Hi to everyone out there, i hav a problem with task manger, whenever i press Clt, alt, delete, instead of the task manager, windows pop up a message saying
task manager have been disable by the administrator, also when try to run regedit, the same message came out. if anyone knows hw to solve this pls help me out, thx in advance.

MBAM Log -
-----------------------------------
Malwarebytes' Anti-Malware 1.30
Database version: 1349
Windows 5.1.2600 Service Pack 3

11/1/2008 6:15:03 PM
mbam-log-2008-11-01 (18-15-03).txt

Scan type: Full Scan (C:\|)
Objects scanned: 123766
Time elapsed: 28 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
----------------------------------

Panda scan

;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-11-01 17:42:36
PROTECTIONS: 0
MALWARE: 9
SUSPECTS: 1
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinDisableri1.zip
00055170 mIRC/Gen Virus/Worm No 0 Yes No C:\Program Files\ZincPlay\Zion\mirc.ini
00055170 mIRC/Gen Virus/Worm No 0 Yes No C:\Program Files\ZincPlay\Zion\defaults\mirc.ini
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Zj\Cookies\zj@atdmt[1].txt
00172825 Joke/Stress Jokes No 0 Yes No C:\Documents and Settings\Zj\Desktop\Mass Folder\Desktop Pet\stress reducers.exe
00249874 application/alfacleaner HackTools No 0 Yes No c:\documents and settings\zj\application data\skinux
00366659 Trj/Flashy.B Virus/Trojan Yes 1 Yes No C:\Documents and Settings\Zj\Start Menu\Programs\Startup\systemID.pif
00366659 Trj/Flashy.B Virus/Trojan No 0 Yes No c:\windows\system32\flashy.exe
00366659 Trj/Flashy.B Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{C8F90F4F-756E-44D6-A309-0118A669550F}\RP127\A0019276.exe
00437348 Trj/Multidropper.ROJ Virus/Trojan No 1 No No C:\System Volume Information\_restore{C8F90F4F-756E-44D6-A309-0118A669550F}\RP127\A0018953.exe[C:\System Volume Information\_restore{C8F90F4F-756E-44D6-A309-0118A669550F}\RP127\A0018953.exe][keygen.exe]
03939461 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\System Volume Information\_restore{C8F90F4F-756E-44D6-A309-0118A669550F}\RP127\A0018953.exe[C:\System Volume Information\_restore{C8F90F4F-756E-44D6-A309-0118A669550F}\RP127\A0018953.exe][serial.exe]
03955213 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\System Volume Information\_restore{C8F90F4F-756E-44D6-A309-0118A669550F}\RP127\A0018953.exe[C:\System Volume Information\_restore{C8F90F4F-756E-44D6-A309-0118A669550F}\RP127\A0018953.exe][install.exe]
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location
;===============================================================================
================================================================================
=
===================
No C:\Program Files\ZincPlay\Zion\mirc.exe
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================


HiJack This Scan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:44:30 PM, on 11/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PPStream\ppsap.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\DOCUME~1\Zj\LOCALS~1\Temp\IXP002.TMP\IDMan.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Zj\Start Menu\Programs\Startup\systemID.pif
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: ThunderAtOnce Class - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Thunder Browser Helper - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PPVADownloader - {A986E409-30CC-4185-89BB-AB212C104524} - C:\Program Files\PPLiveVA\DownloaderManager.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Flashy Bot] C:\WINDOWS\system32\Flashy.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe
O4 - HKCU\..\Run: [PPLiveVA] C:\Program Files\PPLiveVA\PPLiveVA.exe /LoadModule PPVA.DLL /M REAL /S 0 /T 0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\DOCUME~1\Zj\LOCALS~1\Temp\IXP002.TMP\IDMan.exe /onboot
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ares vista] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: systemID.pif = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download all links with IDM - C:\DOCUME~1\Zj\LOCALS~1\Temp\IXP002.TMP\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\DOCUME~1\Zj\LOCALS~1\Temp\IXP002.TMP\IEGetVL.htm
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Crux P2P\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: Download with IDM - C:\DOCUME~1\Zj\LOCALS~1\Temp\IXP002.TMP\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3762EAFD-884B-4C79-9AF3-2BB1C48B68D7}: NameServer = 192.168.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: My Current Home Page - About:Home

--
End of file - 10394 bytes

Hello

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Hi, again

here's the log


--------------------\\ Lop S&D 4.2.4-9b XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Core™2 Duo CPU E6750 @ 2.66GHz )
BIOS : Default System BIOS
USER : Zj ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:298 Go (Free:29 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|04:15 )
Option : [1] ( Sat 11/01/2008|23:56 )

--------------------\\ Listing folders in APPLIC~1

[10/25/2008|08:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[10/27/2008|05:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[10/18/2008|12:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[08/21/2008|02:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[08/21/2008|02:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[09/26/2008|11:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Creative
[09/30/2008|10:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DAEMON Tools Pro
[09/27/2008|07:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Jlcm
[08/25/2008|10:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kodak
[10/16/2008|10:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> KONAMI
[08/20/2008|10:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[09/11/2008|10:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[10/16/2008|03:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[09/29/2008|01:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Naked Brothers Band
[10/01/2008|04:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PPLive
[10/12/2008|08:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PPLiveVA
[11/01/2008|04:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PPLiveVAPPLiveVAShareFlv
[11/01/2008|03:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[10/31/2008|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[09/23/2008|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Thunder Network
[10/31/2008|02:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> thunder_vod_cache
[10/12/2008|03:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TVU Networks
[08/24/2008|02:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[09/11/2008|10:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[10/30/2008|10:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[08/20/2008|10:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[08/20/2008|10:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[08/20/2008|10:03] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[10/18/2008|12:22] C:\DOCUME~1\Zj\APPLIC~1\<DIR> Adobe
[08/22/2008|02:24] C:\DOCUME~1\Zj\APPLIC~1\<DIR> Apple Computer
[08/22/2008|12:10] C:\DOCUME~1\Zj\APPLIC~1\<DIR> Bearshare Premium P2P
[09/11/2008|02:14] C:\DOCUME~1\Zj\APPLIC~1\<DIR> Carnival Software
[09/26/2008|11:00] C:\DOCUME~1\Zj\APPLIC~1\<DIR> Creative
[08/20/2008|11:11] C:\DOCUME~1\Zj\APPLIC~1\<DIR> DAEMON Tools
[09/30/2008|10:07] C:\DOCUME~1\Zj\APPLIC~1\<DIR> DAEMON Tools Pro
[11/01/2008|04:32] C:\DOCUME~1\Zj\APPLIC~1\<DIR> DMCache
[09/23/2008|04:26] C:\DOCUME~1\Zj\APPLIC~1\<DIR> Gearbox Software
[09/25/2008|03:19] C:\DOCUME~1\Zj\APPLIC~1\<DIR> Hamachi
[09/28/2008|07:13] C:\DOCUME~1\Zj\APPLIC~1\<DIR> HTML Executable
[08/20/2008|10:09] C:\DOCUME~1\Zj\APPLIC~1\<DIR> Identities
[09/17/2008|01:29] C:\DOCUME~1\Zj\APPLIC~1\<DIR> IDM
[08/25/2008|01:22] C:\DOCUME~1\Zj\APPLIC~1\<DIR> ImgBurn
[10/02/2008|03:48] C:\DOCUME~1\Zj\APPLIC~1\<DIR> Leadertech
[08/20/2008|08:39] C:\DOCUME~1\Zj\APPLIC~1\<DIR> Macromedia
[08/20/2008|10:41] C:\DOCUME~1\Zj\APPLIC~1\<DIR> Malwarebytes
[08/22/2008|02:28] C:\DOCUME~1\Zj\APPLIC~1\<DIR> Media Player Classic
[09/22/2008|01:42] C:\DOCUME~1\Zj\APPLIC~1\<DIR> Microsoft
[09/28/2008|12:04] C:\DOCUME~1\Zj\APPLIC~1\<DIR> mIRC
[08/20/2008|10:27] C:\DOCUME~1\Zj\APPLIC~1\<DIR> Mozilla
[09/24/2008|03:31] C:\DOCUME~1\Zj\APPLIC~1\<DIR> PPLive
[09/27/2008|08:04] C:\DOCUME~1\Zj\APPLIC~1\<DIR> PPLiveVA
[10/02/2008|03:16] C:\DOCUME~1\Zj\APPLIC~1\<DIR> PPStream
[08/22/2008|10:04] C:\DOCUME~1\Zj\APPLIC~1\<DIR> Real
[08/20/2008|08:07] C:\DOCUME~1\Zj\APPLIC~1\<DIR> SecuROM
[09/11/2008|06:28] C:\DOCUME~1\Zj\APPLIC~1\<DIR> Shareaza
[08/24/2008|05:45] C:\DOCUME~1\Zj\APPLIC~1\<DIR> Skinux
[09/11/2008|06:24] C:\DOCUME~1\Zj\APPLIC~1\<DIR> SPORE
[09/17/2008|01:34] C:\DOCUME~1\Zj\APPLIC~1\<DIR> Sun
[10/31/2008|11:24] C:\DOCUME~1\Zj\APPLIC~1\<DIR> SUPERAntiSpyware.com
[08/20/2008|08:30] C:\DOCUME~1\Zj\APPLIC~1\<DIR> TmpRecentIcons
[09/27/2008|08:19] C:\DOCUME~1\Zj\APPLIC~1\<DIR> TVU Networks
[11/01/2008|11:52] C:\DOCUME~1\Zj\APPLIC~1\<DIR> uTorrent
[09/24/2008|03:48] C:\DOCUME~1\Zj\APPLIC~1\<DIR> vlc
[08/20/2008|10:36] C:\DOCUME~1\Zj\APPLIC~1\<DIR> WinRAR

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[10/27/2008 05:30 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[11/01/2008 04:13 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/24/2001 04:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[10/08/2008|11:02] C:\Program Files\<DIR> 7-Zip
[10/14/2008|11:42] C:\Program Files\<DIR> Activision
[10/18/2008|12:22] C:\Program Files\<DIR> Adobe
[09/21/2008|06:52] C:\Program Files\<DIR> AGEIA Technologies
[09/11/2008|06:14] C:\Program Files\<DIR> Apple Software Update
[08/22/2008|05:09] C:\Program Files\<DIR> Ares
[09/02/2008|03:16] C:\Program Files\<DIR> AviSynth 2.5
[09/28/2008|07:46] C:\Program Files\<DIR> Bonjour
[09/11/2008|02:14] C:\Program Files\<DIR> Caricature Studio Green 3.6
[08/20/2008|11:19] C:\Program Files\<DIR> CCleaner
[10/18/2008|12:22] C:\Program Files\<DIR> Common Files
[09/27/2008|03:14] C:\Program Files\<DIR> Creative
[09/30/2008|10:08] C:\Program Files\<DIR> DAEMON Tools Pro
[09/02/2008|01:13] C:\Program Files\<DIR> Devious Codeworks
[08/25/2008|01:00] C:\Program Files\<DIR> DVD Decrypter
[09/11/2008|11:13] C:\Program Files\<DIR> EA GAMES
[10/02/2008|03:38] C:\Program Files\<DIR> EA Sports
[10/25/2008|08:40] C:\Program Files\<DIR> Electronic Arts
[11/01/2008|09:01] C:\Program Files\<DIR> eMule
[09/02/2008|03:16] C:\Program Files\<DIR> eRightSoft
[09/06/2008|11:11] C:\Program Files\<DIR> Hamachi
[08/25/2008|01:05] C:\Program Files\<DIR> ImgBurn
[10/25/2008|08:40] C:\Program Files\<DIR> InstallShield Installation Information
[08/20/2008|10:16] C:\Program Files\<DIR> Intel
[08/20/2008|08:28] C:\Program Files\<DIR> Internet Download Manager
[10/16/2008|03:02] C:\Program Files\<DIR> Internet Explorer
[10/27/2008|05:54] C:\Program Files\<DIR> iPod
[10/25/2008|08:36] C:\Program Files\<DIR> Irrational Games
[10/27/2008|05:55] C:\Program Files\<DIR> iTunes
[09/02/2008|03:15] C:\Program Files\<DIR> IVMLAB
[10/31/2008|11:21] C:\Program Files\<DIR> Java
[09/11/2008|06:28] C:\Program Files\<DIR> KCeasy
[08/22/2008|02:26] C:\Program Files\<DIR> K-Lite Codec Pack
[08/25/2008|10:01] C:\Program Files\<DIR> Kodak
[09/09/2008|02:15] C:\Program Files\<DIR> Koei
[10/27/2008|12:21] C:\Program Files\<DIR> KONAMI
[09/08/2008|07:49] C:\Program Files\<DIR> Lionhead Studios
[09/02/2008|03:52] C:\Program Files\<DIR> MagicISO
[10/30/2008|11:04] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[09/26/2008|03:00] C:\Program Files\<DIR> Messenger
[08/20/2008|10:03] C:\Program Files\<DIR> microsoft frontpage
[08/28/2008|06:09] C:\Program Files\<DIR> Microsoft Office
[08/28/2008|06:09] C:\Program Files\<DIR> Microsoft Visual Studio
[08/28/2008|06:07] C:\Program Files\<DIR> Microsoft Visual Studio 8
[08/28/2008|06:09] C:\Program Files\<DIR> Microsoft Works
[08/28/2008|06:08] C:\Program Files\<DIR> Microsoft.NET
[09/28/2008|12:04] C:\Program Files\<DIR> mIRC
[09/25/2008|03:12] C:\Program Files\<DIR> Movie Maker
[11/01/2008|11:21] C:\Program Files\<DIR> Mozilla Firefox
[08/28/2008|06:09] C:\Program Files\<DIR> MSBuild
[08/20/2008|09:59] C:\Program Files\<DIR> MSN
[08/20/2008|10:00] C:\Program Files\<DIR> MSN Gaming Zone
[09/25/2008|03:10] C:\Program Files\<DIR> NetMeeting
[09/17/2008|04:22] C:\Program Files\<DIR> Night Watch
[08/20/2008|10:00] C:\Program Files\<DIR> Online Services
[09/25/2008|03:10] C:\Program Files\<DIR> Outlook Express
[09/13/2008|09:50] C:\Program Files\<DIR> P2P_Energy
[11/01/2008|04:39] C:\Program Files\<DIR> Panda Security
[10/05/2008|10:29] C:\Program Files\<DIR> PPLive
[11/01/2008|04:33] C:\Program Files\<DIR> PPLiveVA
[10/12/2008|03:50] C:\Program Files\<DIR> PPStream
[09/11/2008|12:12] C:\Program Files\<DIR> QuickTime
[08/22/2008|10:03] C:\Program Files\<DIR> Real
[09/05/2008|04:20] C:\Program Files\<DIR> Reality Pump
[08/20/2008|10:17] C:\Program Files\<DIR> Realtek
[09/28/2008|08:16] C:\Program Files\<DIR> SatelliteTVforPC
[11/01/2008|03:27] C:\Program Files\<DIR> Spybot - Search & Destroy
[10/31/2008|11:24] C:\Program Files\<DIR> SUPERAntiSpyware
[09/11/2008|08:39] C:\Program Files\<DIR> The Adventure Company
[10/01/2008|09:58] C:\Program Files\<DIR> The Witcher
[09/23/2008|11:41] C:\Program Files\<DIR> Thunder Network
[11/01/2008|05:44] C:\Program Files\<DIR> Trend Micro
[09/28/2008|08:17] C:\Program Files\<DIR> TVAnts
[10/12/2008|03:52] C:\Program Files\<DIR> TVUPlayer
[09/23/2008|04:09] C:\Program Files\<DIR> Ubisoft
[08/20/2008|10:09] C:\Program Files\<DIR> Uninstall Information
[10/01/2008|12:20] C:\Program Files\<DIR> Universal Extractor
[10/03/2008|05:10] C:\Program Files\<DIR> USB Vibration
[08/20/2008|10:29] C:\Program Files\<DIR> uTorrent
[09/24/2008|03:46] C:\Program Files\<DIR> VideoLAN
[11/01/2008|11:21] C:\Program Files\<DIR> Warcraft III
[09/11/2008|10:15] C:\Program Files\<DIR> Windows Live
[09/11/2008|10:18] C:\Program Files\<DIR> Windows Live Safety Center
[10/09/2008|06:41] C:\Program Files\<DIR> Windows Media Player
[09/25/2008|03:10] C:\Program Files\<DIR> Windows NT
[08/20/2008|10:02] C:\Program Files\<DIR> WindowsUpdate
[08/20/2008|10:36] C:\Program Files\<DIR> WinRAR
[08/20/2008|10:03] C:\Program Files\<DIR> xerox
[10/30/2008|09:46] C:\Program Files\<DIR> Yahoo!
[09/08/2008|10:30] C:\Program Files\<DIR> ZincPlay

--------------------\\ Listing Folders in C:\Program Files\Common Files

[10/18/2008|12:21] C:\Program Files\Common Files\<DIR> Adobe
[10/18/2008|12:22] C:\Program Files\Common Files\<DIR> Adobe AIR
[09/11/2008|12:11] C:\Program Files\Common Files\<DIR> Apple
[08/28/2008|06:09] C:\Program Files\Common Files\<DIR> DESIGNER
[09/22/2008|01:44] C:\Program Files\Common Files\<DIR> INCA Shared
[10/25/2008|08:36] C:\Program Files\Common Files\<DIR> InstallShield
[08/21/2008|11:53] C:\Program Files\Common Files\<DIR> Java
[09/11/2008|10:15] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/20/2008|10:01] C:\Program Files\Common Files\<DIR> MSSoap
[08/20/2008|01:22] C:\Program Files\Common Files\<DIR> ODBC
[08/22/2008|10:03] C:\Program Files\Common Files\<DIR> Real
[08/20/2008|10:01] C:\Program Files\Common Files\<DIR> Services
[08/20/2008|01:22] C:\Program Files\Common Files\<DIR> SpeechEngines
[09/25/2008|03:10] C:\Program Files\Common Files\<DIR> System
[09/23/2008|11:41] C:\Program Files\Common Files\<DIR> Thunder Network
[09/11/2008|10:15] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[10/31/2008|11:23] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[08/22/2008|10:03] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 37 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-01 23:56:46
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Zj\Application Data\uTorrent\Crysis Warhead Crack.torrent
C:\DOCUME~1\Zj\Application Data\uTorrent\FIFA.09.Crackfix-RELOADED.torrent
C:\DOCUME~1\Zj\Application Data\uTorrent\Pro Evolution Soccer 2008 (Crack and Serial) by SMoKE (FIXED).torrent
C:\DOCUME~1\Zj\Application Data\uTorrent\Pro Evolution Soccer 2009 Keygen Serial FIXED - Play Online PC PES 2009.torrent
C:\DOCUME~1\Zj\Application Data\uTorrent\SporeCrack.torrent
C:\DOCUME~1\Zj\Application Data\uTorrent\The two worlds keygen.rar.torrent


[F:41][D:14]-> C:\DOCUME~1\Zj\LOCALS~1\Temp
[F:21][D:0]-> C:\DOCUME~1\Zj\Cookies
[F:432][D:4]-> C:\DOCUME~1\Zj\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sat 11/01/2008|23:25 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Sat 11/01/2008|23:49 - Option : [1]
3 - "C:\Lop SD\LopR_3.txt" - Sat 11/01/2008|23:53 - Option : [1]
4 - "C:\Lop SD\LopR_4.txt" - Sat 11/01/2008|23:57 - Option : [1]

--------------------\\ Scan completed at 23:57:08

You got infected because you downloaded cracks

Please download the OTMoveIt3 by OldTimer or from here.

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  CODE
  :Processes
  explorer.exe
  
  :Services
  
  :Reg
  
  :Files
  C:\DOCUME~1\Zj\Application Data\uTorrent\Crysis Warhead Crack.torrent
  C:\DOCUME~1\Zj\Application Data\uTorrent\FIFA.09.Crackfix-RELOADED.torrent
  C:\DOCUME~1\Zj\Application Data\uTorrent\Pro Evolution Soccer 2008 (Crack and Serial) by SMoKE (FIXED).torrent
  C:\DOCUME~1\Zj\Application Data\uTorrent\Pro Evolution Soccer 2009 Keygen Serial FIXED - Play Online PC PES 2009.torrent
  C:\DOCUME~1\Zj\Application Data\uTorrent\SporeCrack.torrent
  C:\DOCUME~1\Zj\Application Data\uTorrent\The two worlds keygen.rar.torrent
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]
  
  
• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Thx for the fast reply,
here's the log

OTMoveIt3

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\DOCUME~1\Zj\Application Data\uTorrent\Crysis Warhead Crack.torrent moved successfully.
C:\DOCUME~1\Zj\Application Data\uTorrent\FIFA.09.Crackfix-RELOADED.torrent moved successfully.
C:\DOCUME~1\Zj\Application Data\uTorrent\Pro Evolution Soccer 2008 (Crack and Serial) by SMoKE (FIXED).torrent moved successfully.
C:\DOCUME~1\Zj\Application Data\uTorrent\Pro Evolution Soccer 2009 Keygen Serial FIXED - Play Online PC PES 2009.torrent moved successfully.
C:\DOCUME~1\Zj\Application Data\uTorrent\SporeCrack.torrent moved successfully.
C:\DOCUME~1\Zj\Application Data\uTorrent\The two worlds keygen.rar.torrent moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Zj\LOCALS~1\Temp\IXP002.TMP\IDMan.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Zj\LOCALS~1\Temp\IXP002.TMP\idmmkb.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Zj\LOCALS~1\Temp\etilqs_J0laS9E3C85KF9FWiY4Y scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_754.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Zj\Local Settings\Application Data\Mozilla\Firefox\Profiles\w1i4kg0t.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Zj\Local Settings\Application Data\Mozilla\Firefox\Profiles\w1i4kg0t.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Zj\Local Settings\Application Data\Mozilla\Firefox\Profiles\w1i4kg0t.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Zj\Local Settings\Application Data\Mozilla\Firefox\Profiles\w1i4kg0t.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Zj\Local Settings\Application Data\Mozilla\Firefox\Profiles\w1i4kg0t.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Zj\Local Settings\Application Data\Mozilla\Firefox\Profiles\w1i4kg0t.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11022008_000751

Files moved on Reboot...
C:\DOCUME~1\Zj\LOCALS~1\Temp\IXP002.TMP\IDMan.exe moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Zj\LOCALS~1\Temp\IXP002.TMP\idmmkb.dll
C:\DOCUME~1\Zj\LOCALS~1\Temp\IXP002.TMP\idmmkb.dll NOT unregistered.
C:\DOCUME~1\Zj\LOCALS~1\Temp\IXP002.TMP\idmmkb.dll moved successfully.
File C:\DOCUME~1\Zj\LOCALS~1\Temp\etilqs_J0laS9E3C85KF9FWiY4Y not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_754.dat not found!
C:\Documents and Settings\Zj\Local Settings\Application Data\Mozilla\Firefox\Profiles\w1i4kg0t.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Zj\Local Settings\Application Data\Mozilla\Firefox\Profiles\w1i4kg0t.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Zj\Local Settings\Application Data\Mozilla\Firefox\Profiles\w1i4kg0t.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Zj\Local Settings\Application Data\Mozilla\Firefox\Profiles\w1i4kg0t.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Zj\Local Settings\Application Data\Mozilla\Firefox\Profiles\w1i4kg0t.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Zj\Local Settings\Application Data\Mozilla\Firefox\Profiles\w1i4kg0t.default\XUL.mfl moved successfully.


RSIT log.txt

Logfile of random's system information tool 1.04 (written by random/random)
Run by Zj at 2008-11-02 00:13:05
Microsoft Windows XP Professional Service Pack 3
System drive C: has 33 GB (11%) free of 305 GB
Total RAM: 2047 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:07 AM, on 11/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\Flashy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PPStream\ppsap.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Zj\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Zj.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: ThunderAtOnce Class - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Thunder Browser Helper - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PPVADownloader - {A986E409-30CC-4185-89BB-AB212C104524} - C:\Program Files\PPLiveVA\DownloaderManager.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Flashy Bot] C:\WINDOWS\system32\Flashy.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe
O4 - HKCU\..\Run: [PPLiveVA] C:\Program Files\PPLiveVA\PPLiveVA.exe /LoadModule PPVA.DLL /M REAL /S 0 /T 0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\DOCUME~1\Zj\LOCALS~1\Temp\IXP002.TMP\IDMan.exe /onboot
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ares vista] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: systemID.pif = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download all links with IDM - C:\DOCUME~1\Zj\LOCALS~1\Temp\IXP002.TMP\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\DOCUME~1\Zj\LOCALS~1\Temp\IXP002.TMP\IEGetVL.htm
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Crux P2P\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: Download with IDM - C:\DOCUME~1\Zj\LOCALS~1\Temp\IXP002.TMP\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3762EAFD-884B-4C79-9AF3-2BB1C48B68D7}: NameServer = 192.168.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: My Current Home Page - About:Home

--
End of file - 10172 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01443AEC-0FD1-40fd-9C87-E93D1494C233}]
ThunderAtOnce Class - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll [2008-09-06 142600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-08-22 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-31 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}]
Thunder Browser Helper - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll [2008-09-19 128464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A986E409-30CC-4185-89BB-AB212C104524}]
Download_Bho Class - C:\Program Files\PPLiveVA\DownloaderManager.dll [2008-09-12 390472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-31 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-31 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-08-22 185896]
"SW24"=C:\WINDOWS\system32\sw24.exe [2006-12-15 69632]
"SW20"=C:\WINDOWS\system32\sw20.exe [2006-12-15 208896]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-31 136600]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"Flashy Bot"=C:\WINDOWS\system32\Flashy.exe [2007-01-09 60545]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"PPS Accelerator"=C:\Program Files\PPStream\ppsap.exe [2008-08-13 165240]
"PPLiveVA"=C:\Program Files\PPLiveVA\PPLiveVA.exe [2008-09-11 58784]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"IDMan"=C:\DOCUME~1\Zj\LOCALS~1\Temp\IXP002.TMP\IDMan.exe /onboot []
"eMuleAutoStart"=C:\Program Files\eMule\emule.exe [2008-09-24 5256776]
"DAEMON Tools Pro Agent"=C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136]
"ares vista"=C:\Program Files\Ares\Ares.exe [2008-02-20 963072]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-03 1576176]

C:\Documents and Settings\Zj\Start Menu\Programs\Startup
systemID.pif

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispCPL"=0
"DisableRegistryTools"=2
"DisableTaskMgr"=2

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoStartMenuMorePrograms"=0
"StartMenuLogOff"=0
"NoDrives"=00000000
"NoToolbarCustomize"=0
"NoSetFolders"=0
"NoFolderOptions"=2

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Ares Gold\AresGold.exe"="C:\Program Files\Ares Gold\AresGold.exe:*:Enabled:AresGold"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares"
"C:\Program Files\Crux P2P\Crux P2P.exe"="C:\Program Files\Crux P2P\Crux P2P.exe:*:Enabled:Crux P2P"
"C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\TrustyFiles\TrustyFiles.exe"="C:\Program Files\TrustyFiles\TrustyFiles.exe:*:Enabled:TrustyFiles"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\PPStream\PPStream.exe"="C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ"
"C:\Program Files\PPStream\PPSAP.exe"="C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷"
"C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\Program Files\ZincPlay\Zion\mirc.exe"="C:\Program Files\ZincPlay\Zion\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\EA Sports\FIFA Online 2\FF2Client.exe"="C:\Program Files\EA Sports\FIFA Online 2\FF2Client.exe:*:Enabled:FIFA ONLINE"
"C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe"="C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe:*:Enabled:Thunder"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\PPLive\PPLive.exe"="C:\Program Files\PPLive\PPLive.exe:*:Enabled:PPLive"
"C:\Program Files\PPLiveVA\PPLiveVA.exe"="C:\Program Files\PPLiveVA\PPLiveVA.exe:*:Enabled:PPLiveVA"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ "
"C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cd9d87c-a59e-11dd-ba28-0019dbb54ec5}]
shell\AutoRun\command - G:\Winnie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d21561a4-6eab-11dd-b9b5-0019dbb54ec5}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe


======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2008-11-02 00:13:05 ----D---- C:\rsit
2008-11-02 00:07:51 ----D---- C:\_OTMoveIt
2008-11-01 23:56:20 ----A---- C:\lopR.txt
2008-11-01 23:23:03 ----D---- C:\Lop SD
2008-11-01 17:44:19 ----D---- C:\Program Files\Trend Micro
2008-11-01 16:39:18 ----D---- C:\Program Files\Panda Security
2008-11-01 16:32:49 ----H---- C:\WINDOWS\system32\Flashy.exe
2008-11-01 15:22:14 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-01 15:22:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-31 23:24:09 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-31 23:24:04 ----D---- C:\Program Files\SUPERAntiSpyware
2008-10-31 23:24:04 ----D---- C:\Documents and Settings\Zj\Application Data\SUPERAntiSpyware.com
2008-10-31 23:21:50 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-31 23:21:50 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-31 23:21:50 ----A---- C:\WINDOWS\system32\java.exe
2008-10-31 23:21:50 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-10-31 22:33:10 ----D---- C:\WINDOWS\pss
2008-10-30 22:18:36 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-30 21:53:04 ----D---- C:\WINDOWS\ERDNT
2008-10-30 18:11:35 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-10-27 17:54:47 ----D---- C:\Program Files\iPod
2008-10-27 17:54:46 ----D---- C:\Program Files\iTunes
2008-10-27 17:54:46 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-25 20:45:14 ----HDC---- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2008-10-25 20:40:19 ----D---- C:\ProgramData
2008-10-25 13:16:15 ----A---- C:\Documents and Settings\All Users\Application Data\vlc-0.9.4-win32.exe
2008-10-18 00:22:17 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-10-18 00:21:44 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-18 00:21:36 ----D---- C:\Program Files\Common Files\Adobe
2008-10-18 00:21:36 ----D---- C:\Program Files\Adobe
2008-10-16 10:08:09 ----D---- C:\Documents and Settings\All Users\Application Data\KONAMI
2008-10-16 10:01:52 ----D---- C:\Program Files\KONAMI
2008-10-14 23:55:26 ----A---- C:\WINDOWS\game.ini
2008-10-14 23:42:31 ----D---- C:\Program Files\Activision
2008-10-14 23:40:40 ----SHD---- C:\WINDOWS\ftpcache
2008-10-12 03:52:54 ----D---- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-10-11 03:53:34 ----D---- C:\WINDOWS\Minidump
2008-10-08 11:02:04 ----D---- C:\Program Files\7-Zip
2008-10-08 10:59:07 ----A---- C:\uniextract.txt
2008-10-03 17:10:31 ----D---- C:\WINDOWS\USB Vibration
2008-10-03 17:10:19 ----D---- C:\Program Files\USB Vibration

======List of files/folders modified in the last 1 months======

2008-11-02 00:11:04 ----D---- C:\Program Files\Mozilla Firefox
2008-11-02 00:10:49 ----A---- C:\WINDOWS\psnetwork.ini
2008-11-02 00:10:36 ----D---- C:\Documents and Settings\All Users\Application Data\PPLiveVAPPLiveVAShareFlv
2008-11-02 00:10:33 ----D---- C:\Program Files\eMule
2008-11-02 00:10:32 ----D---- C:\WINDOWS\Temp
2008-11-02 00:10:31 ----D---- C:\Program Files\PPLiveVA
2008-11-02 00:10:30 ----A---- C:\WINDOWS\PCDNSetting.ini
2008-11-02 00:09:35 ----D---- C:\WINDOWS
2008-11-02 00:08:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-02 00:07:51 ----D---- C:\Documents and Settings\Zj\Application Data\uTorrent
2008-11-01 23:21:15 ----D---- C:\Program Files\Warcraft III
2008-11-01 17:44:19 ----RD---- C:\Program Files
2008-11-01 16:41:40 ----D---- C:\WINDOWS\system32\drivers
2008-11-01 16:39:59 ----HD---- C:\WINDOWS\inf
2008-11-01 16:39:58 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-01 16:32:49 ----D---- C:\WINDOWS\system32
2008-11-01 16:32:48 ----D---- C:\Documents and Settings\Zj\Application Data\DMCache
2008-11-01 15:27:00 ----D---- C:\WINDOWS\Prefetch
2008-11-01 03:40:07 ----D---- C:\WINDOWS\system32\LogFiles
2008-11-01 03:39:50 ----D---- C:\WINDOWS\Debug
2008-10-31 23:34:09 ----D---- C:\WINDOWS\AppPatch
2008-10-31 23:24:06 ----SHD---- C:\WINDOWS\Installer
2008-10-31 23:23:55 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-31 23:21:34 ----D---- C:\Program Files\Java
2008-10-31 22:48:22 ----SH---- C:\boot.ini
2008-10-31 22:48:22 ----A---- C:\WINDOWS\win.ini
2008-10-31 22:48:22 ----A---- C:\WINDOWS\system.ini
2008-10-31 22:35:18 ----SHD---- C:\System Volume Information
2008-10-31 22:35:18 ----D---- C:\WINDOWS\system32\Restore
2008-10-31 15:30:46 ----D---- C:\TDDOWNLOAD
2008-10-31 14:46:49 ----SHD---- C:\Documents and Settings\All Users\Application Data\thunder_vod_cache
2008-10-30 23:04:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-30 21:46:57 ----D---- C:\Program Files\Yahoo!
2008-10-29 11:04:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-29 11:04:35 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-27 17:53:20 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-25 20:40:32 ----D---- C:\Program Files\Electronic Arts
2008-10-25 20:40:23 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-25 20:36:34 ----D---- C:\Seven Kingdoms II
2008-10-25 20:36:20 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-25 20:36:18 ----D---- C:\Program Files\Irrational Games
2008-10-25 09:56:18 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-18 00:22:33 ----D---- C:\Documents and Settings\Zj\Application Data\Adobe
2008-10-18 00:22:17 ----D---- C:\Program Files\Common Files
2008-10-16 03:02:45 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-16 03:02:16 ----D---- C:\Program Files\Internet Explorer
2008-10-16 00:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-14 10:01:30 ----D---- C:\WINDOWS\system32\DirectX
2008-10-14 10:01:24 ----HD---- C:\WINDOWS\msdownld.tmp
2008-10-12 20:56:54 ----D---- C:\Documents and Settings\All Users\Application Data\PPLiveVA
2008-10-12 03:52:52 ----A---- C:\WINDOWS\PPSMediaList.ini
2008-10-12 03:52:52 ----A---- C:\WINDOWS\powerplayer.ini
2008-10-12 03:52:36 ----D---- C:\Program Files\TVUPlayer
2008-10-12 03:50:30 ----D---- C:\Program Files\PPStream
2008-10-09 18:41:15 ----D---- C:\Program Files\Windows Media Player
2008-10-08 03:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-05 22:29:55 ----D---- C:\Program Files\PPLive
2008-10-04 01:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-09-09 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-09-09 25416]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-09-06 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-04 4258496]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-02-07 90880]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 atusk4c2;atusk4c2; C:\WINDOWS\system32\drivers\atusk4c2.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-31 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2007-03-20 263168]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------



RSIT info.txt

info.txt logfile of random's system information tool 1.04 2008-11-02 00:13:09

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
AGEIA PhysX v7.07.09-->MsiExec.exe /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ares 2.0.9-->"C:\Program Files\Ares\uninstall.exe"
Black & White® 2 Battle of the Gods-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10631C28-62E5-477C-9B40-40C5EA8219BE}\setup.exe" -l0x9 -removeonly
Black & White® 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}\setup.exe" -l0x9 -removeonly
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Brothers In Arms-->C:\Program Files\Ubisoft\Gearbox Software\BrothersInArms\System\Setup.exe uninstall "BrothersInArms"
Call of Duty® 4 - Modern Warfare™ 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch-->C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Caricature Studio Green 3.6-->MsiExec.exe /I{AC5019DA-5DC2-44E6-808A-1A68F3CCA79D}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Crysis WARHEAD®-->"C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe" REMOVE=TRUE MODIFY=FALSE
Crysis WARHEAD®-->C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
eMule VeryCD -->C:\Program Files\eMule\uninstall.exe
eMule VeryCD°æ-->C:\Program Files\eMule\uninstall.exe
FIFA 09-->MsiExec.exe /X{2315B23D-3E21-4920-837D-AE6460934ECB}
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Imagicon-->C:\Program Files\Devious Codeworks\Imagicon\Uninstall.exe
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
IVMDecoder-->C:\PROGRA~1\IVMLAB\IVMDEC~1\UNWISE.EXE C:\PROGRA~1\IVMLAB\IVMDEC~1\INSTALL.LOG
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 4.1.7 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Magic ISO Maker v5.5 (build 0272)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft AppLocale-->MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Application Compatibility Database-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
ѸÀ×5-->"C:\Program Files\Thunder Network\Thunder\unins000.exe"
Night Watch-->C:\Program Files\Night Watch\Uninstall\uninstall.exe /C "/U:C:\Program Files\Night Watch\Uninstall\uninstall.xml"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PPLive 1.9-->C:\Program Files\PPLive\uninst.exe
PPStream-->C:\Program Files\PPStream\uninst.exe
Pro Evolution Soccer 2009-->MsiExec.exe /X{A8DB611A-D80E-450D-85F6-3ACDD164BE31}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Satellite TV for PC Elite 4.8.8.0 -->C:\WINDOWS\uninstall\Satellite TV for PC Elite\setup.exe
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPER © Version 2008.bld.30 (Mar 22, 2008)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
The Abbey-->C:\Program Files\The Adventure Company\The Abbey\Uninstall.exe
The Witcher Enhanced Edition - "Side Effects"-->"C:\Program Files\InstallShield Installation Information\{6D93BD2D-BA71-491A-926C-37FE1580CEE0}\setup.exe" -runfromtemp -l0x0009 -removeonly
The Witcher Enhanced Edition - "The Price of Neutrality"-->"C:\Program Files\InstallShield Installation Information\{F50BF3E1-99C8-4908-A2C7-B19B2C6FEA47}\setup.exe" -runfromtemp -l0x0009 -removeonly
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
TVUPlayer 2.4.0.1-->C:\Program Files\TVUPlayer\uninst.exe
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Twin USB Vibration Gamepad-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA12FD6D-169A-11D7-A6A9-00C026281E5A}\setup.exe" -l0x9
Two Worlds-->C:\PROGRA~1\REALIT~1\TWOWOR~1\Unwise.exe /U C:\PROGRA~1\REALIT~1\TWOWOR~1\install.log
Universal Extractor 1.5-->"C:\Program Files\Universal Extractor\unins000.exe"
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957258)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E070CDA4-A8DD-47FA-89A0-F5DA5D5DDFF9}
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zion IRC Networking Gaming Tool-->"C:\Program Files\ZincPlay\Zion\uninst-zion.exe"

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Universal Extractor\bin
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Hello

Plug your USB key in for this


1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O4 - HKLM\..\Run: [Flashy Bot] C:\WINDOWS\system32\Flashy.exe
O4 - Startup: systemID.pif = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.


Please download the OTMoveIt3 by OldTimer or from here.

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  CODE
  :Processes
  explorer.exe
  
  :Services
  
  :Reg
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
  "DisableRegistryTools"=-
  "DisableTaskMgr"=-
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cd9d87c-a59e-11dd-ba28-0019dbb54ec5}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d21561a4-6eab-11dd-b9b5-0019dbb54ec5}]
  
  :Files
  C:\WINDOWS\system32\Flashy.exe
  G:\Winnie.exe
  C:\Documents and Settings\Zj\Start Menu\Programs\Startup\systemID.pif
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]
  
  
• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL