Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant open my D: folder


  • This topic is locked This topic is locked
2 replies to this topic

#1 w00t

w00t

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 23 November 2008 - 02:31 AM

OTViewIt logfile created on: 11/23/2008 3:12:06 PM - Run 2
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\user\My Documents\Downloads\Programs
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.42 Mb Total Physical Memory | 516.11 Mb Available Physical Memory | 53.85% Memory free
1.51 Gb Paging File | 1.05 Gb Available in Paging File | 69.46% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 6.98 Gb Free Space | 17.87% Space Free | Partition Type: NTFS
Drive D: | 35.46 Gb Total Space | 10.87 Gb Free Space | 30.66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-4E77FD6873
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/03/07 12:00:08 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2008/03/26 15:34:49 | 00,147,201 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2006/09/21 16:36:18 | 00,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
[2007/06/11 11:15:40 | 00,176,128 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\S3Trayp.exe
[2007/10/16 18:30:10 | 16,855,552 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008/10/09 23:52:54 | 00,333,120 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
[2008/02/12 10:06:50 | 00,262,401 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2007/05/04 08:32:52 | 00,961,024 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe
[2005/01/19 16:44:22 | 00,140,288 | ---- | M] ( ) -- C:\Program Files\CursorXP\CursorXP.exe
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2008/09/12 18:44:55 | 02,606,512 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
[2008/11/21 12:46:08 | 01,805,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[2007/04/25 19:02:30 | 03,444,008 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
[2008/02/18 21:01:01 | 00,251,312 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
[2008/11/13 11:20:04 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/11/23 15:03:10 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\Programs\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/11/14 09:04:45 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2008/03/07 12:00:08 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/03/26 15:34:49 | 00,147,201 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
[2007/03/20 09:19:14 | 00,263,168 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer [On_Demand | Stopped])
[2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
File not found -- -- (GoogleDesktopManager-061008-081103 [Disabled | Stopped])
[2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2003/07/29 00:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2008/01/18 01:37:26 | 00,024,635 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe -- (wampapache [On_Demand | Stopped])
[2008/04/17 19:13:44 | 05,750,784 | ---- | M] () -- c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe -- (wampmysqld [On_Demand | Stopped])

========== Driver Services ==========

[2007/02/27 15:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2008/02/18 17:07:57 | 00,049,472 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2008/03/04 13:28:53 | 00,079,424 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Running])
[2005/04/07 17:18:34 | 00,003,840 | ---- | M] () -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt [System | Running])
[2005/03/16 14:23:54 | 00,013,696 | R--- | M] (BIOSTAR Group) -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS [System | Running])
[2001/08/17 20:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Running])
[2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2007/10/16 18:38:30 | 04,615,168 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2007/07/27 20:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/08 07:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2007/07/11 13:08:46 | 00,714,240 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP [On_Demand | Running])
[2008/05/28 10:33:36 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Running])
[2008/05/28 10:33:38 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
[2008/05/28 10:33:36 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2007/07/27 20:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/10/29 19:56:57 | 00,715,248 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2007/03/01 10:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2004/08/04 07:07:44 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\UAGP35.SYS -- (uagp35 [Boot | Running])
[2007/10/18 18:28:30 | 00,016,896 | R--- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ViBus.sys -- (ViBus [Boot | Running])
[2007/09/21 17:49:10 | 00,009,216 | R--- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32 [Boot | Running])
[2007/10/18 18:28:52 | 00,052,224 | R--- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ViPrt.sys -- (ViPrt [Boot | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/xx-hacker

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"AutoSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s
"provider"=msn

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (287996 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123topsearch.com
127.0.0.1 www.123topsearch.com
127.0.0.1 132.com
127.0.0.1 www.132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
9924 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{0055C089-8582-441B-A0BF-17B458C2A3A8} (HKLM) -- C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{EEE6C35B-6118-11DC-9C72-001320C79847}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Alcmtr"=ALCMTR.EXE (Realtek Semiconductor Corp.)
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
"Dewan Eja 3000 Config"=C:\PROGRA~1\THENAM~1\DEWANE~1\deconfig.exe ()
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"S3Trayp"=S3trayp.exe (S3 Graphics Co., Ltd.)
"SkyTel"=SkyTel.EXE (Realtek Semiconductor Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"VTTimer"=VTTimer.exe (S3 Graphics, Inc.)
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot (BillP Studios)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="C:\Program Files\Ares\Ares.exe" -h (Ares Development Group)
"CursorXP"=C:\Program Files\CursorXP\CursorXP.exe ( )
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe /onboot (Tonec Inc.)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WinSideBySideSetupCleanup 6202579"=rundll32 sxs.dll,SxspRunDllDeleteDirectory C:\WINDOWS\WinSxS\InstallTemp\6202579 (Microsoft Corporation)

========== (O4) Startup Folders ==========

[1999/11/04 15:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2007/04/25 19:02:30 | 03,444,008 | ---- | M] (Stardock) -- C:\Documents and Settings\user\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Download all links with IDM: C:\Program Files\Internet Download Manager\IEGetAll.htm [2003/10/20 18:13:13 | 00,000,283 | ---- | M] ()
Download FLV video content with IDM: C:\Program Files\Internet Download Manager\IEGetVL.htm [2007/07/02 14:19:10 | 00,000,278 | ---- | M] ()
Download with IDM: C:\Program Files\Internet Download Manager\IEExt.htm [2004/12/03 00:31:09 | 00,000,277 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2007/12/13 06:09:42 | 00,222,448 | ---- | M] (Yahoo! Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2007/12/13 06:09:42 | 00,222,448 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{5D6F45B3-9043-443D-A792-115447494D24}: http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab -- UnoCtrl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_06
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07

========== (O17) DNS Name Servers ==========

{06B46E4B-D28F-4C2C-9175-77D06FB3AFB1} (Servers: | Description: VIA Compatable Fast Ethernet Adapter)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/07/04 17:31:32 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20764b52-6b54-11dd-9a3a-00e04d82fe69}\Shell\AutoPlay\command]
""=wscript.exe \MyLoveZT.js

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20764b52-6b54-11dd-9a3a-00e04d82fe69}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20764b52-6b54-11dd-9a3a-00e04d82fe69}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2007/07/27 20:00:00 | 08,384,000 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20764b52-6b54-11dd-9a3a-00e04d82fe69}\Shell\Explore\command]
""=wscript.exe \MyLoveZT.js -Clicked


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20764b52-6b54-11dd-9a3a-00e04d82fe69}\Shell\Open\command]
""=wscript.exe \MyLoveZT.js


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20764b52-6b54-11dd-9a3a-00e04d82fe69}\Shell\Scan for Viruses\command]
""=wscript.exe \MyLoveZT.js


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20764b52-6b54-11dd-9a3a-00e04d82fe69}\Shell\Scan with AVG\command]
""=wscript.exe \MyLoveZT.js


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20764b52-6b54-11dd-9a3a-00e04d82fe69}\Shell\Scan with Norton AntiVirus\command]
""=wscript.exe \MyLoveZT.js

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37e9e162-b6d7-11dd-b420-00e04d82fe69}\Shell]
""=Autorun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37e9e162-b6d7-11dd-b420-00e04d82fe69}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37e9e162-b6d7-11dd-b420-00e04d82fe69}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2007/07/27 20:00:00 | 08,384,000 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37e9e162-b6d7-11dd-b420-00e04d82fe69}\Shell\Open\command]
""=F:\resycled\boot.com -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74b47e09-587d-11dd-99c2-00e04d82fe69}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74b47e09-587d-11dd-99c2-00e04d82fe69}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2007/07/27 20:00:00 | 08,384,000 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74b47e09-587d-11dd-99c2-00e04d82fe69}\Shell\Explore\command]
""=F:\Flash.10.Setup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74b47e09-587d-11dd-99c2-00e04d82fe69}\Shell\Open\command]
""=F:\Flash.10.Setup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74b47e09-587d-11dd-99c2-00e04d82fe69}\Shell\Scan for Viruses\command]
""=F:\Scanner.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8091bce6-b30a-11dd-b402-00e04d82fe69}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8091bce6-b30a-11dd-b402-00e04d82fe69}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2007/07/27 20:00:00 | 08,384,000 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8091bce6-b30a-11dd-b402-00e04d82fe69}\Shell\Explore\command]
""=Flash.10.Setup.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8091bce6-b30a-11dd-b402-00e04d82fe69}\Shell\Open\command]
""=Flash.10.Setup.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8091bce6-b30a-11dd-b402-00e04d82fe69}\Shell\Scan for Viruses\command]
""=Scanner.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c568a726-49ec-11dd-bfd4-806d6172696f}\Shell]
""=Autorun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c568a726-49ec-11dd-bfd4-806d6172696f}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c568a726-49ec-11dd-bfd4-806d6172696f}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2007/07/27 20:00:00 | 08,384,000 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c568a726-49ec-11dd-bfd4-806d6172696f}\Shell\Open\command]
""=D:\resycled\boot.com -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\Shell]
""=Autorun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2007/07/27 20:00:00 | 08,384,000 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\Shell\Open\command]
""=C:\resycled\boot.com -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell]
""=Autorun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2007/07/27 20:00:00 | 08,384,000 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\Open\command]
""=D:\resycled\boot.com -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/11/23 14:55:11 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2008/11/23 14:55:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2008/11/23 14:44:39 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2008/11/23 05:31:42 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/11/22 21:08:35 | 00,000,000 | ---D | C] -- C:\ERDNT
[2008/11/22 21:08:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/11/22 21:08:29 | 00,000,000 | ---D | C] -- C:\!FixIEDef
[2008/11/22 20:53:17 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/11/22 20:27:13 | 00,002,422 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2008/11/21 16:03:32 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/11/21 16:03:30 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/11/21 16:03:27 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/11/21 15:48:26 | 00,000,000 | ---D | C] -- C:\Program Files\SuperAdBlocker.com
[2008/11/21 14:49:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/11/21 14:38:50 | 00,000,000 | ---D | C] -- C:\SDFix
[2008/11/21 14:23:53 | 00,000,079 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/19 21:11:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2008/11/19 16:12:26 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2008/11/19 16:12:26 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2008/11/19 16:12:25 | 00,001,612 | ---- | C] () -- C:\WINDOWS\ST6UNST.000
[2008/11/19 16:12:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\HTMLWebEditor
[2008/11/15 17:20:18 | 05,487,157 | ---- | C] () -- C:\Documents and Settings\user\Desktop\juju.wma
[2008/11/14 14:42:22 | 01,102,149 | ---- | C] () -- C:\Documents and Settings\user\Desktop\twin.psd
[2008/11/14 12:48:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\pic
[2008/11/14 12:47:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\images
[2008/11/14 09:07:15 | 00,000,332 | ---- | C] () -- C:\WINDOWS\flax.ini
[2008/11/14 09:04:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2008/11/14 09:04:45 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
[2008/11/14 09:04:43 | 00,001,928 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2008/11/13 00:50:16 | 00,453,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/11/12 20:11:50 | 00,225,280 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\rewire.dll
[2008/11/12 20:11:50 | 00,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2008/11/12 20:11:27 | 00,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2008/11/12 20:11:26 | 00,000,000 | ---D | C] -- C:\Program Files\Outsim
[2008/11/12 19:52:52 | 00,183,448 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Defected - Piano Bass _DEMO_.sfk
[2008/11/11 22:12:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Publish Providers
[2008/11/11 22:12:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Sony
[2008/11/11 22:11:25 | 00,000,624 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Default.sfvidcap
[2008/11/11 22:11:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Sony
[2008/11/11 19:22:50 | 00,001,847 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 2 Seasons.lnk
[2008/11/11 18:58:36 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2008/11/11 18:20:43 | 00,001,750 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims 2.lnk
[2008/11/11 00:22:19 | 00,001,899 | ---- | C] () -- C:\Documents and Settings\user\My Documents\The Sims™ 2 Bon Voyage.lnk
[2008/11/09 20:19:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\EA Games
[2008/11/09 20:09:16 | 00,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2008/11/09 20:05:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\EA Games
[2008/11/09 03:33:26 | 00,442,368 | R--- | C] () -- C:\WINDOWS\System32\vp6vfw.dll
[2008/11/07 13:22:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Help
[2008/11/05 17:33:09 | 00,000,000 | ---D | C] -- C:\Program Files\NavExcel
[2008/11/05 17:32:50 | 00,002,375 | ---- | C] () -- C:\WINDOWS\ST5UNST.000
[2008/11/05 14:20:41 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2008/11/05 14:19:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Microsoft Help
[2008/11/05 14:16:10 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2008/11/05 14:16:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2008/11/05 14:13:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2008/11/05 14:13:02 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2008/11/05 14:12:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2008/11/05 14:12:51 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2008/11/05 14:11:34 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2008/11/05 14:11:34 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2008/11/05 14:11:33 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2008/11/05 14:11:33 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2008/11/05 14:11:33 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2008/11/05 14:11:33 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2008/11/05 14:11:33 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2008/11/05 14:08:13 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2008/11/03 21:28:01 | 23,473,252 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Defected - Piano Bass _DEMO_.wav
[2008/11/03 20:59:11 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\user\Application Data\SecuROM
[2008/11/03 20:59:07 | 00,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\system32CmdLineExt.dll
[2008/11/03 20:58:21 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2008/11/03 20:58:19 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2008/11/03 08:13:55 | 00,000,001 | ---- | C] () -- C:\Documents and Settings\user\Desktop\vbalink.ini
[2008/11/03 08:13:00 | 00,001,997 | ---- | C] () -- C:\Documents and Settings\user\Desktop\vba1.ini
[2008/11/02 13:07:21 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/11/02 13:07:21 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/11/02 13:07:21 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/11/02 13:07:06 | 00,001,541 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Empire Earth.lnk
[2008/11/02 13:05:05 | 00,000,218 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/11/02 13:05:05 | 00,000,000 | ---D | C] -- C:\Sierra
[2008/11/02 07:56:22 | 00,453,632 | ---- | C] () -- C:\WINDOWS\System32\SetACL.ocx
[2008/11/01 12:40:58 | 00,012,254 | ---- | C] () -- C:\Documents and Settings\user\My Documents\untitled.JPG
[2008/10/30 11:03:19 | 00,000,000 | ---D | C] -- C:\Program Files\ophcrack
[2008/10/30 06:56:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\TypingMaster7
[2008/10/30 06:56:30 | 00,000,000 | R--D | C] -- C:\Program Files\TypingMaster
[2008/10/29 19:56:57 | 00,715,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/10/29 19:20:22 | 00,000,000 | ---D | C] -- C:\Program Files\Cain
[2008/10/28 18:15:16 | 00,083,968 | ---- | C] () -- C:\Documents and Settings\user\My Documents\orochi.doc
[2008/10/25 10:12:18 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\user\My Documents\pokemon sapphire code.doc

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/11/23 14:51:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/11/23 14:51:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/11/23 14:08:47 | 01,575,290 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[2008/11/23 14:07:40 | 00,000,192 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2008/11/22 20:27:13 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/11/22 20:27:13 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2008/11/22 20:00:23 | 00,004,380 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2008/11/21 14:23:53 | 00,000,079 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/11/20 08:54:52 | 00,000,027 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2008/11/20 00:06:14 | 00,065,536 | ---- | M] () -- C:\WINDOWS\IFinst27.exe
[2008/11/19 21:38:38 | 00,040,448 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/19 21:27:45 | 00,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/19 16:13:57 | 00,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2008/11/19 16:13:56 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST6UNST.EXE
[2008/11/19 16:12:26 | 00,001,612 | ---- | M] () -- C:\WINDOWS\ST6UNST.000
[2008/11/18 16:29:40 | 00,287,996 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081121-140356.backup
[2008/11/18 16:29:40 | 00,287,996 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2008/11/15 17:20:40 | 05,487,157 | ---- | M] () -- C:\Documents and Settings\user\Desktop\juju.wma
[2008/11/14 17:16:10 | 00,000,388 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2008/11/14 14:42:27 | 01,102,149 | ---- | M] () -- C:\Documents and Settings\user\Desktop\twin.psd
[2008/11/14 09:07:16 | 00,000,332 | ---- | M] () -- C:\WINDOWS\flax.ini
[2008/11/14 09:04:44 | 00,001,928 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2008/11/12 19:52:55 | 00,183,448 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Defected - Piano Bass _DEMO_.sfk
[2008/11/12 19:51:37 | 00,000,624 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Default.sfvidcap
[2008/11/11 20:15:36 | 00,215,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/11 19:22:50 | 00,001,847 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 2 Seasons.lnk
[2008/11/11 19:02:45 | 00,048,400 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/11/11 18:20:43 | 00,001,750 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims 2.lnk
[2008/11/09 20:18:41 | 00,001,899 | ---- | M] () -- C:\Documents and Settings\user\My Documents\The Sims™ 2 Bon Voyage.lnk
[2008/11/08 16:11:38 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\PUTTY.RND
[2008/11/06 15:34:06 | 00,269,200 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081118-162940.backup
[2008/11/05 17:32:51 | 00,002,375 | ---- | M] () -- C:\WINDOWS\ST5UNST.000
[2008/11/05 14:14:08 | 00,523,954 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/11/05 14:14:08 | 00,444,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/05 14:14:08 | 00,072,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/11/03 21:28:02 | 23,473,252 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Defected - Piano Bass _DEMO_.wav
[2008/11/03 20:59:07 | 00,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\system32CmdLineExt.dll
[2008/11/03 08:13:55 | 00,001,997 | ---- | M] () -- C:\Documents and Settings\user\Desktop\vba1.ini
[2008/11/03 08:13:55 | 00,000,001 | ---- | M] () -- C:\Documents and Settings\user\Desktop\vbalink.ini
[2008/11/02 13:07:21 | 00,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/11/02 13:07:21 | 00,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/11/02 13:07:21 | 00,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/11/02 13:07:06 | 00,001,541 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Empire Earth.lnk
[2008/11/02 13:05:05 | 00,000,218 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2008/11/01 12:40:58 | 00,012,254 | ---- | M] () -- C:\Documents and Settings\user\My Documents\untitled.JPG
[2008/10/29 19:56:57 | 00,715,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/10/28 18:15:16 | 00,083,968 | ---- | M] () -- C:\Documents and Settings\user\My Documents\orochi.doc
[2008/10/25 10:12:18 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\user\My Documents\pokemon sapphire code.doc
[2008/10/24 19:10:42 | 00,453,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2008/10/24 19:10:42 | 00,453,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
< End of report >


OTViewIt Extras logfile created on: 11/23/2008 3:12:06 PM - Run 2
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\user\My Documents\Downloads\Programs
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.42 Mb Total Physical Memory | 516.11 Mb Available Physical Memory | 53.85% Memory free
1.51 Gb Paging File | 1.05 Gb Available in Paging File | 69.46% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 6.98 Gb Free Space | 17.87% Space Free | Partition Type: NTFS
Drive D: | 35.46 Gb Total Space | 10.87 Gb Free Space | 30.66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-4E77FD6873
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key does not exist or could not be opened. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2007/07/27 20:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
File not found -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2007/07/27 20:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/05/04 08:32:52 | 00,961,024 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows
[2007/11/02 03:57:24 | 02,756,096 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC
[2008/09/19 17:34:18 | 04,347,120 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
File not found -- C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
File not found -- C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
File not found -- C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client
File not found -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
File not found -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
File not found -- C:\Program Files\TeamViewer3\TeamViewer.exe:*:Disabled:TeamViewer Remote Control Application
File not found -- C:\Program Files\SHOUTcast\sc_serv.exe:*:Enabled:sc_serv
File not found -- C:\Program Files\RealVNC\VNC4\vncviewer.exe:*:Disabled:VNC Viewer Free Edition for Win32
[2007/07/27 20:00:00 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2003/12/24 12:36:28 | 00,555,008 | ---- | M] () -- C:\Program Files\PopCap Games\Zuma Deluxe\Zuma.exe:*:Disabled:Zuma
File not found -- D:\Blaargh!!\Games\files\Zuma Deluxe\Zuma.exe:*:Enabled:Zuma
[2008/05/23 03:11:37 | 00,382,486 | ---- | M] (Ufasoft) -- C:\Program Files\Ufasoft\SocksChain\SocksChain.exe:*:Enabled:SocksChain GUI
[2001/11/05 05:11:06 | 04,050,944 | ---- | M] () -- C:\Sierra\Empire Earth\Empire Earth.exe:*:Disabled:Empire Earth
File not found -- D:\Blaargh!!\VegSrv80.exe:*:Disabled:Sony Vegas Network Render Service Control
File not found -- C:\Program Files\Sony\Vegas Pro 8.0\VegSrv80.exe:*:Disabled:Sony Vegas Network Render Service Control
[2008/09/12 18:44:55 | 02,606,512 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe:*:Enabled:Internet Download Manager (IDM)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/06/04 17:41:12 | 00,106,496 | ---- | M] (Belarc, Inc.) C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (belarc:{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} (HKLM) [VoilaXctl Class])
ipp: [HKLM - No CLSID value]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
msdaipp: [HKLM - No CLSID value]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2007/03/14 13:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{061CE7E5-0115-4BB6-8381-47C602B98C7D}"=ActivePerl 5.10.0 Build 1003
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}"=OpenOffice.org Installer 1.0
"{20D4A895-748C-4D88-871C-FDB1695B0169}"=Platform
"{2447500B-22D7-47BD-9B13-1A927F43A267}"=Empire Earth
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}"=Macromedia Flash 8
"{3248F0A8-6813-11D6-A77B-00B0D0160060}"=Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}"=SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{40C03514-89C3-41BA-0090-3B440256DB87}"=The Sims 2
"{4582E07E-28B6-46CE-B645-5EEB6951BE98}"=Diablo - Hellfire
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}"=Macromedia Extension Manager
"{885A63EA-382B-4DD4-A755-14809B8557D6}"=Macromedia Flash Player 8
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}"=Macromedia Flash 8 Video Encoder
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{90170409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office FrontPage 2003
"{9559F7CA-5E34-4237-A2D9-D856464AD727}"=Project64 1.6
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1"=TypingMaster Pro
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}"=Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}"=Microsoft .NET Framework 2.0 Service Pack 2
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}"=TuneUp Utilities 2007
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}"=WinZip 12.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}"=Microsoft .NET Framework 3.5 SP1
"{D93B7F4E-ED8F-4B5C-970A-95C5336B5962}"=Diablo II - Lord of Destruction
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}"=The Sims™ 2 Seasons
"{E4C1518C-1763-43B1-8129-0E4D0AA862C2}"=ToolBook Assistant 2004 SP3
"{EDDC4962-0CD0-459C-8F58-F1031E391C80}"=Diablo II
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}"=Adobe Photoshop CS
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}"=The Sims™ 2 Bon Voyage
"ActiveScan 2.0"=Panda ActiveScan 2.0
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"AntiVir PersonalEdition Classic"=Avira AntiVir Personal – Free Antivirus
"Ares"=Ares 2.0.9
"Belarc Advisor 2.0"=Belarc Advisor 7.2
"CCleaner"=CCleaner (remove only)
"CursorXP"=CursorXP
"Defraggler"=Defraggler (remove only)
"FileZilla Client"=FileZilla Client 3.0.11
"HackerEvolution"=Hacker Evolution (1.00.0091) (remove only)
"HijackThis"=HijackThis 2.0.2
"IL Download Manager"=IL Download Manager
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}"=VIA Platform Device Manager
"Internet Download Manager"=Internet Download Manager
"Kamus2"=Kamus 2.03
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1"=Microsoft .NET Framework 3.5 SP1
"mIRC"=mIRC
"MixMeister BPM Analyzer_is1"=MixMeister BPM Analyzer 1.0
"Mozilla Firefox (3.0.4)"=Mozilla Firefox (3.0.4)
"MpcStar"=MpcStar 2.2
"MS-MPEG4"=Microsoft MPEG-4 VKI Video Codec V1/V2/V3
"Nero - Burning Rom!UninstallKey"=Nero 6 Ultra Edition
"Notepad++"=Notepad++
"ObjectDock"=ObjectDock
"ophcrack"=ophcrack 3.0.1
"PHP Coder_is1"=PHP Coder Release R2 Final PreRelease 3
"Ragnarok Online"=Ragnarok Online
"RaijeRO_is1"=Raije Ragnarok Online (version 2008-09-17)
"Recuva"=Recuva (remove only)
"Spider Player_is1"=Spider Player 2.3.6
"Super Jigsaw Dessert"=Super Jigsaw Dessert
"Total Video Converter 3.11_is1"=Total Video Converter 3.11
"VIA Chrome9 HC IGP Family Display"=VIA Display Driver 6.14.10.0099
"WampServer 2_is1"=WampServer 2.0
"WIC"=Windows Imaging Component
"Winamp"=Winamp (remove only)
"Windows Media Format Runtime"=Windows Media Format Runtime
"WinPatrol"=WinPatrol 2008
"WinRAR archiver"=WinRAR archiver
"xvid"=XviD MPEG-4 Video Codec
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Extras"=Yahoo! Browser Services
"Yahoo! Mail"=Yahoo! Internet Mail
"Yahoo! Messenger"=Yahoo! Messenger
"YInstHelper"=Yahoo! Install Manager
"Zuma_Deluxe!_1.0"=Zuma Deluxe! 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MasRO Client"=MasRO Client
"UfasoftSocksChain"=Ufasoft SocksChain 3.153

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/14/2008 11:41:41 PM | Computer Name = USER-4E77FD6873 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module netapi32.dll, version 5.1.2600.2180, fault address 0x0000a3c0.

Error - 10/17/2008 1:37:48 AM | Computer Name = USER-4E77FD6873 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 10/18/2008 6:43:03 AM | Computer Name = USER-4E77FD6873 | Source = Arrakis3 | ID = 131073
Description =

Error - 10/18/2008 7:38:50 AM | Computer Name = USER-4E77FD6873 | Source = Arrakis3 | ID = 131073
Description =

Error - 10/18/2008 7:54:43 AM | Computer Name = USER-4E77FD6873 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module netapi32.dll, version 5.1.2600.2180, fault address 0x0000a3c0.

Error - 10/18/2008 8:21:17 AM | Computer Name = USER-4E77FD6873 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module winlogon.exe,
version 5.1.2600.3160, fault address 0x0002dfca.

Error - 10/18/2008 8:22:38 AM | Computer Name = USER-4E77FD6873 | Source = Application Error | ID = 1004
Description = Faulting application winlogon.exe, version 0.0.0.0, faulting module
winlogon.exe, version 5.1.2600.3160, fault address 0x0002dfca.

Error - 10/18/2008 3:23:16 PM | Computer Name = USER-4E77FD6873 | Source = Application Error | ID = 1000
Description = Faulting application waveedit.exe, version 2.0.0.63, faulting module
audiocov.dll, version 9.0.0.0, fault address 0x00001f6e.

Error - 10/19/2008 4:29:36 AM | Computer Name = USER-4E77FD6873 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/20/2008 2:04:20 AM | Computer Name = USER-4E77FD6873 | Source = Application Hang | ID = 1002
Description = Hanging application Spider.exe, version 2.3.5.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/23/2008 2:16:23 AM | Computer Name = USER-4E77FD6873 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 11/23/2008 2:16:38 AM | Computer Name = USER-4E77FD6873 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/23/2008 2:17:47 AM | Computer Name = USER-4E77FD6873 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 11/23/2008 2:17:47 AM | Computer Name = USER-4E77FD6873 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 11/23/2008 2:17:47 AM | Computer Name = USER-4E77FD6873 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 11/23/2008 2:17:47 AM | Computer Name = USER-4E77FD6873 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 11/23/2008 2:17:47 AM | Computer Name = USER-4E77FD6873 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD avgio avipbb BANTExt BIOS Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SABKUTIL
SASDIFSV
SASKUTIL
ssmdrv
Tcpip

Error - 11/23/2008 2:25:05 AM | Computer Name = USER-4E77FD6873 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SABKUTIL

Error - 11/23/2008 2:29:23 AM | Computer Name = USER-4E77FD6873 | Source = System Error | ID = 1003
Description = Error code 00000071, parameter1 00000000, parameter2 00000000, parameter3
00000000, parameter4 00000000.

Error - 11/23/2008 2:51:12 AM | Computer Name = USER-4E77FD6873 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SABKUTIL


< End of report >

BC AdBot (Login to Remove)

 


#2 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:59 PM

Posted 06 December 2008 - 04:35 PM

Hi,

Welcome to BleepingComputer HijackThis Logs and Malware Removal, w00t. :thumbsup:
My name is sundavis, I will be helping you to deal with your Malware problems today.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times. and we are trying our best to keep up.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not, then please do the following.
The log you presented had been a few days away. It may not show what it is. In the meantime, please refrain from making any changes to your computer. and please do in the following:

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
In your next reply, please post back

1.RSIT log.txt and info.txt. Thanks.

#3 Carolyn

Carolyn

    Bleepin' kitten


  • Members
  • 2,131 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 20 December 2008 - 03:17 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users