Very Loud Alarm Sound coming from my computer

There is a very loud ring sound coming from my computer. It sounds like a fire alarm. I have been unable to detect any viruses.

I am attaching my HIJACK this file.

Hi murpq
Welcome to Bleeping Computer.
I'm maranatha and I will be handling your log. I am a student here at BC so all my posts will be checked by one of our experts, so there may be a slight delay between posts.

We need to get you updated to the new version of Hijackthis. Please do the following.

Download a copy of HijackThis installer from here and save it to your Desktop.

• Save HJTInstall.exe to your desktop.
• Double-click on the HJTintall.exe icon on your desktop.
  (Let it install to the default location C:\Program Files\Hijackthis)
• Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
• Put a check by Create a desktop icon and then click Next again.
• Continue to follow the rest of the prompts from there.
• At the final dialogue box click Finish and it will launch HijackThis.
• Click on the Do a system scan only button.

Then Close HJT.
CAUTION: DO NOT have HijackThis "fix" anything without carefully following expert guidance. Otherwise, you might render your computer unstable or even unbootable. Most of what HijackThis finds will be harmless or even required.

Once this is installed successfully then please go into Add and Remove Programs and delete HijackThis v1.99.1 from the list.

Now do this.

• Download RSIT by random/random and save it to your desktop.
• Double click RSIT.exe to start the tool.
• At the disclaimer, please use the drop down box to select 3 months for the file/folder search, then click Continue.
• If prompted by your firewall to allow RSIT to access the internet, please allow it. It will be updating yourr version of HijackThis.
• When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
• Please post the contents of log.txt here in your next reply.

Please post the RSIT logs. Please do not add them as an attachment, post them into the body of your reply.

Thanks
maranatha

Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrator at 2008-10-31 22:51:13
Microsoft Windows XP Professional Service Pack 3
System drive C: has 88 GB (59%) free of 150 GB
Total RAM: 2039 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:16 PM, on 10/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\ColdFusion8DotNetService\CF8DotNetsvc.exe
C:\ColdFusion8DotNetService\JNBDotNetSide.exe
C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swagent.exe
C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swstrtr.exe
C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swsoc.exe
C:\JRun4\verity\k2\_nti40\bin\k2admin.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\JRun4\bin\jrunsvc.exe
C:\JRun4\bin\jrunsvc.exe
C:\JRun4\bin\jrun.exe
C:\JRun4\bin\jrun.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\PROGRA~1\MICROS~2\MSSQL\binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\JRun4\verity\k2\_nti40\bin\k2server.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
C:\JRun4\verity\k2\_nti40\bin\k2index.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinKey\WinKey.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\Program Files\TechSmith\SnagIt 8\snagit32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.3424.5\MoeMonitor.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Live Mesh\GacBase\Moe.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\iface.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [NOD32_Registration] c:\powrspec\nod32\registration\Register NOD32.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe"
O4 - HKCU\..\Run: [MoeMonitor.exe] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.3424.5\MoeMonitor.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-21-3648730476-3929507095-4256697434-1004\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Google Talk, Labs Edition.lnk = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinKey.lnk = C:\Program Files\WinKey\WinKey.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2007\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2007\\Wizard.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2007\\Parser.html
O8 - Extra context menu item: Password Generator - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O9 - Extra 'Tools' menuitem: Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\WEB2FE~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - https://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202524995725
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184625656388
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} (WLCTSCControl Class) - https://www.mesh.com/0.9.3103.13/TSWeb.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = webworldbygeorge.com
O17 - HKLM\Software\..\Telephony: DomainName = webworldbygeorge.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BA209BB-CBF9-42D0-97AE-21DBBDC22778}: NameServer = 192.168.1.10,68.87.73.242
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = webworldbygeorge.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = webworldbygeorge.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = webworldbygeorge.com
O20 - Winlogon Notify: wlcrdplauncher - C:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ColdFusion 8 .NET Service - Unknown owner - C:\ColdFusion8DotNetService\CF8DotNetsvc.exe
O23 - Service: ColdFusion 8 ODBC Agent - Unknown owner - C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion 8 ODBC Server - Unknown owner - C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swstrtr.exe
O23 - Service: ColdFusion 8 Search Server - Verity, Inc. - C:\JRun4\verity\k2\_nti40\bin\k2admin.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia JRun Admin Server - Macromedia Inc. - C:\JRun4\bin\jrunsvc.exe
O23 - Service: Macromedia JRun CFusion Server - Macromedia Inc. - C:\JRun4\bin\jrunsvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
O23 - Service: PowerPanel Personal Edition Service (ppped) - Unknown owner - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe

--
End of file - 18106 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\XoftSpySE 2.job
C:\WINDOWS\tasks\XoftSpySE.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [2007-05-01 63048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-10-12 5759816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-10-12 5759816]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll [2007-05-01 161352]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NOD32_Registration"=c:\powrspec\nod32\registration\Register NOD32.exe [2006-11-22 124907]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-12-03 2213160]
"dvd43"=C:\Program Files\dvd43\dvd43_tray.exe [2008-02-21 826880]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"APVXDWIN"=C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE [2007-11-23 406832]
"SCANINICIO"=C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe [2007-07-11 27952]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-19 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-19 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-19 131072]
"mxomssmenu"=C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [2008-07-21 169312]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-09-09 16851968]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"LeechGet"= []
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2007-12-13 1688872]
"Google Update"=C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-08-29 133104]
"PowerPanel Personal Edition User Interaction"=C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe [2005-10-24 262144]
"MoeMonitor.exe"=C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Live Mesh\Bin\Servicing\0.9.3424.5\MoeMonitor.exe [2008-10-31 1225032]
"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2008-10-12 160592]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
WinKey.lnk - C:\Program Files\WinKey\WinKey.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Google Talk, Labs Edition.lnk - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]
C:\WINDOWS\SYSTEM32\avldr.dll [2007-02-15 50736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\SYSTEM32\igfxdev.dll [2007-12-19 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlcrdplauncher]
C:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll [2008-10-31 22856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-03-25 303616]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 49152]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe"="C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe:*:Enabled:SonicWALL Global VPN Client"
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\RhinoSoft.com\FTP Voyager\FTPVoyager.exe"="C:\Program Files\RhinoSoft.com\FTP Voyager\FTPVoyager.exe:*:Enabled:FTP Voyager, an FTP Client for Windows"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe"="C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe:*:Enabled:Google Talk, Labs Edition"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe"="C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe:*:Enabled:Live Mesh Remote Desktop"
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Live Mesh\GacBase\Moe.exe"="C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Live Mesh\GacBase\Moe.exe:*:Enabled:Live Mesh"

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"
.js - open -
.txt - open -
.vbs - open - C:\PROGRA~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*

======List of files/folders created in the last 3 months======

2008-10-31 22:51:13 ----D---- C:\rsit
2008-10-31 22:47:12 ----D---- C:\Program Files\Trend Micro
2008-10-31 22:35:46 ----D---- C:\WINDOWS\LastGood
2008-10-24 03:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-16 03:06:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 03:06:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 03:06:22 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 03:06:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 03:05:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-16 03:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
2008-10-16 03:01:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-11 08:31:16 ----D---- C:\Program Files\NCH Software
2008-10-11 08:28:18 ----D---- C:\Documents and Settings\Administrator\Application Data\NeroDigital™
2008-09-28 08:00:49 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-09-28 07:48:50 ----D---- C:\Documents and Settings\Administrator\Application Data\com.vtc.VTCPlayer.D5188E03315CA913E5343274F88EC3A0C3CECFF5.1
2008-09-28 07:48:42 ----D---- C:\Program Files\VTC AIR PLAYER
2008-09-19 09:18:28 ----D---- C:\Program Files\iPod
2008-09-19 09:18:27 ----D---- C:\Program Files\iTunes
2008-09-19 09:18:27 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-19 09:17:29 ----D---- C:\Program Files\Bonjour
2008-09-19 08:48:52 ----A---- C:\WINDOWS\HideWin.exe
2008-09-19 08:47:54 ----D---- C:\MyVideos
2008-09-19 08:47:54 ----A---- C:\WINDOWS\system32\HCWTVWND.dll
2008-09-19 08:47:54 ----A---- C:\WINDOWS\system32\Hcwtvdlg.dll
2008-09-19 08:47:54 ----A---- C:\WINDOWS\system32\hcwsnbd9.dll
2008-09-19 08:47:54 ----A---- C:\WINDOWS\system32\hcwpnp32.dll
2008-09-19 08:47:54 ----A---- C:\WINDOWS\system32\hcwi2c32.dll
2008-09-19 08:47:54 ----A---- C:\WINDOWS\system32\hcwhook.dll
2008-09-19 08:47:54 ----A---- C:\WINDOWS\system32\Hcwchan.dll
2008-09-19 08:47:54 ----A---- C:\WINDOWS\system32\btgpio32.dll
2008-09-19 08:47:54 ----A---- C:\WINDOWS\system32\bt848wst.dll
2008-09-19 08:47:53 ----A---- C:\WINDOWS\system32\HCWxds.dll
2008-09-19 08:47:43 ----D---- C:\Program Files\WinTV
2008-09-19 08:47:43 ----A---- C:\WINDOWS\system32\Hcwutl32.dll
2008-09-19 08:47:43 ----A---- C:\hcwclear.txt
2008-09-19 08:43:31 ----A---- C:\WINDOWS\system32\igfxres.dll
2008-09-19 08:37:47 ----D---- C:\Program Files\Maxtor
2008-09-19 08:37:47 ----D---- C:\Documents and Settings\All Users\Application Data\Maxtor
2008-09-19 08:36:57 ----SHD---- C:\WINDOWS\ftpcache
2008-09-19 08:36:36 ----D---- C:\Maxtor temp
2008-09-19 08:33:33 ----A---- C:\WINDOWS\system32\igfxCoIn_v4906.dll
2008-09-19 08:31:50 ----A---- C:\WINDOWS\system32\CSVer.dll
2008-09-15 20:14:26 ----A---- C:\WINDOWS\system32\DivXsm.exe
2008-09-15 20:14:24 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-09-15 20:12:54 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-09-15 20:12:54 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-09-15 20:12:02 ----A---- C:\WINDOWS\system32\dtu100.dll.manifest
2008-09-15 20:12:02 ----A---- C:\WINDOWS\system32\dtu100.dll
2008-09-15 20:12:02 ----A---- C:\WINDOWS\system32\dpl100.dll.manifest
2008-09-15 20:12:02 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-09-15 20:12:00 ----A---- C:\WINDOWS\system32\dpv11.dll
2008-09-15 20:12:00 ----A---- C:\WINDOWS\system32\dpus11.dll
2008-09-15 20:12:00 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
2008-09-15 20:12:00 ----A---- C:\WINDOWS\system32\dpuGUI10.dll
2008-09-15 20:12:00 ----A---- C:\WINDOWS\system32\dpu11.dll
2008-09-15 20:12:00 ----A---- C:\WINDOWS\system32\dpu10.dll
2008-09-15 20:11:58 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-09-15 20:11:58 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-09-15 20:11:58 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-09-15 20:11:58 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-09-15 20:11:56 ----A---- C:\WINDOWS\system32\DivX.dll
2008-09-15 20:11:28 ----A---- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-09-15 20:11:10 ----A---- C:\WINDOWS\system32\DivXWMPExtType.dll
2008-09-10 09:54:14 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 09:53:16 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-01 01:45:27 ----D---- C:\pebuilder3110a
2008-08-31 22:26:42 ----D---- C:\Program Files\nLite
2008-08-31 10:00:53 ----A---- C:\WINDOWS\system32\HHActiveX.dll
2008-08-31 10:00:50 ----A---- C:\WINDOWS\system32\TpUtil.dll
2008-08-31 10:00:50 ----A---- C:\WINDOWS\system32\SYSTOOLS.DLL
2008-08-31 10:00:50 ----A---- C:\WINDOWS\system32\PavSHook.dll
2008-08-31 10:00:50 ----A---- C:\WINDOWS\system32\pavipc.dll
2008-08-31 10:00:48 ----D---- C:\WINDOWS\system32\PAV
2008-08-31 10:00:48 ----A---- C:\WINDOWS\system32\avldr.dll
2008-08-31 09:51:03 ----D---- C:\Program Files\Live Mesh
2008-08-29 10:18:58 ----A---- C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53:50 ----A---- C:\WINDOWS\system32\dnssd.dll
2008-08-13 18:55:40 ----D---- C:\Program Files\Safari
2008-08-13 07:55:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-13 07:55:36 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-13 07:55:29 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-13 07:55:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-13 07:53:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-13 07:52:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-13 07:52:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-13 07:52:27 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-08-07 20:04:02 ----D---- C:\Program Files\TortoiseSVN
2008-08-07 20:04:02 ----D---- C:\Program Files\Common Files\TortoiseOverlays

======List of files/folders modified in the last 3 months======

2008-10-31 22:49:57 ----D---- C:\Program Files\Hijackthis
2008-10-31 22:48:04 ----D---- C:\Program Files\Mozilla Firefox
2008-10-31 22:47:12 ----RD---- C:\Program Files
2008-10-31 22:38:14 ----D---- C:\WINDOWS\system32\drivers
2008-10-31 22:36:09 ----D---- C:\WINDOWS\Prefetch
2008-10-31 22:36:00 ----HD---- C:\WINDOWS\inf
2008-10-31 22:35:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-31 22:35:47 ----D---- C:\WINDOWS\Temp
2008-10-31 22:35:46 ----D---- C:\WINDOWS
2008-10-31 19:30:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-31 15:41:26 ----D---- C:\WINDOWS\security
2008-10-31 09:12:15 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-31 00:00:00 ----D---- C:\Program Files\CyberPower PowerPanel Personal Edition
2008-10-28 19:10:37 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-28 19:09:25 ----A---- C:\WINDOWS\DVDRegionFree.INI
2008-10-28 19:09:15 ----D---- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
2008-10-26 08:23:14 ----D---- C:\Documents and Settings\Administrator\Application Data\Vso
2008-10-25 10:35:05 ----D---- C:\WINDOWS\system32
2008-10-25 10:16:33 ----D---- C:\Program Files\XoftSpySE
2008-10-24 03:14:19 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-24 03:02:19 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-24 03:01:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-24 03:00:20 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-17 06:44:24 ----D---- C:\WINDOWS\Registration
2008-10-16 03:06:50 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 12:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-13 10:33:06 ----SHD---- C:\WINDOWS\Installer
2008-10-13 10:33:06 ----D---- C:\Config.Msi
2008-10-11 08:24:16 ----D---- C:\Program Files\Winamp
2008-10-11 08:23:32 ----D---- C:\Documents and Settings\Administrator\Application Data\Winamp
2008-10-11 08:20:10 ----D---- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-10-10 05:58:40 ----SD---- C:\WINDOWS\Tasks
2008-10-07 15:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-05 07:54:00 ----D---- C:\WINDOWS\system32\Macromed
2008-10-05 07:49:51 ----D---- C:\Program Files\DivX
2008-10-01 10:00:40 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-29 10:59:30 ----D---- C:\Documents and Settings\Administrator\Application Data\Publish Providers
2008-09-29 07:32:01 ----D---- C:\projects
2008-09-28 08:00:49 ----D---- C:\Program Files\Common Files
2008-09-26 17:58:33 ----D---- C:\Documents and Settings\Administrator\Application Data\Sony
2008-09-22 19:39:59 ----A---- C:\WINDOWS\ODBC.INI
2008-09-19 09:18:44 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-19 09:16:50 ----D---- C:\Program Files\QuickTime
2008-09-19 09:16:24 ----D---- C:\Program Files\Common Files\Apple
2008-09-19 08:53:41 ----A---- C:\WINDOWS\win.ini
2008-09-19 08:50:04 ----D---- C:\WINDOWS\system32\RTCOM
2008-09-19 08:49:11 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-19 08:49:01 ----D---- C:\Program Files\Realtek
2008-09-19 08:38:10 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-19 08:37:03 ----D---- C:\WINDOWS\Downloaded Installations
2008-09-19 08:33:31 ----D---- C:\WINDOWS\system32\Lang
2008-09-19 08:29:49 ----RSD---- C:\WINDOWS\assembly
2008-09-19 08:29:30 ----D---- C:\WINDOWS\Microsoft.NET
2008-09-17 20:07:49 ----D---- C:\WINDOWS\Help
2008-09-13 12:56:03 ----A---- C:\WINDOWS\system32\gvc_trace.txt
2008-09-10 09:54:14 ----D---- C:\WINDOWS\WinSxS
2008-09-09 18:39:24 ----A---- C:\WINDOWS\RTHDCPL.EXE
2008-09-01 00:37:39 ----D---- C:\Program Files\MagicISO
2008-08-31 23:50:16 ----D---- C:\Program Files\Intel
2008-08-31 21:05:18 ----D---- C:\installs
2008-08-31 09:58:43 ----D---- C:\Program Files\Common Files\Panda Software
2008-08-31 09:51:07 ----A---- C:\WINDOWS\system32\rdpvdd.dll
2008-08-31 09:51:07 ----A---- C:\WINDOWS\system32\rdpdispd.dll
2008-08-31 08:52:44 ----D---- C:\WINDOWS\system32\NtmsData
2008-08-31 08:51:37 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-08-31 07:41:58 ----SHD---- C:\WINDOWS\CSC
2008-08-31 07:41:46 ----D---- C:\WINDOWS\Minidump
2008-08-28 03:46:02 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-08-28 03:46:02 ----A---- C:\WINDOWS\system32\msw3prt.dll
2008-08-20 01:30:53 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-20 01:30:52 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-20 01:30:51 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-20 01:30:51 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-08-19 13:26:44 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2008-08-14 06:09:26 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 05:33:16 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-13 19:02:22 ----D---- C:\Program Files\Apple Software Update
2008-08-13 07:55:38 ----D---- C:\Program Files\Messenger
2008-08-06 15:51:52 ----A---- C:\WINDOWS\RtlUpd.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 RCFOX;SonicWALL IPsec Driver; \??\C:\WINDOWS\system32\Drivers\RCFOX.sys []
R1 ShldDrv;Panda File Shield Driver; C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys [2007-05-23 38968]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 PAVDRV;pavdrv; C:\WINDOWS\system32\DRIVERS\pavdrv51.sys [2007-09-28 83896]
R2 PavProc;Panda Process Protection Driver; \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-05-25 125584]
R3 dvd43llh;dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [2008-02-26 18816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner; C:\WINDOWS\system32\drivers\hcw88tun.sys [2005-03-15 137793]
R3 hcw88vid;Hauppauge WinTV 88x Video; C:\WINDOWS\system32\drivers\hcw88vid.sys [2005-03-15 605572]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar; C:\WINDOWS\system32\drivers\HCW88BAR.sys [2005-03-15 27524]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-09-09 4813824]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2006-09-22 92160]
R3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-02-09 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-04-09 9856]
R3 RDPDISPM;RDPDISPM; C:\WINDOWS\system32\DRIVERS\rdpdispm.sys [2008-08-31 12288]
R3 RDPVDD;RDPVDD; C:\WINDOWS\system32\DRIVERS\rdpvmp.sys [2008-08-31 22656]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 CX23880;V-Stream TV88X Video Capture; C:\WINDOWS\system32\drivers\cx88vid.sys [2003-07-02 188517]
S2 CX88XBAR;V-Stream TV88X Crossbar; C:\WINDOWS\system32\drivers\CX88XBAR.sys [2003-06-23 9334]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97; C:\WINDOWS\system32\DRIVERS\netimflt.sys []
S3 rcvpn;SonicWALL VPN Adapter; C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2005-11-08 24876]
S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-12-31 69504]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ColdFusion 8 .NET Service;ColdFusion 8 .NET Service; C:\ColdFusion8DotNetService\CF8DotNetsvc.exe [2008-07-28 77824]
R2 ColdFusion 8 ODBC Agent;ColdFusion 8 ODBC Agent; C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swagent.exe [2008-07-28 696320]
R2 ColdFusion 8 ODBC Server;ColdFusion 8 ODBC Server; C:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\db\slserver54\bin\swstrtr.exe [2008-07-28 114688]
R2 ColdFusion 8 Search Server;ColdFusion 8 Search Server; C:\JRun4\verity\k2\_nti40\bin\k2admin.exe [2008-03-12 2743056]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-04-25 73728]
R2 Macromedia JRun Admin Server;Macromedia JRun Admin Server; C:\JRun4\bin\jrunsvc.exe [2008-03-18 65536]
R2 Macromedia JRun CFusion Server;Macromedia JRun CFusion Server; C:\JRun4\bin\jrunsvc.exe [2008-03-18 65536]
R2 Maxtor Sync Service;Maxtor Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]
R2 MSSQL$EIS;MSSQL$EIS; C:\PROGRA~1\MICROS~2\MSSQL$~1\binn\sqlservr.exe [2000-08-06 7442493]
R2 MSSQLSERVER;MSSQLSERVER; C:\PROGRA~1\MICROS~2\MSSQL\binn\sqlservr.exe [2005-05-04 9150464]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-12-03 869672]
R2 Panda Software Controller;Panda Software Controller; C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe [2007-07-12 169264]
R2 PavPrSrv;Panda Process Protection Service; C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe [2007-06-14 63024]
R2 PAVSRV;Panda anti-virus service; C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe [2007-09-28 148272]
R2 ppped;PowerPanel Personal Edition Service; C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe [2005-10-24 479232]
R2 ProtexisLicensing;ProtexisLicensing; C:\Program Files\Common Files\Protexis\License Service\PSIService.exe [2006-11-02 174656]
R2 PSIMSVC;Panda IManager Service; C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe [2007-05-24 108592]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 SQLAgent$EIS;SQLAgent$EIS; C:\PROGRA~1\MICROS~2\MSSQL$~1\binn\sqlagent.exe [2000-08-06 303170]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLSERVERAGENT;SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe [2005-05-03 323584]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 wlcrasvc;Live Mesh Remote Desktop; C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe [2008-10-31 42824]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-03-25 440320]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-12-13 447784]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-25 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-07-15 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S3 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RampartSvc;SonicWall VPN Client Service; C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe [2007-09-27 230672]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Hi
Give me some time to go through your log and I will get back to you ASAP.

Thanks
maranatha

Hi murpg

Are you still having the alarm sound?

I'm not really seeing anything in your logs.

Lets get a on line scan.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK


Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Thanks
maranatha

Hi.

Marantha has some problems he needs to deal with so I'll be helping out with you. Please follow the instructions in his previous post.

Note: If you do not reply within 5 days the topic will then need to be closed.

Thanks

With Regards,
Extremeboy

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.
All others please read The Preparation Guide before starting your topic.