 00,088,688 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE27mgmt.sys

(se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) [On_Demand | Stopped]
[09/18/2006 02:59 PM | 00,018,704 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se27nd5.sys

(SE27obex) Sony Ericsson Device 039 USB WMC OBEX Interface [On_Demand | Stopped]
[09/18/2006 02:59 PM | 00,086,560 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\SE27obex.sys

(se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) [On_Demand | Stopped]
[09/18/2006 02:59 PM | 00,090,800 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se27unic.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[11/13/2007 11:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(sptd) sptd [Boot | Running]
[05/30/2007 05:49 PM | 00,682,232 | ---- | M] () - C:\WINDOWS\system32\drivers\sptd.sys

(SQTECH905C) DualCamera [On_Demand | Stopped]
[07/13/2005 11:08 AM | 00,033,890 | ---- | M] (Service & Quality Technology.) - C:\WINDOWS\system32\drivers\Capt905c.sys

(uGuru) uGuru [Boot | Running]
[08/04/2004 09:56 PM | 00,010,752 | ---- | M] (ABIT Computer Corporation) - C:\WINDOWS\system32\drivers\uGuru.SYS

(vaxscsi) vaxscsi [On_Demand | Stopped]
[06/03/2008 12:23 PM | 00,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) - C:\WINDOWS\system32\drivers\vaxscsi.sys

(vulfnths) VIA USB Host Controller Lower Filter [On_Demand | Running]
[08/04/2003 08:29 AM | 00,006,912 | ---- | M] (VIA Technologies, Inc.) - C:\WINDOWS\system32\drivers\vulfnth.sys

(vulfntrs) VIA USB Roothub Lower Filter [On_Demand | Running]
[08/04/2003 08:29 AM | 00,011,392 | ---- | M] (VIA Technologies, Inc.) - C:\WINDOWS\system32\drivers\vulfntr.sys

(w810bus) Sony Ericsson W810 Driver driver (WDM) [On_Demand | Stopped]
[02/20/2006 05:59 PM | 00,058,288 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\w810bus.sys

(w810mdfl) Sony Ericsson W810 USB WMC Modem Filter [On_Demand | Stopped]
[02/20/2006 05:59 PM | 00,008,336 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\w810mdfl.sys

(w810mdm) Sony Ericsson W810 USB WMC Modem Driver [On_Demand | Stopped]
[02/20/2006 05:59 PM | 00,094,064 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\w810mdm.sys

(Winflash) Winflash [On_Demand | Stopped]
[09/17/2002 08:55 PM | 00,003,548 | ---- | M] () - C:\Program Files\ABIT\ABIT uGuru\WinFlash.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ABIT uGuru" = C:\Program Files\ABIT\ABIT uGuru\uGuru.exe [09/13/2004 09:37 PM | 01,695,827 | ---- | M] (ABIT Computer Corporation)
"ATICCC" = "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime [06/29/2005 09:09 AM | 00,032,768 | ---- | M] (ATI Technologies Inc.)
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [06/29/2005 05:05 AM | 00,344,064 | ---- | M] (ATI Technologies, Inc.)
"egui" = "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [12/21/2007 09:21 AM | 01,443,072 | ---- | M] (ESET)
"Glass2k" = C:\Program Files\Glass2k\Glass2k.exe [12/13/2003 07:43 AM | 00,056,325 | ---- | M] (Chime Softwares)
"LClock" = C:\Program Files\LClock\LClock.exe [09/20/2004 09:27 AM | 00,065,536 | ---- | M] ()
"NBKeyScan" = "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [06/08/2008 09:31 AM | 02,221,352 | ---- | M] (Nero AG)
"NeroFilterCheck" = C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [06/19/2008 09:53 AM | 00,570,664 | ---- | M] (Nero AG)
"SoundMan" = SOUNDMAN.EXE [04/16/2007 03:28 PM | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.)
"SsAAD.exe" = C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [01/07/2006 02:36 AM | 00,081,920 | ---- | M] ()
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitComet" = "C:\Program Files\BitLord\BitLord.exe" [05/07/2005 01:47 AM | 02,224,128 | ---- | M] (www.BitLord.com)
"DriverMax" = "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent [07/25/2008 11:58 AM | 05,057,368 | ---- | M] (Innovative Solutions)
"PeerGuardian" = C:\Program Files\PeerGuardian2\pg2.exe [09/18/2005 06:40 PM | 01,421,824 | ---- | M] (Methlabs)
"SUPERAntiSpyware" = C:\DOCUME~1\mt\LOCALS~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware File not found
"swg" = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [07/13/2007 02:09 PM | 00,068,856 | ---- | M] (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync" = C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [06/19/2007 11:17 AM | 01,241,088 | ---- | M] (Time Information Services Ltd.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync" = C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [06/19/2007 11:17 AM | 01,241,088 | ---- | M] (Time Information Services Ltd.)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-21-854245398-1326574676-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitComet" = "C:\Program Files\BitLord\BitLord.exe" [05/07/2005 01:47 AM | 02,224,128 | ---- | M] (www.BitLord.com)
"DriverMax" = "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent [07/25/2008 11:58 AM | 05,057,368 | ---- | M] (Innovative Solutions)
"PeerGuardian" = C:\Program Files\PeerGuardian2\pg2.exe [09/18/2005 06:40 PM | 01,421,824 | ---- | M] (Methlabs)
"SUPERAntiSpyware" = C:\DOCUME~1\mt\LOCALS~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware File not found
"swg" = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [07/13/2007 02:09 PM | 00,068,856 | ---- | M] (Google Inc.)

[HKEY_USERS\S-1-5-21-854245398-1326574676-725345543-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[Administrator Startup Folder - C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[06/29/2005 09:09 AM | 00,032,768 | ---- | M] (ATI Technologies Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

[dad Startup Folder - C:\Documents and Settings\dad\Start Menu\Programs\Startup]

[Darren Startup Folder - C:\Documents and Settings\Darren\Start Menu\Programs\Startup]

[Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup]

[mt Startup Folder - C:\Documents and Settings\mt\Start Menu\Programs\Startup]
[12/10/2004 11:33 PM | 02,220,032 | ---- | M] (ABIT Computer Corporation) - C:\Documents and Settings\mt\Start Menu\Programs\Startup\Shortcut to OCGuru.lnk = C:\Program Files\ABIT\ABIT uGuru\OCGuru.exe

[Primary Startup Folder - C:\Documents and Settings\Primary\Start Menu\Programs\Startup]

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [10/22/2006 11:08 PM | 00,062,080 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
HKLM CLSID: (Google Toolbar Helper) - [06/21/2007 01:13 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar2.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
HKLM CLSID: (Google Toolbar Notifier BHO) - [04/11/2008 12:46 PM | 00,734,704 | ---- | M] (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [06/21/2007 01:13 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [06/21/2007 01:13 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar2.dll

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_USERS\S-1-5-21-854245398-1326574676-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [06/21/2007 01:13 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar2.dll

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-21-854245398-1326574676-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-21-854245398-1326574676-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools" = 0

===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/14/2008 01:12 AM | 00,141,312 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 07:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe [01/19/2007 08:54 PM | 05,674,352 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe [01/05/2007 12:10 AM | 00,297,752 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/14/2008 01:12 AM | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe [06/18/2008 07:46 PM | 00,147,456 | ---- | M] (Lime Wire, LLC)
"C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe" = C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe [04/14/2008 01:12 AM | 01,695,232 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe File not found
"C:\Program Files\dads Limewire\LimeWire.exe" = C:\Program Files\dads Limewire\LimeWire.exe File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 07:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe [05/07/2005 01:47 AM | 02,224,128 | ---- | M] (www.BitLord.com)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe [01/19/2007 08:54 PM | 05,674,352 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe [01/05/2007 12:10 AM | 00,297,752 | ---- | M] (Microsoft Corporation)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [04/14/2008 01:12 AM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [04/14/2008 01:12 AM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"vistaui.exe" - [08/30/2006 02:24 PM | 05,214,208 | ---- | M] () C:\WINDOWS\system32\vistaui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/14/2008 01:12 AM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [04/14/2008 01:12 AM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DllName" = C:\WINDOWS\system32\ati2evxx.dll [09/29/2007 02:57 AM | 00,122,880 | ---- | M] (ATI Technologies Inc.)

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^mt^My Documents^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"backup" = C:\WINDOWS\pss\Adobe Gamma.lnk File not found
"location" = Startup
"command" = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [03/16/2005 07:16 PM | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
"item" = Adobe Gamma

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeUpdater]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = AdobeUpdater
"hkey" = HKCU
"command" = C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [03/01/2007 10:37 AM | 02,321,600 | R--- | M] (Adobe Systems Incorporated)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = msnmsgr
"hkey" = HKCU
"command" = C:\Program Files\MSN Messenger\msnmsgr.exe [01/19/2007 08:54 PM | 05,674,352 | ---- | M] (Microsoft Corporation)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SsAAD.exe]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = SsAAD
"hkey" = HKLM
"command" = C:\Program Files\Sony\SonicStage\SSAAD.exe [01/07/2006 02:36 AM | 00,081,920 | ---- | M] ()
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = GoogleToolbarNotifier
"hkey" = HKCU
"command" = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [07/13/2007 02:09 PM | 00,068,856 | ---- | M] (Google Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 0
"startup" = 2

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{35808D2B-239E-4BA7-AC19-69369085FD80}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{BF85ED89-4ECD-48C8-8859-370E7A7761A5}]
Servers: | Description: 1394 Net Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{C4E1D3EC-D2DC-4564-A149-6DE19DF96B6A}]
Servers: | Description: VIA Networking Velocity Family Giga-bit Ethernet Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{D4B689A6-0670-4301-815B-C2C450B60AA8}]
Servers: | Description: Sony Ericsson Device 039 USB Ethernet Emulation (NDIS 5)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{FCB33E6C-8D1F-4D44-870C-7F02060A8B35}]
Servers: | Description: Sony Ericsson Device 039 USB Ethernet Emulation (NDIS 5)

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

AUTOEXEC.BAT []
[05/20/2007 07:21 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{093199f6-3ad1-11dc-8353-00508dd767ad}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{093199f6-3ad1-11dc-8353-00508dd767ad}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 01:12 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{093199f6-3ad1-11dc-8353-00508dd767ad}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{093199f7-3ad1-11dc-8353-00508dd767ad}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{093199f7-3ad1-11dc-8353-00508dd767ad}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 01:12 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{093199f7-3ad1-11dc-8353-00508dd767ad}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3342c23e-5c72-11dc-839e-00508dd767ad}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3342c23e-5c72-11dc-839e-00508dd767ad}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 01:12 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3342c23e-5c72-11dc-839e-00508dd767ad}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f2d625e-350a-11dc-834f-00508dd767ad}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f2d625e-350a-11dc-834f-00508dd767ad}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 01:12 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f2d625e-350a-11dc-834f-00508dd767ad}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5319a7df-bf51-11dc-84a0-00508dd767ad}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5319a7df-bf51-11dc-84a0-00508dd767ad}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 01:12 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5319a7df-bf51-11dc-84a0-00508dd767ad}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59b8fb48-309c-11dd-85c7-00508dd767ad}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59b8fb48-309c-11dd-85c7-00508dd767ad}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 01:12 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59b8fb48-309c-11dd-85c7-00508dd767ad}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ec72e8d-1a4c-11dc-8336-00508dd767ad}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ec72e8d-1a4c-11dc-8336-00508dd767ad}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 01:12 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ec72e8d-1a4c-11dc-8336-00508dd767ad}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1358644-7db2-11dc-840f-00508dd767ad}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1358644-7db2-11dc-840f-00508dd767ad}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 01:12 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1358644-7db2-11dc-840f-00508dd767ad}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1cfc10e-2578-11dd-85ae-00508dd767ad}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1cfc10e-2578-11dd-85ae-00508dd767ad}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 01:12 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1cfc10e-2578-11dd-85ae-00508dd767ad}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb3222ba-4bdf-11dc-8375-00508dd767ad}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb3222ba-4bdf-11dc-8375-00508dd767ad}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 01:12 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb3222ba-4bdf-11dc-8375-00508dd767ad}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9d0ae5b-b2f1-11dc-8483-00508dd767ad}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9d0ae5b-b2f1-11dc-8483-00508dd767ad}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 01:12 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9d0ae5b-b2f1-11dc-8483-00508dd767ad}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9d0ae5c-b2f1-11dc-8483-00508dd767ad}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9d0ae5c-b2f1-11dc-8483-00508dd767ad}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 01:12 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9d0ae5c-b2f1-11dc-8483-00508dd767ad}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d77d82b3-9dc4-11dc-8457-00508dd767ad}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d77d82b3-9dc4-11dc-8457-00508dd767ad}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 01:12 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d77d82b3-9dc4-11dc-8457-00508dd767ad}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d77d82b4-9dc4-11dc-8457-00508dd767ad}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d77d82b4-9dc4-11dc-8457-00508dd767ad}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 01:12 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d77d82b4-9dc4-11dc-8457-00508dd767ad}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ecdc6c90-5dfd-11dc-83a4-00508dd767ad}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ecdc6c90-5dfd-11dc-83a4-00508dd767ad}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 01:12 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ecdc6c90-5dfd-11dc-83a4-00508dd767ad}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

===== Hosts File =====

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



[Files/Folders - Created Within 90 days]
[06/04/2008 08:20 AM | ---D | C] - C:\Game Recordings
[07/04/2008 03:43 PM | RH-D | C] - C:\MSOCache
[07/16/2008 04:06 PM | 00,002,048 | ---- | C] () - C:\ntldr.srm
[08/06/2008 12:50 PM | ---D | C] - C:\TempDVD
[08/26/2008 03:50 PM | ---D | C] - C:\[PSX] Castlevania.Symphony.Of.The.Night.NTSC.US
[03/09/2005 08:50 PM | 00,033,792 | ---- | C] () - C:\WINDOWS\System32\drivers\libusb0.sys
[04/13/2008 05:36 PM | 00,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) - C:\WINDOWS\System32\drivers\hdaudbus.sys
[04/13/2008 07:36 PM | 00,040,960 | ---- | C] (Silicon Integrated Systems Corporation) - C:\WINDOWS\System32\drivers\sisagp.sys
[04/13/2008 07:36 PM | 00,043,008 | ---- | C] (Advanced Micro Devices, Inc.) - C:\WINDOWS\System32\drivers\amdagp.sys
[04/14/2008 01:11 AM | 00,003,135 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv08nt5.dll
[04/14/2008 01:11 AM | 00,003,615 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv05nt5.dll
[04/14/2008 01:11 AM | 00,003,647 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv07nt5.dll
[04/14/2008 01:11 AM | 00,003,711 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv09nt5.dll
[04/14/2008 01:11 AM | 00,003,775 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv11nt5.dll
[04/14/2008 01:11 AM | 00,003,967 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv02nt5.dll
[04/14/2008 01:11 AM | 00,004,255 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv01nt5.dll
[04/14/2008 01:11 AM | 00,011,359 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv02nt5.dll
[04/14/2008 01:11 AM | 00,014,143 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv06nt5.dll
[04/14/2008 01:11 AM | 00,015,423 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[04/14/2008 01:11 AM | 00,017,279 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv10nt5.dll
[04/14/2008 01:11 AM | 00,021,183 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv01nt5.dll
[04/14/2008 01:11 AM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv04nt5.dll
[04/14/2008 01:12 AM | 00,003,901 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\siint5.dll
[04/14/2008 01:12 AM | 00,011,325 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\vchnt5.dll
[06/03/2008 12:23 PM | 00,223,128 | ---- | C] (Alcohol Soft Co., Ltd.) - C:\WINDOWS\System32\drivers\vaxscsi.sys
[06/08/2008 09:37 AM | 00,011,304 | ---- | C] (Ahead Software AG) - C:\WINDOWS\System32\drivers\imagedrv.sys
[06/08/2008 09:37 AM | 00,132,904 | ---- | C] (Ahead Software AG) - C:\WINDOWS\System32\drivers\imagesrv.sys
[07/17/2004 10:55 PM | 00,129,045 | ---- | C] () - C:\WINDOWS\System32\drivers\cxthsfs2.cty
[07/17/2004 11:35 AM | 00,067,866 | ---- | C] () - C:\WINDOWS\System32\drivers\netwlan5.img
[08/03/2004 10:29 PM | 00,011,295 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv08nt.sys
[08/03/2004 10:29 PM | 00,011,615 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1mdxx.sys
[08/03/2004 10:29 PM | 00,011,807 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv07nt.sys
[08/03/2004 10:29 PM | 00,011,871 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv09nt.sys
[08/03/2004 10:29 PM | 00,011,935 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv11nt.sys
[08/03/2004 10:29 PM | 00,012,047 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1pdxx.sys
[08/03/2004 10:29 PM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinttxx.sys
[08/03/2004 10:29 PM | 00,014,336 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinpdxx.sys
[08/03/2004 10:29 PM | 00,021,343 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1ttxx.sys
[08/03/2004 10:29 PM | 00,022,271 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv06nt.sys
[08/03/2004 10:29 PM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv10nt.sys
[08/03/2004 10:29 PM | 00,026,367 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1snxx.sys
[08/03/2004 10:29 PM | 00,028,672 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinsnxx.sys
[08/03/2004 10:29 PM | 00,029,455 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xbxx.sys
[08/03/2004 10:29 PM | 00,030,671 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1raxx.sys
[08/03/2004 10:29 PM | 00,031,744 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxbxx.sys
[08/03/2004 10:29 PM | 00,034,735 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xsxx.sys
[08/03/2004 10:29 PM | 00,036,463 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1tuxx.sys
[08/03/2004 10:29 PM | 00,052,224 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinraxx.sys
[08/03/2004 10:29 PM | 00,056,623 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1btxx.sys
[08/03/2004 10:29 PM | 00,057,856 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinbtxx.sys
[08/03/2004 10:29 PM | 00,063,488 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxsxx.sys
[08/03/2004 10:29 PM | 00,063,663 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1rvxx.sys
[08/03/2004 10:29 PM | 00,073,216 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atintuxx.sys
[08/03/2004 10:29 PM | 00,166,912 | ---- | C] (S3 Graphics, Inc.) - C:\WINDOWS\System32\drivers\s3gnbm.sys
[08/03/2004 10:29 PM | 00,327,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati2mtaa.sys
[08/03/2004 10:29 PM | 00,452,736 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\drivers\mtxparhm.sys
[08/03/2004 10:29 PM | 01,897,408 | ---- | C] (NVIDIA Corporation) - C:\WINDOWS\System32\drivers\nv4_mini.sys
[08/03/2004 10:41 PM | 00,011,868 | ---- | C] (Conexant) - C:\WINDOWS\System32\drivers\mdmxsdk.sys
[08/03/2004 10:41 PM | 00,013,240 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slwdmsup.sys
[08/03/2004 10:41 PM | 00,013,776 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\recagent.sys
[08/03/2004 10:41 PM | 00,095,424 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnthal.sys
[08/03/2004 10:41 PM | 00,126,686 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlmnt5.sys
[08/03/2004 10:41 PM | 00,129,535 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnt7554.sys
[08/03/2004 10:41 PM | 00,180,360 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\ntmtlfax.sys
[08/03/2004 10:41 PM | 00,220,032 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfbs2s2.sys
[08/03/2004 10:41 PM | 00,404,990 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slntamr.sys
[08/03/2004 10:41 PM | 00,685,056 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfcxts
  • 0

#5
Ichmonji
Posted 27 August 2008 - 03:52 AM

Ichmonji

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
[08/03/2004 10:41 PM | 01,041,536 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfdpsp2.sys
[08/03/2004 10:41 PM | 01,309,184 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlstrm.sys
[01/11/2002 04:05 AM | 00,065,536 | ---- | C] (SEIKO EPSON CORPORATION) - C:\WINDOWS\System32\EEBUtil.dll
[01/29/2002 01:33 PM | 00,065,536 | ---- | C] () - C:\WINDOWS\System32\EBAPI.dll
[02/19/2003 02:04 AM | 00,072,825 | ---- | C] (SEIKO EPSON CORPORATION) - C:\WINDOWS\System32\EBPMON24.DLL
[02/26/2005 06:34 AM | 00,442,368 | R--- | C] (On2.com) - C:\WINDOWS\System32\vp6vfw.dll
[02/28/2008 01:01 PM | 00,774,144 | ---- | C] () - C:\WINDOWS\System32\NEROINSTAEC43759.DB
[02/28/2008 01:26 PM | 01,414,440 | ---- | C] (Nero AG) - C:\WINDOWS\System32\ShellManager310E2D762.dll
[03/09/2005 08:50 PM | 00,018,944 | ---- | C] (http://libusb-win32.sourceforge.net) - C:\WINDOWS\System32\libusbd-nt.exe
[03/09/2005 08:50 PM | 00,019,456 | ---- | C] (http://libusb-win32.sourceforge.net) - C:\WINDOWS\System32\libusbd-9x.exe
[03/09/2005 08:50 PM | 00,046,592 | ---- | C] (http://libusb-win32.sourceforge.net) - C:\WINDOWS\System32\libusb0.dll
[04/10/2003 06:40 AM | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) - C:\WINDOWS\System32\E_DCINST.DLL
[04/14/2008 01:11 AM | 00,032,285 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\hsfcisp2.dll
[04/14/2008 01:11 AM | 00,086,016 | ---- | C] (Conexant) - C:\WINDOWS\System32\mdmxsdk.dll
[04/14/2008 01:11 AM | 00,377,984 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ati2dvaa.dll
[04/14/2008 01:11 AM | 00,870,784 | ---- | C] (ATI Technologies Inc. ) - C:\WINDOWS\System32\ati3d1ag.dll
[04/14/2008 01:12 AM | 00,009,728 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativdaxx.ax
[04/14/2008 01:12 AM | 00,032,866 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slrundll.exe
[04/14/2008 01:12 AM | 00,073,796 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slserv.exe
[04/14/2008 01:12 AM | 00,073,832 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slcoinst.dll
[04/14/2008 01:12 AM | 00,188,508 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slgen.dll
[04/14/2008 01:12 AM | 00,286,792 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slextspk.dll
[04/14/2008 01:12 AM | 00,397,056 | ---- | C] (S3 Graphics, Inc.) - C:\WINDOWS\System32\s3gnb.dll
[04/14/2008 01:12 AM | 01,737,856 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\mtxparhd.dll
[04/14/2008 01:12 AM | 04,274,816 | ---- | C] (NVIDIA Corporation) - C:\WINDOWS\System32\nv4_disp.dll
[06/04/2008 09:34 AM | ---D | C] - C:\WINDOWS\System32\bits
[06/04/2008 09:34 AM | ---D | C] - C:\WINDOWS\System32\en
[06/04/2008 09:34 AM | ---D | C] - C:\WINDOWS\System32\scripting
[06/06/2008 02:54 PM | 00,095,600 | ---- | C] (Ahead Software AG
im Stoeckmaedle 18
76307 Karlsbad, Germany
Fax: ++49-7248-911-888
e-mail: [email protected]) - C:\WINDOWS\System32\NeroCo.dll
[06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[06/10/2008 02:32 AM | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[07/24/2008 12:23 PM | 00,012,067 | ---- | C] () - C:\WINDOWS\System32\SIntf16.dll
[07/24/2008 12:23 PM | 00,017,212 | ---- | C] () - C:\WINDOWS\System32\SIntf32.dll
[07/24/2008 12:23 PM | 00,021,840 | ---- | C] () - C:\WINDOWS\System32\SIntfNT.dll
[07/31/2008 10:51 AM | 00,057,060 | -H-- | C] () - C:\WINDOWS\System32\mlfcache.dat
[08/21/2001 01:00 AM | 00,054,272 | ---- | C] (SEIKO EPSON CORPORATION) - C:\WINDOWS\System32\EEBSDKIF.dll
[09/04/2001 03:04 AM | 00,000,182 | ---- | C] () - C:\WINDOWS\System32\EBPPORT4.DAT
[09/17/2007 09:48 AM | 00,001,261 | ---- | C] () - C:\WINDOWS\System32\pid.inf
[10/23/2002 01:00 AM | 00,131,072 | ---- | C] (SEIKO EPSON CORPORATION) - C:\WINDOWS\System32\Epcmlib.dll
[11/14/2002 11:43 AM | 00,102,400 | ---- | C] () - C:\WINDOWS\System32\EEBDSCVR.dll
[11/14/2002 11:43 AM | 00,122,880 | ---- | C] () - C:\WINDOWS\System32\EEBAPI.dll
[04/14/2008 01:12 AM | 00,032,866 | ---- | C] (Smart Link) - C:\WINDOWS\slrundll.exe
[06/03/2008 01:59 PM | ---D | C] - C:\WINDOWS\Performance
[06/04/2008 02:34 PM | 00,000,000 | ---- | C] () - C:\WINDOWS\ativpsrm.bin
[06/04/2008 08:30 AM | 00,000,000 | ---- | C] () - C:\WINDOWS\Irremote.ini
[06/04/2008 09:25 AM | ---D | C] - C:\WINDOWS\EHome
[06/04/2008 09:27 AM | -H-D | C] - C:\WINDOWS\$NtServicePackUninstall$
[06/04/2008 09:31 AM | ---D | C] - C:\WINDOWS\ServicePackFiles
[06/04/2008 09:34 AM | ---D | C] - C:\WINDOWS\l2schemas
[06/06/2008 02:54 PM | 00,972,072 | ---- | C] (Nero AG) - C:\WINDOWS\UNRecode.exe
[06/13/2008 07:50 PM | 00,000,026 | ---- | C] () - C:\WINDOWS\dvdSanta.INI
[06/24/2008 04:06 PM | 00,972,072 | ---- | C] (Nero AG) - C:\WINDOWS\UNNeroMediaHome.exe
[07/04/2008 03:17 PM | 00,000,025 | ---- | C] () - C:\WINDOWS\CDEC84Euro.ini
[07/04/2008 03:49 PM | ---D | C] - C:\WINDOWS\SHELLNEW
[07/04/2008 03:50 PM | 00,000,376 | ---- | C] () - C:\WINDOWS\ODBC.INI
[08/09/2008 05:17 PM | 00,000,069 | ---- | C] () - C:\WINDOWS\NeroDigital.ini
[08/27/2008 10:38 AM | ---D | C] - C:\WINDOWS\Prefetch
[06/18/2008 11:32 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
[06/22/2008 10:21 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Laconic Software
[08/08/2008 03:28 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Nero
[08/26/2008 03:21 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[06/03/2008 12:50 PM | ---D | C] - C:\Documents and Settings\mt\Application Data\Nero
[08/26/2008 03:21 PM | ---D | C] - C:\Documents and Settings\mt\Application Data\SUPERAntiSpyware.com
[07/07/2008 12:52 PM | ---D | C] - C:\Documents and Settings\mt\Local Settings\Application Data\Innovative Solutions
[08/11/2008 08:06 PM | ---D | C] - C:\Documents and Settings\mt\Local Settings\Application Data\Deployment
[08/18/2008 03:43 PM | ---D | C] - C:\Documents and Settings\All Users\Documents\EA Games
[01/02/2007 04:07 PM | 00,196,150 | R--- | C] () - C:\Documents and Settings\mt\My Documents\Image029.jpg
[07/29/2008 02:18 PM | 00,003,218 | ---- | C] () - C:\Documents and Settings\mt\My Documents\hhhhh.html
[07/30/2008 11:21 AM | ---D | C] - C:\Documents and Settings\mt\My Documents\My Drivers
[08/18/2008 02:38 PM | ---D | C] - C:\Documents and Settings\mt\My Documents\EA Games
[08/24/2008 01:34 PM | 00,002,477 | ---- | C] () - C:\Documents and Settings\mt\My Documents\[1546]Contra_4__U__complete_save.zip
[06/30/2008 01:07 PM | 00,000,870 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Microsoft Baseline Security Analyzer 2.1.lnk
[06/30/2008 05:21 PM | 00,000,738 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[07/15/2008 12:14 PM | 00,000,851 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Get OpenOffice.org.lnk
[07/25/2008 02:01 PM | 00,000,823 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Dungeon Keeper 2.lnk
[07/31/2008 12:26 PM | 00,000,761 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Darkness Within.lnk
[08/18/2008 02:39 PM | 00,001,740 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\The Sims 2.lnk
[08/18/2008 02:44 PM | 00,001,889 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\The Sims™ 2 Bon Voyage.lnk
[08/18/2008 02:48 PM | 00,001,936 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\The Sims™ 2 Celebration! Stuff.lnk
[08/18/2008 02:51 PM | 00,001,918 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\The Sims 2 Family Fun Stuff.lnk
[08/18/2008 12:05 PM | 00,001,602 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[08/26/2008 03:21 PM | 00,000,780 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[05/28/2008 09:52 AM | 03,522,600 | ---- | C] (Sysinternals - www.sysinternals.com) - C:\Documents and Settings\mt\Desktop\procexp.exe
[06/02/2008 05:05 PM | 00,000,773 | ---- | C] () - C:\Documents and Settings\mt\Desktop\Shortcut to mountblade_fullversion.lnk
[06/05/2008 03:23 PM | 00,142,921 | ---- | C] () - C:\Documents and Settings\mt\Desktop\UO0168.jpg
[06/05/2008 04:11 PM | 00,101,692 | ---- | C] () - C:\Documents and Settings\mt\Desktop\maxy pissed at irish centre.jpg
[06/12/2008 01:59 PM | 19,414,7592 | ---- | C] (Nero AG) - C:\Documents and Settings\mt\Desktop\Nero-8.3.2.1b_eng_trial.exe
[06/18/2008 10:40 AM | 79,846,3305 | ---- | C] (Macrovision Corporation) - C:\Documents and Settings\mt\Desktop\UOML_setup.exe
[06/18/2008 11:09 AM | 01,154,547 | ---- | C] () - C:\Documents and Settings\mt\Desktop\nl97.zip
[06/19/2008 03:02 PM | 00,000,656 | ---- | C] () - C:\Documents and Settings\mt\Desktop\Razor.lnk
[06/23/2008 02:26 PM | 00,001,580 | ---- | C] () - C:\Documents and Settings\mt\Desktop\LimeWire 4.18.3.lnk
[06/25/2008 01:52 PM | 00,000,266 | ---- | C] () - C:\Documents and Settings\mt\Desktop\The Definitive List of Shock Sites and Media The Dogmatist.url
[06/25/2008 10:17 AM | ---D | C] - C:\Documents and Settings\mt\Desktop\Teenage whores
[07/07/2008 01:17 PM | 01,234,477 | ---- | C] () - C:\Documents and Settings\mt\Desktop\wrar38b2.exe
[07/07/2008 01:19 PM | ---D | C] - C:\Documents and Settings\mt\Desktop\Registry Mechanic 6.0.0.750 with serial
[07/07/2008 01:24 PM | 02,919,360 | ---- | C] (Piriform Ltd) - C:\Documents and Settings\mt\Desktop\ccsetup209.exe
[07/14/2008 04:12 PM | ---D | C] - C:\Documents and Settings\mt\Desktop\Pure fanny fondeling
[07/14/2008 05:15 PM | ---D | C] - C:\Documents and Settings\mt\Desktop\18 year old pussy
[07/14/2008 05:24 PM | ---D | C] - C:\Documents and Settings\mt\Desktop\Teens like it big
[07/15/2008 01:53 PM | ---D | C] - C:\Documents and Settings\mt\Desktop\our little secret
[07/15/2008 08:36 PM | ---D | C] - C:\Documents and Settings\mt\Desktop\Big naturals 6
[07/16/2008 04:47 PM | 00,001,734 | ---- | C] () - C:\Documents and Settings\mt\Desktop\HijackThis.lnk
[07/17/2008 10:12 AM | 00,010,752 | ---- | C] () - C:\Documents and Settings\mt\Desktop\New Microsoft Word Document.doc
[07/19/2008 01:29 PM | 00,527,200 | ---- | C] () - C:\Documents and Settings\mt\Desktop\documents.pdf
[07/21/2008 05:21 PM | 00,884,167 | ---- | C] () - C:\Documents and Settings\mt\Desktop\Contra_III_-_The_Alien_Wars.7z
[07/22/2008 04:54 PM | 00,000,812 | ---- | C] () - C:\Documents and Settings\mt\Desktop\Shortcut to egui.lnk
[07/23/2008 02:22 PM | 00,043,540 | ---- | C] () - C:\Documents and Settings\mt\Desktop\diablo2_keygen.zip
[07/23/2008 03:26 PM | ---D | C] - C:\Documents and Settings\mt\Desktop\DS GAMES SAVES OFF 14 JULY
[07/23/2008 03:45 PM | 62,669,604 | ---- | C] () - C:\Documents and Settings\mt\Desktop\photos from phone.rar
[07/24/2008 04:33 PM | 10,550,0173 | ---- | C] () - C:\Documents and Settings\mt\Desktop\2495_Final_Fantasy_IV_USA_NDS-iND.zip
[07/24/2008 05:05 PM | ---D | C] - C:\Documents and Settings\mt\Desktop\1593_Clever_Kids_Dino_Land_EUR_NDS-XPA
[07/24/2008 12:42 PM | 10,590,2469 | ---- | C] () - C:\Documents and Settings\mt\Desktop\ind-ff4u.zip
[07/25/2008 05:04 PM | ---D | C] - C:\Documents and Settings\mt\Desktop\Legend of Zelda, The - A Link to the Past
[07/29/2008 03:32 PM | 00,278,528 | ---- | C] () - C:\Documents and Settings\mt\Desktop\New Microsoft Word Document (2).doc
[07/29/2008 05:30 PM | 00,001,512 | ---- | C] () - C:\Documents and Settings\mt\Desktop\Recuva.lnk
[07/30/2008 03:33 PM | ---D | C] - C:\Documents and Settings\mt\Desktop\PLAYDISC
[07/31/2008 12:42 PM | ---D | C] - C:\Documents and Settings\mt\Desktop\fade to black
[08/04/2008 02:44 PM | 00,550,011 | ---- | C] () - C:\Documents and Settings\mt\Desktop\avisplit.zip
[08/04/2008 03:01 PM | 00,000,843 | ---- | C] () - C:\Documents and Settings\mt\Desktop\ImTOO 3GP Video Converter.lnk
[08/04/2008 10:17 AM | ---D | C] - C:\Documents and Settings\mt\Desktop\stuff
[08/04/2008 10:18 AM | 06,756,275 | ---- | C] () - C:\Documents and Settings\mt\Desktop\Slipknot - All Hope Is Gone.mp3
[08/06/2008 04:34 PM | 00,000,962 | ---- | C] () - C:\Documents and Settings\mt\Desktop\Shortcut to Halloween.[Rob Zombie].Uncut.Dvdrip.Xvid.lnk
[08/07/2008 02:16 PM | ---D | C] - C:\Documents and Settings\mt\Desktop\uofiles
[08/07/2008 11:21 AM | 00,025,088 | ---- | C] () - C:\Documents and Settings\mt\Desktop\riks letter re address.doc
[08/11/2008 04:39 PM | ---D | C] - C:\Documents and Settings\mt\Desktop\Contra_III_-_The_Alien_Wars
[08/18/2008 11:47 AM | 00,000,779 | ---- | C] () - C:\Documents and Settings\mt\Desktop\DriverMax.lnk
[08/19/2008 01:13 PM | 15,895,594 | ---- | C] () - C:\Documents and Settings\mt\Desktop\Tools.rar
[08/19/2008 01:27 PM | 10,753,4841 | ---- | C] () - C:\Documents and Settings\mt\Desktop\1577_The_Simpsons_Game_EUR_NDS-XPA.zip
[08/19/2008 03:45 PM | 01,524,126 | ---- | C] () - C:\Documents and Settings\mt\Desktop\Backgrounds.rar
[08/19/2008 05:14 PM | 43,018,8620 | ---- | C] () - C:\Documents and Settings\mt\Desktop\Thrill_Kill_[U]_[SLUS-00752].rar
[08/20/2008 03:30 PM | ---D | C] - C:\Documents and Settings\mt\Desktop\DS GAMES
[08/21/2008 02:59 PM | ---D | C] - C:\Documents and Settings\mt\Desktop\General-CleanTool
[08/21/2008 04:00 PM | ---D | C] - C:\Documents and Settings\mt\Desktop\Exported Drivers
[08/21/2008 04:52 PM | ---D | C] - C:\Documents and Settings\mt\Desktop\Thrill_Kill_[U]_[SLUS-00752]
[08/21/2008 11:15 AM | 00,000,358 | ---- | C] () - C:\Documents and Settings\mt\Desktop\Super_Mario_World.smc_[mininova].torrent
[08/22/2008 09:56 PM | ---D | C] - C:\Documents and Settings\mt\Desktop\Darkness within
[08/24/2004 03:27 AM | 01,048,576 | ---- | C] () - C:\Documents and Settings\mt\Desktop\Legend of Zelda, The - A Link to the Past (E) [!].smc
[08/26/2008 02:03 PM | ---D | C] - C:\Documents and Settings\mt\Desktop\SNEmulDSv06a
[08/26/2008 05:12 PM | ---D | C] - C:\Documents and Settings\mt\Desktop\Diablo 2 saves
[08/27/2008 10:40 AM | ---D | C] - C:\Documents and Settings\mt\Desktop\2495_Final_Fantasy_IV_USA_NDS-iND
[08/27/2008 10:40 AM | ---D | C] - C:\Documents and Settings\mt\Desktop\ninja gaiden dfs
[07/15/2008 03:46 PM | 00,000,761 | ---- | C] () - C:\Documents and Settings\mt\Start Menu\Programs\StartUp\Shortcut to OCGuru.lnk
[07/04/2008 03:19 PM | ---D | C] - C:\Program Files\Common Files\EPSON
[07/04/2008 03:21 PM | ---D | C] - C:\Program Files\Common Files\UDL
[07/04/2008 03:49 PM | ---D | C] - C:\Program Files\Common Files\DESIGNER
[08/08/2008 03:32 PM | ---D | C] - C:\Program Files\Common Files\Nero
[08/18/2008 04:22 PM | ---D | C] - C:\Program Files\Common Files\Blizzard Entertainment
[08/26/2008 03:20 PM | ---D | C] - C:\Program Files\Common Files\Wise Installation Wizard
[06/12/2008 02:35 PM | ---D | C] - C:\Program Files\Nero
[06/23/2008 09:12 AM | ---D | C] - C:\Program Files\Razor
[06/30/2008 01:07 PM | ---D | C] - C:\Program Files\Microsoft Baseline Security Analyzer 2
[07/04/2008 03:45 PM | ---D | C] - C:\Program Files\Microsoft.NET
[07/04/2008 03:49 PM | ---D | C] - C:\Program Files\Microsoft ActiveSync
[07/05/2008 03:59 PM | ---D | C] - C:\Program Files\Microsoft Office
[07/07/2008 12:51 PM | ---D | C] - C:\Program Files\Innovative Solutions
[07/15/2008 12:14 PM | ---D | C] - C:\Program Files\Sun
[07/16/2008 04:07 PM | ---D | C] - C:\Program Files\Mount&Blade
[07/16/2008 04:47 PM | ---D | C] - C:\Program Files\Trend Micro
[07/25/2008 01:59 PM | ---D | C] - C:\Program Files\Bullfrog
[07/29/2008 05:30 PM | ---D | C] - C:\Program Files\Recuva
[07/30/2008 03:32 PM | ---D | C] - C:\Program Files\Diablo II
[07/31/2008 12:37 PM | ---D | C] - C:\Program Files\Darkness Within
[08/04/2008 02:44 PM | ---D | C] - C:\Program Files\avisplit
[08/04/2008 03:01 PM | ---D | C] - C:\Program Files\ImTOO
[08/11/2008 07:46 PM | ---D | C] - C:\Program Files\Datel
[08/18/2008 03:28 PM | ---D | C] - C:\Program Files\EA GAMES
[08/18/2008 04:04 PM | ---D | C] - C:\Program Files\LibUSB-Win32-0.1.10.1
[08/19/2008 12:31 PM | ---D | C] - C:\Program Files\MSECache
[08/19/2008 12:31 PM | ---D | C] - C:\Program Files\Windows Installer Clean Up
[08/19/2008 12:35 PM | ---D | C] - C:\Program Files\MATCO
[08/26/2008 01:25 PM | ---D | C] - C:\Program Files\HD Tune
[08/27/2008 10:34 AM | ---D | C] - C:\Program Files\SUPERAntiSpyware
[08/27/2008 10:36 AM | ---D | C] - C:\Program Files\PeerGuardian2

[Files/Folders - Modified Within 90 days]
[06/04/2008 08:20 AM | ---D | M] - C:\Game Recordings
[06/04/2008 09:28 AM | 00,250,048 | RHS- | M] () - C:\ntldr
[06/08/2008 12:34 PM | ---D | M] - C:\divx
[07/04/2008 03:43 PM | RH-D | M] - C:\MSOCache
[07/15/2008 06:00 PM | ---D | M] - C:\Documents and Settings
[07/16/2008 04:06 PM | 00,002,048 | ---- | M] () - C:\ntldr.srm
[08/04/2008 12:16 PM | -HSD | M] - C:\RECYCLER
[08/06/2008 12:50 PM | ---D | M] - C:\TempDVD
[08/14/2008 01:43 PM | 00,000,244 | -H-- | M] () - C:\sqmnoopt08.sqm
[08/14/2008 01:43 PM | 00,000,268 | -H-- | M] () - C:\sqmdata08.sqm
[08/26/2008 03:21 PM | ---D | M] - C:\Program Files
[08/26/2008 03:50 PM | ---D | M] - C:\[PSX] Castlevania.Symphony.Of.The.Night.NTSC.US
[08/27/2008 10:33 AM | ---D | M] - C:\WINDOWS
[06/03/2008 12:23 PM | 00,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) - C:\WINDOWS\System32\drivers\vaxscsi.sys
[06/08/2008 09:37 AM | 00,011,304 | ---- | M] (Ahead Software AG) - C:\WINDOWS\System32\drivers\imagedrv.sys
[06/08/2008 09:37 AM | 00,132,904 | ---- | M] (Ahead Software AG) - C:\WINDOWS\System32\drivers\imagesrv.sys
[08/08/2008 11:39 AM | ---D | M] - C:\WINDOWS\System32\drivers\UMDF
[06/04/2008 09:27 AM | ---D | M] - C:\WINDOWS\System32\ReinstallBackups
[06/04/2008 09:30 AM | ---D | M] - C:\WINDOWS\System32\oobe
[06/04/2008 09:31 AM | ---D | M] - C:\WINDOWS\System32\Com
[06/04/2008 09:31 AM | ---D | M] - C:\WINDOWS\System32\npp
[06/04/2008 09:31 AM | ---D | M] - C:\WINDOWS\System32\Restore
[06/04/2008 09:34 AM | ---D | M] - C:\WINDOWS\System32\bits
[06/04/2008 09:34 AM | ---D | M] - C:\WINDOWS\System32\en
[06/04/2008 09:34 AM | ---D | M] - C:\WINDOWS\System32\scripting
[06/04/2008 09:34 AM | ---D | M] - C:\WINDOWS\System32\usmt
[06/04/2008 09:40 AM | ---D | M] - C:\WINDOWS\System32\Setup
[06/04/2008 09:40 AM | ---D | M] - C:\WINDOWS\System32\wbem
[06/04/2008 09:43 AM | 00,072,152 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[06/04/2008 09:43 AM | 00,444,528 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[06/04/2008 09:43 AM | 00,526,710 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[06/06/2008 02:54 PM | 00,095,600 | ---- | M] (Ahead Software AG
im Stoeckmaedle 18
76307 Karlsbad, Germany
Fax: ++49-7248-911-888
e-mail: [email protected]) - C:\WINDOWS\System32\NeroCo.dll
[06/10/2008 01:21 AM | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[06/10/2008 01:21 AM | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[06/10/2008 02:32 AM | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javacpl.cpl
[06/10/2008 02:32 AM | 00,139,264 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[06/18/2008 01:29 PM | ---D | M] - C:\WINDOWS\System32\en-US
[06/18/2008 01:29 PM | ---D | M] - C:\WINDOWS\System32\XPSViewer
[07/05/2008 08:39 PM | 00,268,600 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[07/15/2008 04:29 PM | ---D | M] - C:\WINDOWS\System32\DRVSTORE
[07/15/2008 04:52 PM | ---D | M] - C:\WINDOWS\System32\Lang
[07/24/2008 12:23 PM | 00,012,067 | ---- | M] () - C:\WINDOWS\System32\SIntf16.dll
[07/24/2008 12:23 PM | 00,017,212 | ---- | M] () - C:\WINDOWS\System32\SIntf32.dll
[07/24/2008 12:23 PM | 00,021,840 | ---- | M] () - C:\WINDOWS\System32\SIntfNT.dll
[07/31/2008 10:51 AM | 00,057,060 | -H-- | M] () - C:\WINDOWS\System32\mlfcache.dat
[08/08/2008 11:41 AM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/17/2008 07:44 PM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/18/2008 04:04 PM | ---D | M] - C:\WINDOWS\System32\drivers
[08/26/2008 03:26 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[08/27/2008 10:32 AM | 00,013,646 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[06/03/2008 01:59 PM | ---D | M] - C:\WINDOWS\Performance
[06/03/2008 12:45 PM | ---D | M] - C:\WINDOWS\Cursors
[06/04/2008 02:34 PM | 00,000,000 | ---- | M] () - C:\WINDOWS\ativpsrm.bin
[06/04/2008 08:30 AM | 00,000,000 | ---- | M] () - C:\WINDOWS\Irremote.ini
[06/04/2008 09:25 AM | ---D | M] - C:\WINDOWS\EHome
[06/04/2008 09:27 AM | -H-D | M] - C:\WINDOWS\$NtServicePackUninstall$
[06/04/2008 09:31 AM | ---D | M] - C:\WINDOWS\msagent
[06/04/2008 09:31 AM | ---D | M] - C:\WINDOWS\ServicePackFiles
[06/04/2008 09:31 AM | ---D | M] - C:\WINDOWS\srchasst
[06/04/2008 09:34 AM | ---D | M] - C:\WINDOWS\Help
[06/04/2008 09:34 AM | ---D | M] - C:\WINDOWS\ime
[06/04/2008 09:34 AM | ---D | M] - C:\WINDOWS\l2schemas
[06/04/2008 09:34 AM | ---D | M] - C:\WINDOWS\PeerNet
[06/04/2008 09:40 AM | ---D | M] - C:\WINDOWS\AppPatch
[06/04/2008 09:49 AM | ---D | M] - C:\WINDOWS\network diagnostic
[06/06/2008 02:54 PM | 00,972,072 | ---- | M] (Nero AG) - C:\WINDOWS\UNRecode.exe
[06/13/2008 07:50 PM | 00,000,026 | ---- | M] () - C:\WINDOWS\dvdSanta.INI
[06/18/2008 01:31 PM | ---D | M] - C:\WINDOWS\WinSxS
[06/18/2008 02:00 PM | ---D | M] - C:\WINDOWS\Microsoft.NET
[06/19/2008 02:24 PM | 00,000,680 | ---- | M] () - C:\WINDOWS\win.ini
[06/24/2008 04:06 PM | 00,972,072 | ---- | M] (Nero AG) - C:\WINDOWS\UNNeroMediaHome.exe
[06/30/2008 05:24 PM | ---D | M] - C:\WINDOWS\security
[07/02/2008 11:12 AM | ---D | M] - C:\WINDOWS\SoftwareDistribution
[07/04/2008 03:17 PM | 00,000,025 | ---- | M] () - C:\WINDOWS\CDEC84Euro.ini
[07/04/2008 03:43 PM | ---D | M] - C:\WINDOWS\system
[07/04/2008 03:49 PM | ---D | M] - C:\WINDOWS\SHELLNEW
[07/04/2008 03:50 PM | 00,000,376 | ---- | M] () - C:\WINDOWS\ODBC.INI
[07/05/2008 01:03 PM | R-SD | M] - C:\WINDOWS\assembly
[07/05/2008 01:03 PM | R-SD | M] - C:\WINDOWS\Fonts
[07/30/2008 11:25 AM | ---D | M] - C:\WINDOWS\Minidump
[08/09/2008 05:17 PM | 00,000,069 | ---- | M] () - C:\WINDOWS\NeroDigital.ini
[08/14/2008 01:35 PM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/19/2008 12:59 PM | --SD | M] - C:\WINDOWS\Downloaded Program Files
[08/21/2008 03:23 PM | -H-D | M] - C:\WINDOWS\inf
[08/21/2008 03:24 PM | ---D | M] - C:\WINDOWS\system32
[08/26/2008 03:00 PM | ---D | M] - C:\WINDOWS\Debug
[08/26/2008 03:21 PM | -HSD | M] - C:\WINDOWS\Installer
[08/27/2008 10:31 AM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/27/2008 10:38 AM | ---D | M] - C:\WINDOWS\Temp
[08/27/2008 10:39 AM | ---D | M] - C:\WINDOWS\Prefetch
[08/23/2008 04:07 AM | 00,000,356 | ---- | M] () - C:\WINDOWS\tasks\XoftSpySE.job
[08/27/2008 10:31 AM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/27/2008 10:32 AM | 00,000,426 | ---- | M] () - C:\WINDOWS\tasks\XoftSpySE 2.job
[06/02/2008 01:08 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 498 bytes -> %AllUsersProfile%\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 129 bytes -> %AllUsersProfile%\Application Data\TEMP:4B7BEAFF
@Alternate Data Stream - 196 bytes -> %AllUsersProfile%\Application Data\TEMP:D1B5B4F1
[06/18/2008 11:32 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
[06/19/2008 02:28 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Microsoft Help
[06/22/2008 10:21 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Laconic Software
[08/04/2008 02:26 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Ahead
[08/08/2008 03:28 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Nero
[08/26/2008 03:21 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[06/03/2008 12:50 PM | ---D | M] - C:\Documents and Settings\mt\Application Data\Nero
[08/15/2008 09:05 PM | ---D | M] - C:\Documents and Settings\mt\Application Data\VSO_HWE
[08/19/2008 12:31 PM | --SD | M] - C:\Documents and Settings\mt\Application Data\Microsoft
[08/21/2008 02:00 PM | ---D | M] - C:\Documents and Settings\mt\Application Data\mIRC
[08/21/2008 02:59 PM | ---D | M] - C:\Documents and Settings\mt\Application Data\Azureus
[08/22/2008 11:47 PM | ---D | M] - C:\Documents and Settings\mt\Application Data\LimeWire
[08/26/2008 03:21 PM | ---D | M] - C:\Documents and Settings\mt\Application Data\SUPERAntiSpyware.com
[06/30/2008 01:15 PM | ---D | M] - C:\Documents and Settings\mt\Local Settings\Application Data\Microsoft
[07/05/2008 03:59 PM | 00,069,544 | ---- | M] () - C:\Documents and Settings\mt\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[07/07/2008 12:52 PM | ---D | M] - C:\Documents and Settings\mt\Local Settings\Application Data\Innovative Solutions
[08/04/2008 02:43 PM | ---D | M] - C:\Documents and Settings\mt\Local Settings\Application Data\WMTools Downloaded Files
[08/06/2008 09:01 PM | ---D | M] - C:\Documents and Settings\mt\Local Settings\Application Data\ApplicationHistory
[08/11/2008 08:06 PM | ---D | M] - C:\Documents and Settings\mt\Local Settings\Application Data\Deployment
[08/23/2008 01:10 PM | 00,175,104 | ---- | M] () - C:\Documents and Settings\mt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/26/2008 05:50 PM | 01,386,480 | -H-- | M] () - C:\Documents and Settings\mt\Local Settings\Application Data\IconCache.db
[08/18/2008 03:43 PM | ---D | M] - C:\Documents and Settings\All Users\Documents\EA Games
[06/11/2008 03:45 PM | R--D | M] - C:\Documents and Settings\mt\My Documents\My Pictures
[06/23/2008 04:54 PM | R--D | M] - C:\Documents and Settings\mt\My Documents\My Music
[07/29/2008 02:18 PM | 00,003,218 | ---- | M] () - C:\Documents and Settings\mt\My Documents\hhhhh.html
[07/30/2008 11:21 AM | ---D | M] - C:\Documents and Settings\mt\My Documents\My Drivers
[08/04/2008 02:43 PM | R--D | M] - C:\Documents and Settings\mt\My Documents\My Videos
[08/08/2008 04:14 PM | ---D | M] - C:\Documents and Settings\mt\My Documents\My Received Files
[08/15/2008 08:05 PM | ---D | M] - C:\Documents and Settings\mt\My Documents\DivxToDvd
[08/18/2008 02:38 PM | ---D | M] - C:\Documents and Settings\mt\My Documents\EA Games
[08/21/2008 02:50 PM | ---D | M] - C:\Documents and Settings\mt\My Documents\Azureus Downloads
[08/24/2008 01:34 PM | 00,002,477 | ---- | M] () - C:\Documents and Settings\mt\My Documents\[1546]Contra_4__U__complete_save.zip
[08/27/2008 10:36 AM | 00,000,565 | ---- | M] () - C:\Documents and Settings\mt\My Documents\My Sharing Folders.lnk
[06/04/2008 09:44 AM | 00,001,736 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Windows Live Messenger.lnk
[06/30/2008 01:07 PM | 00,000,870 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Microsoft Baseline Security Analyzer 2.1.lnk
[06/30/2008 05:21 PM | 00,000,738 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[07/15/2008 12:14 PM | 00,000,851 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Get OpenOffice.org.lnk
[07/25/2008 02:01 PM | 00,000,823 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Dungeon Keeper 2.lnk
[07/31/2008 12:26 PM | 00,000,761 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Darkness Within.lnk
[08/18/2008 02:39 PM | 00,001,740 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\The Sims 2.lnk
[08/18/2008 02:44 PM | 00,001,889 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\The Sims™ 2 Bon Voyage.lnk
[08/18/2008 02:48 PM | 00,001,936 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\The Sims™ 2 Celebration! Stuff.lnk
[08/18/2008 02:51 PM | 00,001,918 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\The Sims 2 Family Fun Stuff.lnk
[08/18/2008 12:05 PM | 00,001,602 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[08/26/2008 03:21 PM | 00,000,780 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[06/02/2008 05:05 PM | 00,000,773 | ---- | M] () - C:\Documents and Settings\mt\Desktop\Shortcut to mountblade_fullversion.lnk
[06/05/2008 03:23 PM | 00,142,921 | ---- | M] () - C:\Documents and Settings\mt\Desktop\UO0168.jpg
[06/05/2008 04:11 PM | 00,101,692 | ---- | M] () - C:\Documents and Settings\mt\Desktop\maxy pissed at irish centre.jpg
[06/09/2008 10:22 AM | ---D | M] - C:\Documents and Settings\mt\Desktop\New today
[06/12/2008 01:59 PM | 19,414,7592 | ---- | M] (Nero AG) - C:\Documents and Settings\mt\Desktop\Nero-8.3.2.1b_eng_trial.exe
[06/18/2008 10:40 AM | 79,846,3305 | ---- | M] (Macrovision Corporation) - C:\Documents and Settings\mt\Desktop\UOML_setup.exe
[06/18/2008 11:09 AM | 01,154,547 | ---- | M] () - C:\Documents and Settings\mt\Desktop\nl97.zip
[06/19/2008 03:02 PM | 00,000,656 | ---- | M] () - C:\Documents and Settings\mt\Desktop\Razor.lnk
[06/23/2008 02:26 PM | 00,001,580 | ---- | M] () - C:\Documents and Settings\mt\Desktop\LimeWire 4.18.3.lnk
[06/25/2008 01:52 PM | 00,000,266 | ---- | M] () - C:\Documents and Settings\mt\Desktop\The Definitive List of Shock Sites and Media The Dogmatist.url
[06/25/2008 10:17 AM | ---D | M] - C:\Documents and Settings\mt\Desktop\Teenage whores
[07/07/2008 01:17 PM | 01,234,477 | ---- | M] () - C:\Documents and Settings\mt\Desktop\wrar38b2.exe
[07/07/2008 01:19 PM | ---D | M] - C:\Documents and Settings\mt\Desktop\Registry Mechanic 6.0.0.750 with serial
[07/07/2008 01:24 PM | 02,919,360 | ---- | M] (Piriform Ltd) - C:\Documents and Settings\mt\Desktop\ccsetup209.exe
[07/14/2008 04:12 PM | ---D | M] - C:\Documents and Settings\mt\Desktop\Pure fanny fondeling
[07/14/2008 05:15 PM | ---D | M] - C:\Documents and Settings\mt\Desktop\18 year old pussy
[07/14/2008 05:24 PM | ---D | M] - C:\Documents and Settings\mt\Desktop\Teens like it big
[07/15/2008 01:53 PM | ---D | M] - C:\Documents and Settings\mt\Desktop\our little secret
[07/15/2008 08:36 PM | ---D | M] - C:\Documents and Settings\mt\Desktop\Big naturals 6
[07/16/2008 04:47 PM | 00,001,734 | ---- | M] () - C:\Documents and Settings\mt\Desktop\HijackThis.lnk
[07/17/2008 10:12 AM | 00,010,752 | ---- | M] () - C:\Documents and Settings\mt\Desktop\New Microsoft Word Document.doc
[07/19/2008 01:29 PM | 00,527,200 | ---- | M] () - C:\Documents and Settings\mt\Desktop\documents.pdf
[07/21/2008 05:21 PM | 00,884,167 | ---- | M] () - C:\Documents and Settings\mt\Desktop\Contra_III_-_The_Alien_Wars.7z
[07/22/2008 04:54 PM | 00,000,812 | ---- | M] () - C:\Documents and Settings\mt\Desktop\Shortcut to egui.lnk
[07/23/2008 02:22 PM | 00,043,540 | ---- | M] () - C:\Documents and Settings\mt\Desktop\diablo2_keygen.zip
[07/23/2008 03:26 PM | ---D | M] - C:\Documents and Settings\mt\Desktop\DS GAMES SAVES OFF 14 JULY
[07/23/2008 03:45 PM | 62,669,604 | ---- | M] () - C:\Documents and Settings\mt\Desktop\photos from phone.rar
[07/24/2008 04:33 PM | 10,550,0173 | ---- | M] () - C:\Documents and Settings\mt\Desktop\2495_Final_Fantasy_IV_USA_NDS-iND.zip
[07/24/2008 05:05 PM | ---D | M] - C:\Documents and Settings\mt\Desktop\1593_Clever_Kids_Dino_Land_EUR_NDS-XPA
[07/24/2008 12:42 PM | 10,590,2469 | ---- | M] () - C:\Documents and Settings\mt\Desktop\ind-ff4u.zip
[07/25/2008 05:04 PM | ---D | M] - C:\Documents and Settings\mt\Desktop\Legend of Zelda, The - A Link to the Past
[07/29/2008 03:32 PM | 00,278,528 | ---- | M] () - C:\Documents and Settings\mt\Desktop\New Microsoft Word Document (2).doc
[07/29/2008 05:30 PM | 00,001,512 | ---- | M] () - C:\Documents and Settings\mt\Desktop\Recuva.lnk
[07/30/2008 03:33 PM | ---D | M] - C:\Documents and Settings\mt\Desktop\PLAYDISC
[07/31/2008 12:42 PM | ---D | M] - C:\Documents and Settings\mt\Desktop\fade to black
[08/04/2008 02:44 PM | 00,550,011 | ---- | M] () - C:\Documents and Settings\mt\Desktop\avisplit.zip
[08/04/2008 03:01 PM | 00,000,843 | ---- | M] () - C:\Documents and Settings\mt\Desktop\ImTOO 3GP Video Converter.lnk
[08/04/2008 10:17 AM | ---D | M] - C:\Documents and Settings\mt\Desktop\stuff
[08/04/2008 10:18 AM | 06,756,275 | ---- | M] () - C:\Documents and Settings\mt\Desktop\Slipknot - All Hope Is Gone.mp3
[08/06/2008 04:34 PM | 00,000,962 | ---- | M] () - C:\Documents and Settings\mt\Desktop\Shortcut to Halloween.[Rob Zombie].Uncut.Dvdrip.Xvid.lnk
[08/07/2008 01:26 PM | ---D | M] - C:\Documents and Settings\mt\Desktop\Stuff again
[08/07/2008 02:16 PM | ---D | M] - C:\Documents and Settings\mt\Desktop\uofiles
[08/07/2008 03:25 PM | ---D | M] - C:\Documents and Settings\mt\Desktop\NDS REMOVED AND SAVES
[08/07/2008 11:21 AM | 00,025,088 | ---- | M] () - C:\Documents and Settings\mt\Desktop\riks letter re address.doc
[08/11/2008 04:39 PM | ---D | M] - C:\Documents and Settings\mt\Desktop\Contra_III_-_The_Alien_Wars
[08/12/2008 08:34 AM | ---D | M] - C:\Documents and Settings\mt\Desktop\MOds De ChocoBo
[08/18/2008 11:47 AM | 00,000,779 | ---- | M] () - C:\Documents and Settings\mt\Desktop\DriverMax.lnk
[08/19/2008 01:13 PM | 15,895,594 | ---- | M] () - C:\Documents and Settings\mt\Desktop\Tools.rar
[08/19/2008 01:27 PM | 10,753,4841 | ---- | M] () - C:\Documents and Settings\mt\Desktop\1577_The_Simpsons_Game_EUR_NDS-XPA.zip
[08/19/2008 03:45 PM | 01,524,126 | ---- | M] () - C:\Documents and Settings\mt\Desktop\Backgrounds.rar
[08/19/2008 05:14 PM | 43,018,8620 | ---- | M] () - C:\Documents and Settings\mt\Desktop\Thrill_Kill_[U]_[SLUS-00752].rar
[08/20/2008 03:30 PM | ---D | M] - C:\Documents and Settings\mt\Desktop\DS GAMES
[08/21/2008 02:59 PM | ---D | M] - C:\Documents and Settings\mt\Desktop\General-CleanTool
[08/21/2008 04:00 PM | ---D | M] - C:\Documents and Settings\mt\Desktop\Exported Drivers
[08/21/2008 04:52 PM | ---D | M] - C:\Documents and Settings\mt\Desktop\Thrill_Kill_[U]_[SLUS-00752]
[08/21/2008 11:15 AM | 00,000,358 | ---- | M] () - C:\Documents and Settings\mt\Desktop\Super_Mario_World.smc_[mininova].torrent
[08/22/2008 09:56 PM | ---D | M] - C:\Documents and Settings\mt\Desktop\Darkness within
[08/23/2008 02:23 PM | ---D | M] - C:\Documents and Settings\mt\Desktop\UO fun stuff
[08/26/2008 02:03 PM | ---D | M] - C:\Documents and Settings\mt\Desktop\SNEmulDSv06a
[08/26/2008 05:12 PM | ---D | M] - C:\Documents and Settings\mt\Desktop\Diablo 2 saves
[08/27/2008 10:40 AM | ---D | M] - C:\Documents and Settings\mt\Desktop\2495_Final_Fantasy_IV_USA_NDS-iND
[08/27/2008 10:40 AM | ---D | M] - C:\Documents and Settings\mt\Desktop\ninja gaiden dfs
[07/15/2008 03:46 PM | 00,000,761 | ---- | M] () - C:\Documents and Settings\mt\Start Menu\Programs\StartUp\Shortcut to OCGuru.lnk
[06/19/2008 02:24 PM | ---D | M] - C:\Program Files\Common Files\System
[07/04/2008 03:19 PM | ---D | M] - C:\Program Files\Common Files\EPSON
[07/04/2008 03:21 PM | ---D | M] - C:\Program Files\Common Files\UDL
[07/04/2008 03:49 PM | ---D | M] - C:\Program Files\Common Files\DESIGNER
[07/05/2008 01:02 PM | ---D | M] - C:\Program Files\Common Files\Microsoft Shared
[08/08/2008 03:32 PM | ---D | M] - C:\Program Files\Common Files\Nero
[08/18/2008 04:22 PM | ---D | M] - C:\Program Files\Common Files\Blizzard Entertainment
[08/26/2008 03:20 PM | ---D | M] - C:\Program Files\Common Files\Wise Installation Wizard

< End of report >
  • 0

#6
Egwene
Posted 27 August 2008 - 08:15 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey Ichmonji,

--> Please download the OTMoveIt2 by OldTimer.
Save it to your desktop.

1) Run OTMoveIT2 :
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\Documents and Settings\mt\Desktop\diablo2_keygen.zip
purity
emptytemp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.[/list]
2) Run Kaspersky Online :

Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Regards,
Egwene.
  • 0

#7
Ichmonji
Posted 27 August 2008 - 09:19 AM

Ichmonji

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Egwene :)

Heres my OTmoveIT2 log. I'm in the process of using the KOS. I have to leave my station for the night in about an hour, so I will leave it on overnight to complete the scan and post the log in the morning.

Thanks :)

Explorer killed successfully
C:\Documents and Settings\mt\Desktop\diablo2_keygen.zip moved successfully.
< purity >
< emptytemp >
File delete failed. C:\DOCUME~1\mt\LOCALS~1\Temp\Perflib_Perfdata_5e8.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\mt\LOCALS~1\Temp\Perflib_Perfdata_85c.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\mt\LOCALS~1\Temp\Perflib_Perfdata_8b0.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\mt\LOCALS~1\Temp\~DF467F.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\mt\LOCALS~1\Temp\~DF468A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\mt\LOCALS~1\Temp\~DF4BF1.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\mt\LOCALS~1\Temp\~DF519D.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\mt\LOCALS~1\Temp\~DF51B0.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\mt\LOCALS~1\Temp\~DF544E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_318.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08272008_160525

Files moved on Reboot...
File C:\DOCUME~1\mt\LOCALS~1\Temp\Perflib_Perfdata_5e8.dat not found!
File C:\DOCUME~1\mt\LOCALS~1\Temp\Perflib_Perfdata_85c.dat not found!
File C:\DOCUME~1\mt\LOCALS~1\Temp\Perflib_Perfdata_8b0.dat not found!
File C:\DOCUME~1\mt\LOCALS~1\Temp\~DF467F.tmp not found!
File C:\DOCUME~1\mt\LOCALS~1\Temp\~DF468A.tmp not found!
C:\DOCUME~1\mt\LOCALS~1\Temp\~DF4BF1.tmp moved successfully.
File C:\DOCUME~1\mt\LOCALS~1\Temp\~DF519D.tmp not found!
File C:\DOCUME~1\mt\LOCALS~1\Temp\~DF51B0.tmp not found!
C:\DOCUME~1\mt\LOCALS~1\Temp\~DF544E.tmp moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_318.dat moved successfully.
  • 0

#8
Ichmonji
Posted 27 August 2008 - 01:36 PM

Ichmonji

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I've managed to have the log from the Kaspersky scanner sent to me from my computer. Here it is :)



Wednesday, August 27, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, August 27, 2008 15:14:21
Records in database: 1151343


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\
F:\
H:\
I:\

Scan statistics
Files scanned 78034
Threat name 3
Infected objects 3
Suspicious objects 0
Duration of the scan 02:42:12

File name Threat name Threats count
C:\Documents and Settings\mt\Desktop\Nero-8.3.2.1b_eng_trial.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1

C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1

C:\WINDOWS\system32\vimc.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a 1

The selected area was scanned.



Thanks :)
  • 0

#9
Egwene
Posted 27 August 2008 - 03:13 PM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey Ichmonji,

  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\Documents and Settings\mt\Desktop\Nero-8.3.2.1b_eng_trial.exe 
C:\WINDOWS\system32\vimc.exe 
purity
emptytemp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

How is running your computer now ?

Regards,
Egwene.
  • 0

#10
Ichmonji
Posted 28 August 2008 - 02:02 AM

Ichmonji

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I've removed the nero entry, but I cannot remove the vimc.exe.
Its part of my Vista GUI mod for xp. I've done some research into this (because I was worried it may damage my installed system), and it turns out that its exceptionally hard to remove the mod completely without a reformat. Apparently, if you remove any of the mod files, it damages your installation and requires you to re-install windows.

Any suggestions? If you think it's safe to kill the vimc, then I will do, but to be honest im afraid to do it.


Thank you :)

Ichmonji

(After some more research, I've found vimc.exe could also be a variant of one or more trojans. So now I'm really confused as to what to do :) )

Edited by Ichmonji, 28 August 2008 - 05:30 AM.

  • 0

#11
Egwene
Posted 28 August 2008 - 10:36 AM

Egwene

    Member 2k

  • Visiting Consultant
  • 2,141 posts
Hey Ichmonji,

You're right, it's part of your Vista GUI mod for xp :)

Congralutations, your log looks clean :)

1) Run OTcleanIT :

Please Download OTcleanIT (OldTimer) : http://download.blee...r/OTCleanIt.exe

Open it and double-click on the "CleanUp" boutton.

2) Flush your system restore :

Now lets Reset and Re-enable your System Restore to remove any infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Turn OFF System Restore.

* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* Check Turn off System Restore.
* Click Apply, and then click OK.


Restart your computer.

Turn ON System Restore.

* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* UN-Check Turn off System Restore.
* Click Apply, and then click OK.

System Restore will now be active again.

3) Update windows :

Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows

* Click Start.
* Select Settings and then Control Panel.
* Select Automatic Updates.
* Click Automatic (recommended)
* Choose a day and a time when you know the computer will be on and connected to the internet.
* Click Apply then OK.

4) Prevention/protection :

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Beside, i noticed that you haven't an firewall on your computer. I advice you to install one of the following : Kerio / Commodo / ZoneAlarme.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
  • SpywareBlaster protects against bad ActiveX.
  • IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
    Have a look at this tutorial for IE-Spyad here

    Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here

Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

Regards,
Egwene.

Edited by Egwene, 28 August 2008 - 04:32 PM.

  • 0

#12
Rorschach112
Posted 30 August 2008 - 05:51 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP