Bump, please.

 

Your log seems clear, and the machine seems well protected. Your Java version is outdated, and should be updated, old versions should be uninstalled.

Have you tried scanning the file(s) in that folder at VirusTotal or Jotti File Scan?

HijackThis is somewhat limited. Let's have a look with another tool.

• Download RSIT by random/random and save it to your desktop.
• Double click RSIT.exe to start the tool and click Continue at the disclaimer.
• When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
• Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt here.
  
• Please attach info.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:
   C:\rsit\info.txt
   ​
3. Click Upload.

---------------------------------------------------------------------------------------------

 

Thanks for your help.
----------------------------------------------------------
The result for VirusTotal was "0/36"
----------------------------------------------------------
The result for Jotti file scan was "Status:OK"

However, there was an additional note, which I attached in JottiFileScan.PNG
---------------------------------------------------------
RSIT log.txt:

Logfile of random's system information tool 1.04 (written by random/random)
Run by alan2 at 2008-10-03 09:01:05
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 2 GB (5%) free of 30 GB
Total RAM: 2046 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:01:48, on 03/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AdAware2008\aawservice.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\StartupMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\miTaggedMarks\miTaggedMarks.exe
C:\Program Files\RemindMe\RemindMe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\alan2\Desktop\RSIT.exe
C:\Program Files\HijackThis\alan2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Powermarks - {6172E460-FAE3-11D2-B494-004005A47AAA} - C:\PROGRA~1\POWERM~1.5\iec.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Powermarks - {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - C:\PROGRA~1\POWERM~1.5\iec.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: ERUNT.lnk = C:\Program Files\ERUNT_RegBackup\ERUNT.EXE
O4 - Startup: miTaggedMarks.lnk = C:\Program Files\miTaggedMarks\miTaggedMarks.exe
O4 - Startup: RemindMe.lnk = C:\Program Files\RemindMe\RemindMe.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\HTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\HTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182352671671
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6271E364-3A7C-40FF-BD56-C6F8B47509CB}: NameServer = 194.72.0.98 194.72.9.38
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\AdAware2008\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper\DkService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8636 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6172E460-FAE3-11D2-B494-004005A47AAA}]
Powermarks IEC - C:\PROGRA~1\POWERM~1.5\iec.dll [2006-11-08 13824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E166B4A2-83E7-11D3-B4FD-004005A47AAA} - Powermarks - C:\PROGRA~1\POWERM~1.5\iec.dll [2006-11-08 13824]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-03-16 1392640]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]
"avast!"=C:\PROGRA~1\Avast4\ashDisp.exe [2008-07-19 78008]
"TMRUBottedTray"=C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe [2007-12-19 288088]
"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfp.exe [2008-05-31 1655552]
"Run StartupMonitor"=C:\WINDOWS\StartupMonitor.exe [2000-05-20 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"C:\Program Files\NetMeter\NetMeter.exe"=C:\Program Files\NetMeter\NetMeter.exe [2007-08-11 331264]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
C:\Program Files\BTBroadbandDesktopHelp\bin\BTHelpNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashInstaller]
F:\flashstart.exe F:\bt.exe run []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2003-07-16 44032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe [2001-10-03 4247552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-08-04 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTomHOME2\HOMERunner.exe [2008-02-18 206184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^alan2^Start Menu^Programs^Startup^RemindMe.lnk]
C:\PROGRA~1\RemindMe\RemindMe.exe [2007-06-13 228334]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^alan^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
C:\PROGRA~1\OPENOF~1.2\program\QUICKS~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk]
C:\PROGRA~1\BTBROA~1\bin\matcli.exe -boot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE [2007-11-13 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
C:\PROGRA~1\palmOne\Hotsync.exe [2004-06-09 471040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~4\Office10\OSA.EXE -b -l []

D:\Documents and Settings\alan2\Start Menu\Programs\Startup
ERUNT.lnk - C:\Program Files\ERUNT_RegBackup\ERUNT.EXE
miTaggedMarks.lnk - C:\Program Files\miTaggedMarks\miTaggedMarks.exe
RemindMe.lnk - C:\Program Files\RemindMe\RemindMe.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a


======List of files/folders created in the last 2 months======

2008-10-03 09:01:05 ----D---- C:\rsit
2008-09-28 19:52:29 ----D---- C:\ie-spyad_zo
2008-09-28 19:43:03 ----AD---- D:\Documents and Settings\All Users\Application Data\TEMP
2008-09-28 19:42:43 ----D---- C:\Program Files\SpywareBlaster
2008-09-28 16:45:31 ----D---- C:\Program Files\Panda Security
2008-09-28 10:06:08 ----D---- C:\Program Files\HijackThis
2008-09-15 08:06:51 ----D---- C:\Program Files\Common Files\Apple
2008-09-15 08:06:47 ----D---- C:\Program Files\QuickTime
2008-09-15 08:04:39 ----D---- C:\Program Files\Apple Software Update
2008-09-15 08:04:38 ----D---- D:\Documents and Settings\All Users\Application Data\Apple
2008-09-10 08:42:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-10 08:41:55 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-06 20:08:19 ----D---- C:\Program Files\Mnemosyne
2008-08-24 07:40:08 ----D---- C:\Program Files\CCleaner
2008-08-19 11:27:25 ----D---- D:\Documents and Settings\alan2\Application Data\MoRUN.net
2008-08-19 11:26:25 ----D---- C:\Program Files\SecureReminder
2008-08-19 10:31:57 ----D---- D:\Documents and Settings\All Users\Application Data\GrebleSoft
2008-08-19 10:31:57 ----D---- D:\Documents and Settings\alan2\Application Data\Remind-Me
2008-08-16 07:42:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-16 07:42:49 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-16 07:42:42 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-16 07:37:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-16 07:31:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-16 07:31:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-16 07:25:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-09 16:33:09 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2008-08-09 16:31:56 ----D---- C:\Program Files\Microsoft SDKs
2008-08-09 15:12:27 ----SHD---- C:\$RECYCLE.BIN
2008-08-07 14:33:49 ----D---- D:\Documents and Settings\alan2\Application Data\Mael
2008-08-07 09:48:17 ----D---- C:\Program Files\HxD
2008-08-07 07:14:43 ----D---- C:\Program Files\PdfToText
2008-08-06 18:55:22 ----D---- C:\Program Files\Common Files\Borland Shared
2008-08-06 18:55:22 ----D---- C:\Program Files\Borland
2008-08-06 18:40:42 ----D---- C:\Program Files\Microsoft Visual Studio .NET 2003

======List of files/folders modified in the last 2 months======

2008-10-03 08:58:44 ----D---- C:\WINDOWS\Prefetch
2008-10-03 08:30:29 ----D---- C:\WINDOWS\Temp
2008-10-03 08:29:46 ----D---- C:\Program Files\Mozilla Firefox
2008-10-03 08:28:32 ----D---- C:\WINDOWS\ERDNT
2008-10-03 08:19:13 ----D---- C:\WINDOWS
2008-10-02 21:39:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-02 16:24:26 ----D---- C:\Program Files\FreeCellPro64
2008-10-02 14:43:55 ----D---- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-02 14:43:50 ----D---- C:\WINDOWS\Minidump
2008-10-02 14:43:50 ----D---- C:\WINDOWS\Debug
2008-09-30 11:22:56 ----D---- C:\WINDOWS\system32
2008-09-30 11:17:04 ----D---- C:\Program Files\Powermarks 3.5
2008-09-29 09:54:14 ----D---- D:\Documents and Settings\alan2\Application Data\OpenOffice.org2
2008-09-28 21:16:21 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-28 19:42:43 ----RD---- C:\Program Files
2008-09-28 16:49:55 ----D---- C:\WINDOWS\system32\drivers
2008-09-28 16:47:01 ----HD---- C:\WINDOWS\inf
2008-09-28 07:34:22 ----D---- C:\Program Files\AdAware2008
2008-09-21 08:26:20 ----D---- C:\Program Files\Avast4
2008-09-17 13:58:03 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-17 08:09:14 ----D---- C:\WINDOWS\Help
2008-09-15 08:08:06 ----SHD---- C:\WINDOWS\Installer
2008-09-15 08:07:46 ----D---- C:\Config.Msi
2008-09-15 08:06:51 ----D---- C:\Program Files\Common Files
2008-09-10 08:41:57 ----D---- C:\WINDOWS\WinSxS
2008-09-10 08:41:24 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-04 16:32:04 ----SD---- D:\Documents and Settings\alan2\Application Data\Microsoft
2008-09-04 15:08:21 ----D---- C:\WINDOWS\SHELLNEW
2008-09-02 06:23:20 ----D---- C:\Program Files\RemindMe
2008-08-31 10:29:32 ----D---- C:\WINDOWS\repair
2008-08-31 10:29:24 ----D---- C:\WINDOWS\Registration
2008-08-26 21:28:12 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-24 11:05:29 ----D---- C:\Program Files\SpybotSearch&Destroy
2008-08-24 10:42:28 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-08-24 10:23:35 ----D---- C:\Program Files\EasyCleaner
2008-08-23 10:49:31 ----D---- C:\Program Files\Microsoft Visual Studio 8
2008-08-23 10:47:59 ----RSD---- C:\WINDOWS\assembly
2008-08-23 10:47:56 ----D---- D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-23 10:47:52 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-08-23 10:47:45 ----D---- C:\Program Files\Common Files\Merge Modules
2008-08-20 13:37:34 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-20 13:31:24 ----D---- C:\Program Files\FlightGear0910
2008-08-20 12:19:18 ----D---- C:\Program Files\palmOne
2008-08-16 07:42:51 ----D---- C:\Program Files\Messenger
2008-08-16 07:31:23 ----D---- C:\Program Files\Internet Explorer
2008-08-16 07:31:13 ----D---- C:\WINDOWS\ie7updates
2008-08-13 19:05:56 ----D---- C:\Program Files\MemoryLifter2
2008-08-11 13:01:59 ----D---- C:\Program Files\FreeMind
2008-08-10 07:42:13 ----D---- C:\WINDOWS\Microsoft.NET
2008-08-09 19:41:51 ----SD---- D:\Documents and Settings\All Users\Application Data\Microsoft
2008-08-08 06:12:00 ----D---- C:\Program Files\GenieHome8
2008-08-06 18:40:42 ----D---- C:\Program Files\Microsoft.NET

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2008-05-23 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2008-05-23 24208]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R3 alcan5wn;Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2001-10-03 53920]
R3 alcaudsl;Alcatel Speed Touch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2001-10-03 589776]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2003-07-16 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2003-07-16 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-03 67584]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 TMPassthruMP;TMPassthruMP; C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2007-11-27 35216]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-26 27264]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-21 58240]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2007-12-24 16694]
S3 TMPassthru;Trend Micro Passthru Ndis Service; C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2007-11-27 35216]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2006-11-02 128104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\AdAware2008\aawservice.exe [2008-07-07 611664]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Avast4\ashServ.exe [2008-07-19 147640]
R2 cmdAgent;COMODO Firewall Pro Helper Service; C:\Program Files\COMODO\Firewall\cmdagent.exe [2008-05-26 519936]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-03-19 335872]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 71096]
R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2007-11-06 414984]
R2 RUBotted;Trend Micro RUBotted Service; C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe [2007-12-19 517456]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-03-16 20480]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2007-11-06 734472]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Diskeeper;Diskeeper; C:\Program Files\Diskeeper\DkService.exe [2005-11-23 765952]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt --defaults-file=C:\Program Files\MySQL\MySQL Server 5.0\my.ini MySQL []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

 

The additional note from Jotti is from a previous file. It's just something they put on the page.

Logs seem clean, and the file does not appear to be malicious.

I wouldn't mind taking a look at it myself. Please upload it here:

http://www.bleepingcomputer.com/submit-malware.php?channel=28

 

I wouldn't mind taking a look at it myself. Please upload it here:

http://www.bleepingcomputer.com/submit-malware.php?channel=28

I have now uploaded the file as requested.

Thanks.

 

Not much useful information there.....also, the folder and file don't show up in the RSIT log, which looks back 30 days. So, even though it's dated on your machine 5 days previous to your original post, I can't tell what it might have come in with by time association.

Were it me, I'd rename the file to a .old extension and leave it for a while, to see if anything gives an error message about it being missing. If nothing misses it after a week or so, you can probably delete it.

Let's run this online scan, to help see if anything is lurking.

Go here to run an online scannner from ESET.

• Note: You will need to use Internet explorer for this scan
• Turn off the real time scanner of any existing antivirus program while performing the online scan[
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
• Click Scan
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic and also let me know how things are now.

 

I must apologize. The folder and file have been present for one month plus 5 days - not just 5 days

The date on the folder and the file is 23/08/2008. The date of posting was 09/28/2008.

Trying to subtract a European date from an American date was obviously more than my brain could handle
----------------------------------------------
The Eset result was:

Scan results: No threats found

I am appending the log.

In the absence of any advice to the contrary, I will rename the file to .old, as you suggested, and see what happens.

Thanks again for your help.
-------------------------------
# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3493 (20081003)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=2f629b3348057c45bc06a936f91da1a3
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-10-04 11:57:53
# local_time=2008-10-04 12:57:53 (+0000, GMT Standard Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 2
# scanned=1814757
# found=0
# scan_time=16334

 

OK, thank you...in that case, just to try to satisfy curiosity, please run RSIT once again. When it opens, you'll see a dropdown menu for "Files/foders created or modified in the last:"

Please change that to 3 months, and then click on Continue. Post the log created.

 

I ran RSIT. The log is attached below.

I noticed that the suspicious file or folder did not appear in the log.

Just to add to the confusion. Before my first post (on 09/28/2008 American), I renamed ".kvkxcvkzdyz" to "kvkxcvkzdyz$" (remove the dot, add a "$"). This was an attempt to "hide" the folder. The file has always had its original name, ".nynafyncgbc"

Before running any of your recommended scans, I attempted to rename the folder back to its original name. I was allowed to remove the "$", but Windows never allowed me to re-insert the dot. Message: "You must type a file name."

So the suspicious folder is:

D:\Documents and Settings\alan2\kvkxcvkzdyz

When I look in D:\Documents and Settings\alan2, I can see other folders and files beginning with a dot.

For example:

.borland
.eclipse
.netbeans

Some of these folders have been modified in the last 3 months, But they do not show in the RSIT log. I am wondering if that is due to the dot.

Because there is no dot, I would therefore expect "kvkxcvkzdyz" to show up in the RSIT log.

I notice also, that files that appear in the RSIT log all appear to be executables (exe, dll, etc) but of course the suspicious file has no extension.

I notice that the timestamp on the .borland folder is exactly the same as the time stamp on the suspicious folder and file (23/08/2008 15:07). The file in this folder having the same timestamp is "borland.lic"

When I use Beyond Compare to compare "borland.lic" to ".nynafyncgbc", the files are identical in content and timestamp. (Beyond compare shows the seconds as 23/08/2008 15:07:03)

I think the Borland folder is related to Turbo C++ (I'm a "leap-year" amateur programmer - every 29th February!)

In the Turbo C++ program files folder there are three files in "lib" that have timestamps 23/08/2008 15:21, or later. Other timestamps are 14 days earlier: 09/08/2008 European.

In conclusion, here are some comments and questions:

- Do I blame Borland, or has this been done by malware?

- Folders that begin with dot do not show in HijackThis. Is that OK?

- Files with no extensions do not show in HijackThis. Is that OK?

- "kvkxcvkzdyz" does not show in RSIT, even although it does not have a dot. Why is that?

-------------------------------------------------------------------

Logfile of random's system information tool 1.04 (written by random/random)
Run by alan2 at 2008-10-05 09:36:13
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 1 GB (5%) free of 30 GB
Total RAM: 2046 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:36:34, on 05/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AdAware2008\aawservice.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\StartupMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\miTaggedMarks\miTaggedMarks.exe
C:\Program Files\RemindMe\RemindMe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Knowbase\knowbase.exe
C:\Program Files\Mnemosyne\mnemosyne.exe
D:\Documents and Settings\alan2\Desktop\RSIT.exe
C:\Program Files\HijackThis\alan2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Powermarks - {6172E460-FAE3-11D2-B494-004005A47AAA} - C:\PROGRA~1\POWERM~1.5\iec.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Powermarks - {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - C:\PROGRA~1\POWERM~1.5\iec.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: ERUNT.lnk = C:\Program Files\ERUNT_RegBackup\ERUNT.EXE
O4 - Startup: miTaggedMarks.lnk = C:\Program Files\miTaggedMarks\miTaggedMarks.exe
O4 - Startup: RemindMe.lnk = C:\Program Files\RemindMe\RemindMe.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\HTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\HTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182352671671
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6271E364-3A7C-40FF-BD56-C6F8B47509CB}: NameServer = 194.72.0.98 194.72.9.38
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\AdAware2008\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper\DkService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8783 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6172E460-FAE3-11D2-B494-004005A47AAA}]
Powermarks IEC - C:\PROGRA~1\POWERM~1.5\iec.dll [2006-11-08 13824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E166B4A2-83E7-11D3-B4FD-004005A47AAA} - Powermarks - C:\PROGRA~1\POWERM~1.5\iec.dll [2006-11-08 13824]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-03-16 1392640]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]
"avast!"=C:\PROGRA~1\Avast4\ashDisp.exe [2008-07-19 78008]
"TMRUBottedTray"=C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe [2007-12-19 288088]
"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfp.exe [2008-05-31 1655552]
"Run StartupMonitor"=C:\WINDOWS\StartupMonitor.exe [2000-05-20 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"C:\Program Files\NetMeter\NetMeter.exe"=C:\Program Files\NetMeter\NetMeter.exe [2007-08-11 331264]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
C:\Program Files\BTBroadbandDesktopHelp\bin\BTHelpNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashInstaller]
F:\flashstart.exe F:\bt.exe run []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2003-07-16 44032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe [2001-10-03 4247552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-08-04 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTomHOME2\HOMERunner.exe [2008-02-18 206184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^alan2^Start Menu^Programs^Startup^RemindMe.lnk]
C:\PROGRA~1\RemindMe\RemindMe.exe [2007-06-13 228334]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^alan^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
C:\PROGRA~1\OPENOF~1.2\program\QUICKS~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk]
C:\PROGRA~1\BTBROA~1\bin\matcli.exe -boot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE [2007-11-13 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
C:\PROGRA~1\palmOne\Hotsync.exe [2004-06-09 471040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~4\Office10\OSA.EXE -b -l []

D:\Documents and Settings\alan2\Start Menu\Programs\Startup
ERUNT.lnk - C:\Program Files\ERUNT_RegBackup\ERUNT.EXE
miTaggedMarks.lnk - C:\Program Files\miTaggedMarks\miTaggedMarks.exe
RemindMe.lnk - C:\Program Files\RemindMe\RemindMe.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a


======List of files/folders created in the last 3 months======

2008-10-04 08:23:04 ----D---- C:\Program Files\EsetOnlineScanner
2008-10-03 09:01:05 ----D---- C:\rsit
2008-09-28 19:52:29 ----D---- C:\ie-spyad_zo
2008-09-28 19:43:03 ----AD---- D:\Documents and Settings\All Users\Application Data\TEMP
2008-09-28 19:42:43 ----D---- C:\Program Files\SpywareBlaster
2008-09-28 16:45:31 ----D---- C:\Program Files\Panda Security
2008-09-28 10:06:08 ----D---- C:\Program Files\HijackThis
2008-09-15 08:06:51 ----D---- C:\Program Files\Common Files\Apple
2008-09-15 08:06:47 ----D---- C:\Program Files\QuickTime
2008-09-15 08:04:39 ----D---- C:\Program Files\Apple Software Update
2008-09-15 08:04:38 ----D---- D:\Documents and Settings\All Users\Application Data\Apple
2008-09-10 08:42:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-10 08:41:55 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-06 20:08:19 ----D---- C:\Program Files\Mnemosyne
2008-08-24 07:40:08 ----D---- C:\Program Files\CCleaner
2008-08-19 11:27:25 ----D---- D:\Documents and Settings\alan2\Application Data\MoRUN.net
2008-08-19 11:26:25 ----D---- C:\Program Files\SecureReminder
2008-08-19 10:31:57 ----D---- D:\Documents and Settings\All Users\Application Data\GrebleSoft
2008-08-19 10:31:57 ----D---- D:\Documents and Settings\alan2\Application Data\Remind-Me
2008-08-16 07:42:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-16 07:42:49 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-16 07:42:42 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-16 07:37:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-16 07:31:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-16 07:31:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-16 07:25:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-09 16:33:09 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2008-08-09 16:31:56 ----D---- C:\Program Files\Microsoft SDKs
2008-08-09 15:12:27 ----SHD---- C:\$RECYCLE.BIN
2008-08-07 14:33:49 ----D---- D:\Documents and Settings\alan2\Application Data\Mael
2008-08-07 09:48:17 ----D---- C:\Program Files\HxD
2008-08-07 07:14:43 ----D---- C:\Program Files\PdfToText
2008-08-06 18:55:22 ----D---- C:\Program Files\Common Files\Borland Shared
2008-08-06 18:55:22 ----D---- C:\Program Files\Borland
2008-08-06 18:40:42 ----D---- C:\Program Files\Microsoft Visual Studio .NET 2003
2008-08-02 12:10:17 ----D---- D:\Documents and Settings\alan2\Application Data\LearnLift
2008-08-02 12:09:59 ----D---- C:\Program Files\MemoryLifter2
2008-07-27 08:42:39 ----D---- C:\Program Files\AdAware2008
2008-07-09 05:26:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-07-06 06:34:31 ----D---- C:\Program Files\AmiBroker500_Backup

======List of files/folders modified in the last 3 months======

2008-10-05 07:34:55 ----D---- C:\WINDOWS\Temp
2008-10-05 07:34:13 ----D---- C:\Program Files\Mozilla Firefox
2008-10-05 07:12:17 ----D---- C:\WINDOWS\Prefetch
2008-10-05 07:12:07 ----D---- C:\WINDOWS\system32\drivers
2008-10-05 07:07:00 ----D---- C:\WINDOWS\ERDNT
2008-10-05 06:59:28 ----D---- C:\WINDOWS
2008-10-04 21:15:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-04 16:52:38 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-04 16:51:01 ----D---- C:\Program Files\FreeCellPro64
2008-10-04 10:10:37 ----D---- C:\WINDOWS\system32
2008-10-04 08:23:04 ----RD---- C:\Program Files
2008-10-04 08:22:50 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-03 09:22:13 ----SHD---- C:\WINDOWS\Installer
2008-10-03 09:22:05 ----D---- C:\Config.Msi
2008-10-02 14:43:55 ----D---- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-02 14:43:50 ----D---- C:\WINDOWS\Minidump
2008-10-02 14:43:50 ----D---- C:\WINDOWS\Debug
2008-09-30 11:17:04 ----D---- C:\Program Files\Powermarks 3.5
2008-09-29 09:54:14 ----D---- D:\Documents and Settings\alan2\Application Data\OpenOffice.org2
2008-09-28 16:47:01 ----HD---- C:\WINDOWS\inf
2008-09-21 08:26:20 ----D---- C:\Program Files\Avast4
2008-09-17 13:58:03 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-17 08:09:14 ----D---- C:\WINDOWS\Help
2008-09-15 08:06:51 ----D---- C:\Program Files\Common Files
2008-09-10 08:41:57 ----D---- C:\WINDOWS\WinSxS
2008-09-10 08:41:24 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-04 16:32:04 ----SD---- D:\Documents and Settings\alan2\Application Data\Microsoft
2008-09-04 15:08:21 ----D---- C:\WINDOWS\SHELLNEW
2008-09-02 06:23:20 ----D---- C:\Program Files\RemindMe
2008-08-31 10:29:32 ----D---- C:\WINDOWS\repair
2008-08-31 10:29:24 ----D---- C:\WINDOWS\Registration
2008-08-26 21:28:12 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-24 11:05:29 ----D---- C:\Program Files\SpybotSearch&Destroy
2008-08-24 10:42:28 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-08-24 10:23:35 ----D---- C:\Program Files\EasyCleaner
2008-08-23 10:49:31 ----D---- C:\Program Files\Microsoft Visual Studio 8
2008-08-23 10:47:59 ----RSD---- C:\WINDOWS\assembly
2008-08-23 10:47:56 ----D---- D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-23 10:47:52 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-08-23 10:47:45 ----D---- C:\Program Files\Common Files\Merge Modules
2008-08-20 13:37:34 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-20 13:31:24 ----D---- C:\Program Files\FlightGear0910
2008-08-20 12:19:18 ----D---- C:\Program Files\palmOne
2008-08-16 07:42:51 ----D---- C:\Program Files\Messenger
2008-08-16 07:31:23 ----D---- C:\Program Files\Internet Explorer
2008-08-16 07:31:13 ----D---- C:\WINDOWS\ie7updates
2008-08-11 13:01:59 ----D---- C:\Program Files\FreeMind
2008-08-10 07:42:13 ----D---- C:\WINDOWS\Microsoft.NET
2008-08-09 19:41:51 ----SD---- D:\Documents and Settings\All Users\Application Data\Microsoft
2008-08-08 06:12:00 ----D---- C:\Program Files\GenieHome8
2008-08-06 18:40:42 ----D---- C:\Program Files\Microsoft.NET
2008-08-02 18:44:11 ----D---- C:\Program Files\OpenOffice.org 2.4
2008-08-02 18:44:10 ----RSD---- C:\WINDOWS\Fonts
2008-08-02 08:29:32 ----D---- C:\Program Files\WFEducator_100
2008-07-28 16:57:23 ----D---- C:\Program Files\AmiBroker
2008-07-27 10:06:22 ----D---- D:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-27 09:49:36 ----D---- C:\Program Files\FolderMatch
2008-07-27 09:48:25 ----SD---- C:\WINDOWS\Tasks
2008-07-27 09:45:50 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-07-27 08:34:03 ----D---- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-26 20:08:51 ----D---- C:\Program Files\miTaggedMarks
2008-07-19 15:43:08 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-18 22:07:34 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\muweb.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-07-18 14:51:36 ----RSH---- C:\WINDOWS\system32\E17EEFE802.dll
2008-07-14 12:09:18 -------- C:\WINDOWS\system32\tzchange.exe
2008-07-10 10:13:59 ----D---- D:\Documents and Settings\All Users\Application Data\TechSmith
2008-07-10 10:13:56 ----D---- C:\Program Files\TechSmith
2008-07-07 21:32:22 ----A---- C:\WINDOWS\system32\es.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2008-05-23 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2008-05-23 24208]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R3 alcan5wn;Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2001-10-03 53920]
R3 alcaudsl;Alcatel Speed Touch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2001-10-03 589776]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2003-07-16 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2003-07-16 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-03 67584]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 TMPassthruMP;TMPassthruMP; C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2007-11-27 35216]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-26 27264]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-21 58240]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2007-12-24 16694]
S3 TMPassthru;Trend Micro Passthru Ndis Service; C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2007-11-27 35216]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2006-11-02 128104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\AdAware2008\aawservice.exe [2008-07-07 611664]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Avast4\ashServ.exe [2008-07-19 147640]
R2 cmdAgent;COMODO Firewall Pro Helper Service; C:\Program Files\COMODO\Firewall\cmdagent.exe [2008-05-26 519936]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-03-19 335872]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 71096]
R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2007-11-06 414984]
R2 RUBotted;Trend Micro RUBotted Service; C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe [2007-12-19 517456]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-03-16 20480]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Diskeeper;Diskeeper; C:\Program Files\Diskeeper\DkService.exe [2005-11-23 765952]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt --defaults-file=C:\Program Files\MySQL\MySQL Server 5.0\my.ini MySQL []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2007-11-06 734472]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

 

It seems like you've answered the question about what it is. Seems to be associated with the programming you were doing. As the file does not appear to be malicious, I think we can consider this solved.

HijackThis is a registry tool. If a file has no associated registry entry in the areas HijackThis polls, it won't show up.

Not sure about RSIT and the dot.

I'm curious to see if one of our other ID tools will see the folder.

Download OTViewIt to the Desktop.

• Close all windows and double click on OTViewIt.exe
• Place a tick in the Scan all Users box
• In the File Age drop box, select 90 days
• Click Run Scan and let the program run uninterrupted
• Upon completion it produces two logs on the Desktop: OTViewIt.txt and Extras.txt. Post contents of both of these.

 

I am attaching the two logs from OTViewIt

I notice that the suspicious file and folder are not included:

D:\Documents and Settings\alan2\kvkxcvkzdyz
D:\Documents and Settings\alan2\kvkxcvkzdyz\.nynafyncgbc

ERUNT data files do not appear. ERUNT runs at startup, and produces one new folder per day. For example:
C:\WINDOWS\ERDNT\04-10-2008\

I notice that many files/folders created/modified recently are not included.

It seems to me that if there were a program that actually *did* show all new/modified files/folders, that would be a very useful tool against malicious software. Do you know if such a program exists?

Thanks again.

-------------------------------------

OTViewIt logfile created on: 06/10/2008 07:41:34 - Run 2
OTViewIt by OldTimer - Version 1.0.9.4 Folder = D:\Documents and Settings\alan2\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.74% Memory free
3.85 Gb Paging File | 3.37 Gb Available in Paging File | 87.57% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.32 Gb Total Space | 1.05 Gb Free Space | 3.57% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 1.59 Gb Free Space | 10.86% Space Free | Partition Type: NTFS
Drive E: | 20.33 Gb Total Space | 19.75 Gb Free Space | 97.14% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALANSLAPTOP
Current User Name: alan2
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 90 Days

========== Processes ==========

[2006/05/23 21:59:38 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2007/03/16 18:10:46 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
[2007/03/16 18:10:42 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\AdAware2008\aawservice.exe
[2008/07/19 15:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\aswUpdSv.exe
[2008/07/19 15:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashServ.exe
[2008/05/26 19:49:35 | 00,519,936 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cmdagent.exe
[2003/03/19 01:55:56 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
[2008/03/09 11:20:26 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
[2007/11/06 09:37:48 | 00,414,984 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\RAXCO\PerfectDisk\PDAgent.exe
[2007/12/19 00:18:12 | 00,517,456 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
[2008/07/19 15:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashMaiSv.exe
[2008/07/23 15:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashWebSv.exe
[2007/11/06 09:37:56 | 00,734,472 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\RAXCO\PerfectDisk\PDEngine.exe
[2004/08/04 00:56:58 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2006/05/23 21:59:38 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/03/24 17:30:44 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2006/03/08 12:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2007/03/16 18:10:46 | 01,392,640 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
[2008/07/19 15:38:34 | 00,078,008 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashDisp.exe
[2007/12/19 00:18:14 | 00,288,088 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
[2008/05/31 19:32:05 | 01,655,552 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cfp.exe
[2000/05/20 17:23:48 | 00,086,016 | ---- | M] () -- C:\WINDOWS\StartupMonitor.exe
[2007/08/11 15:50:00 | 00,331,264 | ---- | M] () -- C:\Program Files\NetMeter\NetMeter.exe
[2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/11/28 11:43:18 | 03,411,456 | ---- | M] (Michael Valentiner-Branth) -- C:\Program Files\miTaggedMarks\miTaggedMarks.exe
[2007/06/13 20:45:28 | 00,228,334 | ---- | M] () -- C:\Program Files\RemindMe\RemindMe.exe
[2008/09/28 07:16:56 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/08/23 18:02:52 | 00,023,552 | ---- | M] () -- C:\Program Files\Mnemosyne\mnemosyne.exe
[2006/12/16 10:57:32 | 02,125,836 | ---- | M] (Bitsmith Software) -- C:\Program Files\Knowbase\knowbase.exe
[2008/10/05 19:03:09 | 00,419,328 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\alan2\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/07/07 08:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\AdAware2008\aawservice.exe -- (aawservice [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/07/19 15:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2006/05/23 21:59:38 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/07/19 15:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2008/07/19 15:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2008/07/23 15:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
[2004/08/04 00:56:48 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/05/26 19:49:35 | 00,519,936 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cmdagent.exe -- (cmdAgent [Auto | Running])
[2005/11/23 08:58:04 | 00,765,952 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper\DkService.exe -- (Diskeeper [On_Demand | Stopped])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2003/03/19 01:55:56 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
[2007/07/06 13:14:02 | 05,730,304 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL [On_Demand | Stopped])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/03/09 11:20:26 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU [Auto | Running])
[2003/07/28 05:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/11/06 09:37:48 | 00,414,984 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\RAXCO\PerfectDisk\PDAgent.exe -- (PDAgent [Auto | Running])
[2007/11/06 09:37:56 | 00,734,472 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\RAXCO\PerfectDisk\PDEngine.exe -- (PDEngine [On_Demand | Running])
[2007/12/19 00:18:12 | 00,517,456 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe -- (RUBotted [Auto | Running])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2007/03/16 18:10:46 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/07/19 15:32:15 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
[2001/10/03 10:10:10 | 00,053,920 | ---- | M] (Alcatel Bell) -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn [On_Demand | Running])
[2001/10/03 10:09:56 | 00,589,776 | ---- | M] (Alcatel Bell) -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl [On_Demand | Running])
[2008/07/19 15:37:42 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2008/07/19 15:37:21 | 00,094,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
[2008/07/19 15:33:42 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
[2008/07/19 15:35:18 | 00,078,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
[2008/07/19 15:32:36 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2006/05/23 22:06:36 | 01,578,496 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007/03/16 18:10:46 | 00,604,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])
[2006/11/21 04:25:44 | 00,045,568 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2008/05/23 19:55:42 | 00,087,056 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard [System | Running])
[2008/05/23 19:55:43 | 00,024,208 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp [System | Running])
[2007/10/22 06:33:40 | 00,068,624 | ---- | M] (Raxco Software, Inc.) -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS [Boot | Running])
[2004/08/12 17:45:54 | 00,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/12/01 01:40:56 | 00,936,960 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2005/12/01 01:40:12 | 00,192,512 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
[2008/05/23 19:55:45 | 00,079,760 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect [Boot | Running])
[2004/08/03 22:59:20 | 00,036,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm [System | Running])
[2005/10/04 23:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
File not found -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5 [On_Demand | Stopped])
File not found -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5 [On_Demand | Stopped])
[2007/12/24 19:18:13 | 00,016,694 | ---- | M] (PalmSource, Inc.) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
[2001/08/17 13:51:52 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde [Boot | Running])
[2003/07/16 21:42:18 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/12/20 03:00:00 | 00,044,608 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2006/11/15 00:16:24 | 00,032,256 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [Auto | Running])
[2006/11/14 19:42:46 | 00,043,520 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk [Auto | Running])
[2006/11/14 17:35:20 | 00,037,376 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp [Auto | Running])
[2004/08/03 23:07:48 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2006/03/24 17:34:30 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2006/03/08 12:35:10 | 00,191,872 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2007/11/27 22:51:00 | 00,035,216 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\TMPassthru.sys -- (TMPassthru [On_Demand | Stopped])
[2007/11/27 22:51:00 | 00,035,216 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\TMPassthru.sys -- (TMPassthruMP [On_Demand | Running])
[2005/10/26 00:39:41 | 00,027,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2006/11/02 00:50:52 | 00,128,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr [On_Demand | Stopped])
[2005/12/01 01:40:08 | 00,669,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
[2004/08/04 00:07:42 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])
[2006/09/28 19:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf [On_Demand | Stopped])
[2006/09/28 20:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1482476501-1060284298-839522115-1011\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

[HKEY_USERS\S-1-5-21-1482476501-1060284298-839522115-1011\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1482476501-1060284298-839522115-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (260706 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
9052 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{6172E460-FAE3-11D2-B494-004005A47AAA} (HKLM) -- C:\Program Files\Powermarks 3.5\iec.dll (Kaylon Technologies Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{E166B4A2-83E7-11D3-B4FD-004005A47AAA}" (HKLM) -- C:\Program Files\Powermarks 3.5\iec.dll (Kaylon Technologies Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1482476501-1060284298-839522115-1011\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1482476501-1060284298-839522115-1011\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\Avast4\ashDisp.exe (ALWIL Software)
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" -h ()
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
"Run StartupMonitor"=StartupMonitor.exe ()
"SigmatelSysTrayApp"=stsystra.exe (SigmaTel, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"TMRUBottedTray"="C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe" (Trend Micro Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\Program Files\NetMeter\NetMeter.exe"=C:\Program Files\NetMeter\NetMeter.exe ()
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1482476501-1060284298-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\Program Files\NetMeter\NetMeter.exe"=C:\Program Files\NetMeter\NetMeter.exe ()
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2005/10/20 12:00:28 | 00,157,696 | ---- | M] () -- D:\Documents and Settings\alan2\Start Menu\Programs\Startup\ERUNT.lnk = C:\Program Files\ERUNT_RegBackup\ERUNT.EXE
[2007/11/28 11:43:18 | 03,411,456 | ---- | M] (Michael Valentiner-Branth) -- D:\Documents and Settings\alan2\Start Menu\Programs\Startup\miTaggedMarks.lnk = C:\Program Files\miTaggedMarks\miTaggedMarks.exe
[2007/06/13 20:45:28 | 00,228,334 | ---- | M] () -- D:\Documents and Settings\alan2\Start Menu\Programs\Startup\RemindMe.lnk = C:\Program Files\RemindMe\RemindMe.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1482476501-1060284298-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/05/15 15:42:26 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: File not found

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
Add to Windows &Live Favorites: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1482476501-1060284298-839522115-1011\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/05/15 15:42:26 | 10,354,176 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [2008/02/22 04:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{36ECAF82-3300-8F84-092E-AFF36D6C7040}: Button: Run WinHTTrack -- %ProgramFiles%\HTTrack\WinHTTrackIEBar.dll [2005/02/05 09:56:24 | 00,131,072 | ---- | M] ()
{36ECAF82-3300-8F84-092E-AFF36D6C7040}: Menu: Launch WinHTTrack -- %ProgramFiles%\HTTrack\WinHTTrackIEBar.dll [2005/02/05 09:56:24 | 00,131,072 | ---- | M] ()
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
44 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
51 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
44 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
44 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1482476501-1060284298-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
51 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}: http://www.eset.eu/OnlineScanner.cab -- OnlineScanner Control
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182352671671 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab -- Java Plug-in 1.6.0_05
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{C606BA60-AB76-48B6-96A7-2C4D5C386F70}: http://help.broadbandassist.com/bbdesktop/PreQual/files/MotivePreQual.cab -- PreQualifier Class
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab -- Java Plug-in 1.5.0_12
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab -- Java Plug-in 1.6.0
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab -- Java Plug-in 1.6.0_04
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab -- Java Plug-in 1.6.0_05
Microsoft XML Parser for Java: file:///C:/WINDOWS/Java/classes/xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{0E846A24-BE42-4E4A-AED8-66DC7AA4F087} (Servers: | Description: 1394 Net Adapter)
{932E7B9C-067D-4D13-BE42-1278F2B40D5C} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)
{A5BF827B-D658-4772-8644-8657EB267C08} (Servers: | Description: Dell Wireless 1390 WLAN Mini-Card)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\WINDOWS\system32\guard32.dll
>[2008/05/23 19:55:41 | 00,143,104 | ---- | M] () -- C:\WINDOWS\system32\guard32.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007/06/19 15:16:27 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command]
""=G:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 90 Days ==========

[2008/10/05 19:03:08 | 00,419,328 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\alan2\Desktop\OTViewIt.exe
[2008/10/05 14:58:21 | 00,000,000 | ---D | C] -- D:\Documents and Settings\alan2\Application Data\Eric4
[2008/10/05 14:03:14 | 00,000,000 | ---D | C] -- C:\Qt
[2008/10/05 13:56:29 | 00,000,069 | ---- | C] () -- C:\qt.conf
[2008/10/05 13:44:26 | 00,000,000 | ---D | C] -- C:\Python25
[2008/10/04 08:23:04 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2008/10/03 09:19:25 | 00,001,634 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\SnagIt 9.lnk
[2008/10/03 09:19:25 | 00,000,702 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\SnagIt 9 Editor.lnk
[2008/10/03 09:01:05 | 00,000,000 | ---D | C] -- C:\rsit
[2008/10/03 08:56:17 | 00,305,705 | ---- | C] () -- D:\Documents and Settings\alan2\Desktop\RSIT.exe
[2008/09/28 19:52:29 | 00,000,000 | ---D | C] -- C:\ie-spyad_zo
[2008/09/28 19:43:03 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 120 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
[2008/09/28 19:42:53 | 00,000,576 | ---- | C] () -- D:\Documents and Settings\alan2\Desktop\SpywareBlaster.lnk
[2008/09/28 19:42:43 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2008/09/28 16:47:25 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2008/09/28 16:45:31 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2008/09/28 10:06:20 | 00,001,482 | ---- | C] () -- D:\Documents and Settings\alan2\Desktop\HijackThis.lnk
[2008/09/28 10:06:08 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2008/09/18 09:55:18 | 00,000,638 | ---- | C] () -- D:\Documents and Settings\alan2\Desktop\Copy of Mnemosyne.lnk
[2008/09/15 08:06:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2008/09/15 08:06:47 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/09/15 08:04:39 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2008/09/15 08:04:38 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Apple
[2008/09/07 07:49:02 | 00,000,680 | ---- | C] () -- D:\Documents and Settings\alan2\Desktop\Mnemosyne.lnk
[2008/09/06 20:08:19 | 00,000,000 | ---D | C] -- C:\Program Files\Mnemosyne
[2008/08/31 19:50:20 | 05,652,328 | ---- | C] (Microsoft Corporation) -- D:\Documents and Settings\alan2\Desktop\msxml4-KB936181-enu.exe
[2008/08/24 10:59:01 | 00,000,784 | ---- | C] () -- D:\Documents and Settings\alan2\Desktop\Spybot - Search & Destroy.lnk
[2008/08/24 10:32:46 | 14,968,808 | ---- | C] (Safer Networking Limited ) -- D:\Documents and Settings\alan2\Desktop\spybotsd160.exe
[2008/08/24 09:52:28 | 24,112,168 | ---- | C] () -- D:\Documents and Settings\alan2\My Documents\EasyCleanerDuplicateFiles.htm
[2008/08/24 07:40:17 | 00,001,458 | ---- | C] () -- D:\Documents and Settings\alan2\Desktop\CCleaner.lnk
[2008/08/24 07:40:08 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/08/23 13:33:42 | 00,000,000 | ---D | C] -- D:\Documents and Settings\alan2\My Documents\VisualC++2008
[2008/08/23 11:08:12 | 00,000,936 | ---- | C] () -- D:\Documents and Settings\alan2\Desktop\MS Visual C++ 2008 Express Edition.lnk
[2008/08/20 14:28:16 | 00,000,714 | ---- | C] () -- D:\Documents and Settings\alan2\Start Menu\Programs\Startup\RemindMe.lnk
[2008/08/19 11:27:25 | 00,000,000 | ---D | C] -- D:\Documents and Settings\alan2\Application Data\MoRUN.net
[2008/08/19 11:26:25 | 00,000,000 | ---D | C] -- C:\Program Files\SecureReminder
[2008/08/19 10:31:57 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\GrebleSoft
[2008/08/19 10:31:57 | 00,000,000 | ---D | C] -- D:\Documents and Settings\alan2\Application Data\Remind-Me
[2008/08/16 09:12:29 | 00,000,834 | ---- | C] () -- D:\Documents and Settings\alan2\Desktop\FulRecall.lnk
[2008/08/12 19:42:33 | 00,000,000 | ---D | C] -- D:\Documents and Settings\alan2\Local Settings\Application Data\WMTools Downloaded Files
[2008/08/12 19:21:08 | 00,000,000 | ---D | C] -- D:\Documents and Settings\alan2\My Documents\fullrecalldb
[2008/08/11 13:01:59 | 00,001,458 | ---- | C] () -- D:\Documents and Settings\alan2\Desktop\FreeMind.lnk
[2008/08/09 16:35:49 | 00,000,000 | ---D | C] -- D:\Documents and Settings\alan2\My Documents\Visual Studio 2008
[2008/08/09 16:33:09 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2008/08/09 16:31:56 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2008/08/09 15:12:27 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2008/08/09 14:53:42 | 00,000,764 | ---- | C] () -- D:\Documents and Settings\alan2\Desktop\Turbo C++.lnk
[2008/08/08 06:16:13 | 00,000,638 | ---- | C] () -- D:\Documents and Settings\alan2\Start Menu\Programs\Startup\ERUNT.lnk
[2008/08/08 06:16:13 | 00,000,632 | ---- | C] () -- D:\Documents and Settings\alan2\Start Menu\Programs\Startup\miTaggedMarks.lnk
[2008/08/07 14:33:49 | 00,000,000 | ---D | C] -- D:\Documents and Settings\alan2\Application Data\Mael
[2008/08/07 09:48:18 | 00,000,498 | ---- | C] () -- D:\Documents and Settings\alan2\Desktop\HxD.lnk
[2008/08/07 09:48:17 | 00,000,000 | ---D | C] -- C:\Program Files\HxD
[2008/08/07 07:14:43 | 00,000,000 | ---D | C] -- C:\Program Files\PdfToText
[2008/08/06 19:18:14 | 00,000,000 | ---D | C] -- D:\Documents and Settings\alan2\Local Settings\Application Data\Borland
[2008/08/06 18:55:22 | 00,000,000 | ---D | C] -- D:\Documents and Settings\alan2\My Documents\Borland Studio Projects
[2008/08/06 18:55:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Borland Shared
[2008/08/06 18:55:22 | 00,000,000 | ---D | C] -- C:\Program Files\Borland
[2008/08/06 18:40:42 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio .NET 2003
[2008/08/02 12:12:18 | 00,000,000 | ---D | C] -- D:\Documents and Settings\alan2\Local Settings\Application Data\LearnLift
[2008/08/02 12:10:17 | 00,000,000 | ---D | C] -- D:\Documents and Settings\alan2\Application Data\LearnLift
[2008/08/02 12:10:04 | 00,001,558 | ---- | C] () -- D:\Documents and Settings\alan2\Desktop\MemoryLifter 2.1.lnk
[2008/08/02 12:09:59 | 00,000,000 | ---D | C] -- C:\Program Files\MemoryLifter2
[2008/07/27 08:42:42 | 00,000,609 | ---- | C] () -- D:\Documents and Settings\alan2\Desktop\Ad-Aware.lnk
[2008/07/27 08:42:39 | 00,000,000 | ---D | C] -- C:\Program Files\AdAware2008
[2008/07/24 09:31:36 | 04,393,256 | ---- | C] () -- D:\Documents and Settings\alan2\Desktop\AmiBroker Forum2.chm
[2008/07/17 13:58:03 | 04,293,297 | ---- | C] () -- D:\Documents and Settings\alan2\Desktop\Broker.chm
[2008/07/17 09:17:24 | 00,000,000 | ---D | C] -- D:\Documents and Settings\alan2\My Documents\Data
[2008/07/16 14:40:46 | 04,305,206 | ---- | C] () -- D:\Documents and Settings\alan2\Desktop\AmiBroker Forum.chm
[2008/07/10 10:14:42 | 00,000,000 | ---D | C] -- D:\Documents and Settings\alan2\My Documents\SnagIt
[2008/07/09 09:49:31 | 13,322,7519 | ---- | C] () -- D:\Documents and Settings\alan2\Desktop\OOo_2.4.1_Win32Intel_install_wJRE_en-US.exe

========== Files - Modified Within 90 Days ==========

[4 C:\WINDOWS\*.tmp files]
[2008/10/06 07:23:18 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/06 07:20:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/06 07:19:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/05 19:59:00 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2008/10/05 19:03:09 | 00,419,328 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\alan2\Desktop\OTViewIt.exe
[2008/10/05 13:56:29 | 00,000,069 | ---- | M] () -- C:\qt.conf
[2008/10/03 09:19:25 | 00,001,634 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\SnagIt 9.lnk
[2008/10/03 09:19:25 | 00,000,702 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\SnagIt 9 Editor.lnk
[2008/10/03 08:56:18 | 00,305,705 | ---- | M] () -- D:\Documents and Settings\alan2\Desktop\RSIT.exe
[2008/09/29 09:01:30 | 00,000,680 | ---- | M] () -- D:\Documents and Settings\alan2\Desktop\Mnemosyne.lnk
[2008/09/28 19:42:53 | 00,000,576 | ---- | M] () -- D:\Documents and Settings\alan2\Desktop\SpywareBlaster.lnk
[2008/09/28 10:06:31 | 00,001,482 | ---- | M] () -- D:\Documents and Settings\alan2\Desktop\HijackThis.lnk
[2008/09/19 09:15:35 | 00,002,617 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/09/18 10:26:24 | 00,000,638 | ---- | M] () -- D:\Documents and Settings\alan2\Desktop\Copy of Mnemosyne.lnk
[2008/08/31 19:50:21 | 05,652,328 | ---- | M] (Microsoft Corporation) -- D:\Documents and Settings\alan2\Desktop\msxml4-KB936181-enu.exe
[2008/08/26 21:28:12 | 16,208,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/08/24 11:08:15 | 00,260,706 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/08/24 10:59:01 | 00,000,784 | ---- | M] () -- D:\Documents and Settings\alan2\Desktop\Spybot - Search & Destroy.lnk
[2008/08/24 10:35:00 | 14,968,808 | ---- | M] (Safer Networking Limited ) -- D:\Documents and Settings\alan2\Desktop\spybotsd160.exe
[2008/08/24 09:52:38 | 24,112,168 | ---- | M] () -- D:\Documents and Settings\alan2\My Documents\EasyCleanerDuplicateFiles.htm
[2008/08/24 07:40:26 | 00,001,458 | ---- | M] () -- D:\Documents and Settings\alan2\Desktop\CCleaner.lnk
[2008/08/23 11:09:33 | 00,000,936 | ---- | M] () -- D:\Documents and Settings\alan2\Desktop\MS Visual C++ 2008 Express Edition.lnk
[2008/08/20 14:28:16 | 00,000,714 | ---- | M] () -- D:\Documents and Settings\alan2\Start Menu\Programs\Startup\RemindMe.lnk
[2008/08/16 09:12:20 | 00,000,834 | ---- | M] () -- D:\Documents and Settings\alan2\Desktop\FulRecall.lnk
[2008/08/11 13:01:59 | 00,001,458 | ---- | M] () -- D:\Documents and Settings\alan2\Desktop\FreeMind.lnk
[2008/08/09 14:53:42 | 00,000,764 | ---- | M] () -- D:\Documents and Settings\alan2\Desktop\Turbo C++.lnk
[2008/08/08 19:36:36 | 00,001,415 | ---- | M] () -- D:\Documents and Settings\alan2\Desktop\Windows Explorer.lnk
[2008/08/07 09:48:18 | 00,000,498 | ---- | M] () -- D:\Documents and Settings\alan2\Desktop\HxD.lnk
[2008/08/03 06:34:16 | 00,316,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/08/02 19:38:15 | 00,087,072 | ---- | M] () -- D:\Documents and Settings\alan2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/08/02 18:37:17 | 13,322,7519 | ---- | M] () -- D:\Documents and Settings\alan2\Desktop\OOo_2.4.1_Win32Intel_install_wJRE_en-US.exe
[2008/08/02 12:10:04 | 00,001,558 | ---- | M] () -- D:\Documents and Settings\alan2\Desktop\MemoryLifter 2.1.lnk
[2008/07/27 08:42:42 | 00,000,609 | ---- | M] () -- D:\Documents and Settings\alan2\Desktop\Ad-Aware.lnk
[2008/07/22 16:24:42 | 04,393,256 | ---- | M] () -- D:\Documents and Settings\alan2\Desktop\AmiBroker Forum2.chm
[2008/07/19 15:43:08 | 01,163,960 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2008/07/19 15:37:42 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2008/07/19 15:37:21 | 00,094,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2008/07/19 15:35:18 | 00,078,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2008/07/19 15:33:42 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2008/07/19 15:32:36 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2008/07/19 15:32:15 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2008/07/19 15:30:53 | 00,094,392 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2008/07/18 22:10:48 | 00,094,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
[2008/07/18 22:10:48 | 00,094,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2008/07/18 22:10:40 | 00,045,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2008/07/18 22:10:24 | 00,033,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2008/07/18 22:10:20 | 00,036,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2008/07/18 22:10:20 | 00,036,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2008/07/18 22:09:46 | 00,325,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2008/07/18 22:09:46 | 00,325,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2008/07/18 22:09:46 | 00,215,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl
[2008/07/18 22:09:46 | 00,215,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2008/07/18 22:09:44 | 00,563,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2008/07/18 22:09:44 | 00,563,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2008/07/18 22:09:44 | 00,205,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuweb.dll
[2008/07/18 22:09:44 | 00,205,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2008/07/18 22:09:42 | 01,811,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll
[2008/07/18 22:09:42 | 01,811,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2008/07/18 22:09:42 | 00,025,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2008/07/18 22:09:36 | 00,025,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2008/07/18 22:08:34 | 00,020,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2008/07/18 22:07:34 | 00,270,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2008/07/18 22:07:32 | 00,210,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2008/07/18 22:07:32 | 00,029,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2008/07/18 14:51:36 | 00,000,152 | RHS- | M] () -- C:\WINDOWS\System32\E17EEFE802.dll
[2008/07/16 14:40:46 | 04,305,206 | ---- | M] () -- D:\Documents and Settings\alan2\Desktop\AmiBroker Forum.chm
[2008/07/14 12:09:18 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tzchange.exe
< End of report >

-------------------------------------------------

OTViewIt Extras logfile created on: 06/10/2008 07:41:34 - Run 2
OTViewIt by OldTimer - Version 1.0.9.4 Folder = D:\Documents and Settings\alan2\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.74% Memory free
3.85 Gb Paging File | 3.37 Gb Available in Paging File | 87.57% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.32 Gb Total Space | 1.05 Gb Free Space | 3.57% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 1.59 Gb Free Space | 10.86% Space Free | Partition Type: NTFS
Drive E: | 20.33 Gb Total Space | 19.75 Gb Free Space | 97.14% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALANSLAPTOP
Current User Name: alan2
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 90 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 00:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019
[2006/10/10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 00:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019
[2006/10/10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
File not found -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/11/07 10:23:16 | 00,991,736 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 09:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/03/14 13:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055A0044-64A6-4248-A026-9745C1E9E159}"=Microsoft Encarta Encyclopedia Standard 2005
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}"=Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{12650598-D7B9-4FB5-91B2-2CAA641AC589}"=Trend Micro RUBotted
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}"=Microsoft Visual J# .NET Redistributable Package 1.1
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}"=Google Earth
"{212F5777-1190-4DEF-8E4D-6B2F313B45E7}"=PerfectDisk
"{23170F69-40C1-2701-0442-000001000000}"=7-Zip 4.42
"{23970E31-948B-466E-8376-1224D32FDF0C}"=Convert
"{23E5C72C-CC08-4EE0-9CC2-D925B232B331}"=Microsoft MSDN 2005 Express Edition - ENU
"{278FBF4E-B351-4762-B623-A1AF77F911A4}"=MDE InfoHandler 10
"{2857F38B-BFD4-4492-9DA1-64E12C08781C}"=SudokuTiger
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}"=OpenOffice.org 2.4
"{2E821791-CFA8-455E-91C5-8D251C082C03}"=MemoryLifter
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}"=Microsoft .NET Framework 3.5
"{3248F0A8-6813-11D6-A77B-00B0D0150120}"=J2SE Runtime Environment 5.0 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0160000}"=Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}"=Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java(TM) 6 Update 5
"{32A3A4F4-B792-11D6-A78A-00B0D0150120}"=J2SE Development Kit 5.0 Update 12
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}"=Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}"=Windows Live Outlook Toolbar (Windows Live Toolbar)
"{3E9B7D2E-545E-4851-B4D5-BEC99D7DB2BB}_is1"=Genie Backup Manager Home 8.0
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}"=Microsoft Picture It! Library 10
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}"=Microsoft Works
"{42756145-9997-4D28-809B-8756BFD00106}"=Microsoft Photo Premium 10
"{49672EC2-171B-47B4-8CE7-50D7806360D7}"=Windows Live Sign-in Assistant
"{49C69876-0196-4620-B237-EA334C2E40B5}"=ActivePerl 5.10.0 Build 1002
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}"=OneCare Advisor (Windows Live Toolbar)
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}"=SnagIt 9
"{612B9183-67A9-4B44-9877-2F059E35B86A}"=Broadcom 440x 10/100 Integrated Controller
"{65FA8193-0611-49E8-899F-DE04FBB80231}"=SudokuSolver
"{66A7A386-6F35-41A7-A731-101F0C0153C8}"=Popup Blocker (Windows Live Toolbar)
"{67E4EE98-59F4-4220-89A6-A20AF5BEC689}"=Microsoft AutoRoute 2005
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}"=Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}"=Python 2.5.2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{76EFAC4F-1712-401F-B2AE-590B170C9BCE}"=StartupMonitor
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}"=Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}"=Windows Live Favorites for Windows Live Toolbar
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1"=CDBurnerXP
"{7ED5371F-F4EA-48F9-B8F7-C8777AD9DF69}"=Borland Turbo C++
"{80010C5D-7520-4369-8D67-52C688BDCEFC}"=SudokuSolver Help
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}"=Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}"=Rhapsody Player Engine
"{8AA037A8-E104-493A-A962-8D58535A0198}"=MySQL Server 5.0
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}"=VC_MergeModuleToMSI
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{9645A95A-CEF9-4B9A-A34C-60D226576CF5}"=Diskeeper Home Edition
"{9F7FC79B-3059-4264-9450-39EB368E3225}"=Microsoft Digital Image Library 9 - Blocker
"{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}"=ATI Catalyst Control Center
"{A051CB24-316B-4D2D-8E25-9D3900DDF7C8}"=Puzzle Tiger
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}"=SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AED0B5AC-0771-4600-9777-9C4C910EBE09}"=Open Workbench
"{B03A666D-A323-4D05-8750-A3F4196E176A}"=Microsoft Transliteration Utility
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B4C0A315-07FB-39F9-85CD-8CE20C019350}"=Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{BDFE199D-E889-4BB6-BECB-C4BDF5700849}"=Documents To Go
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}"=Microsoft Works Suite Add-in for Microsoft Word
"{D1846BA1-6118-3EDF-8C57-6E1A04646738}"=Microsoft Visual C++ 2008 Express Edition - ENU
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}"=Alcatel SpeedTouch USB Software
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}"=Windows Live Toolbar
"{DDB043A6-85F1-4B6D-85BE-D83DFB12F5C1}"=ActiveState Komodo Personal 3.5.3
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}"=Works Upgrade
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}"=Microsoft .NET Framework SDK (English) 1.1
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}"=Smart Menus (Windows Live Toolbar)
"{F5346614-B7C4-4E94-826A-E2363155233D}"=EasyCleaner
"{FF8157AA-F640-45BD-B7C2-BAA1016B267A}"=palmOne
"274c5407c4fa26908310cb5c1c5510001455655908"=NetBeans IDE 5.5.1
"4569969E1360D2854474C661EF9B4D54F143EB16"=Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"ActiveScan 2.0"=Panda ActiveScan 2.0
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Agent Ransack_is1"=Agent Ransack Version 1.7.3
"All ATI Software"=ATI - Software Uninstall Utility
"AmiBroker_is1"=AmiBroker 5.10
"A-PDF Text Extractor_is1"=A-PDF Text Extractor 1.1
"ATI Display Driver"=ATI Display Driver
"AuthorIT V4"=AuthorIT V4
"avast!"=avast! Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1"=FreeMind
"BC2_is1"=Beyond Compare Version 2.5.2
"BrainTrainAge_is1"=Brain Train Age V3.50
"Broadcom 802.11b Network Adapter"=Dell Wireless WLAN Card
"CCleaner"=CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3"=Conexant HDA D110 MDC V.92 Modem
"COMODO Firewall Pro"=COMODO Firewall Pro
"EarMaster Pro 5_is1"=EarMaster Pro 5
"EsetOnlineScanner"=ESET Online Scanner
"Freecom Backup Software_is1"=Freecom Backup Software 1.15
"HijackThis"=HijackThis 2.0.2
"HTML Help Workshop"=HTML Help Workshop
"HxD Hex Editor_is1"=HxD Hex Editor version 1.7.6.3
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"jv16 PowerTools_is1"=jv16 PowerTools 2007
"KB835221WXP"=High Definition Audio Driver Package - KB835221
"KB909520"=Microsoft Base Smart Card Cryptographic Service Provider Package
"Killer Sudoku YG_is1"=Killer Sudoku 0.1
"KLiteCodecPack_is1"=K-Lite Mega Codec Pack 3.3.0
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5"=Microsoft .NET Framework 3.5
"Microsoft MSDN 2005 Express Edition - ENU"=Microsoft MSDN 2005 Express Edition - ENU
"Microsoft Visual C++ 2008 Express Edition - ENU"=Microsoft Visual C++ 2008 Express Edition - ENU
"miTaggedMarks17_is1"=miTaggedMarks 1.7
"Mnemosyne_is1"=Mnemosyne 1.1.1
"Money2005b"=Microsoft Money
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"nbi-nb-base-6.5.0.0.200806160002"=NetBeans IDE Build 200806160002
"nbi-tomcat-6.0.16.0.0"=Apache Tomcat 6.0.16
"NetMeter_is1"=NetMeter 1.1.3
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Pacestar UML Diagrammer"=Pacestar UML Diagrammer
"Personal Knowbase 3.0.5"=Personal Knowbase 3.0.5
"PictureItPrem_v10"=Microsoft Photo Premium 10
"Powermarks 3.5"=Powermarks 3.5
"Punch! Professional Home Design"=Punch! Professional Home Design
"Puzzle Tiger"=Puzzle Tiger
"PyQt GPL v4.4.3 for Python v2.5"=PyQt GPL v4.4.3 for Python v2.5
"RealPlayer 6.0"=RealPlayer
"RegWorks Lite_is1"=RegWorks Lite 1.3
"Shockwave"=Shockwave
"SpywareBlaster_is1"=SpywareBlaster 4.1
"ST6UNST #3"=Remove Access Passwords 2.0 (C:\Program Files\Raccess\)
"SudokuTiger"=SudokuTiger
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"The Regex Coach_is1"=The Regex Coach 0.9.2
"TomTom HOME"=TomTom HOME
"WIC"=Windows Imaging Component
"Windows HLP To RTF_is1"=Windows HLP To RTF V5.6
"Windows Live Toolbar"=Windows Live Toolbar
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinFlash Educator v10_is1"=WinFlash Educator v10
"WinHTTrack Website Copier_is1"=WinHTTrack Website Copier 3.33
"WinZip"=WinZip
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Works2005Setup"=Microsoft Works 2005 Setup Launcher
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"www.djape.net - Perfect Sudoku_is1"=Perfect Sudoku Solver & Generator v0.4
"XMLmind XML Editor_is1"=XMLmind XML Editor Professional Edition 3.6.0 (2007-04-23)
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"YInstHelper"=Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"The DownLoader 10.1"=The DownLoader 10.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1482476501-1060284298-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"The DownLoader 10.1"=The DownLoader 10.1

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 10/04/2008 01:01:19 | Computer Name = ALANSLAPTOP | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\DOCUMENTS AND SETTINGS\ALAN2\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UATR3XZE.DEFAULT\PREFS.JS
failed, 00000005.

Error - 31/05/2008 03:35:41 | Computer Name = ALANSLAPTOP | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://garr.dl.sourceforge.net/sourceforge/gparted/gparted-live-0.3.6-7.iso failed,
00000084.

Error - 03/06/2008 12:55:08 | Computer Name = ALANSLAPTOP | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\DOCUMENTS AND SETTINGS\ALAN2\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UATR3XZE.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}\DEFAULTS\PREFERENCES\PRIVACYCONTROL.JS
failed, 00000005.

Error - 03/06/2008 12:55:08 | Computer Name = ALANSLAPTOP | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\DOCUMENTS AND SETTINGS\ALAN2\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UATR3XZE.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}\DEFAULTS\PREFERENCES\FILTERS.JS
failed, 00000005.

Error - 03/06/2008 12:55:08 | Computer Name = ALANSLAPTOP | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\DOCUMENTS AND SETTINGS\ALAN2\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UATR3XZE.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}\DEFAULTS\PREFERENCES\DTA.JS
failed, 00000005.

Error - 03/06/2008 12:55:08 | Computer Name = ALANSLAPTOP | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\DOCUMENTS AND SETTINGS\ALAN2\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UATR3XZE.DEFAULT\EXTENSIONS\{36EC55C0-D27E-11D8-9418-444553540001}\DEFAULTS\PREFERENCES\HCPM.JS
failed, 00000005.

Error - 03/06/2008 12:55:08 | Computer Name = ALANSLAPTOP | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\DOCUMENTS AND SETTINGS\ALAN2\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UATR3XZE.DEFAULT\EXTENSIONS\{ADA4B710-8346-4B82-8199-5DE2B400A6AE}\DEFAULTS\PREFERENCES\REMINDERFOX.JS
failed, 00000005.

Error - 03/06/2008 12:55:08 | Computer Name = ALANSLAPTOP | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\DOCUMENTS AND SETTINGS\ALAN2\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UATR3XZE.DEFAULT\PREFS.JS
failed, 00000005.

Error - 03/06/2008 12:55:09 | Computer Name = ALANSLAPTOP | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\DOCUMENTS AND SETTINGS\ALAN2\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UATR3XZE.DEFAULT\SESSIONSTORE.JS
failed, 00000005.

Error - 27/07/2008 03:46:05 | Computer Name = ALANSLAPTOP | Source = avast! | ID = 33554522
Description = AAVM - initialization error: AavmStart: avworkInitialize failed, 0000A413.


[ Application Events ]
Error - 24/08/2008 05:25:53 | Computer Name = ALANSLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application EasyClea.exe, version 2.0.6.380, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 24/08/2008 05:26:22 | Computer Name = ALANSLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application ad-aware.exe, version 7.1.0.10, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 28/08/2008 14:52:28 | Computer Name = ALANSLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3105, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 28/08/2008 14:53:10 | Computer Name = ALANSLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3105, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 31/08/2008 14:43:07 | Computer Name = ALANSLAPTOP | Source = MsiInstaller | ID = 11706
Description = Product: MSXML 4.0 SP2 (KB927978) -- Error 1706. An installation package
for the product MSXML 4.0 SP2 (KB927978) cannot be found. Try the installation
again using a valid copy of the installation package &apos;msxml.msi&apos;.

Error - 15/09/2008 03:05:36 | Computer Name = ALANSLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3105, faulting module
unknown, version 0.0.0.0, fault address 0x67889bc0.

Error - 28/09/2008 02:34:26 | Computer Name = ALANSLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application ad-aware.exe, version 7.1.0.11, faulting module
ad-aware.exe, version 7.1.0.11, fault address 0x0014b4ec.

Error - 28/09/2008 02:34:37 | Computer Name = ALANSLAPTOP | Source = Application Error | ID = 1001
Description = Fault bucket 931756807.

Error - 28/09/2008 03:00:33 | Computer Name = ALANSLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.0.30, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 28/09/2008 03:00:50 | Computer Name = ALANSLAPTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 834373986.

[ Application Events ]
Error - 24/08/2008 05:25:53 | Computer Name = ALANSLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application EasyClea.exe, version 2.0.6.380, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 24/08/2008 05:26:22 | Computer Name = ALANSLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application ad-aware.exe, version 7.1.0.10, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 28/08/2008 14:52:28 | Computer Name = ALANSLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3105, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 28/08/2008 14:53:10 | Computer Name = ALANSLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3105, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 31/08/2008 14:43:07 | Computer Name = ALANSLAPTOP | Source = MsiInstaller | ID = 11706
Description = Product: MSXML 4.0 SP2 (KB927978) -- Error 1706. An installation package
for the product MSXML 4.0 SP2 (KB927978) cannot be found. Try the installation
again using a valid copy of the installation package &apos;msxml.msi&apos;.

Error - 15/09/2008 03:05:36 | Computer Name = ALANSLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3105, faulting module
unknown, version 0.0.0.0, fault address 0x67889bc0.

Error - 28/09/2008 02:34:26 | Computer Name = ALANSLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application ad-aware.exe, version 7.1.0.11, faulting module
ad-aware.exe, version 7.1.0.11, fault address 0x0014b4ec.

Error - 28/09/2008 02:34:37 | Computer Name = ALANSLAPTOP | Source = Application Error | ID = 1001
Description = Fault bucket 931756807.

Error - 28/09/2008 03:00:33 | Computer Name = ALANSLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.0.30, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 28/09/2008 03:00:50 | Computer Name = ALANSLAPTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 834373986.

[ System Events ]
Error - 05/10/2008 08:38:52 | Computer Name = ALANSLAPTOP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 05/10/2008 08:38:52 | Computer Name = ALANSLAPTOP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 05/10/2008 08:38:52 | Computer Name = ALANSLAPTOP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 05/10/2008 08:38:52 | Computer Name = ALANSLAPTOP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 05/10/2008 08:38:52 | Computer Name = ALANSLAPTOP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 05/10/2008 08:38:52 | Computer Name = ALANSLAPTOP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 05/10/2008 08:38:52 | Computer Name = ALANSLAPTOP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 05/10/2008 08:38:52 | Computer Name = ALANSLAPTOP | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 05/10/2008 08:54:15 | Computer Name = ALANSLAPTOP | Source = DCOM | ID = 10010
Description = The server {222F1C6D-F430-4B76-B3F1-1FE92E214AD3} did not register
with DCOM within the required timeout.

Error - 05/10/2008 13:34:54 | Computer Name = ALANSLAPTOP | Source = DCOM | ID = 10010
Description = The server {222F1C6D-F430-4B76-B3F1-1FE92E214AD3} did not register
with DCOM within the required timeout.


< End of report >

 

Please note that due to forum software errors, there are two identical posts immediately before this post.
.

 

Well, I just don't see that this is something to worry about. You can spend all sorts of time digging around, but we've already determined the file does not appear to be malicious.

OTViewIt has a dropdown box on it, to select search parameters. One could select All, but there's still no guarantee everything will show up. The output would be huge, and I personally would not want to wade through such volumes of data.

For one thing, this folder you're trying to pinpoint is not on the %systemdrive%, which is where most malware places itself, and most scanners look.

I think the folder is safe to ignore.

 

Many thanks for all your help.

I've learned a lot of useful techniques and software.
.