Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Help removing Sound-playing-Spyware [RESOLVED]

Started by Alleluia , Aug 23 2008 06:59 AM

This topic is locked

#1
Alleluia

Posted 23 August 2008 - 06:59 AM

Member

Member
11 posts

Salutations,

as stated I believe I have Spyware as every so often random sounds play (even when I have no applications running!) these sounds vary from Windows alerts to hip hop music playing (I have ZERO hip hop on my P.C!). Also, popups appear less frequently. I hope to get some light on this situation as I keep my P.C very clean and generally scan RAR files, folders and such before use so it has taken me by surprise. Thanks in advance, here is my HijackThis Log:

===========================================================

Logfile of HijackThis v1.99.1
Scan saved at 13:57:02, on 26/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\XpertVision\TBPanel.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\cyiOA2ur.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Edited by Alleluia, 26 August 2008 - 06:58 AM.

#2
Egwene

Posted 26 August 2008 - 10:24 AM

Member 2k

Visiting Consultant
2,141 posts

Hello Alleluia !

Welcome to the site!

My name's Egwene and I'll be helping clean up your computer.

I'm currently looking over your log. I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. I'll need a bit of time to research your log fully, so please bear with me.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:

To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal - HijackThis™ Logs Go Here.
Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad click on Format | Uncheck Word Wrap)
Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
Make sure you reply to this thread using the Add Reply button:

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

#3
Alleluia

Posted 26 August 2008 - 10:29 AM

Member

Topic Starter
Member
11 posts

Okay. all understood and I'll keep my attention on this thread. : )

Thank you Egwene

#4
Egwene

Posted 26 August 2008 - 11:49 AM

Member 2k

Visiting Consultant
2,141 posts

Hey Alleluia,

Let's go with the removla of malwares from your computer.

1) Disable real-time protections :

--> Please disable MacAffee real-time protection, more help here : http://www.bleepingc...opic114351.html

--> While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.

2) Update Adobe Acrobate reader :

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html

3) Use an up-to-date version of HijackThis :

You are currently running an outdated version HijackThis. Please uninstall it and install HijackThis by the following way :

Posted Image

Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

4) Run OTviewIT :

Download OTViewIt to your desktop.

Close all windows and open it
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
You may need to use two posts to get it all on the forum

Regards,
Egwene.

#5
Alleluia

Posted 26 August 2008 - 12:19 PM

Member

Topic Starter
Member
11 posts

Here is my Hijack This scan result:
========================================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:29:28, on 26/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\XpertVision\TBPanel.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wK5Fl26G.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: $McRebootA5E6DEAA56$.lnk = C:\WINDOWS\system32\cmd.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O23 - Service: McAfee Application Installer Cleanup (0270781219775139) (0270781219775139mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\027078~1.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 7002 bytes

Edited by Alleluia, 26 August 2008 - 12:28 PM.

#6
Alleluia

Posted 26 August 2008 - 12:21 PM

Member

Topic Starter
Member
11 posts

Here is my OTviewIt report:
=====================================================================

OTViewIt logfile created on: 26/08/2008 19:30:23 - Run 3
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\Alexander\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.34% Memory free
3.85 Gb Paging File | 3.45 Gb Available in Paging File | 89.62% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 372.60 Gb Total Space | 284.48 Gb Free Space | 76.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASTRIEL
Current User Name: Alexander
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[06/26/2007 03:04 PM | 02,165,256 | ---- | M] (Xpertvision, Inc.) - C:\Program Files\XpertVision\TBPANEL.exe
[09/12/2006 09:58 AM | 16,264,192 | R--- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\RTHDCPL.EXE
[06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[07/30/2008 10:47 AM | 00,289,064 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[04/23/2007 04:00 AM | 00,692,224 | ---- | M] (Logitech Inc.) - C:\Program Files\Logitech\SetPoint\SetPoint.exe
[04/30/2007 07:43 PM | 03,450,608 | ---- | M] (Stardock) - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
[04/11/2007 03:32 PM | 00,056,080 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
[07/22/2008 08:42 PM | 00,116,040 | ---- | M] (Apple Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[12/20/2007 04:23 AM | 00,072,704 | ---- | M] (Autodesk) - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
[07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe
[09/29/2006 01:48 PM | 00,065,536 | ---- | M] () - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
[07/23/2007 03:51 AM | 00,155,716 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe
[07/30/2008 10:47 AM | 00,532,264 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[08/22/2008 10:32 PM | 00,081,922 | ---- | M] () - C:\WINDOWS\system32\wK5Fl26G.exe
[07/03/2008 03:34 AM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
[08/26/2008 07:14 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Alexander\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[07/22/2008 08:42 PM | 00,116,040 | ---- | M] (Apple Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Autodesk Licensing Service) Autodesk Licensing Service [Auto | Running]
[12/20/2007 04:23 AM | 00,072,704 | ---- | M] (Autodesk) - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

(Bonjour Service) Bonjour Service [Auto | Running]
[07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[08/04/2004 08:56 AM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped]
[10/26/2007 08:38 AM | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

(IDriverT) InstallDriver Table Manager [On_Demand | Stopped]
[11/14/2005 02:06 AM | 00,069,632 | ---- | M] (Macrovision Corporation) - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

(iPod Service) iPod Service [On_Demand | Running]
[07/30/2008 10:47 AM | 00,532,264 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit) [Auto | Running]
[09/29/2006 01:48 PM | 00,065,536 | ---- | M] () - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

(NVSvc) NVIDIA Display Driver Service [Auto | Running]
[07/23/2007 03:51 AM | 00,155,716 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe

(0270781219775139mcinstcleanup) McAfee Application Installer Cleanup (0270781219775139) [Auto | Stopped]
[02/23/2008 02:50 PM | 00,309,096 | ---- | M] (McAfee, Inc.) - C:\Documents and Settings\Alexander\Local Settings\Temp\0270781219775139mcinst.exe

===== Driver Services - Non-Microsoft Only =====

(Cardex) Cardex [On_Demand | Stopped]
[03/16/2007 10:11 AM | 00,012,256 | ---- | M] (Windows ® 2000 DDK provider) - C:\WINDOWS\system32\drivers\TBPanel.sys

(dmboot) dmboot [Disabled | Stopped]
[08/04/2004 07:07 AM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[08/04/2004 07:07 AM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Boot | Running]
[06/20/2003 01:00 PM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(GEARAspiWDM) GEARAspiWDM [On_Demand | Running]
[01/29/2008 12:01 PM | 00,016,168 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [On_Demand | Running]
[01/07/2005 05:07 PM | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) - C:\WINDOWS\system32\drivers\Hdaudbus.sys

(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [On_Demand | Running]
[09/12/2006 12:27 PM | 04,381,184 | R--- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\system32\drivers\RtkHDAud.sys

(k750bus) Sony Ericsson 750 driver (WDM) [On_Demand | Stopped]
[02/11/2005 12:19 PM | 00,055,216 | ---- | M] (MCCI) - C:\WINDOWS\system32\drivers\k750bus.sys

(k750mdfl) Sony Ericsson 750 USB WMC Modem Filter [On_Demand | Stopped]
[02/11/2005 12:21 PM | 00,006,576 | ---- | M] (MCCI) - C:\WINDOWS\system32\drivers\k750mdfl.sys

(k750mdm) Sony Ericsson 750 USB WMC Modem Drivers [On_Demand | Stopped]
[02/11/2005 12:21 PM | 00,089,872 | ---- | M] (MCCI) - C:\WINDOWS\system32\drivers\k750mdm.sys

(k750mgmt) Sony Ericsson 750 USB WMC Device Management Drivers [On_Demand | Stopped]
[03/13/2006 07:35 PM | 00,081,728 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\k750mgmt.sys

(k750obex) Sony Ericsson 750 USB WMC OBEX Interface Drivers [On_Demand | Stopped]
[03/13/2006 07:35 PM | 00,079,488 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\k750obex.sys

(L8042Kbd) Logitech SetPoint Keyboard Driver [On_Demand | Stopped]
[04/11/2007 03:32 PM | 00,020,496 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\L8042Kbd.sys

(LHidFilt) Logitech SetPoint KMDF HID Filter Driver [On_Demand | Running]
[04/11/2007 03:32 PM | 00,034,832 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\LHidFilt.Sys

(LMouFilt) Logitech SetPoint KMDF Mouse Filter Driver [On_Demand | Running]
[04/11/2007 03:32 PM | 00,036,112 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\LMouFilt.Sys

(LUsbFilt) Logitech SetPoint KMDF USB Filter [On_Demand | Running]
[04/11/2007 03:33 PM | 00,028,688 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\LUsbFilt.sys

(mfehidk) McAfee Inc. mfehidk [Disabled | Running]
File not found - C:\WINDOWS\System32\drivers\mfehidk.sys

(MPFP) MPFP [Disabled | Running]
File not found - C:\WINDOWS\System32\Drivers\Mpfp.sys

(npkcrypt) npkcrypt [Auto | Running]
[11/14/2007 07:01 PM | 00,023,217 | ---- | M] (INCA Internet Co., Ltd.) - C:\Nexon\MapleStory\npkcrypt.sys

(npkcusb) npkcusb [On_Demand | Running]
[08/16/2007 11:04 AM | 00,015,472 | ---- | M] (INCA Internet Co., Ltd.) - C:\Program Files\NEXON\EuropeMapleStory\npkcusb.sys

(nv) nv [On_Demand | Running]
[07/23/2007 03:51 AM | 06,807,328 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[06/20/2003 01:00 PM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[03/08/2007 12:51 AM | 00,043,528 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\PxHelp20.sys

(RTLE8023xp) Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver [On_Demand | Running]
[08/14/2006 02:09 PM | 00,083,200 | R--- | M] (Realtek Semiconductor Corporation ) - C:\WINDOWS\system32\drivers\Rtenicxp.sys

(SCDEmu) SCDEmu [System | Running]
[01/31/2006 01:21 PM | 00,025,900 | ---- | M] (PowerISO Computing, Inc.) - C:\WINDOWS\System32\drivers\scdemu.sys

(se59bus) Sony Ericsson Device 089 driver (WDM) [On_Demand | Stopped]
[09/05/2006 09:07 PM | 00,061,536 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se59bus.sys

(se59mdfl) Sony Ericsson Device 089 USB WMC Modem Filter [On_Demand | Stopped]
[09/05/2006 09:07 PM | 00,009,360 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se59mdfl.sys

(se59mdm) Sony Ericsson Device 089 USB WMC Modem Driver [On_Demand | Stopped]
[09/05/2006 09:07 PM | 00,097,088 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se59mdm.sys

(se59mgmt) Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM) [On_Demand | Stopped]
[09/05/2006 09:08 PM | 00,088,624 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se59mgmt.sys

(se59nd5) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS) [On_Demand | Stopped]
[09/05/2006 09:06 PM | 00,018,704 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se59nd5.sys

(se59obex) Sony Ericsson Device 089 USB WMC OBEX Interface [On_Demand | Stopped]
[09/05/2006 09:09 PM | 00,086,432 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se59obex.sys

(se59unic) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM) [On_Demand | Stopped]
[09/05/2006 09:06 PM | 00,090,800 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se59unic.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[06/20/2003 01:00 PM | 00,027,440 | ---- | M] () - C:\WINDOWS\system32\drivers\secdrv.sys

(sptd) sptd [Boot | Running]
[01/14/2008 03:18 AM | 00,685,816 | ---- | M] () - C:\WINDOWS\system32\drivers\sptd.sys

(STV680) USB Dual-mode Camera [On_Demand | Stopped]
[02/11/2002 02:13 PM | 00,119,536 | ---- | M] (STMicroelectronics ) - C:\WINDOWS\system32\drivers\stv680.sys

(STV680m) USB Dual-mode Cameram [On_Demand | Stopped]
[02/11/2002 02:13 PM | 00,009,024 | ---- | M] (STMicroelectronics ) - C:\WINDOWS\system32\drivers\stv680m.sys

(TBPanel) TBPanel [Auto | Running]
[03/16/2007 10:11 AM | 00,012,256 | ---- | M] (Windows ® 2000 DDK provider) - C:\WINDOWS\System32\drivers\TBPanel.sys

(USBAAPL) Apple Mobile USB Driver [On_Demand | Stopped]
[01/15/2008 03:39 AM | 00,030,464 | ---- | M] (Apple, Inc.) - C:\WINDOWS\system32\drivers\usbaapl.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM | 00,034,672 | ---- | M] (Adobe Systems Incorporated)
"Alcmtr" = ALCMTR.EXE [05/03/2005 11:43 AM | 00,069,632 | R--- | M] (Realtek Semiconductor Corp.)
"AppleSyncNotifier" = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [07/10/2008 09:47 AM | 00,116,040 | ---- | M] (Apple Inc.)
"Gainward" = C:\Program Files\XpertVision\TBPanel.exe /A [06/26/2007 03:04 PM | 02,165,256 | ---- | M] (Xpertvision, Inc.)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [07/30/2008 10:47 AM | 00,289,064 | ---- | M] (Apple Inc.)
"Kernel and Hardware Abstraction Layer" = KHALMNPR.EXE [04/11/2007 03:32 PM | 00,056,080 | ---- | M] (Logitech Inc.)
"NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [07/23/2007 03:51 AM | 08,466,432 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit [07/23/2007 03:51 AM | 00,081,920 | ---- | M] (NVIDIA Corporation)
"nwiz" = nwiz.exe /install [07/23/2007 03:51 AM | 01,626,112 | ---- | M] ()
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [05/27/2008 10:50 AM | 00,413,696 | ---- | M] (Apple Inc.)
"RTHDCPL" = RTHDCPL.EXE [09/12/2006 09:58 AM | 16,264,192 | R--- | M] (Realtek Semiconductor Corp.)
"SkyTel" = SkyTel.EXE [05/16/2006 11:04 AM | 02,879,488 | R--- | M] (Realtek Semiconductor Corp.)
"Sony Ericsson PC Suite" = "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions [04/26/2007 10:45 AM | 00,401,408 | R--- | M] ()
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[Alexander Startup Folder - C:\Documents and Settings\Alexander\Start Menu\Programs\Startup]
[04/30/2007 07:43 PM | 03,450,608 | ---- | M] (Stardock) - C:\Documents and Settings\Alexander\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[04/23/2007 04:00 AM | 00,692,224 | ---- | M] (Logitech Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
HKLM CLSID: (Adobe PDF Link Helper) - [06/11/2008 10:33 PM | 00,075,128 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
HKLM CLSID: (Spybot-S&D IE Protection) - [07/07/2008 09:41 AM | 01,562,448 | ---- | M] (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{0BF43445-2F28-4351-9252-17FE6E806AA0}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 08:56 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe [10/18/2007 11:34 AM | 05,724,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe [10/02/2007 05:18 PM | 00,304,488 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 08:56 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe [10/13/2004 05:24 PM | 01,694,208 | ---- | M] (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe [08/25/2008 10:15 PM | 00,267,056 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe [07/16/2008 10:16 AM | 01,069,712 | ---- | M] (Blizzard Entertainment)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe File not found
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe" = C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe [08/04/2004 08:56 AM | 00,768,512 | ---- | M] (Microsoft Corporation)
"C:\Nexon\MapleStory\MapleStory.exe" = C:\Nexon\MapleStory\MapleStory.exe [11/14/2007 06:59 PM | 01,746,466 | ---- | M] (Wizet)
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe File not found
"C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe [09/29/2006 03:30 PM | 05,946,368 | ---- | M] (Autodesk, Inc.)
"C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe" = C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe [01/04/2008 04:55 PM | 01,691,648 | ---- | M] (SQUARE ENIX CO., LTD.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe [01/10/2008 07:17 PM | 00,147,456 | ---- | M] (Lime Wire, LLC)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe [10/18/2007 11:34 AM | 05,724,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe [10/02/2007 05:18 PM | 00,304,488 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe [07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [07/30/2008 10:47 AM | 20,252,968 | ---- | M] (Apple Inc.)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"explorer.exe" - [06/13/2007 11:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [08/04/2004 08:56 AM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [08/04/2004 08:56 AM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [10/26/2007 04:36 AM | 08,454,656 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [08/04/2004 08:56 AM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"explorer.exe" - [06/13/2007 11:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

===== Winlogon Notify Settings =====

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====
Unable to open key or key not present!

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{34ED32A2-02EA-4D0F-AF02-4956AD18E372}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{5589A793-8EC4-489D-821C-D99BB57A31E8}]
Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{F5537543-2B7F-427D-B61C-DFE8B6D4ADE3}]
Servers: | Description: Sony Ericsson Device 089 USB Ethernet Emulation (NDIS 5)

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

AUTOEXEC.BAT []
[10/19/2007 05:26 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

Automap []
[04/20/2008 06:22 PM | ---D | M] C:\Automap [ NTFS ]

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19a0f208-28f3-11dd-a881-001966341d0e}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19a0f208-28f3-11dd-a881-001966341d0e}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 04:36 AM | 08,454,656 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19a0f208-28f3-11dd-a881-001966341d0e}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{747a6db0-ac26-11dc-a76e-001966341d0e}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{747a6db0-ac26-11dc-a76e-001966341d0e}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 04:36 AM | 08,454,656 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{747a6db0-ac26-11dc-a76e-001966341d0e}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87a5e79e-8b8d-11dc-a717-001966341d0e}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87a5e79e-8b8d-11dc-a717-001966341d0e}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 04:36 AM | 08,454,656 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87a5e79e-8b8d-11dc-a717-001966341d0e}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcf88345-aa72-11dc-a76a-001966341d0e}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcf88345-aa72-11dc-a76a-001966341d0e}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 04:36 AM | 08,454,656 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcf88345-aa72-11dc-a76a-001966341d0e}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbe290d8-6dee-11dd-a925-001966341d0e}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbe290d8-6dee-11dd-a925-001966341d0e}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [10/26/2007 04:36 AM | 08,454,656 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbe290d8-6dee-11dd-a925-001966341d0e}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

===== Hosts File =====

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

[Files/Folders - Created Within 30 days]
[08/05/2008 12:23 AM | ---D | C] - C:\7c0006c557841ce53b3bc8cb86
[08/26/2008 07:18 PM | -HSD | C] - C:\Config.Msi
[06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[06/10/2008 02:32 AM | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[08/06/2008 03:17 AM | 00,016,832 | ---- | C] () - C:\WINDOWS\System32\amcompat.tlb
[08/06/2008 03:17 AM | 00,023,392 | ---- | C] () - C:\WINDOWS\System32\nscompat.tlb
[08/22/2008 06:02 PM | 00,000,000 | ---- | C] () - C:\WINDOWS\System32\cyiOA2ur.exe.a_a
[08/22/2008 08:32 PM | 00,000,000 | ---- | C] () - C:\WINDOWS\System32\wK5Fl26G.exe.a_a
[08/22/2008 10:32 PM | 00,081,922 | ---- | C] () - C:\WINDOWS\System32\wK5Fl26G.exe
[08/23/2008 12:38 AM | 00,081,922 | ---- | C] () - C:\WINDOWS\System32\cyiOA2ur.exe
[3 C:\WINDOWS\*.tmp files]
[03/24/1997 05:42 PM | 00,314,368 | ---- | C] (InstallShield Software Corporation) - C:\WINDOWS\IsUninst.exe
[08/23/2008 01:25 AM | ---D | C] - C:\WINDOWS\ROSE Online Evolution
[08/26/2008 07:28 PM | ---D | C] - C:\WINDOWS\LastGood
[08/22/2008 06:02 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At10.job
[08/22/2008 06:02 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At11.job
[08/22/2008 06:02 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At5.job
[08/22/2008 06:02 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At6.job
[08/22/2008 06:02 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At7.job
[08/22/2008 06:02 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At8.job
[08/22/2008 06:02 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At9.job
[08/22/2008 06:16 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At29.job
[08/22/2008 06:16 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At30.job
[08/22/2008 06:16 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At31.job
[08/22/2008 06:16 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At32.job
[08/22/2008 06:16 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At33.job
[08/22/2008 06:16 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At34.job
[08/22/2008 06:16 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At35.job
[08/23/2008 04:24 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At12.job
[08/23/2008 08:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At21.job
[08/23/2008 08:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At45.job
[08/23/2008 11:00 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At36.job
[08/23/2008 12:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At13.job
[08/23/2008 12:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At37.job
[08/24/2008 02:00 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At27.job
[08/24/2008 02:00 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At3.job
[08/24/2008 03:00 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At28.job
[08/24/2008 03:00 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At4.job
[08/25/2008 09:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At22.job
[08/25/2008 09:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At46.job
[08/25/2008 10:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At23.job
[08/25/2008 10:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At47.job
[08/25/2008 11:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At24.job
[08/25/2008 11:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At48.job
[08/26/2008 01:00 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At2.job
[08/26/2008 01:00 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At26.job
[08/26/2008 01:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At38.job
[08/26/2008 01:59 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At14.job
[08/26/2008 02:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At15.job
[08/26/2008 02:05 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At39.job
[08/26/2008 03:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At40.job
[08/26/2008 04:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At17.job
[08/26/2008 04:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At41.job
[08/26/2008 04:26 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At16.job
[08/26/2008 05:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At42.job
[08/26/2008 05:27 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At18.job
[08/26/2008 06:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At19.job
[08/26/2008 06:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At43.job
[08/26/2008 07:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At20.job
[08/26/2008 07:00 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At44.job
[08/26/2008 12:11 AM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At25.job
[08/26/2008 12:16 PM | 00,000,350 | ---- | C] () - C:\WINDOWS\tasks\At1.job
[08/23/2008 10:05 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[08/19/2008 04:25 PM | ---D | C] - C:\Documents and Settings\Alexander\Application Data\GrabIt
[08/25/2008 10:28 PM | 00,014,775 | R--- | C] () - C:\Documents and Settings\Alexander\My Documents\02+-+Shibo.jpg
[08/26/2008 04:16 PM | ---D | C] - C:\Documents and Settings\Alexander\My Documents\LimeWire
[08/26/2008 04:26 PM | ---D | C] - C:\Documents and Settings\Alexander\My Documents\Incomplete
[08/27/2008 01:28 AM | ---D | C] - C:\Documents and Settings\Alexander\My Documents\Emoticons
[08/26/2008 07:18 PM | 00,000,734 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[08/26/2008 07:18 PM | 00,001,729 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[08/26/2008 07:14 PM | 00,812,344 | ---- | C] (Trend Micro Inc.) - C:\Documents and Settings\Alexander\Desktop\HJTInstall.exe
[08/26/2008 07:14 PM | 01,299,968 | ---- | C] (OldTimer Tools) - C:\Documents and Settings\Alexander\Desktop\OTViewIt.exe
[08/26/2008 07:15 PM | 00,001,734 | ---- | C] () - C:\Documents and Settings\Alexander\Desktop\HijackThis.lnk
[08/26/2008 07:16 PM | 35,124,856 | ---- | C] ( ) - C:\Documents and Settings\Alexander\Desktop\AdbeRdr90_en_US.exe
[08/26/2008 07:29 PM | 48,367,896 | ---- | C] (AVG Technologies) - C:\Documents and Settings\Alexander\Desktop\avg_free_stf_en_8_138a1332.exe
[08/26/2008 07:25 PM | 00,001,581 | ---- | C] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
[08/26/2008 07:18 PM | ---D | C] - C:\Program Files\Common Files\Adobe AIR
[08/04/2008 11:27 PM | ---D | C] - C:\Program Files\iPod
[08/14/2008 01:41 AM | ---D | C] - C:\Program Files\Abe's Oddysee
[08/23/2008 01:25 AM | ---D | C] - C:\Program Files\Triggersoft
[08/23/2008 12:29 AM | ---D | C] - C:\Program Files\Spybot - Search & Destroy
[08/26/2008 01:57 PM | ---D | C] - C:\Program Files\HijackThis
[08/26/2008 07:15 PM | ---D | C] - C:\Program Files\Trend Micro

[Files/Folders - Modified Within 30 days]
[08/05/2008 12:23 AM | ---D | M] - C:\7c0006c557841ce53b3bc8cb86
[08/26/2008 07:15 PM | R--D | M] - C:\Program Files
[08/26/2008 07:18 PM | -HSD | M] - C:\Config.Msi
[08/26/2008 07:25 PM | ---D | M] - C:\WINDOWS
[08/05/2008 12:23 AM | ---D | M] - C:\WINDOWS\System32\drivers\UMDF
[8 C:\WINDOWS\System32\*.tmp files]
[08/05/2008 12:23 AM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/05/2008 12:25 AM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/06/2008 03:17 AM | 00,016,832 | ---- | M] () - C:\WINDOWS\System32\amcompat.tlb
[08/06/2008 03:17 AM | 00,023,392 | ---- | M] () - C:\WINDOWS\System32\nscompat.tlb
[08/22/2008 06:02 PM | 00,000,000 | ---- | M] () - C:\WINDOWS\System32\cyiOA2ur.exe.a_a
[08/22/2008 08:32 PM | 00,000,000 | ---- | M] () - C:\WINDOWS\System32\wK5Fl26G.exe.a_a
[08/22/2008 10:32 PM | 00,081,922 | ---- | M] () - C:\WINDOWS\System32\wK5Fl26G.exe
[08/23/2008 01:37 AM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[08/23/2008 12:38 AM | 00,081,922 | ---- | M] () - C:\WINDOWS\System32\cyiOA2ur.exe
[08/25/2008 08:37 PM | 00,002,206 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/26/2008 07:28 PM | ---D | M] - C:\WINDOWS\System32\drivers
[3 C:\WINDOWS\*.tmp files]
[08/05/2008 09:01 PM | ---D | M] - C:\WINDOWS\Help
[08/05/2008 12:23 AM | 00,001,355 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/05/2008 12:23 AM | 00,316,640 | ---- | M] () - C:\WINDOWS\WMSysPr9.prx
[08/11/2008 11:23 PM | -H-D | M] - C:\WINDOWS\inf
[08/23/2008 01:25 AM | ---D | M] - C:\WINDOWS\ROSE Online Evolution
[08/23/2008 05:00 PM | 00,000,675 | ---- | M] () - C:\WINDOWS\win.ini
[08/26/2008 01:41 AM | ---D | M] - C:\WINDOWS\security
[08/26/2008 07:18 PM | -HSD | M] - C:\WINDOWS\Installer
[08/26/2008 07:27 PM | 00,000,558 | ---- | M] () - C:\WINDOWS\DFC.INI
[08/26/2008 07:28 PM | ---D | M] - C:\WINDOWS\LastGood
[08/26/2008 07:28 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/26/2008 07:28 PM | ---D | M] - C:\WINDOWS\system32
[08/26/2008 07:28 PM | ---D | M] - C:\WINDOWS\Temp
[08/26/2008 07:28 PM | --SD | M] - C:\WINDOWS\Tasks
[08/26/2008 12:16 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/04/2008 11:27 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/22/2008 06:02 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At10.job
[08/22/2008 06:02 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At11.job
[08/22/2008 06:02 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At5.job
[08/22/2008 06:02 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At6.job
[08/22/2008 06:02 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At7.job
[08/22/2008 06:02 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At8.job
[08/22/2008 06:02 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At9.job
[08/22/2008 06:16 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At29.job
[08/22/2008 06:16 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At30.job
[08/22/2008 06:16 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At31.job
[08/22/2008 06:16 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At32.job
[08/22/2008 06:16 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At33.job
[08/22/2008 06:16 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At34.job
[08/22/2008 06:16 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At35.job
[08/23/2008 04:24 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At12.job
[08/23/2008 08:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At21.job
[08/23/2008 08:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At45.job
[08/23/2008 11:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At36.job
[08/23/2008 12:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At13.job
[08/23/2008 12:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At37.job
[08/24/2008 02:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At27.job
[08/24/2008 02:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At3.job
[08/24/2008 03:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At28.job
[08/24/2008 03:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At4.job
[08/25/2008 09:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At22.job
[08/25/2008 09:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At46.job
[08/25/2008 10:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At23.job
[08/25/2008 10:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At47.job
[08/25/2008 11:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At24.job
[08/25/2008 11:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At48.job
[08/26/2008 01:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At2.job
[08/26/2008 01:00 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At26.job
[08/26/2008 01:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At38.job
[08/26/2008 01:59 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At14.job
[08/26/2008 02:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At15.job
[08/26/2008 02:05 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At39.job
[08/26/2008 03:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At40.job
[08/26/2008 04:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At17.job
[08/26/2008 04:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At41.job
[08/26/2008 04:26 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At16.job
[08/26/2008 05:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At42.job
[08/26/2008 05:27 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At18.job
[08/26/2008 06:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At19.job
[08/26/2008 06:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At43.job
[08/26/2008 07:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At20.job
[08/26/2008 07:00 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At44.job
[08/26/2008 12:11 AM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At25.job
[08/26/2008 12:16 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/26/2008 12:16 PM | 00,000,350 | ---- | M] () - C:\WINDOWS\tasks\At1.job
[08/23/2008 10:05 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[08/26/2008 07:18 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Adobe
[08/27/2008 01:31 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\WLInstaller
[08/27/2008 01:39 AM | --SD | M] - C:\Documents and Settings\All Users\Application Data\Microsoft
[08/19/2008 04:25 PM | ---D | M] - C:\Documents and Settings\Alexander\Application Data\GrabIt
[08/23/2008 04:40 PM | ---D | M] - C:\Documents and Settings\Alexander\Application Data\foobar2000
[08/23/2008 04:51 PM | ---D | M] - C:\Documents and Settings\Alexander\Application Data\Mozilla
[08/23/2008 12:56 AM | ---D | M] - C:\Documents and Settings\Alexander\Application Data\Tibia
[08/26/2008 01:20 AM | ---D | M] - C:\Documents and Settings\Alexander\Application Data\uTorrent
[08/26/2008 04:19 PM | ---D | M] - C:\Documents and Settings\Alexander\Application Data\LimeWire
[08/14/2008 02:27 AM | 01,575,224 | -H-- | M] () - C:\Documents and Settings\Alexander\Local Settings\Application Data\IconCache.db
[08/23/2008 04:47 PM | 00,015,872 | ---- | M] () - C:\Documents and Settings\Alexander\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/24/2008 01:16 AM | ---D | M] - C:\Documents and Settings\Alexander\Local Settings\Application Data\Microsoft
[08/26/2008 07:18 PM | ---D | M] - C:\Documents and Settings\Alexander\Local Settings\Application Data\Adobe
[08/14/2008 12:45 AM | ---D | M] - C:\Documents and Settings\Alexander\My Documents\My Software
[08/23/2008 04:38 PM | ---D | M] - C:\Documents and Settings\Alexander\My Documents\ig
[08/23/2008 04:40 PM | R--D | M] - C:\Documents and Settings\Alexander\My Documents\My Music
[08/23/2008 04:43 PM | R--D | M] - C:\Documents and Settings\Alexander\My Documents\My Received Files
[08/23/2008 04:44 PM | ---D | M] - C:\Documents and Settings\Alexander\My Documents\Games
[08/23/2008 04:45 PM | ---D | M] - C:\Documents and Settings\Alexander\My Documents\My Videos
[08/23/2008 04:45 PM | ---D | M] - C:\Documents and Settings\Alexander\My Documents\Others
[08/23/2008 04:46 PM | ---D | M] - C:\Documents and Settings\Alexander\My Documents\USB crap
[08/23/2008 04:47 PM | ---D | M] - C:\Documents and Settings\Alexander\My Documents\743057
[08/23/2008 04:47 PM | ---D | M] - C:\Documents and Settings\Alexander\My Documents\USB
[08/23/2008 04:49 PM | R--D | M] - C:\Documents and Settings\Alexander\My Documents\My Pictures
[08/25/2008 10:28 PM | 00,014,775 | R--- | M] () - C:\Documents and Settings\Alexander\My Documents\02+-+Shibo.jpg
[08/25/2008 10:54 PM | 00,044,544 | -HS- | M] () - C:\Documents and Settings\Alexander\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
[08/26/2008 04:13 PM | 00,000,596 | ---- | M] () - C:\Documents and Settings\Alexander\My Documents\My Sharing Folders.lnk
[08/26/2008 04:16 PM | ---D | M] - C:\Documents and Settings\Alexander\My Documents\LimeWire
[08/26/2008 04:19 PM | ---D | M] - C:\Documents and Settings\Alexander\My Documents\Downloads
[08/26/2008 04:26 PM | ---D | M] - C:\Documents and Settings\Alexander\My Documents\Incomplete
[08/27/2008 01:28 AM | ---D | M] - C:\Documents and Settings\Alexander\My Documents\Emoticons
[08/26/2008 07:18 PM | 00,000,734 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[08/26/2008 07:18 PM | 00,001,729 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[08/21/2008 08:20 PM | 00,200,192 | -HS- | M] () - C:\Documents and Settings\Alexander\Desktop\Thumbs.db
@Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable
[08/26/2008 07:14 PM | 00,812,344 | ---- | M] (Trend Micro Inc.) - C:\Documents and Settings\Alexander\Desktop\HJTInstall.exe
[08/26/2008 07:14 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Alexander\Desktop\OTViewIt.exe
[08/26/2008 07:15 PM | 00,001,734 | ---- | M] () - C:\Documents and Settings\Alexander\Desktop\HijackThis.lnk
[08/26/2008 07:16 PM | 35,124,856 | ---- | M] ( ) - C:\Documents and Settings\Alexander\Desktop\AdbeRdr90_en_US.exe
[08/26/2008 07:29 PM | 48,367,896 | ---- | M] (AVG Technologies) - C:\Documents and Settings\Alexander\Desktop\avg_free_stf_en_8_138a1332.exe
[08/26/2008 07:25 PM | 00,001,581 | ---- | M] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
[08/26/2008 07:18 PM | ---D | M] - C:\Program Files\Common Files\Adobe
[08/26/2008 07:18 PM | ---D | M] - C:\Program Files\Common Files\Adobe AIR
[08/27/2008 01:38 AM | -HSD | M] - C:\Program Files\Common Files\WindowsLiveInstaller
[08/27/2008 01:39 AM | ---D | M] - C:\Program Files\Common Files\Microsoft Shared

< End of report >

Edited by Alleluia, 26 August 2008 - 12:29 PM.

#7
Alleluia

Posted 26 August 2008 - 12:21 PM

Member

Topic Starter
Member
11 posts

Here is my Extras report:
===========================================================

OTViewIt Extras logfile created on: 26/08/2008 19:30:23 - Run 3
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\Alexander\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.34% Memory free
3.85 Gb Paging File | 3.45 Gb Available in Paging File | 89.62% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 372.60 Gb Total Space | 284.48 Gb Free Space | 76.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

===== File Associations =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = comfile] - File not found -
.exe [@ = exefile] - File not found -
.html [@ = FirefoxHTML] - [07/03/2008 03:34 AM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -

===== Uninstall List =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{115DC143-58A1-4314-853D-FCA35D57EE8A}" = Sony Ericsson PC Suite
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}" = iTunes
"{45105F2B-0294-4354-A92A-5D1F575E24A5}" = FINAL FANTASY XI
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}" = Apple Mobile Device Support
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{99217575-1F9D-438A-A2E9-D8FC1D96A04F}" = MapleStory
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4CC41E4-2AED-448D-9D1C-61EB028C2C6D}" = FINAL FANTASY XI: Rise of the Zilart
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A82B049B-14E7-4E0E-946D-024AC4050EF8}" = PlayOnline Viewer and Tetra Master
"{A9110D4F-86DC-46DC-A1E6-097692C2D2FF}" = FINAL FANTASY XI: Chains of Promathia
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
"{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D17D8B97-F937-432F-88BD-382727D34441}" = EuropeMapleStory
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E96D4088-AAC5-437F-9E39-EC0E387897B4}" = Autodesk 3ds Max 9 32-bit
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"Abe's Oddysee" = Abe's Oddysee
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Age of Conan_is1" = Age of Conan - Hyborian Adventures
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"FBX Plugin 2006.08 for Max 9.0" = FBX Plugin 2006.08 for Max 9.0
"foobar2000" = foobar2000 v0.9.4.5
"HijackThis" = HijackThis 2.0.2
"InstallShield_{45105F2B-0294-4354-A92A-5D1F575E24A5}" = FINAL FANTASY XI
"InstallShield_{A4CC41E4-2AED-448D-9D1C-61EB028C2C6D}" = FINAL FANTASY XI: Rise of the Zilart
"InstallShield_{A82B049B-14E7-4E0E-946D-024AC4050EF8}" = PlayOnline Viewer and Tetra Master
"InstallShield_{A9110D4F-86DC-46DC-A1E6-097692C2D2FF}" = FINAL FANTASY XI: Chains of Promathia
"KB873339" = Windows XP Hotfix - KB873339
"KB885835" = Windows XP Hotfix - KB885835
"KB885836" = Windows XP Hotfix - KB885836
"KB886185" = Windows XP Hotfix - KB886185
"KB887472" = Windows XP Hotfix - KB887472
"KB888111WXP" = High Definition Audio Driver Package - KB888111
"KB888302" = Windows XP Hotfix - KB888302
"KB890046" = Security Update for Windows XP (KB890046)
"KB890859" = Windows XP Hotfix - KB890859
"KB891781" = Windows XP Hotfix - KB891781
"KB892130" = Windows Genuine Advantage Validation Tool (KB892130)
"KB893756" = Security Update for Windows XP (KB893756)
"KB893803v2" = Windows Installer 3.1 (KB893803)
"KB896358" = Security Update for Windows XP (KB896358)
"KB896423" = Security Update for Windows XP (KB896423)
"KB896424" = Security Update for Windows XP (KB896424)
"KB896428" = Security Update for Windows XP (KB896428)
"KB898461" = Update for Windows XP (KB898461)
"KB899587" = Security Update for Windows XP (KB899587)
"KB899589" = Security Update for Windows XP (KB899589)
"KB899591" = Security Update for Windows XP (KB899591)
"KB900485" = Update for Windows XP (KB900485)
"KB900725" = Security Update for Windows XP (KB900725)
"KB901017" = Security Update for Windows XP (KB901017)
"KB901214" = Security Update for Windows XP (KB901214)
"KB902400" = Security Update for Windows XP (KB902400)
"KB904706" = Security Update for Windows XP (KB904706)
"KB905414" = Security Update for Windows XP (KB905414)
"KB905749" = Security Update for Windows XP (KB905749)
"KB908519" = Security Update for Windows XP (KB908519)
"KB908531" = Update for Windows XP (KB908531)
"KB910437" = Update for Windows XP (KB910437)
"KB911280" = Update for Windows XP (KB911280)
"KB911562" = Security Update for Windows XP (KB911562)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB911565" = Security Update for Windows Media Player 9 (KB911565)
"KB911927" = Security Update for Windows XP (KB911927)
"KB912919" = Security Update for Windows XP (KB912919)
"KB913580" = Security Update for Windows XP (KB913580)
"KB914388" = Security Update for Windows XP (KB914388)
"KB914389" = Security Update for Windows XP (KB914389)
"KB916595" = Update for Windows XP (KB916595)
"KB917344" = Security Update for Windows XP (KB917344)
"KB917422" = Security Update for Windows XP (KB917422)
"KB917734_WMP8" = Security Update for Windows Media Player 8 (KB917734)
"KB917953" = Security Update for Windows XP (KB917953)
"KB918118" = Security Update for Windows XP (KB918118)
"KB918842.T1_1ToU114_1" = Hotfix for Microsoft .NET Framework 2.0 (KB918842)
"KB919007" = Security Update for Windows XP (KB919007)
"KB920213" = Security Update for Windows XP (KB920213)
"KB920670" = Security Update for Windows XP (KB920670)
"KB920683" = Security Update for Windows XP (KB920683)
"KB920685" = Security Update for Windows XP (KB920685)
"KB920872" = Update for Windows XP (KB920872)
"KB921398" = Security Update for Windows XP (KB921398)
"KB921503" = Security Update for Windows XP (KB921503)
"KB921883" = Security Update for Windows XP (KB921883)
"KB922582" = Update for Windows XP (KB922582)
"KB922616" = Security Update for Windows XP (KB922616)
"KB922819" = Security Update for Windows XP (KB922819)
"KB923191" = Security Update for Windows XP (KB923191)
"KB923414" = Security Update for Windows XP (KB923414)
"KB923689" = Security Update for Windows XP (KB923689)
"KB923789" = Security Update for Windows XP (KB923789)
"KB923980" = Security Update for Windows XP (KB923980)
"KB924191" = Security Update for Windows XP (KB924191)
"KB924270" = Security Update for Windows XP (KB924270)
"KB924496" = Security Update for Windows XP (KB924496)
"KB924667" = Security Update for Windows XP (KB924667)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB925902" = Security Update for Windows XP (KB925902)
"KB926239" = Hotfix for Windows XP (KB926239)
"KB926255" = Security Update for Windows XP (KB926255)
"KB926436" = Security Update for Windows XP (KB926436)
"KB927779" = Security Update for Windows XP (KB927779)
"KB927802" = Security Update for Windows XP (KB927802)
"KB927891" = Update for Windows XP (KB927891)
"KB928255" = Security Update for Windows XP (KB928255)
"KB928843" = Security Update for Windows XP (KB928843)
"KB929123" = Security Update for Windows XP (KB929123)
"KB929399" = Hotfix for Windows Media Format 11 SDK (KB929399)
"KB930178" = Security Update for Windows XP (KB930178)
"KB930916" = Update for Windows XP (KB930916)
"KB931261" = Security Update for Windows XP (KB931261)
"KB931784" = Security Update for Windows XP (KB931784)
"KB932168" = Security Update for Windows XP (KB932168)
"KB933360" = Update for Windows XP (KB933360)
"KB933729" = Security Update for Windows XP (KB933729)
"KB935448" = Hotfix for Windows XP (KB935448)
"KB935839" = Security Update for Windows XP (KB935839)
"KB935840" = Security Update for Windows XP (KB935840)
"KB936021" = Security Update for Windows XP (KB936021)
"KB936357" = Update for Windows XP (KB936357)
"KB936782_WMP11" = Security Update for Windows Media Player 11 (KB936782)
"KB936782_WMP9" = Security Update for Windows Media Player 9 (KB936782)
"KB938127" = Security Update for Windows XP (KB938127)
"KB938828" = Update for Windows XP (KB938828)
"KB938829" = Security Update for Windows XP (KB938829)
"KB939653" = Security Update for Windows XP (KB939653)
"KB939683" = Hotfix for Windows Media Player 11 (KB939683)
"KB941202" = Security Update for Windows XP (KB941202)
"KB943460" = Security Update for Windows XP (KB943460)
"LimeWire" = LimeWire PRO 4.16.2
"LOSI" = LOSI 0.1
"Magic ISO Maker v5.3 (build 0216)" = Magic ISO Maker v5.3 (build 0216)
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"ObjectDock" = ObjectDock
"PowerISO" = PowerISO
"Registry Booster_is1" = Uniblue Registry Booster
"RME" = Remere's Map Editor
"ROSE Online Evolution162" = ROSE Online Evolution
"Screenshot Utility_is1" = Screenshot Utility version 1.0
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Steam App 240" = Counter-Strike: Source
"Steam App 320" = Half-Life 2: Deathmatch
"The Rosetta Stone" = The Rosetta Stone
"Tibia_is1" = Tibia
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WGA" = Windows Genuine Advantage Validation Tool (KB892130)
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinMX" = WinMX
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpertVision_is1" = XpertVision 5.3

===== Uninstall List =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

===== Winsock2 Catalogs =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - [07/24/2007 03:17 PM | 00,147,456 | ---- | M] (Apple Inc.) C:\Program Files\Bonjour\mdnsNSP.dll

===== Protocol Defaults =====

===== Protocol Defaults =====

===== Protocol Handlers =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

===== Protocol Filters =====

< End of report >

Edited by Alleluia, 26 August 2008 - 12:29 PM.

#8
Alleluia

Posted 26 August 2008 - 12:23 PM

Member

Topic Starter
Member
11 posts

Okay, there are the reports in the order requested.

Edited by Alleluia, 26 August 2008 - 12:30 PM.

#9
Egwene

Posted 26 August 2008 - 01:10 PM

Member 2k

Visiting Consultant
2,141 posts

Hey Alleluia,

Ok, let's go with removal

1) Unistall some programs :

Please go Start > Control Panel > Add/Remove Programs and remove the following (if present):

* Java™ 6 Update 3
* Java™ 6 Update 5
* Limewire
* uTorrent

Limewire and uTorrent are optional programs, P2P softwares, but it's your choice to uninstall and remove it or not. However, i strongly advise you to remove it ! 50% of P2P programs are fake or infected.

2) Backing Up Your Registry :

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry

Download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
Make sure that at least the first two check boxes are ticked
Press OK
Press YES to create the folder.

3) Run OTMoveIT2 :

Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[kill explorer]
C:\WINDOWS\System32\cyiOA2ur.exe.a_a
C:\WINDOWS\System32\wK5Fl26G.exe.a_a
C:\WINDOWS\System32\wK5Fl26G.exe
C:\WINDOWS\System32\cyiOA2ur.exe
C:\WINDOWS\System32\amcompat.tlb
C:\WINDOWS\System32\nscompat.tlb
C:\WINDOWS\tasks\At??.job
C:\WINDOWS\tasks\At?.job
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19a0f208-28f3-11dd-a881-001966341d0e}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{747a6db0-ac26-11dc-a76e-001966341d0e}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87a5e79e-8b8d-11dc-a717-001966341d0e}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcf88345-aa72-11dc-a76a-001966341d0e}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbe290d8-6dee-11dd-a925-001966341d0e}
purity
emptytemp
[start explorer]

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.[/list]
Please post :

- OTmoveIT2 repport.
- fresh OTviewIT repport : i only need main.txt

And tell me please how your computer is running.

Regards,
Egwene.

#10
Alleluia

Posted 26 August 2008 - 01:50 PM

Member

Topic Starter
Member
11 posts

Here is my OTmoveIT2 report:
==============================================
Explorer killed successfully
C:\WINDOWS\System32\cyiOA2ur.exe.a_a moved successfully.
C:\WINDOWS\System32\wK5Fl26G.exe.a_a moved successfully.
C:\WINDOWS\System32\wK5Fl26G.exe moved successfully.
C:\WINDOWS\System32\cyiOA2ur.exe moved successfully.
C:\WINDOWS\System32\amcompat.tlb moved successfully.
C:\WINDOWS\System32\nscompat.tlb moved successfully.
< C:\WINDOWS\tasks\At??.job >
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
< C:\WINDOWS\tasks\At?.job >
File/Folder C:\WINDOWS\tasks\At?.job not found.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19a0f208-28f3-11dd-a881-001966341d0e} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19a0f208-28f3-11dd-a881-001966341d0e}\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{747a6db0-ac26-11dc-a76e-001966341d0e} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{747a6db0-ac26-11dc-a76e-001966341d0e}\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87a5e79e-8b8d-11dc-a717-001966341d0e} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87a5e79e-8b8d-11dc-a717-001966341d0e}\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcf88345-aa72-11dc-a76a-001966341d0e} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcf88345-aa72-11dc-a76a-001966341d0e}\\ deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbe290d8-6dee-11dd-a925-001966341d0e} >
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbe290d8-6dee-11dd-a925-001966341d0e}\\ deleted successfully.
< purity >
< emptytemp >
File delete failed. C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\etilqs_TWTBLhUZiHgruHvwVeBs scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\IMG12B.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\~DFBA24.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\~DFBA35.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\~DFC93B.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\~DFC94C.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08262008_204637

Files moved on Reboot...
File C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\etilqs_TWTBLhUZiHgruHvwVeBs not found!
File C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\IMG12B.tmp not found!
File C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\~DFBA24.tmp not found!
File C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\~DFBA35.tmp not found!
File C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\~DFC93B.tmp not found!
File C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\~DFC94C.tmp not found!

#11
Alleluia

Posted 26 August 2008 - 01:51 PM

Member

Topic Starter
Member
11 posts

Here is my OTviewIt report:
==============================================
OTViewIt logfile created on: 26/08/2008 20:52:25 - Run 4
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\Alexander\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 75.90% Memory free
3.85 Gb Paging File | 3.54 Gb Available in Paging File | 91.85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 372.60 Gb Total Space | 284.56 Gb Free Space | 76.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASTRIEL
Current User Name: Alexander
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[07/22/2008 08:42 PM | 00,116,040 | ---- | M] (Apple Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[12/20/2007 04:23 AM | 00,072,704 | ---- | M] (Autodesk) - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
[07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe
[09/29/2006 01:48 PM | 00,065,536 | ---- | M] () - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
[07/23/2007 03:51 AM | 00,155,716 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe
[06/26/2007 03:04 PM | 02,165,256 | ---- | M] (Xpertvision, Inc.) - C:\Program Files\XpertVision\TBPANEL.exe
[09/12/2006 09:58 AM | 16,264,192 | R--- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\RTHDCPL.EXE
[07/30/2008 10:47 AM | 00,289,064 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[06/12/2008 02:38 AM | 00,034,672 | ---- | M] (Adobe Systems Incorporated) - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
[06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[04/23/2007 04:00 AM | 00,692,224 | ---- | M] (Logitech Inc.) - C:\Program Files\Logitech\SetPoint\SetPoint.exe
[04/30/2007 07:43 PM | 03,450,608 | ---- | M] (Stardock) - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
[04/11/2007 03:32 PM | 00,056,080 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
[07/30/2008 10:47 AM | 00,532,264 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[07/03/2008 03:34 AM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
[08/26/2008 07:14 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Alexander\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(0270781219775139mcinstcleanup) McAfee Application Installer Cleanup (0270781219775139) [Auto | Stopped]
File not found - C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\027078~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[07/22/2008 08:42 PM | 00,116,040 | ---- | M] (Apple Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Autodesk Licensing Service) Autodesk Licensing Service [Auto | Running]
[12/20/2007 04:23 AM | 00,072,704 | ---- | M] (Autodesk) - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

(Bonjour Service) Bonjour Service [Auto | Running]
[07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[08/04/2004 08:56 AM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped]
[10/26/2007 08:38 AM | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

(IDriverT) InstallDriver Table Manager [On_Demand | Stopped]
[11/14/2005 02:06 AM | 00,069,632 | ---- | M] (Macrovision Corporation) - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

(iPod Service) iPod Service [On_Demand | Running]
[07/30/2008 10:47 AM | 00,532,264 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit) [Auto | Running]
[09/29/2006 01:48 PM | 00,065,536 | ---- | M] () - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

(NVSvc) NVIDIA Display Driver Service [Auto | Running]
[07/23/2007 03:51 AM | 00,155,716 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe

===== Driver Services - Non-Microsoft Only =====

(Cardex) Cardex [On_Demand | Stopped]
[03/16/2007 10:11 AM | 00,012,256 | ---- | M] (Windows ® 2000 DDK provider) - C:\WINDOWS\system32\drivers\TBPanel.sys

(dmboot) dmboot [Disabled | Stopped]
[08/04/2004 07:07 AM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[08/04/2004 07:07 AM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Boot | Running]
[06/20/2003 01:00 PM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(GEARAspiWDM) GEARAspiWDM [On_Demand | Running]
[01/29/2008 12:01 PM | 00,016,168 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [On_Demand | Running]
[01/07/2005 05:07 PM | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) - C:\WINDOWS\system32\drivers\Hdaudbus.sys

(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [On_Demand | Running]
[09/12/2006 12:27 PM | 04,381,184 | R--- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\system32\drivers\RtkHDAud.sys

(k750bus) Sony Ericsson 750 driver (WDM) [On_Demand | Stopped]
[02/11/2005 12:19 PM | 00,055,216 | ---- | M] (MCCI) - C:\WINDOWS\system32\drivers\k750bus.sys

(k750mdfl) Sony Ericsson 750 USB WMC Modem Filter [On_Demand | Stopped]
[02/11/2005 12:21 PM | 00,006,576 | ---- | M] (MCCI) - C:\WINDOWS\system32\drivers\k750mdfl.sys

(k750mdm) Sony Ericsson 750 USB WMC Modem Drivers [On_Demand | Stopped]
[02/11/2005 12:21 PM | 00,089,872 | ---- | M] (MCCI) - C:\WINDOWS\system32\drivers\k750mdm.sys

(k750mgmt) Sony Ericsson 750 USB WMC Device Management Drivers [On_Demand | Stopped]
[03/13/2006 07:35 PM | 00,081,728 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\k750mgmt.sys

(k750obex) Sony Ericsson 750 USB WMC OBEX Interface Drivers [On_Demand | Stopped]
[03/13/2006 07:35 PM | 00,079,488 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\k750obex.sys

(L8042Kbd) Logitech SetPoint Keyboard Driver [On_Demand | Stopped]
[04/11/2007 03:32 PM | 00,020,496 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\L8042Kbd.sys

(LHidFilt) Logitech SetPoint KMDF HID Filter Driver [On_Demand | Running]
[04/11/2007 03:32 PM | 00,034,832 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\LHidFilt.Sys

(LMouFilt) Logitech SetPoint KMDF Mouse Filter Driver [On_Demand | Running]
[04/11/2007 03:32 PM | 00,036,112 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\LMouFilt.Sys

(LUsbFilt) Logitech SetPoint KMDF USB Filter [On_Demand | Running]
[04/11/2007 03:33 PM | 00,028,688 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\LUsbFilt.sys

(npkcrypt) npkcrypt [Auto | Running]
[11/14/2007 07:01 PM | 00,023,217 | ---- | M] (INCA Internet Co., Ltd.) - C:\Nexon\MapleStory\npkcrypt.sys

(npkcusb) npkcusb [On_Demand | Running]
[08/16/2007 11:04 AM | 00,015,472 | ---- | M] (INCA Internet Co., Ltd.) - C:\Program Files\NEXON\EuropeMapleStory\npkcusb.sys

(nv) nv [On_Demand | Running]
[07/23/2007 03:51 AM | 06,807,328 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[06/20/2003 01:00 PM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[03/08/2007 12:51 AM | 00,043,528 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\PxHelp20.sys

(RTLE8023xp) Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver [On_Demand | Running]
[08/14/2006 02:09 PM | 00,083,200 | R--- | M] (Realtek Semiconductor Corporation ) - C:\WINDOWS\system32\drivers\Rtenicxp.sys

(SCDEmu) SCDEmu [System | Running]
[01/31/2006 01:21 PM | 00,025,900 | ---- | M] (PowerISO Computing, Inc.) - C:\WINDOWS\System32\drivers\scdemu.sys

(se59bus) Sony Ericsson Device 089 driver (WDM) [On_Demand | Stopped]
[09/05/2006 09:07 PM | 00,061,536 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se59bus.sys

(se59mdfl) Sony Ericsson Device 089 USB WMC Modem Filter [On_Demand | Stopped]
[09/05/2006 09:07 PM | 00,009,360 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se59mdfl.sys

(se59mdm) Sony Ericsson Device 089 USB WMC Modem Driver [On_Demand | Stopped]
[09/05/2006 09:07 PM | 00,097,088 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se59mdm.sys

(se59mgmt) Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM) [On_Demand | Stopped]
[09/05/2006 09:08 PM | 00,088,624 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se59mgmt.sys

(se59nd5) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS) [On_Demand | Stopped]
[09/05/2006 09:06 PM | 00,018,704 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se59nd5.sys

(se59obex) Sony Ericsson Device 089 USB WMC OBEX Interface [On_Demand | Stopped]
[09/05/2006 09:09 PM | 00,086,432 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se59obex.sys

(se59unic) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM) [On_Demand | Stopped]
[09/05/2006 09:06 PM | 00,090,800 | R--- | M] (MCCI) - C:\WINDOWS\system32\drivers\se59unic.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[06/20/2003 01:00 PM | 00,027,440 | ---- | M] () - C:\WINDOWS\system32\drivers\secdrv.sys

(sptd) sptd [Boot | Running]
[01/14/2008 03:18 AM | 00,685,816 | ---- | M] () - C:\WINDOWS\system32\drivers\sptd.sys

(STV680) USB Dual-mode Camera [On_Demand | Stopped]
[02/11/2002 02:13 PM | 00,119,536 | ---- | M] (STMicroelectronics ) - C:\WINDOWS\system32\drivers\stv680.sys

(STV680m) USB Dual-mode Cameram [On_Demand | Stopped]
[02/11/2002 02:13 PM | 00,009,024 | ---- | M] (STMicroelectronics ) - C:\WINDOWS\system32\drivers\stv680m.sys

(TBPanel) TBPanel [Auto | Running]
[03/16/2007 10:11 AM | 00,012,256 | ---- | M] (Windows ® 2000 DDK provider) - C:\WINDOWS\System32\drivers\TBPanel.sys

(USBAAPL) Apple Mobile USB Driver [On_Demand | Stopped]
[01/15/2008 03:39 AM | 00,030,464 | ---- | M] (Apple, Inc.) - C:\WINDOWS\system32\drivers\usbaapl.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM | 00,034,672 | ---- | M] (Adobe Systems Incorporated)
"Alcmtr" = ALCMTR.EXE [05/03/2005 11:43 AM | 00,069,632 | R--- | M] (Realtek Semiconductor Corp.)
"AppleSyncNotifier" = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [07/10/2008 09:47 AM | 00,116,040 | ---- | M] (Apple Inc.)
"Gainward" = C:\Program Files\XpertVision\TBPanel.exe /A [06/26/2007 03:04 PM | 02,165,256 | ---- | M] (Xpertvision, Inc.)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [07/30/2008 10:47 AM | 00,289,064 | ---- | M] (Apple Inc.)
"Kernel and Hardware Abstraction Layer" = KHALMNPR.EXE [04/11/2007 03:32 PM | 00,056,080 | ---- | M] (Logitech Inc.)
"NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [07/23/2007 03:51 AM | 08,466,432 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit [07/23/2007 03:51 AM | 00,081,920 | ---- | M] (NVIDIA Corporation)
"nwiz" = nwiz.exe /install [07/23/2007 03:51 AM | 01,626,112 | ---- | M] ()
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [05/27/2008 10:50 AM | 00,413,696 | ---- | M] (Apple Inc.)
"RTHDCPL" = RTHDCPL.EXE [09/12/2006 09:58 AM | 16,264,192 | R--- | M] (Realtek Semiconductor Corp.)
"SkyTel" = SkyTel.EXE [05/16/2006 11:04 AM | 02,879,488 | R--- | M] (Realtek Semiconductor Corp.)
"Sony Ericsson PC Suite" = "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions [04/26/2007 10:45 AM | 00,401,408 | R--- | M] ()
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[Alexander Startup Folder - C:\Documents and Settings\Alexander\Start Menu\Programs\Startup]
[04/30/2007 07:43 PM | 03,450,608 | ---- | M] (Stardock) - C:\Documents and Settings\Alexander\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[04/23/2007 04:00 AM | 00,692,224 | ---- | M] (Logitech Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
HKLM CLSID: (Adobe PDF Link Helper) - [06/11/2008 10:33 PM | 00,075,128 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
HKLM CLSID: (Spybot-S&D IE Protection) - [07/07/2008 09:41 AM | 01,562,448 | ---- | M] (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{0BF43445-2F28-4351-9252-17FE6E806AA0}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 08:56 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe [10/18/2007 11:34 AM | 05,724,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe [10/02/2007 05:18 PM | 00,304,488 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 08:56 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe [10/13/2004 05:24 PM | 01,694,208 | ---- | M] (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe [08/25/2008 10:15 PM | 00,267,056 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe [07/16/2008 10:16 AM | 01,069,712 | ---- | M] (Blizzard Entertainment)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe File not found
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe" = C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe [08/04/2004 08:56 AM | 00,768,512 | ---- | M] (Microsoft Corporation)
"C:\Nexon\MapleStory\MapleStory.exe" = C:\Nexon\MapleStory\MapleStory.exe [11/14/2007 06:59 PM | 01,746,466 | ---- | M] (Wizet)
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe File not found
"C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe [09/29/2006 03:30 PM | 05,946,368 | ---- | M] (Autodesk, Inc.)
"C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe" = C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe [01/04/2008 04:55 PM | 01,691,648 | ---- | M] (SQUARE ENIX CO., LTD.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe [01/10/2008 07:17 PM | 00,147,456 | ---- | M] (Lime Wire, LLC)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe [10/18/2007 11:34 AM | 05,724,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe [10/02/2007 05:18 PM | 00,304,488 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe [07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [07/30/2008 10:47 AM | 20,252,968 | ---- | M] (Apple Inc.)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"explorer.exe" - [06/13/2007 11:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [08/04/2004 08:56 AM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [08/04/2004 08:56 AM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [10/26/2007 04:36 AM | 08,454,656 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [08/04/2004 08:56 AM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"explorer.exe" - [06/13/2007 11:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

===== Winlogon Notify Settings =====

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====
Unable to open key or key not present!

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{34ED32A2-02EA-4D0F-AF02-4956AD18E372}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{5589A793-8EC4-489D-821C-D99BB57A31E8}]
Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{F5537543-2B7F-427D-B61C-DFE8B6D4ADE3}]
Servers: | Description: Sony Ericsson Device 089 USB Ethernet Emulation (NDIS 5)

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

AUTOEXEC.BAT []
[10/19/2007 05:26 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

Automap []
[04/20/2008 06:22 PM | ---D | M] C:\Automap [ NTFS ]

===== MountPoints2 =====

===== Hosts File =====

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

[Files/Folders - Created Within 30 days]
[08/05/2008 12:23 AM | ---D | C] - C:\7c0006c557841ce53b3bc8cb86
[08/26/2008 08:38 PM | -HSD | C] - C:\Config.Msi
[08/26/2008 08:46 PM | ---D | C] - C:\_OTMoveIt
[06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[06/10/2008 02:32 AM | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[3 C:\WINDOWS\*.tmp files]
[03/24/1997 05:42 PM | 00,314,368 | ---- | C] (InstallShield Software Corporation) - C:\WINDOWS\IsUninst.exe
[08/23/2008 01:25 AM | ---D | C] - C:\WINDOWS\ROSE Online Evolution
[08/23/2008 10:05 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[08/19/2008 04:25 PM | ---D | C] - C:\Documents and Settings\Alexander\Application Data\GrabIt
[08/25/2008 10:28 PM | 00,014,775 | R--- | C] () - C:\Documents and Settings\Alexander\My Documents\02+-+Shibo.jpg
[08/26/2008 04:16 PM | ---D | C] - C:\Documents and Settings\Alexander\My Documents\LimeWire
[08/26/2008 04:26 PM | ---D | C] - C:\Documents and Settings\Alexander\My Documents\Incomplete
[08/27/2008 01:28 AM | ---D | C] - C:\Documents and Settings\Alexander\My Documents\Emoticons
[08/26/2008 07:18 PM | 00,000,734 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[08/26/2008 07:18 PM | 00,001,729 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[08/26/2008 07:14 PM | 00,812,344 | ---- | C] (Trend Micro Inc.) - C:\Documents and Settings\Alexander\Desktop\HJTInstall.exe
[08/26/2008 07:14 PM | 01,299,968 | ---- | C] (OldTimer Tools) - C:\Documents and Settings\Alexander\Desktop\OTViewIt.exe
[08/26/2008 07:15 PM | 00,001,734 | ---- | C] () - C:\Documents and Settings\Alexander\Desktop\HijackThis.lnk
[08/26/2008 07:16 PM | 35,124,856 | ---- | C] ( ) - C:\Documents and Settings\Alexander\Desktop\AdbeRdr90_en_US.exe
[08/26/2008 07:29 PM | 48,367,896 | ---- | C] (AVG Technologies) - C:\Documents and Settings\Alexander\Desktop\avg_free_stf_en_8_138a1332.exe
[08/26/2008 08:45 PM | 00,291,840 | ---- | C] (OldTimer Tools) - C:\Documents and Settings\Alexander\Desktop\OTMoveIt2.exe
[08/26/2008 07:18 PM | ---D | C] - C:\Program Files\Common Files\Adobe AIR
[08/04/2008 11:27 PM | ---D | C] - C:\Program Files\iPod
[08/14/2008 01:41 AM | ---D | C] - C:\Program Files\Abe's Oddysee
[08/23/2008 01:25 AM | ---D | C] - C:\Program Files\Triggersoft
[08/23/2008 12:29 AM | ---D | C] - C:\Program Files\Spybot - Search & Destroy
[08/26/2008 01:57 PM | ---D | C] - C:\Program Files\HijackThis
[08/26/2008 07:15 PM | ---D | C] - C:\Program Files\Trend Micro

[Files/Folders - Modified Within 30 days]
[08/05/2008 12:23 AM | ---D | M] - C:\7c0006c557841ce53b3bc8cb86
[08/26/2008 07:15 PM | R--D | M] - C:\Program Files
[08/26/2008 08:46 PM | ---D | M] - C:\_OTMoveIt
[08/26/2008 08:48 PM | -HSD | M] - C:\Config.Msi
[08/26/2008 08:49 PM | ---D | M] - C:\WINDOWS
[08/05/2008 12:23 AM | ---D | M] - C:\WINDOWS\System32\drivers\UMDF
[8 C:\WINDOWS\System32\*.tmp files]
[08/05/2008 12:23 AM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/05/2008 12:25 AM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/23/2008 01:37 AM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[08/25/2008 08:37 PM | 00,002,206 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/26/2008 07:28 PM | ---D | M] - C:\WINDOWS\System32\drivers
[3 C:\WINDOWS\*.tmp files]
[08/05/2008 09:01 PM | ---D | M] - C:\WINDOWS\Help
[08/05/2008 12:23 AM | 00,001,355 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/05/2008 12:23 AM | 00,316,640 | ---- | M] () - C:\WINDOWS\WMSysPr9.prx
[08/11/2008 11:23 PM | -H-D | M] - C:\WINDOWS\inf
[08/23/2008 01:25 AM | ---D | M] - C:\WINDOWS\ROSE Online Evolution
[08/23/2008 05:00 PM | 00,000,675 | ---- | M] () - C:\WINDOWS\win.ini
[08/26/2008 01:41 AM | ---D | M] - C:\WINDOWS\security
[08/26/2008 08:38 PM | -HSD | M] - C:\WINDOWS\Installer
[08/26/2008 08:46 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/26/2008 08:46 PM | --SD | M] - C:\WINDOWS\Tasks
[08/26/2008 08:48 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/26/2008 08:48 PM | ---D | M] - C:\WINDOWS\system32
[08/26/2008 08:49 PM | 00,000,558 | ---- | M] () - C:\WINDOWS\DFC.INI
[08/26/2008 08:49 PM | ---D | M] - C:\WINDOWS\Temp
[08/04/2008 11:27 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/26/2008 08:48 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/23/2008 10:05 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[08/26/2008 07:18 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Adobe
[08/27/2008 01:31 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\WLInstaller
[08/27/2008 01:39 AM | --SD | M] - C:\Documents and Settings\All Users\Application Data\Microsoft
[08/19/2008 04:25 PM | ---D | M] - C:\Documents and Settings\Alexander\Application Data\GrabIt
[08/23/2008 04:40 PM | ---D | M] - C:\Documents and Settings\Alexander\Application Data\foobar2000
[08/23/2008 04:51 PM | ---D | M] - C:\Documents and Settings\Alexander\Application Data\Mozilla
[08/23/2008 12:56 AM | ---D | M] - C:\Documents and Settings\Alexander\Application Data\Tibia
[08/26/2008 01:20 AM | ---D | M] - C:\Documents and Settings\Alexander\Application Data\uTorrent
[08/26/2008 04:19 PM | ---D | M] - C:\Documents and Settings\Alexander\Application Data\LimeWire
[08/14/2008 02:27 AM | 01,575,224 | -H-- | M] () - C:\Documents and Settings\Alexander\Local Settings\Application Data\IconCache.db
[08/23/2008 04:47 PM | 00,015,872 | ---- | M] () - C:\Documents and Settings\Alexander\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/24/2008 01:16 AM | ---D | M] - C:\Documents and Settings\Alexander\Local Settings\Application Data\Microsoft
[08/26/2008 07:18 PM | ---D | M] - C:\Documents and Settings\Alexander\Local Settings\Application Data\Adobe
[08/14/2008 12:45 AM | ---D | M] - C:\Documents and Settings\Alexander\My Documents\My Software
[08/23/2008 04:38 PM | ---D | M] - C:\Documents and Settings\Alexander\My Documents\ig
[08/23/2008 04:40 PM | R--D | M] - C:\Documents and Settings\Alexander\My Documents\My Music
[08/23/2008 04:43 PM | R--D | M] - C:\Documents and Settings\Alexander\My Documents\My Received Files
[08/23/2008 04:44 PM | ---D | M] - C:\Documents and Settings\Alexander\My Documents\Games
[08/23/2008 04:45 PM | ---D | M] - C:\Documents and Settings\Alexander\My Documents\My Videos
[08/23/2008 04:45 PM | ---D | M] - C:\Documents and Settings\Alexander\My Documents\Others
[08/23/2008 04:46 PM | ---D | M] - C:\Documents and Settings\Alexander\My Documents\USB crap
[08/23/2008 04:47 PM | ---D | M] - C:\Documents and Settings\Alexander\My Documents\743057
[08/23/2008 04:47 PM | ---D | M] - C:\Documents and Settings\Alexander\My Documents\USB
[08/23/2008 04:49 PM | R--D | M] - C:\Documents and Settings\Alexander\My Documents\My Pictures
[08/25/2008 10:28 PM | 00,014,775 | R--- | M] () - C:\Documents and Settings\Alexander\My Documents\02+-+Shibo.jpg
[08/25/2008 10:54 PM | 00,044,544 | -HS- | M] () - C:\Documents and Settings\Alexander\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
[08/26/2008 04:16 PM | ---D | M] - C:\Documents and Settings\Alexander\My Documents\LimeWire
[08/26/2008 04:19 PM | ---D | M] - C:\Documents and Settings\Alexander\My Documents\Downloads
[08/26/2008 04:26 PM | ---D | M] - C:\Documents and Settings\Alexander\My Documents\Incomplete
[08/26/2008 08:50 PM | 00,000,596 | ---- | M] () - C:\Documents and Settings\Alexander\My Documents\My Sharing Folders.lnk
[08/27/2008 01:28 AM | ---D | M] - C:\Documents and Settings\Alexander\My Documents\Emoticons
[08/26/2008 07:18 PM | 00,000,734 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[08/26/2008 07:18 PM | 00,001,729 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[08/21/2008 08:20 PM | 00,200,192 | -HS- | M] () - C:\Documents and Settings\Alexander\Desktop\Thumbs.db
@Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable
[08/26/2008 07:14 PM | 00,812,344 | ---- | M] (Trend Micro Inc.) - C:\Documents and Settings\Alexander\Desktop\HJTInstall.exe
[08/26/2008 07:14 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Alexander\Desktop\OTViewIt.exe
[08/26/2008 07:15 PM | 00,001,734 | ---- | M] () - C:\Documents and Settings\Alexander\Desktop\HijackThis.lnk
[08/26/2008 07:16 PM | 35,124,856 | ---- | M] ( ) - C:\Documents and Settings\Alexander\Desktop\AdbeRdr90_en_US.exe
[08/26/2008 07:29 PM | 48,367,896 | ---- | M] (AVG Technologies) - C:\Documents and Settings\Alexander\Desktop\avg_free_stf_en_8_138a1332.exe
[08/26/2008 08:45 PM | 00,291,840 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Alexander\Desktop\OTMoveIt2.exe
[08/26/2008 07:18 PM | ---D | M] - C:\Program Files\Common Files\Adobe
[08/26/2008 07:18 PM | ---D | M] - C:\Program Files\Common Files\Adobe AIR
[08/27/2008 01:38 AM | -HSD | M] - C:\Program Files\Common Files\WindowsLiveInstaller
[08/27/2008 01:39 AM | ---D | M] - C:\Program Files\Common Files\Microsoft Shared

< End of report >

#12
Alleluia

Posted 26 August 2008 - 01:53 PM

Member

Topic Starter
Member
11 posts

I think everything should be fine now. I've opened Task Manager and checked Processes and none of the previous threats seem to be running.
I think all is well and I thank you very much Egwene, you've been a great help.

Much appreciation to the g2g-team and especially yourself

#13
Egwene

Posted 26 August 2008 - 03:52 PM

Member 2k

Visiting Consultant
2,141 posts

Hey Alleluia,

Your logs look good, but we need to run an online scan to check there are not some leftover and do some final handlings.

Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Regards,
Egwene.

#14
Alleluia

Posted 26 August 2008 - 06:23 PM

Member

Topic Starter
Member
11 posts

Hey Egwene,

That was a really long scan but it's finished! Here's the report:

KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, August 27, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, August 26, 2008 23:45:24
Records in database: 1149544
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
Scan statistics
Files scanned 151782
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 01:44:30

No malware has been detected. The scan area is clean.
The selected area was scanned.

================================================================

Everything seems fine thankfully!

Many thanks,
Alleluia

#15
Egwene

Posted 27 August 2008 - 06:36 AM

Member 2k

Visiting Consultant
2,141 posts

Hey Alleluia,

Congralutations, your log looks clean

STEP 1

Please Download OTcleanIT (OldTimer) : http://download.blee...r/OTCleanIt.exe

Open it and double-click on the "CleanUp" boutton.

Then Please re-enable your real-time protections.

STEP 2

Now lets Reset and Re-enable your System Restore to remove any infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Turn OFF System Restore.

* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* Check Turn off System Restore.
* Click Apply, and then click OK.

Restart your computer.

Turn ON System Restore.

* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* UN-Check Turn off System Restore.
* Click Apply, and then click OK.

System Restore will now be active again.

STEP 3

Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows

* Click Start.
* Select Settings and then Control Panel.
* Select Automatic Updates.
* Click Automatic (recommended)
* Choose a day and a time when you know the computer will be on and connected to the internet.
* Click Apply then OK.

STEP 4

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Beside, i noticed that you haven't an firewall on your computer. I advice you to install one of the following : Kerio / Commodo / ZoneAlarme.
Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

Regards,
Egwene.