Hi there,

I've been experiencing some odd stuff lately. First I thought it was just paranoid, but right when I tried to install ZoneAlarm just a min ago, I got a report that it couldn't be done for some unknown reason, and had to contact the somebody(Systeembeheerder in dutch, don't know if that's usefull to you?).

So things like;
-Mysteriously dissapearing of Spybot's install files.
-Mysteriously dissapearing and not working un-install.exe's for all sorts of program's.
-Unknown "hidden", of which some filled and some not, maps with wierd names*.
-These maps having either lots of JEPG files and stuff, or submaps with wierd names like (EXAMPLE;) A3EAFS45-ASKNV45-etc..
-Some maps "empty"
-Runned a few with "FileAlyzer" - And again stuffed with JEPG, Thumbs.db, Desktop.ini, etc..

Tried a few things already, but none would solve or ease anything. Things like;
-AVG scan, also in safe-mode. Normal-nothing Safemode-"couldnt acces files"
-Spybot, also quite a few reg. changes and keys and stuff.
-Hitmanpro.. nothing.
-Adaware, same als AVG.

So hope U can help. :thanks:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:37:12, on 3-9-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\steam\Steam.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\AbuserManual\Bureaublad\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "D:\steam\Steam.exe" -silent
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250647063931
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250647049040
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

--
End of file - 4094 bytes

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hi WoodGnome and welcome to Safer Networking :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Security Application Check:

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)

Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt
Please post the contents of that document in your next reply.
Scan with RSIT:

Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Make sure that RSIT.exe is on the your Desktop before running the application!

Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:

log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
Note: Both logs can also be located within this folder rsit at the root of your installed Hard-Drive. EG: C:\rsit

When completed the above, please post back the following in the order asked for:

How is you computer performing now, any further symptoms and or problems encountered?
SecurityCheck Log.
Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.

Bump -> Updating in the, probably, next post in this topic. I think it's best if I explain everything with what I found out till now.

Well.. atleast it's keeping me busy at nights :eek:.

Hi :)

Read you PM, if you inform myself how long you will be away from this weekend on-wards and providing the computer in question will not be used at all in any capacity I have no qualms(will consider) leaving this topic open until your return.(unless of course it is really going to be a protracted length of time, which is not feasible as may set a unwanted precedent of everyone thinking they can request similar.)

In the meantime please do post the logs I asked for here (http://forums.spybot.info/showpost.php?p=334324&postcount=2), thank you.

Heya,

Thanks for reading it!
But I'm not going away anymore haha, I ment I wasn't home this weekend. But I am now, so I'll provide all the relevant info, and as accurat/compact as possible.

I have, since I posted here, reinstalled 2x. One was just a C:\ partition format + Windows reïnstall. And the last one, I just removed both my C: and D: partitions, and forged them into one in the hope they would format completely. Too bad, there was this 8mb that got partitioned seperatly, which I just couldn't remove, adjust or whatever. Just so you know.

Starting from the latest re-install, which I wanted to do as safe as I could think, I changed some security program's. To start with;

AVG 8.5 > Avira AntiVir

"Windows Firewall" > Zonealarm for a while, but Haven't installed it yet since the last reinstall. I must say, Zonealarm said it blocked like 5 people trying to acces my PC, in those 2-3 days I had it installed.

Somethings I have also done since the starting post;

Scan with "Live OneCare" microsoft scan thing, which was for free. It found 13 reg-changes, which I let it fix.

Installed Microsoft Baseline Security Analyzer 2.1 - I just can't see what it does, It tells me all is well. But it has a few points with blue/white !'s, so I click the detail buttons and it tells me to click the detail buttons.. which I just clicked.. ?:confused:

manually installed and ran the Microsoft Malware Removal update, from the microsoftupdate site.

And a couple of more things, which I don't want to bother you with, couse they seem pretty irrelevant to any changes.

But there's some interesting stuff I read, tiny tricks I picked up on some forums(yes they were trustable, and didn't install anything anyway).

I tried the IPconnection cmd in prompt and it gave me a few IP's I didn't feel any recognition with;

TCP 127.0.0.1:1038 0.0.0.0:0 Bezig met luisteren 2688
...
UDP 127.0.0.1:123 *:* 1188
UDP 127.0.0.1:1900 *:* 1388
...
TCP used-9804f45438:3508 localhost:3509 ESTABLISHED 1040
...
TCP 192.168.1.100:1037 65.54.189.33:1863 ESTABLISHED 572
TCP 192.168.1.100:1066 83.84.167.178:2800 ESTABLISHED 572

The last 2 I picked up about a half hour to 1 hour after writing this.
(Bezig met luisteren is dutch for "busy listening" or something like that)

Checked around some more and stumble across the Virut and Win32.Rbot / Win32.IrcContact.
They seem quit simular to my point of view, especially when I read that Win32.Rbot/IrcContact silently installed as "Framework 2.5" -like program, without notification. Well, I've always had this wierd feeling when I discovered 1.0 upto 3.5 Framework in my Software list, but this could just aswell be normall since I'm not that experianced. :')

So, one moment I thought, lets check if we can find anything under "Win32" a go in windows searcher.
202 hits, now I know this could be quit obvious on a windows PC.. :') But they link to wierd locations/files, for example;
dd_dotnetfx35install_lp.txt
icam4usb.inf
prncnfg.vbs
prnjobs.vbs etc..

Also notable; I've got like 20ish $NtUninstallkb<KBupdatenumber>$, some empty, some with uninstall files, some with .dll files.
Last night I found a .net framework 1.1 update on the microsoft update site. Spybot's Resident.log noted this;
9-9-2009 5:43:46 Toegestaan (based on user decision) value "NetFxUpdate_v1.1.4322" (new data: ""C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 0 v1.1.4322 GAC + NI NID") toegevoegd in System Startup global entry!
9-9-2009 5:43:48 Toegestaan (based on user decision) value "NetFxUpdate_v1.1.4322" (new data: "") verwijderd in System Startup global entry!

Another notable happening;
Auto-updated Spybot like a hour ago, it suddenly said advcheck-thing couldn't be updated, I clicked try again and it miraculously dissapeared(No install-notification or anything.. it just dissapeared and Spybot went onlike it was normal)
So I check "update" map in spybot map, theres 2 advcheck.exe; advcheck163.exe and advcheck164.exe, and a few .zip's with the same name and stuff.

Simular stuff happens to the Avira updates, their just done to quick and in reports they report error's followed by 1x wierdfile installed, so the prog says its updated.. And I fear(don't have any direct reason for thinking that, but.. dunno.. "wierd feeling")

Well, thats all of the aditional info.. I know it might be a pain to read, but.. who knows it might contain some valuable info, and save you some time.

You have my thanks!

Next post gonna be the log's you reqeusted :)

First up; Securitycheck

Results of screen317's Security Check version 0.98.9
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Avira AntiVir Personal - Free Antivirus
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner


Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
SpywareBlaster 4.2
Spybot - Search & Destroy
Adobe Flash Player 10
Adobe Reader 9.1 - Nederlands
``````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe


``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-09-09 18:27:49
Microsoft Windows XP Professional Service Pack 3
System drive C: has 217 GB (91%) free of 238 GB
Total RAM: 3327 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:58, on 9/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Administrator\Bureaublad\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\WINDOWS\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\WINDOWS\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252356691010
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252356680838
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

--
End of file - 5706 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\WINDOWS\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Aanmelden - Help - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-07-16 61440]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-16 16862720]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2009-09-08 288560]
"SpybotSD TeaTimer"=C:\WINDOWS\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-08-01 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-03-30 200064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-15 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-09-09 18:27:49 ----D---- C:\rsit
2009-09-09 18:27:49 ----D---- C:\Program Files\trend micro
2009-09-09 15:25:08 ----D---- C:\Program Files\Zone Labs
2009-09-09 15:24:57 ----D---- C:\WINDOWS\Internet Logs
2009-09-09 07:45:53 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-09-09 07:45:53 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-09-09 07:45:53 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-09-09 07:45:53 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-09-09 07:45:52 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-09-09 07:45:52 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-09-09 07:45:52 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-09-09 07:45:52 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-09-09 07:45:52 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-09-09 07:45:52 ----N---- C:\WINDOWS\system32\px.dll
2009-09-09 07:45:51 ----D---- C:\Program Files\Winamp
2009-09-09 07:45:51 ----D---- C:\Documents and Settings\Administrator\Application Data\Winamp
2009-09-09 07:26:15 ----D---- C:\Program Files\Microsoft Baseline Security Analyzer 2
2009-09-09 06:53:38 ----D---- C:\Program Files\Windows Live Safety Center
2009-09-09 05:44:11 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-09 05:43:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-09 04:04:22 ----D---- C:\WINDOWS\Spybot - Search & Destroy
2009-09-09 04:04:22 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-08 21:37:02 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-09-08 21:36:53 ----D---- C:\Program Files\Common Files\Adobe
2009-09-08 21:36:53 ----D---- C:\Program Files\Adobe
2009-09-08 14:46:07 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-09-08 14:45:42 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-09-08 14:45:20 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2009-09-08 02:37:39 ----D---- C:\Program Files\uTorrent
2009-09-08 02:35:53 ----D---- C:\Documents and Settings\Administrator\Application Data\uTorrent
2009-09-08 00:05:06 ----D---- C:\WINDOWS\system32\Lang
2009-09-08 00:02:07 ----R---- C:\WINDOWS\system32\ChCfg.exe
2009-09-08 00:02:02 ----D---- C:\WINDOWS\system32\RTCOM
2009-09-08 00:01:57 ----R---- C:\WINDOWS\SoundMan.exe
2009-09-08 00:01:57 ----R---- C:\WINDOWS\SkyTel.exe
2009-09-08 00:01:56 ----R---- C:\WINDOWS\RtlUpd.exe
2009-09-08 00:01:55 ----R---- C:\WINDOWS\RTLCPL.exe
2009-09-08 00:01:50 ----R---- C:\WINDOWS\RTHDCPL.exe
2009-09-08 00:01:50 ----R---- C:\WINDOWS\MicCal.exe
2009-09-08 00:01:47 ----R---- C:\WINDOWS\alcwzrd.exe
2009-09-08 00:01:47 ----R---- C:\WINDOWS\Alcmtr.exe
2009-09-08 00:01:46 ----D---- C:\Program Files\Realtek
2009-09-08 00:01:44 ----R---- C:\WINDOWS\RtlExUpd.dll
2009-09-08 00:01:44 ----A---- C:\WINDOWS\HideWin.exe
2009-09-07 23:45:31 ----D---- C:\Documents and Settings\Administrator\Application Data\Macromedia
2009-09-07 23:17:05 ----D---- C:\WINDOWS\ie8updates
2009-09-07 23:15:36 ----HDC---- C:\WINDOWS\ie8
2009-09-07 23:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-09-07 23:14:27 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-09-07 23:14:25 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-09-07 23:14:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-09-07 23:14:19 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-09-07 23:14:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-09-07 23:14:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-09-07 23:14:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-09-07 23:14:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-09-07 23:14:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-09-07 23:13:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-09-07 23:13:53 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-09-07 23:12:57 ----D---- C:\Documents and Settings\Administrator\Application Data\Windows Search
2009-09-07 23:12:46 ----D---- C:\WINDOWS\ie7updates
2009-09-07 23:12:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-09-07 23:12:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-09-07 23:10:08 ----D---- C:\ba48ca1b01ae6718069416
2009-09-07 23:09:58 ----D---- C:\WINDOWS\SxsCaPendDel
2009-09-07 23:08:19 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-09-07 23:08:16 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-09-07 23:08:13 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-09-07 23:08:09 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-09-07 23:08:06 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-09-07 23:08:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-09-07 23:07:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-09-07 23:07:49 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-09-07 23:07:07 ----D---- C:\Program Files\Microsoft
2009-09-07 23:06:52 ----D---- C:\Program Files\Windows Live SkyDrive
2009-09-07 23:06:32 ----D---- C:\Program Files\Windows Live
2009-09-07 23:04:10 ----D---- C:\Program Files\Common Files\Windows Live
2009-09-07 23:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-09-07 23:03:52 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-09-07 23:03:50 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-09-07 23:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-09-07 23:03:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-09-07 23:03:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-09-07 23:03:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-09-07 23:03:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-09-07 23:03:34 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-09-07 23:03:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-09-07 23:03:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-09-07 23:03:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-09-07 23:03:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-09-07 23:03:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-09-07 23:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-09-07 23:03:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-09-07 23:03:11 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-09-07 23:03:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-09-07 23:03:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-09-07 23:02:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-09-07 23:02:54 ----D---- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
2009-09-07 23:02:38 ----D---- C:\WINDOWS\system32\GroupPolicy
2009-09-07 23:02:38 ----D---- C:\Program Files\Windows Desktop Search
2009-09-07 23:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2009-09-07 23:02:29 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2009-09-07 23:02:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-09-07 23:02:20 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-09-07 23:01:50 ----D---- C:\WINDOWS\system32\URTTEMP
2009-09-07 22:53:10 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-09-07 22:53:03 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-09-07 22:53:01 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-09-07 22:53:01 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-07 22:51:51 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-09-07 22:51:51 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-09-07 22:47:20 ----A---- C:\WINDOWS\system32\h323log.txt
2009-09-07 22:45:18 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-09-07 22:45:14 ----D---- C:\Program Files\SpywareBlaster
2009-09-07 22:45:14 ----A---- C:\WINDOWS\system32\MSSTDFMT.DLL
2009-09-07 22:42:42 ----D---- C:\Program Files\Avira
2009-09-07 22:42:42 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-09-07 22:39:22 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla
2009-09-07 22:39:18 ----D---- C:\Program Files\Mozilla Firefox
2009-09-07 22:37:43 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2009-09-07 22:32:38 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2009-09-07 22:32:38 ----D---- C:\Documents and Settings\Administrator\Application Data\ATI
2009-09-07 22:29:31 ----D---- C:\Program Files\Common Files\ATI Technologies
2009-09-07 22:29:15 ----D---- C:\WINDOWS\RegisteredPackages
2009-09-07 22:29:05 ----A---- C:\WINDOWS\system32\psisdecd.dll
2009-09-07 22:29:05 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2009-09-07 22:28:40 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-09-07 22:28:26 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-09-07 22:28:24 ----RA---- C:\WINDOWS\system32\atiiiexx.dll
2009-09-07 22:28:21 ----RA---- C:\WINDOWS\system32\ATIDEMGX.dll
2009-09-07 22:28:06 ----D---- C:\Program Files\ATI Technologies
2009-09-07 22:26:53 ----D---- C:\Program Files\Common Files\InstallShield
2009-09-07 22:23:49 ----D---- C:\WINDOWS\system32\Atheros_L1e
2009-09-07 22:23:45 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-07 22:19:53 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-09-07 22:19:52 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-07 22:19:51 ----RA---- C:\WINDOWS\system32\CSVer.dll
2009-09-07 22:19:51 ----D---- C:\Program Files\Intel
2009-09-07 22:19:18 ----D---- C:\Intel
2009-09-07 22:14:54 ----A---- C:\WINDOWS\Ascd_tmp.ini
2009-09-07 22:02:54 ----SHD---- C:\WINDOWS\CSC
2009-09-07 22:02:19 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-09-07 22:01:17 ----A---- C:\WINDOWS\system32\usbui.dll
2009-09-07 22:00:25 ----A---- C:\WINDOWS\imsins.BAK
2009-09-07 22:00:23 ----SHD---- C:\WINDOWS\Installer
2009-09-07 22:00:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-07 22:00:22 ----D---- C:\Program Files\Common Files\ODBC
2009-09-07 22:00:22 ----A---- C:\WINDOWS\ODBCINST.INI
2009-09-07 22:00:19 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-09-07 22:00:18 ----RD---- C:\Program Files
2009-09-07 22:00:18 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-07 22:00:18 ----D---- C:\Program Files\Common Files
2009-09-07 22:00:11 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-09-07 22:00:11 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-09-07 22:00:11 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-09-07 22:00:10 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-09-07 22:00:10 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-09-07 22:00:10 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-09-07 22:00:10 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-09-07 22:00:10 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-09-07 22:00:10 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-09-07 22:00:10 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-09-07 22:00:10 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-09-07 22:00:10 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-09-07 22:00:10 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-09-07 22:00:10 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-09-07 22:00:10 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-09-07 22:00:08 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-09-07 22:00:08 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-09-07 22:00:08 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-09-07 22:00:08 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-09-07 22:00:08 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-09-07 22:00:08 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-09-07 22:00:08 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-09-07 22:00:07 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-09-07 22:00:07 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-09-07 22:00:07 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-09-07 22:00:07 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-09-07 22:00:07 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-09-07 22:00:05 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-09-07 22:00:05 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-09-07 22:00:05 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-09-07 22:00:05 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-09-07 22:00:05 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-09-07 22:00:05 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-09-07 22:00:05 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-09-07 22:00:05 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-09-07 22:00:05 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-09-07 22:00:05 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-09-07 22:00:05 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-09-07 22:00:05 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-09-07 22:00:05 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-09-07 22:00:01 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-09-07 22:00:01 ----A---- C:\WINDOWS\system32\irclass.dll
2009-09-07 22:00:01 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-09-07 22:00:01 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-09-07 22:00:01 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-09-07 21:59:59 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-09-07 21:59:59 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-09-07 21:59:59 ----A---- C:\WINDOWS\system32\batt.dll
2009-09-07 21:59:58 ----A---- C:\WINDOWS\system32\storprop.dll
2009-09-07 21:59:58 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-09-07 21:59:50 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-09-07 21:59:47 ----RA---- C:\WINDOWS\SET8.tmp
2009-09-07 21:59:44 ----RA---- C:\WINDOWS\SET4.tmp
2009-09-07 21:59:43 ----RA---- C:\WINDOWS\SET3.tmp
2009-09-07 21:59:38 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-07 21:59:38 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-07 21:59:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-09-07 21:59:11 ----A---- C:\WINDOWS\setuplog.txt
2009-09-07 21:59:08 ----D---- C:\Documents and Settings
2009-09-07 21:59:07 ----SHD---- C:\System Volume Information
2009-09-07 21:58:06 ----SH---- C:\boot.ini
2009-09-07 21:53:29 ----D---- C:\WINDOWS\WinSxS
2009-09-07 21:53:29 ----D---- C:\WINDOWS\twain_32
2009-09-07 21:53:29 ----D---- C:\WINDOWS\Temp
2009-09-07 21:53:29 ----D---- C:\WINDOWS\system32\usmt
2009-09-07 21:53:29 ----D---- C:\WINDOWS\system32\PreInstall
2009-09-07 21:53:29 ----D---- C:\WINDOWS\system32\oobe
2009-09-07 21:53:29 ----D---- C:\WINDOWS\system32\nl-nl
2009-09-07 21:53:29 ----D---- C:\WINDOWS\system32\nl
2009-09-07 21:53:29 ----D---- C:\WINDOWS\system32\mui
2009-09-07 21:53:29 ----D---- C:\WINDOWS\system32\Macromed
2009-09-07 21:53:29 ----D---- C:\WINDOWS\system32\inetsrv
2009-09-07 21:53:29 ----D---- C:\WINDOWS\system32\IME
2009-09-07 21:53:29 ----D---- C:\WINDOWS\system32\icsxml
2009-09-07 21:53:29 ----D---- C:\WINDOWS\system32\export
2009-09-07 21:53:29 ----D---- C:\WINDOWS\system32\3com_dmi
2009-09-07 21:53:29 ----D---- C:\WINDOWS\system32\3076
2009-09-07 21:53:29 ----D---- C:\WINDOWS\system32\2052
2009-09-07 21:53:29 ----D---- C:\WINDOWS\system32\1054
2009-09-07 21:53:29 ----D---- C:\WINDOWS\system32\1043
2009-09-07 21:53:29 ----D---- C:\WINDOWS\system32\1042
2009-09-07 21:53:29 ----D---- C:\WINDOWS\system32\1041
2009-09-07 21:53:29 ----D---- C:\WINDOWS\system32\1037
2009-09-07 21:53:29 ----D---- C:\WINDOWS\system32\1033
2009-09-07 21:53:29 ----D---- C:\WINDOWS\system32\1031
2009-09-07 21:53:29 ----D---- C:\WINDOWS\system32\1028
2009-09-07 21:53:29 ----D---- C:\WINDOWS\system32\1025
2009-09-07 21:53:29 ----D---- C:\WINDOWS\SoftwareDistribution
2009-09-07 21:53:29 ----D---- C:\WINDOWS\Resources
2009-09-07 21:53:29 ----D---- C:\WINDOWS\Provisioning
2009-09-07 21:53:29 ----D---- C:\WINDOWS\PeerNet
2009-09-07 21:53:29 ----D---- C:\WINDOWS\pchealth
2009-09-07 21:53:29 ----D---- C:\WINDOWS\Network Diagnostic
2009-09-07 21:53:29 ----D---- C:\WINDOWS\mui
2009-09-07 21:53:29 ----D---- C:\WINDOWS\msapps
2009-09-07 21:53:29 ----D---- C:\WINDOWS\L2Schemas
2009-09-07 21:53:29 ----D---- C:\WINDOWS\ime
2009-09-07 21:53:29 ----D---- C:\WINDOWS\ehome
2009-09-07 21:53:29 ----D---- C:\WINDOWS\Debug
2009-09-07 21:53:29 ----D---- C:\WINDOWS\AppPatch
2009-09-07 21:53:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-07 21:53:28 ----RSD---- C:\WINDOWS\Fonts
2009-09-07 21:53:28 ----RD---- C:\WINDOWS\Web
2009-09-07 21:53:28 ----HD---- C:\WINDOWS\inf
2009-09-07 21:53:28 ----D---- C:\WINDOWS\system32\wins
2009-09-07 21:53:28 ----D---- C:\WINDOWS\system32\wbem
2009-09-07 21:53:28 ----D---- C:\WINDOWS\system32\spool
2009-09-07 21:53:28 ----D---- C:\WINDOWS\system32\ShellExt
2009-09-07 21:53:28 ----D---- C:\WINDOWS\system32\Setup
2009-09-07 21:53:28 ----D---- C:\WINDOWS\system32\ras
2009-09-07 21:53:28 ----D---- C:\WINDOWS\system32\npp
2009-09-07 21:53:28 ----D---- C:\WINDOWS\system32\ias
2009-09-07 21:53:28 ----D---- C:\WINDOWS\system32\drivers
2009-09-07 21:53:28 ----D---- C:\WINDOWS\system32\dhcp
2009-09-07 21:53:28 ----D---- C:\WINDOWS\system32\config
2009-09-07 21:53:28 ----D---- C:\WINDOWS\system32
2009-09-07 21:53:28 ----D---- C:\WINDOWS\system
2009-09-07 21:53:28 ----D---- C:\WINDOWS\security
2009-09-07 21:53:28 ----D---- C:\WINDOWS\repair
2009-09-07 21:53:28 ----D---- C:\WINDOWS\msagent
2009-09-07 21:53:28 ----D---- C:\WINDOWS\Media
2009-09-07 21:53:28 ----D---- C:\WINDOWS\java
2009-09-07 21:53:28 ----D---- C:\WINDOWS\Help
2009-09-07 21:53:28 ----D---- C:\WINDOWS\Driver Cache
2009-09-07 21:53:28 ----D---- C:\WINDOWS\Cursors
2009-09-07 21:53:28 ----D---- C:\WINDOWS\Connection Wizard
2009-09-07 21:53:28 ----D---- C:\WINDOWS\Config
2009-09-07 21:53:28 ----D---- C:\WINDOWS\addins
2009-09-07 21:53:28 ----D---- C:\WINDOWS
2009-09-07 21:46:46 ----D---- C:\Documents and Settings\Administrator\Application Data\Identities
2009-09-07 21:46:43 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2009-09-07 21:46:43 ----ASH---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2009-09-07 21:32:26 ----SHD---- C:\RECYCLER
2009-09-07 21:06:54 ----D---- C:\WINDOWS\system32\appmgmt
2009-09-07 21:06:35 ----SHD---- C:\Config.Msi
2009-09-07 21:03:34 ----D---- C:\WINDOWS\system32\NtmsData
2009-09-07 21:01:48 ----HD---- C:\Program Files\Uninstall Information
2009-09-07 20:58:45 ----D---- C:\WINDOWS\Prefetch
2009-09-07 20:58:44 ----SD---- C:\WINDOWS\system32\Microsoft
2009-09-07 20:58:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-07 20:56:20 ----D---- C:\WINDOWS\system32\xircom
2009-09-07 20:56:20 ----D---- C:\Program Files\xerox
2009-09-07 20:56:20 ----D---- C:\Program Files\microsoft frontpage
2009-09-07 20:56:14 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-07 20:56:11 ----D---- C:\temp
2009-09-07 20:55:28 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2009-09-07 20:54:38 ----D---- C:\WINDOWS\system32\XPSViewer
2009-09-07 20:54:38 ----D---- C:\WINDOWS\system32\en-us
2009-09-07 20:54:38 ----D---- C:\Program Files\MSBuild
2009-09-07 20:54:36 ----D---- C:\Program Files\Reference Assemblies
2009-09-07 20:54:32 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-09-07 20:54:32 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-09-07 20:54:30 ----A---- C:\WINDOWS\system32\rgb9rast_2.dll
2009-09-07 20:54:16 ----RSD---- C:\WINDOWS\assembly
2009-09-07 20:54:07 ----D---- C:\WINDOWS\Microsoft.NET
2009-09-07 20:54:02 ----A---- C:\WINDOWS\system32\xpssvcs.dll
2009-09-07 20:54:02 ----A---- C:\WINDOWS\system32\xpsshhdr.dll
2009-09-07 20:53:49 ----A---- C:\WINDOWS\system32\prntvpt.dll
2009-09-07 20:53:06 ----A---- C:\WINDOWS\control.ini
2009-09-07 20:53:06 ----A---- C:\AUTOEXEC.BAT
2009-09-07 20:52:58 ----A---- C:\WINDOWS\OEWABLog.txt
2009-09-07 20:52:54 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-09-07 20:52:16 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-09-07 20:52:13 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-09-07 20:52:09 ----HD---- C:\Program Files\WindowsUpdate
2009-09-07 20:52:06 ----D---- C:\Program Files\Online Services
2009-09-07 20:51:53 ----D---- C:\WINDOWS\system32\DirectX
2009-09-07 20:51:45 ----A---- C:\WINDOWS\system32\atrace.dll
2009-09-07 20:51:42 ----A---- C:\WINDOWS\system32\desktop.ini
2009-09-07 20:51:42 ----A---- C:\WINDOWS\desktop.ini
2009-09-07 20:51:36 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-09-07 20:51:35 ----A---- C:\WINDOWS\system32\acctres.dll
2009-09-07 20:51:34 ----D---- C:\Program Files\Common Files\Services
2009-09-07 20:51:32 ----SD---- C:\WINDOWS\Tasks
2009-09-07 20:51:32 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-09-07 20:51:31 ----D---- C:\Program Files\Common Files\MSSoap
2009-09-07 20:51:27 ----D---- C:\WINDOWS\srchasst
2009-09-07 20:51:24 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-09-07 20:51:24 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-09-07 20:51:24 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-09-07 20:51:24 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-09-07 20:51:23 ----A---- C:\WINDOWS\system32\wups.dll
2009-09-07 20:51:23 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-09-07 20:51:23 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-09-07 20:51:23 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-09-07 20:51:23 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-09-07 20:51:22 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-09-07 20:51:22 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-09-07 20:51:22 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-09-07 20:51:22 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-09-07 20:51:22 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-09-07 20:51:18 ----D---- C:\Program Files\Movie Maker
2009-09-07 20:51:03 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-09-07 20:51:03 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-09-07 20:51:03 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-09-07 20:51:03 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-09-07 20:50:59 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-09-07 20:50:59 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-09-07 20:50:58 ----D---- C:\WINDOWS\system32\Restore
2009-09-07 20:50:58 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-09-07 20:50:58 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-09-07 20:50:58 ----A---- C:\WINDOWS\system32\srclient.dll
2009-09-07 20:50:57 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-09-07 20:50:57 ----A---- C:\WINDOWS\system32\msconf.dll
2009-09-07 20:50:57 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-09-07 20:50:57 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-09-07 20:50:57 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-09-07 20:50:57 ----A---- C:\WINDOWS\system32\ils.dll
2009-09-07 20:50:54 ----D---- C:\Program Files\NetMeeting
2009-09-07 20:50:53 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-09-07 20:50:53 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-09-07 20:50:52 ----A---- C:\WINDOWS\system32\inetres.dll
2009-09-07 20:50:52 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-09-07 20:50:50 ----D---- C:\Program Files\Outlook Express
2009-09-07 20:50:50 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-09-07 20:50:50 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-09-07 20:50:50 ----A---- C:\WINDOWS\system32\mstask.dll
2009-09-07 20:50:49 ----A---- C:\WINDOWS\system32\isign32.dll
2009-09-07 20:50:49 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-09-07 20:50:49 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-09-07 20:50:49 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-09-07 20:50:44 ----D---- C:\Program Files\Common Files\System
2009-09-07 20:50:10 ----D---- C:\Program Files\ComPlus Applications
2009-09-07 20:50:08 ----A---- C:\WINDOWS\vbaddin.ini
2009-09-07 20:50:08 ----A---- C:\WINDOWS\vb.ini
2009-09-07 20:50:03 ----D---- C:\WINDOWS\Registration
2009-09-07 20:49:43 ----D---- C:\Program Files\Windows Media Connect 2
2009-09-07 20:49:42 ----D---- C:\Program Files\Windows Media Player
2009-09-07 20:49:38 ----RD---- C:\WINDOWS\Offline Web Pages
2009-09-07 20:49:38 ----A---- C:\WINDOWS\system32\WinFXDocObj.exe
2009-09-07 20:49:37 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-07 20:49:37 ----A---- C:\WINDOWS\system32\msfeedssync.exe
2009-09-07 20:49:36 ----D---- C:\WINDOWS\wbem
2009-09-07 20:49:36 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-09-07 20:49:34 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
2009-09-07 20:49:33 ----D---- C:\Program Files\Internet Explorer
2009-09-07 20:49:33 ----A---- C:\WINDOWS\system32\advpack.dll.mui
2009-09-07 20:49:31 ----D---- C:\Program Files\Messenger
2009-09-07 20:49:27 ----D---- C:\Program Files\MSN Gaming Zone
2009-09-07 20:49:27 ----A---- C:\WINDOWS\system32\write.exe
2009-09-07 20:49:20 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-09-07 20:49:20 ----A---- C:\WINDOWS\system32\hticons.dll
2009-09-07 20:49:20 ----A---- C:\WINDOWS\system32\avwav.dll
2009-09-07 20:49:20 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-09-07 20:49:20 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-09-07 20:49:19 ----A---- C:\WINDOWS\system32\winchat.exe
2009-09-07 20:49:14 ----A---- C:\WINDOWS\system32\getuname.dll
2009-09-07 20:49:14 ----A---- C:\WINDOWS\system32\charmap.exe
2009-09-07 20:49:14 ----A---- C:\WINDOWS\system32\calc.exe
2009-09-07 20:49:13 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-09-07 20:49:13 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-09-07 20:49:13 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-09-07 20:49:13 ----A---- C:\WINDOWS\system32\tskill.exe
2009-09-07 20:49:13 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-09-07 20:49:13 ----A---- C:\WINDOWS\system32\reset.exe
2009-09-07 20:49:12 ----A---- C:\WINDOWS\system32\tscon.exe
2009-09-07 20:49:12 ----A---- C:\WINDOWS\system32\shadow.exe
2009-09-07 20:49:12 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-09-07 20:49:12 ----A---- C:\WINDOWS\system32\regini.exe
2009-09-07 20:49:12 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-09-07 20:49:12 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-09-07 20:49:12 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-09-07 20:49:12 ----A---- C:\WINDOWS\system32\msg.exe
2009-09-07 20:49:12 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-09-07 20:49:12 ----A---- C:\WINDOWS\system32\logoff.exe
2009-09-07 20:49:12 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-09-07 20:49:07 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-09-07 20:49:06 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-09-07 20:49:06 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-09-07 20:49:06 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-09-07 20:49:06 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-09-07 20:49:05 ----D---- C:\Program Files\Windows NT
2009-09-07 20:49:05 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-09-07 20:49:05 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-09-07 20:49:04 ----A---- C:\WINDOWS\system32\tsgqec.dll
2009-09-07 20:49:04 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-09-07 20:49:03 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2009-09-07 20:49:03 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-09-07 20:49:03 ----A---- C:\WINDOWS\system32\aaclient.dll
2009-09-07 20:49:02 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-09-07 20:49:02 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-09-07 20:49:02 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-09-07 20:49:02 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-09-07 20:49:02 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-09-07 20:49:02 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-09-07 20:49:01 ----D---- C:\WINDOWS\system32\MsDtc
2009-09-07 20:49:01 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-09-07 20:49:01 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-09-07 20:49:01 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-09-07 20:49:01 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-09-07 20:49:01 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-09-07 20:49:01 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-09-07 20:49:01 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-09-07 20:49:01 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-09-07 20:49:01 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-09-07 20:49:00 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-09-07 20:49:00 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-09-07 20:49:00 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-09-07 20:49:00 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-09-07 20:49:00 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-09-07 20:48:59 ----D---- C:\WINDOWS\system32\Com
2009-09-07 20:48:59 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-09-07 20:48:59 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-09-07 20:48:59 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-09-07 20:48:59 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-09-07 20:48:59 ----A---- C:\WINDOWS\system32\colbact.dll
2009-09-07 20:48:58 ----A---- C:\WINDOWS\system32\stclient.dll
2009-09-07 20:48:58 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-09-07 20:48:58 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-09-07 20:48:58 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-09-07 20:48:58 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-09-07 20:48:58 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-09-07 20:48:57 ----A---- C:\WINDOWS\system32\comuid.dll
2009-09-07 20:48:57 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-09-07 20:48:57 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-09-07 20:48:56 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-09-07 20:48:56 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-09-07 20:48:50 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-09-07 20:48:50 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-09-07 20:48:50 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-09-07 20:48:50 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2009-09-09 15:38:15 ----A---- C:\WINDOWS\system32\winver.exe
2009-09-07 22:00:16 ----A---- C:\WINDOWS\system.ini
2009-09-07 20:52:52 ----A---- C:\WINDOWS\win.ini
2009-08-28 14:38:22 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel GV3-processorstuurprogramma; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R3 Arp1394;1394 ARP-clientprotocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-05-15 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-08-01 3266560]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-21 93696]
R3 HDAudBus;Microsoft UAA-busstuurprogramma voor High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class-stuurprogramma; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-20 4800000]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-06-25 36864]
R3 mouhid;Stuurprogramma voor muis-HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-05-15 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394-stuurprogramma; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-05-15 61824]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-15 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-15 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Stuurprogramma voor systeemherstelfilter; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-08-01 573440]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-07-31 593920]
S3 aspnet_state;ASP.NET-statusservice; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Windows Media Player Network Sharing-service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-11-02 917504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp service voor het delen van poorten; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-09-09 18:27:58

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1 - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-A91000000001}
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\Setup.exe" -runfromtemp -l0x0013 -removeonly
ATI - Software-verwijderprogramma-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Problem Report Wizard-->MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Beveiligingsupdate voor Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Beveiligingsupdate voor Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix voor Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Dutch Language Pack-->MsiExec.exe /X{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - NLD-->MsiExec.exe /I{220C5102-2566-337F-9E9B-C81C5C761BA2}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - NLD-->MsiExec.exe /I{8C788975-88ED-3C52-A188-6C944E9BD07D}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack - nld-->MsiExec.exe /I{A395750A-78D7-36D1-A59D-1A0B601D4BDC}
Microsoft .NET Framework 3.5 Nederlands taalpakket-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - nld\setup.exe
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Baseline Security Analyzer 2.1-->MsiExec.exe /I{6AF5CAB9-FD0A-494F-8AA6-784D4B5D06C5}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x13 -removeonly
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Spybot - Search & Destroy-->"C:\WINDOWS\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update voor Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update voor Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update voor Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update voor Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update voor Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update voor Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update voor Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live - Hulpprogramma voor uploaden-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live aanmeldhulp-->MsiExec.exe /I{1BD6AE96-4742-4498-9D03-9451C7E5A214}
Windows Live Call-->MsiExec.exe /I{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{562B9CA4-6E52-4F87-ACEC-912FC004F1F0}
Windows Live Messenger-->MsiExec.exe /X{10F5387D-1728-423A-A578-B00982CF2646}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: USED-9804F45438
Event Code: 3260
Message: Deze computer is aan workgroup toegevoegd. -.

Record Number: 5
Source Name: Workstation
Time Written: 20090907204847.000000+120
Event Type: Gegevens
User:

Computer Name: USED-9804F45438
Event Code: 6011
Message: De NetBIOS-naam en de DNS-hostnaam van deze computer zijn veranderd van MACHINENAME in USED-9804F45438.

Record Number: 4
Source Name: EventLog
Time Written: 20090907204726.000000+120
Event Type: Gegevens
User:

Computer Name: MACHINENAME
Event Code: 2
Message: Bij het controleren of \Device\Serial0 een seriële poort is, is een fifo gevonden. De fifo wordt gebruikt.

Record Number: 3
Source Name: Serial
Time Written: 20090907215933.000000+120
Event Type: Gegevens
User:

Computer Name: MACHINENAME
Event Code: 6005
Message: De Event Log-service is gestart.

Record Number: 2
Source Name: EventLog
Time Written: 20090907215916.000000+120
Event Type: Gegevens
User:

Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20090907215916.000000+120
Event Type: Gegevens
User:

=====Application event log=====

Computer Name: USED-9804F45438
Event Code: 1000
Message: Prestatiemeteritems voor de MSDTC-service (MSDTC) zijn geladen. De record-
gegevens bevatten de nieuwe indexwaarden die zijn toegewezen aan
deze service.

Record Number: 5
Source Name: LoadPerf
Time Written: 20090907204959.000000+120
Event Type: Gegevens
User:

Computer Name: USED-9804F45438
Event Code: 1000
Message: Prestatiemeteritems voor de TermService-service (Terminal Services) zijn geladen. De record-
gegevens bevatten de nieuwe indexwaarden die zijn toegewezen aan
deze service.

Record Number: 4
Source Name: LoadPerf
Time Written: 20090907204955.000000+120
Event Type: Gegevens
User:

Computer Name: USED-9804F45438
Event Code: 1000
Message: Prestatiemeteritems voor de RemoteAccess-service (Routing and Remote Access) zijn geladen. De record-
gegevens bevatten de nieuwe indexwaarden die zijn toegewezen aan
deze service.

Record Number: 3
Source Name: LoadPerf
Time Written: 20090907204801.000000+120
Event Type: Gegevens
User:

Computer Name: USED-9804F45438
Event Code: 1000
Message: Prestatiemeteritems voor de PSched-service (PSched) zijn geladen. De record-
gegevens bevatten de nieuwe indexwaarden die zijn toegewezen aan
deze service.

Record Number: 2
Source Name: LoadPerf
Time Written: 20090907204737.000000+120
Event Type: Gegevens
User:

Computer Name: USED-9804F45438
Event Code: 1000
Message: Prestatiemeteritems voor de RSVP-service (QoS RSVP) zijn geladen. De record-
gegevens bevatten de nieuwe indexwaarden die zijn toegewezen aan
deze service.

Record Number: 1
Source Name: LoadPerf
Time Written: 20090907204736.000000+120
Event Type: Gegevens
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Hi :)

Thanks for the situation update. Please no more self fixes and or do anything else to your computer unless I advice so, thank you.

Please read the forum policy concerning Peer to Peer (http://forums.spybot.info/showthread.php?t=282) applications.

Now I have a fair few tasks for your good self to carry out, take your time and if any problems encountered inform myself straight away please.

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

µTorrent <-- P2P application, must be removed per forum policy.
Windows Live OneCare safety scanner <-- This will cause a system conflict with your presently installed Anti-Virus and will actully lesson overall online protection.

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Disable Spybot S&D TeaTimer's Registry Guard:

This is so it does not interfere with the malware removal process, you may re-enable this when I give the all clear.

If you have version 1.5 or 1.6, right click the Spybot Icon in the system tray near the clock (looks like a blue/white calendar with a padlock symbol).
Click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
Go to Start > All Programs > Spybot - Search & Destroy > Spybot Search & Destroy.
Click on Mode > Advanced Mode. When it prompts you, click Yes.
On the left hand side, click on Tools.
Check this box if it is not yet ticked: Resident.
You will notice that Resident is now added under Tools. Click on Resident.
Uncheck this box: Resident "TeaTimer" (Protection of over-all system settings) active.
Exit Spybot Search & Destroy.
Reset SP3 Firewall:

Click on Start >> Run... and cut/paste in the following and click on OK

firewall.cplClick on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK

Note: Now please reboot(restart) your computer. <-- This step must be carried out.

Next:

Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.


Double-click mbam-setup.exe and select then follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
Launch Malwarebytes' Anti-Malware
Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download/Run ComboFix:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html)Please include the C:\ComboFix.txt in your next reply for further review.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper

When completed the above, please post back the following in the order asked for:

How is you computer performing now, any other symptoms and or problems encountered?
Malwarebytes' Anti-Malware Log.
ComboFix Log.
A new HijackThis Log.

Posting the malware bytes log :)
doing combofix in a min.

Malwarebytes' Anti-Malware 1.41
Database versie: 2791
Windows 5.1.2600 Service Pack 3

13/09/2009 18:40:27
mbam-log-2009-09-13 (18-40-27).txt

Scan type: Snelle Scan
Objecten gescand: 93756
Verstreken tijd: 2 minute(s), 36 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

oh, sorry didnt read it well, thought I had to post all in a seperate post :lip:

Sorry, :red:

Ok, so I completed ComboFix just a sec ago, and I don't know if it did anything yet, but we'll see.

Something odd happened today though, 2x insane CPU-usage increase. The whole thing got slow, choppy and everything. And I wasn't doing anything else then msn and some internet.. So I thought that was kind of wierd. But let's see if it's over now, they both happened before the combofix run :)

Malware Byte:
Malwarebytes' Anti-Malware 1.41
Database versie: 2791
Windows 5.1.2600 Service Pack 3

13/09/2009 18:40:27
mbam-log-2009-09-13 (18-40-27).txt

Scan type: Snelle Scan
Objecten gescand: 93756
Verstreken tijd: 2 minute(s), 36 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

ComboFix log:

ComboFix 09-09-13.04 - Administrator 13/09/2009 22:42.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3327.2869 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((( Bestanden Gemaakt van 2009-08-13 to 2009-09-13 ))))))))))))))))))))))))))))))
.

2009-09-13 16:35 . 2009-09-13 16:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-13 16:35 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-13 16:35 . 2009-09-13 16:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-13 16:35 . 2009-09-13 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-13 16:35 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-13 13:02 . 2009-09-13 13:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Last.fm
2009-09-13 13:01 . 2009-09-13 15:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Last.fm
2009-09-13 13:01 . 2009-09-13 13:01 -------- d-----w- c:\program files\Last.fm
2009-09-11 16:04 . 2008-04-13 20:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-09-11 16:04 . 2008-04-13 20:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-09-11 16:03 . 2008-04-14 18:32 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-09-11 16:03 . 2008-04-14 18:32 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-09-11 16:03 . 2008-04-13 20:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-09-11 16:03 . 2008-04-13 20:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-09-11 16:00 . 2004-10-08 10:46 53248 ----a-r- c:\windows\system32\InstMed.exe
2009-09-11 16:00 . 2004-10-08 12:00 372736 ----a-w- c:\windows\system32\LVUI2RC.dll
2009-09-11 16:00 . 2004-10-08 11:57 22016 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys
2009-09-11 16:00 . 2004-10-08 11:52 106496 ----a-w- c:\windows\system32\lvcoinst.dll
2009-09-11 16:00 . 2004-10-08 11:56 204800 ----a-w- c:\windows\system32\LVUI2.dll
2009-09-11 16:00 . 2004-10-08 11:55 204800 ----a-w- c:\windows\system32\lvcodec2.dll
2009-09-11 16:00 . 2004-10-08 11:54 1206272 ----a-w- c:\windows\system32\drivers\lvsvf2.sys
2009-09-11 16:00 . 2004-10-08 11:58 585824 ----a-w- c:\windows\system32\drivers\lvcm.sys
2009-09-11 16:00 . 2009-09-11 16:00 -------- d-----w- c:\program files\Common Files\Logitech
2009-09-11 15:58 . 1998-11-13 12:08 308224 ----a-w- c:\windows\IsUn0413.exe
2009-09-09 16:27 . 2009-09-09 16:27 -------- d-----w- C:\rsit
2009-09-09 16:27 . 2009-09-09 16:27 -------- d-----w- c:\program files\trend micro
2009-09-09 13:25 . 2009-09-09 13:25 -------- d-----w- c:\program files\Zone Labs
2009-09-09 13:24 . 2009-09-09 13:25 -------- d-----w- c:\windows\Internet Logs
2009-09-09 05:26 . 2009-09-09 13:25 -------- d-----w- c:\documents and settings\Administrator\SecurityScans
2009-09-09 05:26 . 2009-09-09 05:26 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2
2009-09-09 04:53 . 2009-09-13 16:13 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-09 02:04 . 2009-09-09 13:04 -------- d-----w- c:\windows\Spybot - Search & Destroy
2009-09-09 02:04 . 2009-09-09 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-08 19:36 . 2009-09-08 19:37 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-08 19:36 . 2009-09-09 01:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-09-08 16:48 . 2009-09-08 16:48 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-09-08 16:47 . 2009-09-08 16:47 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-08 12:45 . 2009-09-08 12:45 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2009-09-08 12:44 . 2009-09-08 12:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2009-09-08 00:35 . 2009-09-13 16:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-09-07 22:05 . 2009-09-07 22:05 -------- d-----w- c:\windows\system32\Lang
2009-09-07 22:02 . 2006-08-01 07:02 49152 ------r- c:\windows\system32\ChCfg.exe
2009-09-07 22:02 . 2009-09-07 22:02 -------- d-----w- c:\windows\system32\RTCOM
2009-09-07 22:01 . 2007-11-20 10:15 1826816 ------r- c:\windows\SkyTel.exe
2009-09-07 22:01 . 2006-07-21 08:14 86016 ------r- c:\windows\SoundMan.exe
2009-09-07 22:01 . 2008-04-02 01:27 1196032 ------r- c:\windows\RtlUpd.exe
2009-09-07 22:01 . 2007-03-23 11:19 9715200 ------r- c:\windows\RTLCPL.exe
2009-09-07 22:01 . 2008-05-20 09:53 4800000 ------r- c:\windows\system32\drivers\RtkHDAud.sys
2009-09-07 22:01 . 2008-05-16 06:39 16862720 ------r- c:\windows\RTHDCPL.exe
2009-09-07 22:01 . 2007-06-28 08:44 2165760 ------r- c:\windows\MicCal.exe
2009-09-07 22:01 . 2006-05-04 08:26 2808832 ------r- c:\windows\alcwzrd.exe
2009-09-07 22:01 . 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
2009-09-07 22:01 . 2009-09-07 22:01 -------- d-----w- c:\program files\Realtek
2009-09-07 22:01 . 2009-09-07 22:01 315392 ----a-w- c:\windows\HideWin.exe
2009-09-07 22:01 . 2008-03-05 10:07 520192 ------r- c:\windows\RtlExUpd.dll
2009-09-07 21:25 . 2009-09-07 21:25 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-07 21:25 . 2009-09-07 21:25 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-07 21:17 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-09-07 21:17 . 2009-09-09 03:44 -------- d-----w- c:\windows\ie8updates
2009-09-07 21:17 . 2009-07-03 17:00 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-07 21:17 . 2009-07-03 17:00 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-07 21:15 . 2009-09-07 21:16 -------- dc-h--w- c:\windows\ie8
2009-09-07 21:12 . 2009-09-07 21:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2009-09-07 21:10 . 2009-09-07 21:10 -------- d-----w- C:\ba48ca1b01ae6718069416
2009-09-07 21:09 . 2009-09-07 21:24 -------- d-----w- c:\windows\SxsCaPendDel
2009-09-07 21:07 . 2009-09-13 20:22 -------- d-----w- c:\documents and settings\Administrator\Tracing
2009-09-07 21:07 . 2009-09-07 21:07 -------- d-----w- c:\program files\Microsoft
2009-09-07 21:06 . 2009-09-07 21:06 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-07 21:06 . 2009-09-07 21:07 -------- d-----w- c:\program files\Windows Live
2009-09-07 21:04 . 2009-09-07 21:04 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-07 21:02 . 2009-09-07 21:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2009-09-07 21:02 . 2009-09-07 21:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2009-09-07 21:02 . 2009-09-08 12:47 -------- d-----w- c:\program files\Windows Desktop Search
2009-09-07 21:02 . 2009-09-07 21:02 -------- d-----w- c:\windows\system32\GroupPolicy
2009-09-07 21:01 . 2009-09-07 21:01 -------- d-----w- c:\windows\system32\URTTEMP
2009-09-07 20:58 . 2009-02-09 11:27 2193408 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-09-07 20:58 . 2009-02-09 11:27 2149888 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-09-07 20:58 . 2009-02-09 11:27 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-09-07 20:57 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-09-07 20:56 . 2008-06-14 17:36 272640 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-09-07 20:56 . 2008-06-14 17:36 272640 ------w- c:\windows\system32\drivers\bthport.sys
2009-09-07 20:53 . 2009-09-09 03:44 -------- d--h--w- c:\windows\$hf_mig$
2009-09-07 20:45 . 2009-09-12 03:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-07 20:45 . 2009-09-09 00:08 -------- d-----w- c:\program files\SpywareBlaster
2009-09-07 20:45 . 2005-08-25 17:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-09-07 20:42 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-07 20:42 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-07 20:42 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-09-07 20:42 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-09-07 20:42 . 2009-09-07 20:42 -------- d-----w- c:\program files\Avira
2009-09-07 20:42 . 2009-09-07 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-09-07 20:39 . 2009-09-07 20:39 0 ----a-w- c:\windows\nsreg.dat
2009-09-07 20:39 . 2009-09-07 20:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-09-07 20:32 . 2009-09-07 21:25 12912 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-07 20:32 . 2009-09-07 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-09-07 20:32 . 2009-09-07 20:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ATI
2009-09-07 20:32 . 2009-09-07 20:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\ATI
2009-09-07 20:32 . 2009-09-07 20:32 0 ----a-w- c:\windows\ativpsrm.bin
2009-09-07 20:28 . 2008-04-13 20:15 6272 -c--a-w- c:\windows\system32\dllcache\splitter.sys
2009-09-07 20:24 . 2008-06-25 16:47 36864 ----a-r- c:\windows\system32\drivers\l1e51x86.sys
2009-09-07 20:23 . 2009-09-07 20:23 -------- d-----w- c:\windows\system32\Atheros_L1e
2009-09-07 20:23 . 2009-09-07 22:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-07 20:20 . 2009-09-07 20:20 -------- d-----w- c:\windows\system32\drivers\system32
2009-09-07 20:20 . 2009-09-07 20:20 -------- d-----w- c:\windows\system32\drivers\INF
2009-09-07 20:20 . 2009-09-07 20:20 -------- d-----w- c:\windows\system32\drivers\help
2009-09-07 20:19 . 2009-09-07 20:19 -------- dc----w- c:\windows\system32\DRVSTORE
2009-09-07 20:19 . 2009-09-07 20:19 -------- d-----w- c:\program files\Intel
2009-09-07 20:19 . 2008-06-04 06:55 53248 ----a-r- c:\windows\system32\CSVer.dll
2009-09-07 20:19 . 2009-09-07 20:19 -------- d-----w- C:\Intel
2009-09-07 20:15 . 2004-08-13 10:56 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys
2009-09-07 20:14 . 2007-12-28 15:22 10296 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2009-09-07 20:02 . 2001-08-17 19:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2009-09-07 20:02 . 2008-04-14 20:32 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-09-07 20:02 . 2008-04-14 20:04 58112 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-09-07 20:01 . 2001-08-17 19:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2009-09-07 20:01 . 2008-04-14 18:32 76288 -c--a-w- c:\windows\system32\dllcache\usbui.dll
2009-09-07 20:01 . 2008-04-14 18:32 76288 ----a-w- c:\windows\system32\usbui.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-13 20:26 . 2001-09-07 12:00 533588 ----a-w- c:\windows\system32\perfh013.dat
2009-09-13 20:26 . 2001-09-07 12:00 100116 ----a-w- c:\windows\system32\perfc013.dat
2009-09-09 13:38 . 2008-04-14 20:33 5632 ----a-w- c:\windows\system32\winver.exe
2009-09-09 05:48 . 2009-09-09 05:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
2009-09-09 05:46 . 2009-09-09 05:45 -------- d-----w- c:\program files\Winamp
2009-09-09 03:45 . 2009-09-07 18:56 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-07 20:30 . 2009-09-07 20:28 -------- d-----w- c:\program files\ATI Technologies
2009-09-07 20:29 . 2009-09-07 20:29 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-09-07 20:28 . 2009-09-07 20:26 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-07 19:40 . 2009-09-07 19:40 12328 ----a-w- c:\documents and settings\Used\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-07 18:56 . 2009-09-07 18:56 -------- d-----w- c:\program files\microsoft frontpage
2009-09-07 18:55 . 2009-09-07 19:46 86 ----a-w- c:\documents and settings\Administrator\DelDC6.bat
2009-09-07 18:55 . 2009-09-07 19:01 86 ----a-w- c:\documents and settings\Used\DelDC6.bat
2009-09-07 18:55 . 2009-09-07 18:57 86 ----a-w- c:\windows\system32\config\systemprofile\DelDC6.bat
2009-09-07 18:55 . 2009-09-07 18:55 86 ----a-w- c:\documents and settings\Default User\DelDC6.bat
2009-09-07 18:54 . 2009-09-07 18:54 -------- d-----w- c:\program files\MSBuild
2009-09-07 18:54 . 2009-09-07 18:54 -------- d-----w- c:\program files\Reference Assemblies
2009-09-07 18:50 . 2009-09-07 18:50 21748 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-07 18:49 . 2009-09-07 18:49 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-05 09:01 . 2008-04-14 20:32 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2008-04-14 20:32 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2008-04-14 20:32 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 19:04 . 2008-04-14 20:32 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2008-05-15 13:33 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:00 . 2008-05-15 13:32 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:27 . 2008-04-14 20:32 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:27 . 2008-04-14 20:32 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:27 . 2008-04-14 20:32 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:27 . 2008-04-14 20:32 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:27 . 2008-04-14 20:32 735232 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:27 . 2008-04-14 20:32 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2008-04-13 22:01 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-03-05 14:07 . 2009-09-09 02:30 2260480 --sha-w- c:\windows\Spybot - Search & Destroy\DFYFZHXXK.scr
2009-01-26 13:31 . 2009-09-09 02:04 5365592 --sha-w- c:\windows\Spybot - Search & Destroy\NFZGIO.scr
2009-01-26 13:31 . 2009-09-09 02:04 1740632 --sha-w- c:\windows\Spybot - Search & Destroy\SDUpdate.exe
2009-01-26 13:31 . 2009-09-09 02:04 5365592 --sha-w- c:\windows\Spybot - Search & Destroy\SpybotSD.exe
2009-03-05 14:07 . 2009-09-09 02:04 2260480 --sha-w- c:\windows\Spybot - Search & Destroy\TeaTimer.exe
2009-01-26 13:31 . 2009-09-09 02:04 1740632 --sha-w- c:\windows\Spybot - Search & Destroy\TETBLBSHFVE.scr
2009-01-26 13:31 . 2009-09-09 02:04 2144088 --sha-w- c:\windows\Spybot - Search & Destroy\YNUMYQ.scr
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/09/2009 22:42 108289]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [7/09/2009 22:28 93696]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [7/09/2009 22:24 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Bijkomende Scan -------
.
uStart Page = www.google.nl
uInternet Connection Wizard,ShellNext = hxxp://www.google.nl/
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\toe7lkby.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-13 22:46
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-823518204-606747145-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,c5,c9,06,4e,92,e3,41,88,2b,47,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,c5,c9,06,4e,92,e3,41,88,2b,47,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2692)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\nl-nl\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\nl-nl\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\webcheck.dll
.
Voltooingstijd: 2009-09-13 22:47
ComboFix-quarantined-files.txt 2009-09-13 20:47

Pre-Run: 227.825.819.648 bytes beschikbaar
Post-Run: 227.839.660.032 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

252 --- E O F --- 2009-09-08 12:46

New Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:04:12, on 13/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\WINDOWS\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252356691010
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252356680838
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

--
End of file - 4786 bytes

Hi :)

Are you aware of this two applications being on your system:- HideWin and ShowDeskFix?

Check Hard Disk For Errors:

Press Start->Run, then copy/paste the following command into the box and press OK:

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"A blank command window will open on your desktop, then close in a few minutes. This is normal.
A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Please go here (http://www.eset.com/onlinescan/) then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS1.gif

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

the checkhd thing doesn't work. I do the cmd and I get like a a flash of 0,5sec cmdprompt and then it goes away and nothing happens at all.. no HD ligh t flickering, nog .txt saved.

Since this one failed, should I still doe the ESET scan in step 2?

Oh and, I was never aware of those program's to be honest. They sound familiar with a strange very unfimiliar feeling..

What are they for? And how could they sneaked into my pc?

thx btw, you've been a great help so far:) Computers doing OK itself, just the wierd CPU increases (which are less in str. now ) and like somethings sucking the internet speed. But dont know those things for sure:) hope the scans will give some idea of the situation. :)

Hi :)


the checkhd thing doesn't work. I do the cmd and I get like a a flash of 0,5sec cmdprompt and then it goes away and nothing happens at all.. no HD ligh t flickering, nog .txt saved.OK no problem we can come back to this.


Oh and, I was never aware of those program's to be honest. They sound familiar with a strange very unfimiliar feeling..

What are they for? And how could they sneaked into my pc?OK since you are not sure about either and my research has revealed they can be malware related and or legitmate depending on the orignal source it would be prudent to remove both.


thx btw, you've been a great help so far:) Computers doing OK itself, just the wierd CPU increases (which are less in str. now ) and like somethings sucking the internet speed. But dont know those things for sure:) hope the scans will give some idea of the situation. :)Good to know and you are welcome!

OK a new set of instructions follows.

Custom ComboFix-Script:

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

File::
c:\windows\HideWin.exe

Folder::
c:\windows\SxsCaPendDel
C:\Program Files\uTorrent

Registry::
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"=-
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"=-
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
Malwarebytes Anti-Malware:

Launch the application, Check for Updates >> Perform a Quick Scan
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Please go here (http://www.eset.com/onlinescan/) then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS1.gif

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.
When completed the above, please post back the following:

How is you computer performing now? Any problems encountered and or any further symptoms?
ComboFix Log.
Malwarebytes Anti-Malware Log.
ESET Log.

Hey there :)

Here come the logs

ComboFix;

ComboFix 09-09-14.02 - Administrator 16/09/2009 0:46.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3327.2540 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Nieuw herstelpunt werd aangemaakt

FILE ::
"c:\windows\HideWin.exe"
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\dsp_sps.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\enc_aacplus.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\enc_flac.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\enc_lame.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\enc_vorbis.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\enc_wav.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\enc_wma.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\gen_crasher.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\gen_ff.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\gen_hotkeys.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\gen_ml.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\gen_tray.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\in_cdda.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\in_dshow.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\in_flac.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\in_flv.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\in_linein.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\in_midi.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\in_mod.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\in_mp3.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\in_mp4.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\in_nsv.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\in_swf.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\in_vorbis.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\in_wave.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\in_wm.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\ml_autotag.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\ml_bookmarks.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\ml_dash.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\ml_disc.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\ml_history.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\ml_impex.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\ml_local.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\ml_nowplaying.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\ml_online.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\ml_orb.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\ml_playlists.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\ml_plg.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\ml_pmp.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\ml_rg.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\ml_transcode.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\ml_wire.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\out_disk.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\out_ds.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\out_wave.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\playlist.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\pmp_activesync.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\pmp_ipod.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\pmp_njb.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\pmp_p4s.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\pmp_usb.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\tagz.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\vis_nsfs.lng
c:\docume~1\ADMINI~1\LOCALS~1\Temp\WLZA32C.tmp\winamp.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\dsp_sps.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\enc_aacplus.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\enc_flac.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\enc_lame.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\enc_vorbis.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\enc_wav.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\enc_wma.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\gen_crasher.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\gen_ff.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\gen_hotkeys.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\gen_ml.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\gen_tray.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\in_cdda.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\in_dshow.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\in_flac.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\in_flv.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\in_linein.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\in_midi.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\in_mod.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\in_mp3.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\in_mp4.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\in_nsv.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\in_swf.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\in_vorbis.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\in_wave.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\in_wm.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\ml_autotag.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\ml_bookmarks.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\ml_dash.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\ml_disc.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\ml_history.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\ml_impex.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\ml_local.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\ml_nowplaying.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\ml_online.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\ml_orb.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\ml_playlists.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\ml_plg.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\ml_pmp.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\ml_rg.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\ml_transcode.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\ml_wire.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\out_disk.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\out_ds.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\out_wave.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\playlist.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\pmp_activesync.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\pmp_ipod.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\pmp_njb.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\pmp_p4s.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\pmp_usb.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\tagz.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\vis_nsfs.lng
c:\documents and settings\Administrator\Local Settings\temp\WLZA32C.tmp\winamp.lng
c:\windows\HideWin.exe
c:\windows\SxsCaPendDel

.
(((((((((((((((((((( Bestanden Gemaakt van 2009-08-15 to 2009-09-15 ))))))))))))))))))))))))))))))
.

2009-09-13 16:35 . 2009-09-13 16:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-13 16:35 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-13 16:35 . 2009-09-13 16:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-13 16:35 . 2009-09-13 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-13 16:35 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-13 13:02 . 2009-09-13 13:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Last.fm
2009-09-13 13:01 . 2009-09-15 22:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Last.fm
2009-09-13 13:01 . 2009-09-13 13:01 -------- d-----w- c:\program files\Last.fm
2009-09-11 16:04 . 2008-04-13 20:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-09-11 16:04 . 2008-04-13 20:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-09-11 16:03 . 2008-04-14 18:32 54272 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-09-11 16:03 . 2008-04-14 18:32 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-09-11 16:03 . 2008-04-13 20:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-09-11 16:03 . 2008-04-13 20:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-09-11 16:00 . 2004-10-08 10:46 53248 ----a-r- c:\windows\system32\InstMed.exe
2009-09-11 16:00 . 2004-10-08 12:00 372736 ----a-w- c:\windows\system32\LVUI2RC.dll
2009-09-11 16:00 . 2004-10-08 11:57 22016 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys
2009-09-11 16:00 . 2004-10-08 11:52 106496 ----a-w- c:\windows\system32\lvcoinst.dll
2009-09-11 16:00 . 2004-10-08 11:56 204800 ----a-w- c:\windows\system32\LVUI2.dll
2009-09-11 16:00 . 2004-10-08 11:55 204800 ----a-w- c:\windows\system32\lvcodec2.dll
2009-09-11 16:00 . 2004-10-08 11:54 1206272 ----a-w- c:\windows\system32\drivers\lvsvf2.sys
2009-09-11 16:00 . 2004-10-08 11:58 585824 ----a-w- c:\windows\system32\drivers\lvcm.sys
2009-09-11 16:00 . 2009-09-11 16:00 -------- d-----w- c:\program files\Common Files\Logitech
2009-09-11 15:58 . 1998-11-13 12:08 308224 ----a-w- c:\windows\IsUn0413.exe
2009-09-09 16:27 . 2009-09-13 21:02 -------- d-----w- c:\program files\trend micro
2009-09-09 16:27 . 2009-09-09 16:27 -------- d-----w- C:\rsit
2009-09-09 13:25 . 2009-09-09 13:25 -------- d-----w- c:\program files\Zone Labs
2009-09-09 13:24 . 2009-09-09 13:25 -------- d-----w- c:\windows\Internet Logs
2009-09-09 05:26 . 2009-09-09 13:25 -------- d-----w- c:\documents and settings\Administrator\SecurityScans
2009-09-09 05:26 . 2009-09-09 05:26 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2
2009-09-09 04:53 . 2009-09-13 16:13 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-09 02:04 . 2009-09-09 13:04 -------- d-----w- c:\windows\Spybot - Search & Destroy
2009-09-09 02:04 . 2009-09-09 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-08 19:36 . 2009-09-08 19:37 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-08 19:36 . 2009-09-09 01:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-09-08 16:48 . 2009-09-08 16:48 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-09-08 16:47 . 2009-09-08 16:47 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-08 12:45 . 2009-09-08 12:45 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2009-09-08 12:44 . 2009-09-08 12:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2009-09-08 00:35 . 2009-09-13 16:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-09-07 22:05 . 2009-09-07 22:05 -------- d-----w- c:\windows\system32\Lang
2009-09-07 22:02 . 2006-08-01 07:02 49152 ------r- c:\windows\system32\ChCfg.exe
2009-09-07 22:02 . 2009-09-07 22:02 -------- d-----w- c:\windows\system32\RTCOM
2009-09-07 22:01 . 2007-11-20 10:15 1826816 ------r- c:\windows\SkyTel.exe
2009-09-07 22:01 . 2006-07-21 08:14 86016 ------r- c:\windows\SoundMan.exe
2009-09-07 22:01 . 2008-04-02 01:27 1196032 ------r- c:\windows\RtlUpd.exe
2009-09-07 22:01 . 2007-03-23 11:19 9715200 ------r- c:\windows\RTLCPL.exe
2009-09-07 22:01 . 2008-05-20 09:53 4800000 ------r- c:\windows\system32\drivers\RtkHDAud.sys
2009-09-07 22:01 . 2008-05-16 06:39 16862720 ------r- c:\windows\RTHDCPL.exe
2009-09-07 22:01 . 2007-06-28 08:44 2165760 ------r- c:\windows\MicCal.exe
2009-09-07 22:01 . 2006-05-04 08:26 2808832 ------r- c:\windows\alcwzrd.exe
2009-09-07 22:01 . 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
2009-09-07 22:01 . 2009-09-07 22:01 -------- d-----w- c:\program files\Realtek
2009-09-07 22:01 . 2008-03-05 10:07 520192 ------r- c:\windows\RtlExUpd.dll
2009-09-07 21:25 . 2009-09-07 21:25 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-07 21:25 . 2009-09-07 21:25 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-07 21:17 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-09-07 21:17 . 2009-09-09 03:44 -------- d-----w- c:\windows\ie8updates
2009-09-07 21:17 . 2009-07-03 17:00 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-07 21:17 . 2009-07-03 17:00 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-07 21:15 . 2009-09-07 21:16 -------- dc-h--w- c:\windows\ie8
2009-09-07 21:12 . 2009-09-07 21:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2009-09-07 21:10 . 2009-09-07 21:10 -------- d-----w- C:\ba48ca1b01ae6718069416
2009-09-07 21:07 . 2009-09-15 22:49 -------- d-----w- c:\documents and settings\Administrator\Tracing
2009-09-07 21:07 . 2009-09-07 21:07 -------- d-----w- c:\program files\Microsoft
2009-09-07 21:06 . 2009-09-07 21:06 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-07 21:06 . 2009-09-07 21:07 -------- d-----w- c:\program files\Windows Live
2009-09-07 21:04 . 2009-09-07 21:04 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-07 21:02 . 2009-09-07 21:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2009-09-07 21:02 . 2009-09-07 21:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2009-09-07 21:02 . 2009-09-08 12:47 -------- d-----w- c:\program files\Windows Desktop Search
2009-09-07 21:02 . 2009-09-07 21:02 -------- d-----w- c:\windows\system32\GroupPolicy
2009-09-07 21:01 . 2009-09-07 21:01 -------- d-----w- c:\windows\system32\URTTEMP
2009-09-07 20:58 . 2009-02-09 11:27 2193408 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-09-07 20:58 . 2009-02-09 11:27 2149888 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-09-07 20:58 . 2009-02-09 11:27 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-09-07 20:57 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-09-07 20:56 . 2008-06-14 17:36 272640 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-09-07 20:56 . 2008-06-14 17:36 272640 ------w- c:\windows\system32\drivers\bthport.sys
2009-09-07 20:53 . 2009-09-09 03:44 -------- d--h--w- c:\windows\$hf_mig$
2009-09-07 20:45 . 2009-09-12 03:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-07 20:45 . 2009-09-09 00:08 -------- d-----w- c:\program files\SpywareBlaster
2009-09-07 20:45 . 2005-08-25 17:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-09-07 20:42 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-07 20:42 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-07 20:42 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-09-07 20:42 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-09-07 20:42 . 2009-09-07 20:42 -------- d-----w- c:\program files\Avira
2009-09-07 20:42 . 2009-09-07 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-09-07 20:39 . 2009-09-07 20:39 0 ----a-w- c:\windows\nsreg.dat
2009-09-07 20:39 . 2009-09-07 20:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-09-07 20:32 . 2009-09-07 21:25 12912 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-07 20:32 . 2009-09-07 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-09-07 20:32 . 2009-09-07 20:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ATI
2009-09-07 20:32 . 2009-09-07 20:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\ATI
2009-09-07 20:32 . 2009-09-07 20:32 0 ----a-w- c:\windows\ativpsrm.bin
2009-09-07 20:28 . 2008-04-13 20:15 6272 -c--a-w- c:\windows\system32\dllcache\splitter.sys
2009-09-07 20:24 . 2008-06-25 16:47 36864 ----a-r- c:\windows\system32\drivers\l1e51x86.sys
2009-09-07 20:23 . 2009-09-07 20:23 -------- d-----w- c:\windows\system32\Atheros_L1e
2009-09-07 20:23 . 2009-09-07 22:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-07 20:20 . 2009-09-07 20:20 -------- d-----w- c:\windows\system32\drivers\system32
2009-09-07 20:20 . 2009-09-07 20:20 -------- d-----w- c:\windows\system32\drivers\INF
2009-09-07 20:20 . 2009-09-07 20:20 -------- d-----w- c:\windows\system32\drivers\help
2009-09-07 20:19 . 2009-09-07 20:19 -------- dc----w- c:\windows\system32\DRVSTORE
2009-09-07 20:19 . 2009-09-07 20:19 -------- d-----w- c:\program files\Intel
2009-09-07 20:19 . 2008-06-04 06:55 53248 ----a-r- c:\windows\system32\CSVer.dll
2009-09-07 20:19 . 2009-09-07 20:19 -------- d-----w- C:\Intel
2009-09-07 20:15 . 2004-08-13 10:56 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys
2009-09-07 20:14 . 2007-12-28 15:22 10296 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2009-09-07 20:02 . 2001-08-17 19:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2009-09-07 20:02 . 2008-04-14 20:32 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-09-07 20:02 . 2008-04-14 20:04 58112 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-09-07 20:01 . 2001-08-17 19:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2009-09-07 20:01 . 2008-04-14 18:32 76288 -c--a-w- c:\windows\system32\dllcache\usbui.dll
2009-09-07 20:01 . 2008-04-14 18:32 76288 ----a-w- c:\windows\system32\usbui.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-15 14:53 . 2001-09-07 12:00 533588 ----a-w- c:\windows\system32\perfh013.dat
2009-09-15 14:53 . 2001-09-07 12:00 100116 ----a-w- c:\windows\system32\perfc013.dat
2009-09-09 13:38 . 2008-04-14 20:33 5632 ----a-w- c:\windows\system32\winver.exe
2009-09-09 05:48 . 2009-09-09 05:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
2009-09-09 05:46 . 2009-09-09 05:45 -------- d-----w- c:\program files\Winamp
2009-09-09 03:45 . 2009-09-07 18:56 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-07 20:30 . 2009-09-07 20:28 -------- d-----w- c:\program files\ATI Technologies
2009-09-07 20:29 . 2009-09-07 20:29 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-09-07 20:28 . 2009-09-07 20:26 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-07 19:40 . 2009-09-07 19:40 12328 ----a-w- c:\documents and settings\Used\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-07 18:56 . 2009-09-07 18:56 -------- d-----w- c:\program files\microsoft frontpage
2009-09-07 18:55 . 2009-09-07 19:46 86 ----a-w- c:\documents and settings\Administrator\DelDC6.bat
2009-09-07 18:55 . 2009-09-07 19:01 86 ----a-w- c:\documents and settings\Used\DelDC6.bat
2009-09-07 18:55 . 2009-09-07 18:57 86 ----a-w- c:\windows\system32\config\systemprofile\DelDC6.bat
2009-09-07 18:55 . 2009-09-07 18:55 86 ----a-w- c:\documents and settings\Default User\DelDC6.bat
2009-09-07 18:54 . 2009-09-07 18:54 -------- d-----w- c:\program files\MSBuild
2009-09-07 18:54 . 2009-09-07 18:54 -------- d-----w- c:\program files\Reference Assemblies
2009-09-07 18:50 . 2009-09-07 18:50 21748 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-07 18:49 . 2009-09-07 18:49 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-05 09:01 . 2008-04-14 20:32 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2008-04-14 20:32 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2008-04-14 20:32 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 19:04 . 2008-04-14 20:32 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2008-05-15 13:33 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:00 . 2008-05-15 13:32 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:27 . 2008-04-14 20:32 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:27 . 2008-04-14 20:32 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:27 . 2008-04-14 20:32 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:27 . 2008-04-14 20:32 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:27 . 2008-04-14 20:32 735232 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:27 . 2008-04-14 20:32 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2008-04-13 22:01 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-03-05 14:07 . 2009-09-09 02:30 2260480 --sha-w- c:\windows\Spybot - Search & Destroy\DFYFZHXXK.scr
2009-01-26 13:31 . 2009-09-09 02:04 5365592 --sha-w- c:\windows\Spybot - Search & Destroy\NFZGIO.scr
2009-01-26 13:31 . 2009-09-09 02:04 1740632 --sha-w- c:\windows\Spybot - Search & Destroy\SDUpdate.exe
2009-01-26 13:31 . 2009-09-09 02:04 5365592 --sha-w- c:\windows\Spybot - Search & Destroy\SpybotSD.exe
2009-03-05 14:07 . 2009-09-09 02:04 2260480 --sha-w- c:\windows\Spybot - Search & Destroy\TeaTimer.exe
2009-01-26 13:31 . 2009-09-09 02:04 1740632 --sha-w- c:\windows\Spybot - Search & Destroy\TETBLBSHFVE.scr
2009-01-26 13:31 . 2009-09-09 02:04 2144088 --sha-w- c:\windows\Spybot - Search & Destroy\YNUMYQ.scr
.

((((((((((((((((((((((((((((( SnapShot@2009-09-13_20.46.58 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-09-07 12:00 . 2009-09-13 20:26 71002 c:\windows\system32\perfc009.dat
+ 2001-09-07 12:00 . 2009-09-15 14:53 71002 c:\windows\system32\perfc009.dat
+ 2001-09-07 12:00 . 2009-09-15 14:53 440684 c:\windows\system32\perfh009.dat
- 2001-09-07 12:00 . 2009-09-13 20:26 440684 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/09/2009 22:42 108289]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [7/09/2009 22:28 93696]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [7/09/2009 22:24 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Bijkomende Scan -------
.
uStart Page = www.google.nl
uInternet Connection Wizard,ShellNext = hxxp://www.google.nl/
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\toe7lkby.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-16 00:49
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-823518204-606747145-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,c5,c9,06,4e,92,e3,41,88,2b,47,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,c5,c9,06,4e,92,e3,41,88,2b,47,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2448)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\nl-nl\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\nl-nl\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Voltooingstijd: 2009-09-15 0:51 - machine werd herstart
ComboFix-quarantined-files.txt 2009-09-15 22:51
ComboFix2.txt 2009-09-13 20:47

Pre-Run: 227.732.275.200 bytes beschikbaar
Post-Run: 227.770.310.656 bytes beschikbaar

379 --- E O F --- 2009-09-08 12:46


Malwarebyte;

Malwarebytes' Anti-Malware 1.41
Database versie: 2805
Windows 5.1.2600 Service Pack 3

16/09/2009 1:18:25
mbam-log-2009-09-16 (01-18-25).txt

Scan type: Snelle Scan
Objecten gescand: 92737
Verstreken tijd: 2 minute(s), 11 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

ESET;

ESETSmartInstaller@High as downloader log:
all ok
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=53d93e22ea6fca48883d52d6996e86e1
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-09-16 07:37:02
# local_time=2009-09-16 09:37:02 (+0100, West-Europa (zomertijd))
# country="Belgium"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 21 100 100 140875781250
# scanned=2660
# found=0
# cleaned=0
# scan_time=468
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=53d93e22ea6fca48883d52d6996e86e1
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-09-16 07:37:53
# local_time=2009-09-16 09:37:53 (+0100, West-Europa (zomertijd))
# country="Belgium"
# lang=2067
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 21 100 100 141384218750
# scanned=526
# found=0
# cleaned=0
# scan_time=6
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=53d93e22ea6fca48883d52d6996e86e1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-09-16 07:47:00
# local_time=2009-09-16 09:47:00 (+0100, West-Europa (zomertijd))
# country="Belgium"
# lang=2067
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 37 100 100 146851718750
# scanned=26968
# found=0
# cleaned=0
# scan_time=523













PS; @ ESET I had to retry 2x until I found out Avira was ON, I then disable Avira and ran the ESET scan.

And at the moment it's doing well, no more wierd CPU increases as far as I know. Internets no more lagging.muha:

:thanks:
I am very thank full for your assistance, :D:

Although I have a few (small) questions left, which i'd like to ask :)


1. Is there a way to tell if I really, really, really am clear of all Mal-/spyware and/or virus thingies ?
2. There's alot of wierd named maps in my hdd, some empty doing pretty much nothing at all.. whats with them?:P
3. There's 2 more computers wich regularly log on the home-network(just a nothing-special Lan), one is my mom's PC, she checks msn everyday, does some surfing etc, but thats pretty much it. The other one is my laptop, which I need for school.

Are they worth making a topic for? Since my mom's pc only has like a hdd of like.. 3-4gb max :') and the laptop doesn't "directly" connect that much anyway, most likely Ill WiFi on my neighbours connection.

Lot's of thanks! :):thanks::rockon:

Hi. :)


And at the moment it's doing well, no more wierd CPU increases as far as I know. Internets no more lagging.Good to know.


I am very thank full for your assistance,

Although I have a few (small) questions left, which i'd like to ask You're welcome and by all means you may ask.


1. Is there a way to tell if I really, really, really am clear of all Mal-/spyware and/or virus thingies ?
My research of the last ComboFix log and other scans I asked for do indeed appear to confirm your computer to be malware free.


2. There's alot of wierd named maps in my hdd, some empty doing pretty much nothing at all.. whats with them?:I'm sorry I do not understand what you mean. Could you elaborate further please.


3. There's 2 more computers wich regularly log on the home-network(just a nothing-special Lan), one is my mom's PC, she checks msn everyday, does some surfing etc, but thats pretty much it. The other one is my laptop, which I need for school.

Are they worth making a topic for? Since my mom's pc only has like a hdd of like.. 3-4gb max :') and the laptop doesn't "directly" connect that much anyway, most likely Ill WiFi on my neighbours connection.There was no indication of the type of malware that would spread via a network. For peace of mind I suggest if a Router in use, reset it and apply a admin password. You could run a online scan on both also as a further precaution. When I post my all clean speech to remove the tools we have used, it also includes advice about online safety, you could implement the measures I will mention on these computers also.

Hi. :)

Do you still require assistance with this issue?

2. There's alot of wierd named maps in my hdd, some empty doing pretty much nothing at all.. whats with them?:

I'm sorry I do not understand what you mean. Could you elaborate further please.
If not let myself know and I will post the relevant information I mentioned prior about removing the tools we have used during the malware removal process and provide some advice about online safety etc.

Hey Hey,

Sorry for the long time lapse here, weekends/alcohol/etc. :alien:

But I've did some looking around and most maps that I found wierd are indeed gone. Although there are a few which I still find.. suspecious;

ba48ca1b01ae6718069416
6,12mb size on HDD

In it are "amd64" "I386", also maps..

Config.Msi (Maybe a combofix related map?)

and the map "temp" has a submap named ext18866.. in it are;
"install.exe"
"install.res.dll"

and in C:\Documents and Settings\Administrator ;

dd_dotnetfx35error_lp.txt
dd_NET_Framework35_LangPack_MSI10A7.txt
DelDC6.bat
DelDC6.tmp
NTUSER.DAT

just a random pick of name's.. I believe the, sort off, same file(names) I can find in pretty much every documents & settings account.

and for example in the C:\WINDOWS

Maps:
ie8(hidden)
ie8updates
ie7updates
Downloaded Program Files
WinSxS
twain_32
security
Registration
RegisteredPackages
Microsoft.NET
ERDNT
ehome
assembly
and (alot) more.

Loose files in C:\WINDOWS ;

clock.avi
bootstat.dat
Ascd_tmp.ini
_delis32.ini
atiogl.xml
NIRCMD.exe
twunk_16.exe
twunk_32.exe
And ALOT more..

And the, as far as I know, normal $NtUninstallKBetcetc.$

greetings, and very, very, very, very much thanks.:rockon::thanks:

Hi. :)


Sorry for the long time lapse here, weekends/alcohol/etc. OK no problem, do not over do it eh. ;).......:laugh:

OK levity aside.

What you have mentioned is fine and actual legitimate files and others created during the malware removal process which will be removed in due course with my below instructions.

Next:

Congratulations your computer now appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow! (http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html)

Also so is this:

What to do if your Computer is running slowly (http://www.malwareremoval.com/tutorials/runningslowly.php)

I advice you also fun a ChkDsk at some point as outlined in this tuturial (http://forums.whatthetech.com/How_run_CHKDSK_Windows_XP_t102348.html)of mine.

Uninstall ComboFix:

Click on Start >> Run...
Now type in Combofix /u in the and click OK.
Note the space between the X and the U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
OTC:

Please download OTC (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop. This tool will remove all the tools we used to clean your pc.

Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

Other installed security software:

Your presently installed Anti-Virus application, Avira AntiVir automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also once per week.

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:

I advise you visit: http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us
Install the Active X
Once installed it will advise set Auto-Updates if not set and you then you will be able to manually check for updates also via:
Start >> All Programs >> Microsoft Updates
Be careful when opening attachments and downloading files:

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge (http://sourceforge.net/) or Pricelessware (http://www.pricelesswarehome.org/).
Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript (http://www.symantec.com/avcenter/noscript.exe) by Symantec or Script Defender (http://www.analogx.com/contents/download/system/sdefend.htm) by AnalogX to handle these scripts.

Make your Internet Explorer safer:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice avoid these types of software applications.

Enable Spybot S&D TeaTimer:

You can start Resident TeaTimer by clicking on Tools ? Resident on the left navigation bar (therefore Spybot-S&D has to run in Advanced Mode). There you can tick the checkboxes next to Resident "TeaTimer" (Protection of over-all system settings) active in order to activate TeaTimer.

Further information on how to use this application can be found here (http://www.spybot.info/en/tutorial/index.html).

Advised Optional Installation:

There is no sign of a software firewall installed on your system. Regardless if using a hardware type and or using the inbuilt Windows Service Pack 3 firewall this is a necessary application as it will also provide outbound protection where as the aforementioned do not.

I highly advise you download ONE of the following firewalls and install it. Restart the computer for changes to take effect.

Jetico Personal Firewall (http://www.jetico.com/download.htm)
Online Armour (http://www.tallemu.com/free-firewall-protection-software.html)
Sunbelt Kerio (http://www.sunbelt-software.com/Kerio.cfm)
This article is a excellent resource regarding the aforementioned firewalls: Understanding and Using Firewalls (http://www.bleepingcomputer.com/tutorials/tutorial60.html)

Finally a educational source:

To learn more about how to protect yourself while on the internet read this article by Tony Klein(updated by tashi):

So how did I get infected in the first place? (http://forums.spybot.info/showthread.php?t=279)

Any questions, feel free to ask. If not stay safe!

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.