PDA

View Full Version : System tool, a long horrid story



Triumph
2011-03-06, 06:41
Hey there,

This is my last resort, asking at forum, probably not the best choice since I tried A LOT. I've spend a whole day trying to get rid off System Tool.

I have no DDS report yet, but I will update this post tomorrow as I just can't stand to look at my comp anymore..

In a nut shell, here's what I did;

01) After I saw the fake messages coming up I immediately googled system tool as the fake warnings were called.
02) Some instructions said; "It's easy just go to application data/random/random.exe rename and delete..
03) Renamed and I thought, I'll delete the files when I'm rebooted..
04) Could not boot into windows anymore, safe mode, nothing worked, all gave a 0x000021a BSOD.
05) Created UBDC4win disc to start up and maybe get the chance to remove some trojans
06) Worked, a tiny bit I guess, found some trojans etc deleted them, rebooted, not a chance of loading win xp.
07) After several hours of trying I saw a topic where someone renamed csrss.exe winlogon.exe win32k.sys and msgina.dll while copying them from a winxp cd in the recovery console.
08) Tried that, finally my good old windows xp login screen...
09) Logged in.. black screen, task manager worked, so explorer.exe wasn't loaded I guessed. I was wrong, explorer.exe was now renamed to explorer. Renaming didn't work.
10) Installed MBAM and ran it, will post the log of this as well tomorrow, it found some trojans again..


But all in all, I can run everything, it's just that explorer doesn't start anymore (and yes i've seen the registry stuff about it, tried renaming etc etc). Nothing seems to work, not even replacing explorer.exe from the winxp cd.

As said, I'll post the logs tomorrow, hope someone has already some tips maybe. Thanks in advance!

David

oldman960
2011-03-06, 08:03
Hi Triumph, welcome to the forum.

To make cleaning this machine easier
Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.


Instead of DDS could you run a different program instead?

Since explorer doesn't seem to be running I'm guessing you are running programs from task manager? If that is the case please download it to C:\ and run it via taskmanager.

Open Task Manager with ctrl,alt
In Task Manager, click the Options button
check mark Allways on Top
This will keep Taskmanager from disappearing when you click on anything else.
Using your left mouse button, click on the top blue portion of Task Manager and slide it down to the lower part of your screen so these instructions are visible.


Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to C:\

Next
Holding down your left mouse button, highlight all the bolded text below.
right click the highlighted text and choose copy


netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.līk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Deskuop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
/md5stop


To run OTL from task manager

In Task Manager
click file
click New Task(Run...)
type the following line into the open: field
C:\otl.exe
click ok
Once OTL opens



When the window appears, underneath Output at the top change it to Minimal Output
Check the boxes beside LOP Check and Purity Check.
In the window under Custom Scans/Fixes, right click and select paste. The text you copied earlier should appear.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Please post back with
the MBAM log
both OTL logs
if you have ran DDS post that as well
Thanks

Triumph
2011-03-06, 12:22
MBAM Log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5970

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

6-3-2011 4:57:02
mbam-log-2011-03-06 (04-56-58).txt

Scan type: Full scan (C:\|F:\|)
Objects scanned: 284990
Time elapsed: 12 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Driver Setup (Worm.Palevo) -> Value: Microsoft Driver Setup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mbolqtsv (Trojan.FakeAlert.Gen) -> Value: mbolqtsv -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bipro (Trojan.Agent.Gen) -> Value: bipro -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Advanced DHTML Enable (Trojan.Agent) -> Value: Advanced DHTML Enable -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Triumph
2011-03-06, 12:23
OTL.EXE

OTL logfile created on: 6-3-2011 11:18:27 - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = c:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000413 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 8,10 Gb Free Space | 33,16% Space Free | Partition Type: NTFS
Drive D: | 581,89 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 44,52 Gb Total Space | 6,12 Gb Free Space | 13,75% Space Free | Partition Type: NTFS
Drive I: | 982,01 Mb Total Space | 492,16 Mb Free Space | 50,12% Space Free | Partition Type: FAT32

Computer Name: DAVIDINTEL | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - c:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Sweex\LW312\Utility\UI.exe ()
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Modules (SafeList) ==========

MOD - c:\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SpyHunter 4 Service) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (RT80x86) -- C:\WINDOWS\system32\drivers\rt2860.sys (Ralink Technology, Corp.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (sfman) Creative SoundFont Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) Creative Interface Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) Creative SB Live! (WDM) -- C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.)
DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.http: "188.40.72.198"
FF - prefs.js..network.proxy.http_port: 80

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-02-15 19:34:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-11-05 12:08:58 | 000,000,000 | ---D | M]

[2009-03-25 20:45:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions
[2011-02-02 18:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\q69qb81l.default\extensions
[2011-02-02 18:13:15 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\q69qb81l.default\extensions\firebug@software.joehewitt.com
[2011-02-02 18:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009-11-02 21:24:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011-03-06 02:51:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HitmanPro35] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
O4 - HKCU..\Run: [LightScribe Control Panel] File not found
O4 - HKCU..\Run: [nyxnqeop] File not found
O4 - HKCU..\Run: [rpmrdwes] File not found
O4 - HKCU..\Run: [walyukrn] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sweex utility.lnk = C:\Program Files\Sweex\LW312\Utility\UI.exe ()
O4 - Startup: C:\Documents and Settings\David\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Documents and Settings\David\Start Menu\Programs\Startup\Sweex utility.lnk = C:\Program Files\Sweex\LW312\Utility\UI.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} http://192.168.1.41:2222/tsweb/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\System32\explorer.exe ()
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-03-25 19:16:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004-08-04 13:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16620634377289728)

========== Files/Folders - Created Within 30 Days ==========

[2011-03-06 11:16:16 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2011-03-06 05:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011-03-06 05:12:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Start Menu\Programs\HiJackThis
[2011-03-06 05:09:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011-03-06 05:03:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\TFC.exe
[2011-03-06 04:18:05 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011-03-06 04:17:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-03-06 03:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Start Menu\Programs\SpyHunter
[2011-03-06 03:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-03-06 03:26:01 | 000,000,000 | ---D | C] -- C:\I386
[2011-03-06 03:19:35 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthusb.sys
[2011-03-06 03:19:35 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2011-03-06 03:19:34 | 000,274,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011-03-06 03:19:34 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthpan.sys
[2011-03-06 03:19:34 | 000,035,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthprint.sys
[2011-03-06 03:19:33 | 000,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys
[2011-03-06 03:19:33 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011-03-06 03:19:33 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthenum.sys
[2011-03-06 03:19:32 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011-03-06 03:19:32 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011-03-06 03:19:32 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011-03-06 03:19:31 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011-03-06 03:19:31 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011-03-06 03:19:31 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011-03-06 03:19:30 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011-03-06 03:19:28 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011-03-06 03:19:27 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2011-03-06 03:19:27 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011-03-06 03:19:27 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011-03-06 03:19:27 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011-03-06 03:19:26 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011-03-06 03:19:26 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011-03-06 03:19:26 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011-03-06 03:19:25 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011-03-06 03:19:25 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011-03-06 03:19:25 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011-03-06 03:19:21 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2011-03-06 03:19:18 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2011-03-06 03:19:17 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011-03-06 03:19:17 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2011-03-06 03:19:17 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2011-03-06 03:19:17 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2011-03-06 03:19:16 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2011-03-06 03:19:16 | 000,014,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2011-03-06 03:19:15 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011-03-06 03:19:15 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2011-03-06 03:19:15 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011-03-06 03:19:15 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011-03-06 03:19:14 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011-03-06 03:19:14 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011-03-06 03:19:14 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011-03-06 03:19:13 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011-03-06 03:19:13 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2011-03-06 03:19:13 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2011-03-06 03:19:12 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2011-03-06 03:19:04 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv10nt5.dll
[2011-03-06 03:19:04 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv06nt5.dll
[2011-03-06 03:19:03 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv04nt5.dll
[2011-03-06 03:19:03 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv02nt5.dll
[2011-03-06 03:19:02 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv01nt5.dll
[2011-03-06 03:19:01 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ativvaxx.dll
[2011-03-06 03:19:00 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativtmxx.dll
[2011-03-06 03:18:59 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativmvxx.ax
[2011-03-06 03:18:59 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativdaxx.ax
[2011-03-06 03:18:57 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2011-03-06 03:18:57 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2011-03-06 03:18:57 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxsxx.sys
[2011-03-06 03:18:56 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxbxx.sys
[2011-03-06 03:18:55 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atintuxx.sys
[2011-03-06 03:18:55 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinsnxx.sys
[2011-03-06 03:18:55 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinttxx.sys
[2011-03-06 03:18:54 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinrvxx.sys
[2011-03-06 03:18:54 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinraxx.sys
[2011-03-06 03:18:54 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinpdxx.sys
[2011-03-06 03:18:54 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinmdxx.sys
[2011-03-06 03:18:53 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2011-03-06 03:18:53 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2011-03-06 03:18:53 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinbtxx.sys
[2011-03-06 03:18:52 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2011-03-06 03:18:52 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2011-03-06 03:18:52 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2011-03-06 03:18:52 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2011-03-06 03:18:51 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3duag.dll
[2011-03-06 03:18:51 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2011-03-06 03:18:50 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3d1ag.dll
[2011-03-06 03:18:50 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys
[2011-03-06 03:18:49 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvaa.dll
[2011-03-06 03:18:49 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtaa.sys
[2011-03-06 03:18:49 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2cqag.dll
[2011-03-06 03:18:49 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvag.dll
[2011-03-06 03:18:48 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1tuxx.sys
[2011-03-06 03:18:48 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1xsxx.sys
[2011-03-06 03:18:48 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1xbxx.sys
[2011-03-06 03:18:47 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1rvxx.sys
[2011-03-06 03:18:47 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1raxx.sys
[2011-03-06 03:18:47 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1snxx.sys
[2011-03-06 03:18:47 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1ttxx.sys
[2011-03-06 03:18:46 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1btxx.sys
[2011-03-06 03:18:46 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1pdxx.sys
[2011-03-06 03:18:46 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1mdxx.sys
[2011-03-06 03:18:45 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2011-03-06 03:18:45 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2011-03-06 03:18:43 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011-03-06 03:18:41 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2011-03-06 03:18:41 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2011-03-06 03:18:41 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2011-03-06 03:18:37 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2011-03-06 03:18:36 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2011-03-06 03:18:36 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2011-03-06 03:18:35 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\dllcache\amdagp.sys
[2011-03-06 03:18:35 | 000,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\alim1541.sys
[2011-03-06 03:18:35 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011-03-06 03:18:35 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2011-03-06 03:18:34 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2011-03-06 03:18:34 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2011-03-06 03:18:34 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2011-03-06 03:18:34 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2011-03-06 03:18:34 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2011-03-06 03:18:26 | 000,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agpcpq.sys
[2011-03-06 03:18:26 | 000,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agp440.sys
[2011-03-06 03:18:25 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2011-03-06 03:18:24 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv11nt5.dll
[2011-03-06 03:18:24 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv09nt5.dll
[2011-03-06 03:18:24 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv08nt5.dll
[2011-03-06 03:18:23 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv07nt5.dll
[2011-03-06 03:18:23 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv05nt5.dll
[2011-03-06 03:18:22 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv01nt5.dll
[2011-03-06 03:18:22 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv02nt5.dll
[2011-03-06 03:18:18 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2011-03-06 03:18:18 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011-03-06 03:18:16 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011-03-06 03:18:15 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011-03-06 03:18:14 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011-03-06 03:18:14 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011-03-06 03:18:14 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2011-03-06 03:18:14 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2011-03-06 03:18:13 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2011-03-06 03:18:13 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011-03-06 03:18:12 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2011-03-06 03:18:12 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2011-03-06 03:18:12 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2011-03-06 03:18:12 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2011-03-06 03:18:11 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011-03-06 03:18:11 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011-03-06 03:18:11 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2011-03-06 03:18:11 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2011-03-06 03:18:10 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011-03-06 03:18:10 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011-03-06 03:18:10 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011-03-06 03:18:10 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2011-03-06 03:18:10 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2011-03-06 03:18:09 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2011-03-06 03:17:50 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2011-03-06 03:17:47 | 002,180,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011-03-06 02:38:04 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011-03-06 02:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011-03-06 02:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Malwarebytes
[2011-03-06 02:01:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-03-06 02:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011-03-06 02:01:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-03-06 02:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-03-06 00:48:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temporary Internet Files
[2011-03-06 00:48:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011-03-06 00:48:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Recent
[2011-03-06 00:48:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Recent
[2011-03-06 00:48:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\History
[2011-03-05 20:36:59 | 000,000,000 | ---D | C] -- C:\Virus Removal Tool
[2011-02-26 18:13:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Local Settings\Application Data\CutePDF Writer
[2011-02-26 18:12:16 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS
[2011-02-26 18:11:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CutePDF
[2011-02-26 18:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2011-02-26 16:41:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\New Folder
[2011-02-26 16:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Apple Computer
[2011-02-26 16:31:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011-02-26 16:31:43 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2011-02-26 16:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011-02-26 16:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011-02-26 16:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011-02-26 16:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011-02-26 16:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011-02-26 16:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Local Settings\Application Data\Apple
[2011-02-26 16:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011-02-26 16:30:54 | 004,184,352 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2011-02-26 16:30:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011-02-26 16:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011-02-26 16:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Local Settings\Application Data\Apple Computer
[2011-02-11 21:08:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2011-02-11 21:04:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2011-02-11 21:03:51 | 009,721,960 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.EXE
[2011-02-11 21:03:51 | 006,188,648 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys
[2011-02-11 21:03:51 | 001,489,512 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2011-02-11 21:03:51 | 000,891,496 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.CPL
[2011-02-11 21:03:51 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2011-02-11 21:03:51 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2011-02-11 21:03:51 | 000,054,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstXP.dll
[2011-02-11 21:03:49 | 002,815,592 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2011-02-11 21:03:49 | 002,180,712 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2011-02-11 21:03:49 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2011-02-11 21:03:49 | 001,395,800 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\Monfilt.sys
[2011-02-11 21:03:48 | 000,064,104 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
[2011-02-11 21:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011-02-11 21:03:42 | 001,251,944 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2011-02-11 20:23:44 | 004,122,368 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\alcxwdm.sys
[2011-02-11 20:23:44 | 000,084,584 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2011-02-11 20:23:43 | 010,528,768 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTLCPL.exe
[2011-02-11 20:23:43 | 000,285,288 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL
[2011-02-11 20:23:24 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97
[2011-02-11 20:23:22 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe
[2011-02-11 20:23:22 | 000,217,088 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcrmv.exe
[2011-02-11 20:05:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Local Settings\Application Data\eSupport.com

========== Files - Modified Within 30 Days ==========

[2011-03-06 11:18:11 | 072,141,124 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011-03-06 11:16:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2011-03-06 11:10:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-03-06 05:17:00 | 000,002,803 | ---- | M] () -- C:\Documents and Settings\David\Desktop\HiJackThis.lnk
[2011-03-06 05:03:36 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\TFC.exe
[2011-03-06 04:07:00 | 000,000,356 | RHS- | M] () -- C:\boot.ini
[2011-03-06 02:51:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011-03-06 02:47:13 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\David\Desktop\hosts-perm.bat
[2011-03-06 02:38:06 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\David\Desktop\SpyHunter.lnk
[2011-03-06 02:01:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-03-05 15:04:32 | 000,000,330 | RHS- | M] () -- C:\bootini.bak
[2011-03-04 23:56:32 | 000,000,095 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2011-03-04 14:15:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-03-02 13:10:54 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\David\Local Settings\Application Data\PUTTY.RND
[2011-02-28 19:26:35 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Flash CS4 Professional.lnk
[2011-02-26 16:41:03 | 000,227,386 | ---- | M] () -- C:\Documents and Settings\David\Desktop\tets.wab
[2011-02-26 16:40:42 | 000,006,457 | ---- | M] () -- C:\Documents and Settings\David\Desktop\test.csv
[2011-02-26 16:39:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2011-02-26 16:31:45 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011-02-26 16:31:11 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011-02-26 16:31:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011-02-25 11:30:30 | 001,438,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-02-22 22:20:26 | 000,076,617 | ---- | M] () -- C:\Documents and Settings\David\Desktop\realm.jpg
[2011-02-21 12:09:26 | 000,003,805 | ---- | M] () -- C:\Documents and Settings\David\Desktop\pic1.jpg
[2011-02-18 13:11:58 | 000,011,288 | ---- | M] () -- C:\Documents and Settings\David\Desktop\friendsinfashion2.jpg
[2011-02-18 13:06:44 | 000,010,017 | ---- | M] () -- C:\Documents and Settings\David\Desktop\friendsinfashion.jpg
[2011-02-17 13:42:02 | 000,002,692 | ---- | M] () -- C:\Documents and Settings\David\Desktop\b gaelic.jpg
[2011-02-11 21:08:06 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2011-02-11 21:08:06 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2011-02-11 21:05:17 | 000,434,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-02-11 21:05:17 | 000,068,828 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-02-09 16:07:02 | 000,004,606 | ---- | M] () -- C:\Documents and Settings\David\Desktop\html.html
[2011-02-09 16:06:10 | 000,006,504 | ---- | M] () -- C:\Documents and Settings\David\Desktop\style.css

========== Files Created - No Company Name ==========

[2011-03-06 05:12:31 | 000,002,803 | ---- | C] () -- C:\Documents and Settings\David\Desktop\HiJackThis.lnk
[2011-03-06 04:06:59 | 000,000,567 | ---- | C] () -- C:\Documents and Settings\David\Start Menu\Programs\Startup\Sweex utility.lnk
[2011-03-06 04:06:59 | 000,000,567 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sweex utility.lnk
[2011-03-06 04:06:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\David\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2011-03-06 03:51:33 | 000,359,533 | ---- | C] () -- C:\WINDOWS\System32\explorer.exe
[2011-03-06 03:50:58 | 000,359,533 | ---- | C] () -- C:\WINDOWS\explorer.oldexe
[2011-03-06 03:19:01 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011-03-06 03:19:01 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011-03-06 03:19:00 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011-03-06 03:18:59 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011-03-06 03:18:58 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011-03-06 03:18:58 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011-03-06 03:18:58 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011-03-06 03:18:58 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011-03-06 03:18:57 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011-03-06 03:18:51 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011-03-06 02:47:23 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\David\Desktop\hosts-perm.bat
[2011-03-06 02:38:06 | 000,001,973 | ---- | C] () -- C:\Documents and Settings\David\Desktop\SpyHunter.lnk
[2011-03-06 02:14:40 | 000,359,533 | ---- | C] () -- C:\WINDOWS\System32\bla.exe
[2011-03-06 02:01:56 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-03-02 13:02:36 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\PUTTY.RND
[2011-02-28 19:26:35 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Flash CS4 Professional.lnk
[2011-02-28 19:25:46 | 000,002,024 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Pixel Bender Toolkit.lnk
[2011-02-28 19:23:19 | 000,001,104 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
[2011-02-26 18:11:05 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011-02-26 16:41:03 | 000,227,386 | ---- | C] () -- C:\Documents and Settings\David\Desktop\tets.wab
[2011-02-26 16:40:41 | 000,006,457 | ---- | C] () -- C:\Documents and Settings\David\Desktop\test.csv
[2011-02-26 16:31:45 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011-02-26 16:31:11 | 000,001,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011-02-26 16:31:00 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011-02-26 16:30:59 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011-02-22 22:20:26 | 000,076,617 | ---- | C] () -- C:\Documents and Settings\David\Desktop\realm.jpg
[2011-02-21 12:09:26 | 000,003,805 | ---- | C] () -- C:\Documents and Settings\David\Desktop\pic1.jpg
[2011-02-18 13:11:58 | 000,011,288 | ---- | C] () -- C:\Documents and Settings\David\Desktop\friendsinfashion2.jpg
[2011-02-18 13:06:44 | 000,010,017 | ---- | C] () -- C:\Documents and Settings\David\Desktop\friendsinfashion.jpg
[2011-02-17 13:42:02 | 000,002,692 | ---- | C] () -- C:\Documents and Settings\David\Desktop\b gaelic.jpg
[2011-02-11 21:08:06 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2011-02-11 21:08:05 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2011-02-11 20:23:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011-02-11 20:23:43 | 000,141,016 | ---- | C] () -- C:\WINDOWS\System32\alsndmgr.wav
[2011-02-09 16:07:02 | 000,004,606 | ---- | C] () -- C:\Documents and Settings\David\Desktop\html.html
[2011-02-09 16:06:10 | 000,006,504 | ---- | C] () -- C:\Documents and Settings\David\Desktop\style.css
[2010-11-12 14:32:55 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010-11-12 14:32:53 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010-11-12 14:32:53 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010-11-12 14:30:34 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010-11-12 14:04:33 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010-09-27 11:25:13 | 000,013,930 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010-08-30 18:55:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-08-30 18:55:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-08-30 18:55:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-08-30 18:50:47 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\0d41PoG.dat
[2010-08-30 18:39:52 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010-07-11 17:25:41 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\fusioncache.dat
[2010-06-10 08:36:19 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\David\Application Data\winscp.rnd
[2010-03-31 02:27:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010-03-31 02:18:32 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010-02-26 14:38:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009-10-20 14:24:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-09-26 18:29:19 | 001,105,800 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009-09-14 23:46:02 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009-09-14 23:45:55 | 000,111,928 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009-09-14 23:45:40 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009-09-12 20:33:45 | 000,000,534 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009-08-07 18:51:34 | 000,178,430 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009-08-07 16:17:00 | 000,064,790 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2009-04-15 21:52:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll
[2009-04-03 19:32:57 | 000,116,224 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-03-27 12:48:05 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009-03-25 20:45:58 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009-03-25 20:45:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009-03-25 20:08:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009-03-25 20:06:43 | 001,438,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-03-25 19:32:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009-03-25 19:18:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009-03-25 19:14:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007-01-31 14:48:36 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP7311.ini
[2004-08-04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004-08-04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004-08-04 13:00:00 | 000,434,838 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004-08-04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004-08-04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004-08-04 13:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004-08-04 13:00:00 | 000,068,828 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004-08-04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004-08-04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004-08-04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-08-04 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004-08-04 13:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004-08-04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004-08-04 13:00:00 | 000,000,080 | ---- | C] () -- C:\WINDOWS\explorer.exe.scf
[1997-06-13 16:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2011-03-06 01:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009-04-29 10:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010-08-30 18:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010-08-30 18:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011-02-26 16:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010-04-22 16:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Belastingdienst
[2009-04-29 10:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\DAEMON Tools Lite
[2009-10-12 18:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\ImgBurn
[2009-11-09 02:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Octoshape
[2010-03-31 02:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Samsung
[2010-09-29 20:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\TS3Client

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009-08-04 22:06:23 | 000,000,000 | ---- | M] () -- C:\AILog.txt
[2009-03-25 19:16:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-08-30 18:00:01 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011-03-06 04:07:00 | 000,000,356 | RHS- | M] () -- C:\boot.ini
[2011-03-05 15:04:32 | 000,000,330 | RHS- | M] () -- C:\bootini.bak
[2004-08-03 22:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010-08-30 19:06:53 | 000,013,572 | ---- | M] () -- C:\ComboFix.txt
[2009-03-25 19:16:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009-03-25 19:16:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-03-25 19:16:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004-08-04 13:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011-03-06 11:16:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2011-03-06 11:10:25 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011-03-06 02:44:23 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2010-08-30 18:15:02 | 000,348,672 | ---- | M] () -- C:\rmbg3svx.nt
[2009-07-16 21:30:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009-07-16 21:30:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010-11-08 19:17:09 | 000,000,060 | ---- | M] () -- C:\tracert.txt
[2011-03-06 00:54:17 | 000,095,645 | ---- | M] () -- C:\Win-Files.txt

< %systemroot%\Fonts\*.com >
[2006-04-18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006-06-29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006-04-18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006-06-29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009-03-25 19:16:47 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008-07-06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006-04-10 14:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2003-06-18 16:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008-07-06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009-03-25 20:05:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009-03-25 20:05:56 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009-03-25 20:05:56 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.līk /x >
[2009-03-25 19:16:58 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
[2009-03-25 19:16:58 | 000,001,607 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
[2009-03-25 19:16:58 | 000,000,398 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Catalog.lnk
[2009-03-25 19:16:58 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Deskuop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >


< MD5 for: EXPLORER.EX_ >
[2004-08-04 13:00:00 | 000,359,533 | ---- | M] () MD5=4F061B12F3D5457315A0314954E7EF46 -- C:\I386\EXPLORER.EX_

< MD5 for: EXPLORER.EXE >
[2004-08-04 13:00:00 | 000,359,533 | ---- | M] () MD5=4F061B12F3D5457315A0314954E7EF46 -- C:\WINDOWS\system32\explorer.exe

< MD5 for: EXPLORER.EXE.SCF >
[2004-08-04 13:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.exe.scf

< MD5 for: EXPLORER.EXE-082F38A9.PF >
[2011-03-04 17:22:52 | 000,073,584 | ---- | M] () MD5=2040DD67B35F1D8E0D4BEA0B08F80FDC -- C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf

< MD5 for: EXPLORER.OLDEXE >
[2004-08-04 13:00:00 | 000,359,533 | ---- | M] () MD5=4F061B12F3D5457315A0314954E7EF46 -- C:\WINDOWS\explorer.oldexe

< MD5 for: EXPLORER.SC_ >
[2004-08-04 13:00:00 | 000,000,181 | ---- | M] () MD5=BC5B38879C56DFBC05C8B5C43AC4D739 -- C:\I386\EXPLORER.SC_

< MD5 for: IEXPLORE.CH_ >
[2004-08-04 13:00:00 | 000,199,077 | ---- | M] () MD5=5F64795662F162CCD8B30969B6682029 -- C:\I386\IEXPLORE.CH_

< MD5 for: IEXPLORE.CHM >
[2004-08-04 13:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\Help\iexplore.chm
[2006-09-01 07:43:50 | 000,503,758 | ---- | M] () MD5=652E46500C149D1DC948BF9CEA8C4933 -- C:\Program Files\IE7\iexplore.chm

< MD5 for: IEXPLORE.EX_ >
[2004-08-04 13:00:00 | 000,037,895 | ---- | M] () MD5=F83009589844F0C30801CC2221F06AB9 -- C:\I386\IEXPLORE.EX_

< MD5 for: IEXPLORE.EXE >
[2009-04-20 12:56:28 | 000,031,232 | ---- | M] () MD5=AE72E8619CB31D84DA25E2435E55003C -- C:\ComboFix\iexplore.exe
[2007-08-13 17:43:56 | 000,622,080 | ---- | M] (Microsoft Corporation) MD5=DE49B348A18369B4626FBA1D49B07FB4 -- C:\Program Files\IE7\iexplore.exe
[2004-08-04 13:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
[2004-08-04 13:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\ERDNT\cache\IEXPLORE.EXE
[2004-08-04 13:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\system32\dllcache\iexplore.exe

< MD5 for: IEXPLORE.EXE.LOCAL >
[2010-06-22 14:29:30 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Program Files\IE7\iexplore.exe.local

< MD5 for: IEXPLORE.EXE.MUI >
[2007-08-13 17:43:36 | 000,573,440 | ---- | M] (Microsoft Corporation) MD5=B58D8A1C7EE0E922EC7D2616DA136FC3 -- C:\Program Files\IE7\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-26A4253F.PF >
[2011-03-03 18:08:47 | 000,080,640 | ---- | M] () MD5=6126EFACD950EC9C2A65C8EA98226CFB -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-26A4253F.pf

< MD5 for: IEXPLORE.HL_ >
[2004-08-04 13:00:00 | 000,059,881 | ---- | M] () MD5=D23388C8D5D82D4D1C3B0B6A256E3CB7 -- C:\I386\IEXPLORE.HL_

< MD5 for: IEXPLORE.HLP >
[2004-08-04 13:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\WINDOWS\Help\iexplore.hlp

< MD5 for: WINLOGON.EX_ >
[2004-08-04 13:00:00 | 000,261,115 | ---- | M] () MD5=F41C4F5745589D0BB8268C02B71594CA -- C:\I386\WINLOGON.EX_

< MD5 for: WINLOGON.EXE >
[2004-08-04 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004-08-04 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINLOGON.OLD >
[2004-08-04 13:00:00 | 000,261,115 | ---- | M] () MD5=F41C4F5745589D0BB8268C02B71594CA -- C:\WINDOWS\system32\winlogon.old

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >

Triumph
2011-03-06, 12:24
OTL Extras logfile created on: 6-3-2011 11:18:27 - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = c:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000413 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 8,10 Gb Free Space | 33,16% Space Free | Partition Type: NTFS
Drive D: | 581,89 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 44,52 Gb Total Space | 6,12 Gb Free Space | 13,75% Space Free | Partition Type: NTFS
Drive I: | 982,01 Mb Total Space | 492,16 Mb Free Space | 50,12% Space Free | Partition Type: FAT32

Computer Name: DAVIDINTEL | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L
Drive [find] -- %SystemRoot%\Explorer.exe

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Disabled:Adobe CSI CS4
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Disabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Adobe\Adobe Flash CS4\Flash.exe" = C:\Program Files\Adobe\Adobe Flash CS4\Flash.exe:*:Disabled:Adobe Flash CS4 Professional -- (Adobe Systems Incorporated.)
"F:\WOW\Launcher.exe" = F:\WOW\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Documents and Settings\David\Local Settings\Apps\2.0\DG58PY6H.0TQ\EBLBB6L5.E57\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe" = C:\Documents and Settings\David\Local Settings\Apps\2.0\DG58PY6H.0TQ\EBLBB6L5.E57\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10F5387D-1728-423A-A578-B00982CF2646}" = Windows Live Messenger
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B0098FF-1816-4F42-8203-FA29F5735596}" = Samsung PC Studio 3
"{1BD6AE96-4742-4498-9D03-9451C7E5A214}" = Windows Live aanmeldhulp
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB}" = Windows Live Call
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2C34CB9F-F271-48A6-B75E-00B199D8F217}" = Sweex LW312 Driver
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{41EBC322-660F-4D16-A0DF-53147210CBDB}" = SpyHunter
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{562B9CA4-6E52-4F87-ACEC-912FC004F1F0}" = Windows Live Essentials
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1043-7B44-A93000000001}" = Adobe Reader 9.3.2 - Nederlands
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Age of Empires 2.0" = Microsoft Age of Empires II
"AVG9Uninstall" = AVG Free 9.0
"BitLord" = BitLord 1.1
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Easy Cover Print 2.3" = Easy Cover Print 2.3
"EditPlus 2" = EditPlus 2
"ESET Online Scanner" = ESET Online Scanner v3
"Fraps" = Fraps (remove only)
"IE7 Standalone_is1" = Internet Explorer 7 Standalone
"ImgBurn" = ImgBurn
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"QuicktimeAlt_is1" = QuickTime Alternative 1.47
"RealAlt_is1" = Real Alternative 1.7.5
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"VLC media player" = VLC media player 1.0.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.7
"WMCSetup" = Windows Media Connect
"World of Warcraft" = World of Warcraft
"WS_FTP Pro" = Ipswitch WS_FTP Pro
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21-11-2010 14:35:06 | Computer Name = DAVIDINTEL | Source = Application Hang | ID = 1002
Description = Hanging application wsftppro.exe, version 8.0.3.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 16-12-2010 20:04:20 | Computer Name = DAVIDINTEL | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.

Error - 6-1-2011 17:25:49 | Computer Name = DAVIDINTEL | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.

Error - 5-2-2011 15:31:48 | Computer Name = DAVIDINTEL | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.

Error - 15-2-2011 9:58:55 | Computer Name = DAVIDINTEL | Source = Application Hang | ID = 1002
Description = Hanging application Wow.exe, version 4.0.6.13623, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 20-2-2011 14:08:22 | Computer Name = DAVIDINTEL | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.

Error - 25-2-2011 11:58:52 | Computer Name = DAVIDINTEL | Source = Application Error | ID = 1000
Description = Faulting application wsftppro.exe, version 8.0.3.0, faulting module
wsftpext.dll, version 8.0.3.0, fault address 0x00039142.

Error - 28-2-2011 14:50:44 | Computer Name = DAVIDINTEL | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.

Error - 1-3-2011 6:36:42 | Computer Name = DAVIDINTEL | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.

Error - 1-3-2011 14:45:37 | Computer Name = DAVIDINTEL | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.

[ System Events ]
Error - 6-3-2011 0:04:00 | Computer Name = DAVIDINTEL | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 6-3-2011 0:04:02 | Computer Name = DAVIDINTEL | Source = Service Control Manager | ID = 7031
Description = The Mobiel Apple apparaat service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6-3-2011 0:04:02 | Computer Name = DAVIDINTEL | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly. It has done this 1
time(s).

Error - 6-3-2011 0:04:02 | Computer Name = DAVIDINTEL | Source = Service Control Manager | ID = 7034
Description = The Bonjour-service service terminated unexpectedly. It has done
this 1 time(s).

Error - 6-3-2011 0:04:02 | Computer Name = DAVIDINTEL | Source = Service Control Manager | ID = 7031
Description = The AVG Free WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 6-3-2011 0:05:29 | Computer Name = DAVIDINTEL | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 6-3-2011 0:05:29 | Computer Name = DAVIDINTEL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i2omgmt

Error - 6-3-2011 0:05:35 | Computer Name = DAVIDINTEL | Source = NetBT | ID = 4307
Description = Initialization failed because the transport refused to open initial
Addresses.

Error - 6-3-2011 6:10:39 | Computer Name = DAVIDINTEL | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 6-3-2011 6:10:39 | Computer Name = DAVIDINTEL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i2omgmt


< End of report >

Triumph
2011-03-06, 12:33
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by David at 11:30:32,89 on zo 06-03-2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2321 [GMT 1:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sweex\LW312\Utility\UI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\otl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\David\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [walyukrn] c:\documents and settings\david\local settings\application data\ydcjxkjhl\ylpqbbushdw.exe
uRun: [rpmrdwes] c:\documents and settings\david\local settings\application data\wpxjxcwya\ytekjewshdw.exe
uRun: [nyxnqeop] c:\documents and settings\david\local settings\application data\toukxiufr\ymrbfyyshdw.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime alternative\QTTask.exe" -atboottime
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\david\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\docume~1\david\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\david\startm~1\programs\startup\sweexu~1.lnk - c:\program files\sweex\lw312\utility\UI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sweexu~1.lnk - c:\program files\sweex\lw312\utility\UI.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} - hxxp://192.168.1.41:2222/tsweb/msrdp.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: {40130880-28F3-4446-8F52-358CEFE7B002} = 62.179.104.196,213.46.228.196
TCP: {5D2D4ED9-5765-4B17-A4BF-75C045F78631} = 62.179.104.196,213.46.228.196
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\david\applic~1\mozilla\firefox\profiles\q69qb81l.default\
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin6.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-25 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-25 29584]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-25 308136]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-11-5 327000]
R3 RT80x86;Sweex Wireless PCI Card Driver;c:\windows\system32\drivers\rt2860.sys [2010-9-27 1015424]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;\??\c:\program files\finalwire\aida64 extreme edition\kerneld.x32 --> c:\program files\finalwire\aida64 extreme edition\kerneld.x32 [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-2-11 1691480]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
=============== Created Last 30 ================
.
2011-03-06 10:30:27 -------- d-----w- C:\ERDNT
2011-03-06 10:16:16 581120 ----a-w- C:\OTL.exe
2011-03-06 04:17:00 388096 ----a-r- c:\docume~1\david\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-06 04:17:00 -------- d-----w- c:\program files\Trend Micro
2011-03-06 04:09:06 -------- d-----w- c:\program files\ESET
2011-03-06 03:18:05 -------- d-s---w- C:\ComboFix
2011-03-06 02:51:33 359533 ----a-w- c:\windows\system32\explorer.exe
2011-03-06 02:26:01 -------- d-----w- C:\I386
2011-03-06 02:18:59 9472 -c--a-w- c:\windows\system32\dllcache\ativmdcd.sys
2011-03-06 02:17:50 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-03-06 02:17:47 2180992 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-03-06 01:38:07 110080 ----a-r- c:\docume~1\david\applic~1\microsoft\installer\{41ebc322-660f-4d16-a0df-53147210cbdb}\IconF7A21AF7.exe
2011-03-06 01:38:07 110080 ----a-r- c:\docume~1\david\applic~1\microsoft\installer\{41ebc322-660f-4d16-a0df-53147210cbdb}\IconD7F16134.exe
2011-03-06 01:38:04 -------- d-----w- C:\sh4ldr
2011-03-06 01:38:04 -------- d-----w- c:\program files\Enigma Software Group
2011-03-06 01:14:40 359533 ----a-w- c:\windows\system32\bla.exe
2011-03-06 01:02:00 -------- d-----w- c:\docume~1\david\applic~1\Malwarebytes
2011-03-06 01:01:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-06 01:01:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-06 01:01:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-06 01:01:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-05 23:48:07 -------- d-----w- c:\windows\Recent
2011-03-05 19:36:59 -------- d-----w- C:\Virus Removal Tool
2011-02-26 17:13:48 -------- d-----w- c:\docume~1\david\locals~1\applic~1\CutePDF Writer
2011-02-26 17:12:16 -------- d-----w- c:\program files\GPLGS
2011-02-26 17:11:05 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2011-02-26 17:10:59 -------- d-----w- c:\program files\Acro Software
2011-02-26 15:30:59 -------- d-----w- c:\docume~1\david\locals~1\applic~1\Apple
2011-02-26 15:30:54 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-26 15:30:54 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-26 15:29:59 -------- d-----w- c:\docume~1\david\locals~1\applic~1\Apple Computer
2011-02-11 20:08:03 -------- d-----w- c:\windows\system32\Lang
2011-02-11 20:04:49 -------- d-----w- c:\windows\system32\RTCOM
2011-02-11 19:23:44 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2011-02-11 19:05:49 -------- d-----w- c:\docume~1\david\locals~1\applic~1\eSupport.com
.
==================== Find3M ====================
.
.
============= FINISH: 11:30:46,06 ===============

oldman960
2011-03-06, 20:15
Hi Triumph,

Let's see if we can get the desktop back then finish cleaning this machine.

Next, create this batch file.

Highlight all the bolded text box below

expand C:\I386\EXPLORER.EX_ C:\windows\explorer.exe
right click the highlighted text and select copy


In Task Manager
click file
click New Task(Run...)
type the following line into the open: field
notepad
click ok


When the notepad opens
Click "Format" and be certain that Word Wrap is not checked.
Right click in the notepad and select paste. The text should appear.
Click File, Save as..., and set the Save in to your C:\
In the filename box, type (including quotation marks) as the filename: "myfix.bat"
Click save


In Task Manager
click file
click New Task(Run...)
type the following line into the open: field
C:\myfix.bat
click ok


You may see a black window briefly flash, that normal.

In Task Manager
click file
click New Task(Run...)
type the following line into the open: field
explorer.exe
click ok
Is your desktop back?

Thanks

Triumph
2011-03-06, 20:37
Hey, thanks for the reply.

I tried what you posted, but nothing happens, when I press "OK" after typing explorer.exe I see the process coming up in the Processes Tab from the Windows Task Manager but then it just goes away in a split second.

I really think it's a registry thing.

But I'll keep my hands off till you reply back :)

Hope we can fix it.

Thanks again.

Triumph
2011-03-06, 20:50
Because it went away so fast I couldn't really see the name of the process, I captured it in the end, it's called ntvdm.exe

Here the screenshots of my task manager:

http://www.triumph-design.com/img/ntvdm.jpg

Triumph
2011-03-06, 21:09
Hmm I also found quite a few disturbing exe's loading in my msconfig:

http://www.triumph-design.com/img/msconfig.jpg

oldman960
2011-03-06, 21:42
Hi Triumph,

Those files are reported as missing but we'll see if they are gone for sure. We'll also check if our file replacement worked.

We'll use OTL again.

Highlight all the text in the text box and select copy

Do Not copy the word CODE
please note the fix starts with the :


:Services

:OTL
O4 - HKCU..\Run: [nyxnqeop] File not found
O4 - HKCU..\Run: [rpmrdwes] File not found
O4 - HKCU..\Run: [walyukrn] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

:Reg

:Files
c:\documents and settings\david\local settings\application data\ydcjxkjhl
c:\documents and settings\david\local settings\application data\wpxjxcwya
c:\documents and settings\david\local settings\application data\toukxiufr
C:\WINDOWS\system32\explorer.exe

:Commands
[emptytemp]
[createrestorepoint]
[Reboot]

Open OTL via taskmanger as you did before
When OTL opens right click in the Window under Custom Scans/Fixes and select paste
Then click the Run Fix button at the top
[list] Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Please post the OTL fixog.

Next

Please open OTL if it is not opened after the reboot.


Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, click the None button near the top (it may looked greyed out)

In the window under Custom Scans/Fixes copy and paste the following



/md5start
explorer.*
ntvdm.*
/md5stop



Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.

Please post back with
OTL fix log
OTL.txt
Thanks

Triumph
2011-03-06, 22:10
My desktop is back!
Just did the first step, posting the log:

Going to do the next step!!


All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\nyxnqeop deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\rpmrdwes deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\walyukrn deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
========== REGISTRY ==========
========== FILES ==========
File\Folder c:\documents and settings\david\local settings\application data\ydcjxkjhl not found.
File\Folder c:\documents and settings\david\local settings\application data\wpxjxcwya not found.
File\Folder c:\documents and settings\david\local settings\application data\toukxiufr not found.
Item C:\WINDOWS\system32\explorer.exe is whitelisted and cannot be moved.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: David
->Temp folder emptied: 98334 bytes
->Temporary Internet Files folder emptied: 3654242 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 59098311 bytes
->Flash cache emptied: 611 bytes

User: David 2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 60,00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.2 log created on 03062011_210651

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Triumph
2011-03-06, 22:14
Step 2 OLT.txt

OTL logfile created on: 6-3-2011 21:11:42 - Run 2
OTL by OldTimer - Version 3.2.22.2 Folder = C:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000413 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 7,98 Gb Free Space | 32,70% Space Free | Partition Type: NTFS
Drive D: | 581,89 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 44,52 Gb Total Space | 6,12 Gb Free Space | 13,75% Space Free | Partition Type: NTFS
Drive I: | 982,01 Mb Total Space | 492,16 Mb Free Space | 50,12% Space Free | Partition Type: FAT32

Computer Name: DAVIDINTEL | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========



< MD5 for: EXPLORER.EX_ >
[2004-08-04 13:00:00 | 000,359,533 | ---- | M] () MD5=4F061B12F3D5457315A0314954E7EF46 -- C:\I386\EXPLORER.EX_

< MD5 for: EXPLORER.EXE >
[2004-08-04 13:00:00 | 000,359,533 | ---- | M] () MD5=4F061B12F3D5457315A0314954E7EF46 -- C:\WINDOWS\system32\explorer.exe
[2004-08-04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
[2004-08-04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: EXPLORER.EXE.SCF >
[2004-08-04 13:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.exe

< MD5 for: EXPLORER.EXE-082F38A9.PF >
[2011-03-04 17:22:52 | 000,073,584 | ---- | M] () MD5=2040DD67B35F1D8E0D4BEA0B08F80FDC -- C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf

< MD5 for: EXPLORER.OLDEXE >
[2004-08-04 13:00:00 | 000,359,533 | ---- | M] () MD5=4F061B12F3D5457315A0314954E7EF46 -- C:\WINDOWS\explorer.oldexe

< MD5 for: EXPLORER.SC_ >
[2004-08-04 13:00:00 | 000,000,181 | ---- | M] () MD5=BC5B38879C56DFBC05C8B5C43AC4D739 -- C:\I386\EXPLORER.SC_

< MD5 for: NTVDM.EX_ >
[2004-08-04 13:00:00 | 000,197,872 | ---- | M] () MD5=F797CDFAD86BBFA0687C9169BB17F9DC -- C:\I386\NTVDM.EX_

< MD5 for: NTVDM.EXE >
[2004-08-04 13:00:00 | 000,419,840 | ---- | M] (Microsoft Corporation) MD5=0738F4B53D967E46CC5E51F84BC1EB39 -- C:\WINDOWS\system32\dllcache\ntvdm.exe
[2004-08-04 13:00:00 | 000,419,840 | ---- | M] (Microsoft Corporation) MD5=0738F4B53D967E46CC5E51F84BC1EB39 -- C:\WINDOWS\system32\ntvdm.exe

< MD5 for: NTVDM.EXE-1A10A423.PF >
[2011-03-06 19:45:49 | 000,012,276 | ---- | M] () MD5=13875AB5F23FFB535C4FCD7290C5B48A -- C:\WINDOWS\Prefetch\NTVDM.EXE-1A10A423.pf

< MD5 for: NTVDM.JPG >
[2011-03-06 19:48:20 | 000,149,990 | ---- | M] () MD5=C9A6608A0B199EC97C38976523B303FB -- C:\Documents and Settings\David\My Documents\My Pictures\ntvdm.jpg

< End of report >

Triumph
2011-03-06, 22:15
Does this mean I'm virus free now?

Or do you recommend scanning? If so which program(s) would you recommend?

Thanks a ton!

oldman960
2011-03-07, 02:07
Hi Triumph,

Good job! The reboot convinced Windows to use the correct file.

Next, create this batch file.

Open a new Notepad session
Click the Start button, click run
in the run box type notepad
click ok
In the notepad, Click "Format" and be certain that Word Wrap is not checked.

Copy and paste all the text in the code box below into the Notepad.
Do Not copy the word CODE


ren C:\windows\system32\explorer.exe explorer.old

In the notepad
Click File, Save as..., and set the Save in to your Desktop
In the filename box, type (including quotation marks) as the filename: "fix.bat"
Click save


You will have a new file on your desktop called fix.bat with an icon that looks like a gear.

Double click fix.bat to run it.


Next

*Please move OTL.exe to your desktop or MBAM may flag it.*


You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

Click the Update tab
Click Check for Updates
If an update is found, it will download and install the latest version.
The program will close to update and reopen.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Next

One more scan to check our handiwork.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


Go here to run an online scannner from
ESET (http://www.eset.eu/online-scanner)

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)


Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
Re-enable your Antivirus software.
A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. or C:\Program Files\ESET\log.txtWe will need this later.
Please post back with the ESET log.


After the ESET scan please run OTL again.


Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
UNCheck the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad window. OTL.Txt.


Please post back with
MBAM log
ESET log
OTL.txt
Any remaining issues?

Thanks

Triumph
2011-03-07, 02:52
Hey again thanks for the reply, i Will work on this tomorrow thanks again

oldman960
2011-03-07, 07:48
Hi Triumph,

:bigthumb:

Triumph
2011-03-07, 11:55
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5979

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

7-3-2011 10:54:36
mbam-log-2011-03-07 (10-54-36).txt

Scan type: Quick scan
Objects scanned: 165158
Time elapsed: 1 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Triumph
2011-03-07, 13:11
Eset.log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=1b7b355a602a4a4d94c5b7139b6dbc74
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-06 04:17:17
# local_time=2011-03-06 05:17:17 (+0100, W. Europe Standard Time)
# country="Netherlands"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1024 16777175 100 0 16651476 16651476 0 0
# compatibility_mode=8192 67108863 100 0 3727 3727 0 0
# scanned=10571
# found=0
# cleaned=0
# scan_time=365
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=1b7b355a602a4a4d94c5b7139b6dbc74
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-07 10:57:24
# local_time=2011-03-07 11:57:24 (+0100, W. Europe Standard Time)
# country="Netherlands"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 110837 110837 0 0
# compatibility_mode=1024 16777175 100 0 16759060 16759060 0 0
# compatibility_mode=8192 67108863 100 0 111311 111311 0 0
# scanned=125634
# found=0
# cleaned=0
# scan_time=3186

Triumph
2011-03-07, 13:18
Hi there,

No infections found, so I guess that is good news! Again!

I have a few questions though if I may;

- I want to clean up my comp now, uninstall unused programs etc
- Clear my hard drive of files I never use etc
- Clear my msconfig start up list somewhat, with only the necessary stuff checked

What is the best way to do this, with keeping my registry clean.

I normally use regcleaner afterwards, but I read in the sticky topics you guys don't recommend using those kind of cleaners. Is there any other way?

Triumph
2011-03-07, 14:32
Also I have a question about the contents of my c:\

For one my boot.ini has been changed in a weird way;



[boot loader]
timeout=3
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=""
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=3


Can't I remove a lot of lines in here?

Like:



[boot loader]
timeout=3
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
timeout.old=3

oldman960
2011-03-07, 15:52
Hi Triumph,

I'll answer yoour questions as best I can when we clean up the tools.

Please rerun an OTL scan with these instructions:



Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
UNCheck the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad window, OTL.Txt

Please post the OTL.txt

Triumph
2011-03-07, 17:51
OTL logfile created on: 7-3-2011 16:46:28 - Run 4
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\David\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000413 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 81,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 12,28 Gb Free Space | 50,29% Space Free | Partition Type: NTFS
Drive D: | 581,89 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 44,52 Gb Total Space | 14,91 Gb Free Space | 33,48% Space Free | Partition Type: NTFS
Drive H: | 931,28 Gb Total Space | 747,28 Gb Free Space | 80,24% Space Free | Partition Type: FAT32

Computer Name: DAVIDINTEL | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\David\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Sweex\LW312\Utility\UI.exe ()
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\David\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (RT80x86) -- C:\WINDOWS\system32\drivers\rt2860.sys (Ralink Technology, Corp.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (sfman) Creative SoundFont Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) Creative Interface Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) Creative SB Live! (WDM) -- C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.)
DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.http: "188.40.72.198"
FF - prefs.js..network.proxy.http_port: 80

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-03-07 12:43:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-03-07 12:43:59 | 000,000,000 | ---D | M]

[2009-03-25 20:45:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions
[2011-02-02 18:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\q69qb81l.default\extensions
[2011-02-02 18:13:15 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\q69qb81l.default\extensions\firebug@software.joehewitt.com
[2011-02-02 18:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009-11-02 21:24:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011-03-06 02:51:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - Startup: C:\Documents and Settings\David\Start Menu\Programs\Startup\Sweex utility.lnk = C:\Program Files\Sweex\LW312\Utility\UI.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} http://192.168.1.41:2222/tsweb/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-03-25 19:16:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004-08-04 13:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2003-03-21 12:00:56 | 000,000,000 | RH-D | M] - H:\AUTORUN -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-03-06 19:40:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011-03-06 19:31:50 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\explorer.exe
[2011-03-06 19:31:50 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2011-03-06 11:30:27 | 000,000,000 | ---D | C] -- C:\ERDNT
[2011-03-06 11:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011-03-06 11:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011-03-06 11:16:16 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
[2011-03-06 03:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-03-06 03:26:01 | 000,000,000 | ---D | C] -- C:\I386
[2011-03-06 03:19:35 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthusb.sys
[2011-03-06 03:19:35 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2011-03-06 03:19:34 | 000,274,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011-03-06 03:19:34 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthpan.sys
[2011-03-06 03:19:34 | 000,035,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthprint.sys
[2011-03-06 03:19:33 | 000,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys
[2011-03-06 03:19:33 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011-03-06 03:19:33 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthenum.sys
[2011-03-06 03:19:32 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011-03-06 03:19:32 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011-03-06 03:19:32 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011-03-06 03:19:31 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011-03-06 03:19:31 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011-03-06 03:19:31 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011-03-06 03:19:30 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011-03-06 03:19:28 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011-03-06 03:19:27 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2011-03-06 03:19:27 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011-03-06 03:19:27 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011-03-06 03:19:27 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011-03-06 03:19:26 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011-03-06 03:19:26 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011-03-06 03:19:26 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011-03-06 03:19:25 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011-03-06 03:19:25 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011-03-06 03:19:25 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011-03-06 03:19:21 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2011-03-06 03:19:18 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2011-03-06 03:19:17 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011-03-06 03:19:17 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2011-03-06 03:19:17 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2011-03-06 03:19:17 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2011-03-06 03:19:16 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2011-03-06 03:19:16 | 000,014,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2011-03-06 03:19:15 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011-03-06 03:19:15 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2011-03-06 03:19:15 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011-03-06 03:19:15 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011-03-06 03:19:14 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011-03-06 03:19:14 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011-03-06 03:19:14 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011-03-06 03:19:13 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011-03-06 03:19:13 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2011-03-06 03:19:13 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2011-03-06 03:19:12 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2011-03-06 03:19:04 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv10nt5.dll
[2011-03-06 03:19:04 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv06nt5.dll
[2011-03-06 03:19:03 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv04nt5.dll
[2011-03-06 03:19:03 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv02nt5.dll
[2011-03-06 03:19:02 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv01nt5.dll
[2011-03-06 03:19:01 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ativvaxx.dll
[2011-03-06 03:19:00 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativtmxx.dll
[2011-03-06 03:18:59 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativmvxx.ax
[2011-03-06 03:18:59 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativdaxx.ax
[2011-03-06 03:18:57 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2011-03-06 03:18:57 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2011-03-06 03:18:57 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxsxx.sys
[2011-03-06 03:18:56 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxbxx.sys
[2011-03-06 03:18:55 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atintuxx.sys
[2011-03-06 03:18:55 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinsnxx.sys
[2011-03-06 03:18:55 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinttxx.sys
[2011-03-06 03:18:54 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinrvxx.sys
[2011-03-06 03:18:54 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinraxx.sys
[2011-03-06 03:18:54 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinpdxx.sys
[2011-03-06 03:18:54 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinmdxx.sys
[2011-03-06 03:18:53 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2011-03-06 03:18:53 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2011-03-06 03:18:53 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinbtxx.sys
[2011-03-06 03:18:52 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2011-03-06 03:18:52 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2011-03-06 03:18:52 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2011-03-06 03:18:52 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2011-03-06 03:18:51 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3duag.dll
[2011-03-06 03:18:51 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2011-03-06 03:18:50 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3d1ag.dll
[2011-03-06 03:18:50 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys
[2011-03-06 03:18:49 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvaa.dll
[2011-03-06 03:18:49 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtaa.sys
[2011-03-06 03:18:49 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2cqag.dll
[2011-03-06 03:18:49 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvag.dll
[2011-03-06 03:18:48 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1tuxx.sys
[2011-03-06 03:18:48 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1xsxx.sys
[2011-03-06 03:18:48 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1xbxx.sys
[2011-03-06 03:18:47 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1rvxx.sys
[2011-03-06 03:18:47 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1raxx.sys
[2011-03-06 03:18:47 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1snxx.sys
[2011-03-06 03:18:47 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1ttxx.sys
[2011-03-06 03:18:46 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1btxx.sys
[2011-03-06 03:18:46 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1pdxx.sys
[2011-03-06 03:18:46 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1mdxx.sys
[2011-03-06 03:18:45 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2011-03-06 03:18:45 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2011-03-06 03:18:43 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011-03-06 03:18:41 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2011-03-06 03:18:41 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2011-03-06 03:18:41 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2011-03-06 03:18:37 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2011-03-06 03:18:36 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2011-03-06 03:18:36 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2011-03-06 03:18:35 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\dllcache\amdagp.sys
[2011-03-06 03:18:35 | 000,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\alim1541.sys
[2011-03-06 03:18:35 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011-03-06 03:18:35 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2011-03-06 03:18:34 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2011-03-06 03:18:34 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2011-03-06 03:18:34 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2011-03-06 03:18:34 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2011-03-06 03:18:34 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2011-03-06 03:18:26 | 000,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agpcpq.sys
[2011-03-06 03:18:26 | 000,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agp440.sys
[2011-03-06 03:18:25 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2011-03-06 03:18:24 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv11nt5.dll
[2011-03-06 03:18:24 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv09nt5.dll
[2011-03-06 03:18:24 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv08nt5.dll
[2011-03-06 03:18:23 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv07nt5.dll
[2011-03-06 03:18:23 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv05nt5.dll
[2011-03-06 03:18:22 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv01nt5.dll
[2011-03-06 03:18:22 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv02nt5.dll
[2011-03-06 03:18:18 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2011-03-06 03:18:18 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011-03-06 03:18:16 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011-03-06 03:18:15 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011-03-06 03:18:14 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011-03-06 03:18:14 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011-03-06 03:18:14 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2011-03-06 03:18:14 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2011-03-06 03:18:13 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2011-03-06 03:18:13 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011-03-06 03:18:12 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2011-03-06 03:18:12 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2011-03-06 03:18:12 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2011-03-06 03:18:12 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2011-03-06 03:18:11 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011-03-06 03:18:11 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011-03-06 03:18:11 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2011-03-06 03:18:11 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2011-03-06 03:18:10 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011-03-06 03:18:10 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011-03-06 03:18:10 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011-03-06 03:18:10 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2011-03-06 03:18:10 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2011-03-06 03:18:09 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2011-03-06 03:17:50 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2011-03-06 03:17:47 | 002,180,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011-03-06 02:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Malwarebytes
[2011-03-06 02:01:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-03-06 02:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011-03-06 02:01:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-03-06 02:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-03-06 00:48:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temporary Internet Files
[2011-03-06 00:48:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011-03-06 00:48:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Recent
[2011-03-06 00:48:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Recent
[2011-03-06 00:48:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\History
[2011-02-26 18:13:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Local Settings\Application Data\CutePDF Writer
[2011-02-26 18:12:16 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS
[2011-02-26 18:11:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CutePDF
[2011-02-26 18:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2011-02-26 16:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Apple Computer
[2011-02-26 16:31:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011-02-26 16:31:43 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2011-02-26 16:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011-02-26 16:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011-02-26 16:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011-02-26 16:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011-02-26 16:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011-02-26 16:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Local Settings\Application Data\Apple
[2011-02-26 16:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011-02-26 16:30:54 | 004,184,352 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2011-02-26 16:30:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011-02-26 16:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011-02-26 16:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Local Settings\Application Data\Apple Computer
[2011-02-11 21:08:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2011-02-11 21:04:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2011-02-11 21:03:51 | 009,721,960 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.EXE
[2011-02-11 21:03:51 | 006,188,648 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys
[2011-02-11 21:03:51 | 001,489,512 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2011-02-11 21:03:51 | 000,891,496 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.CPL
[2011-02-11 21:03:51 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2011-02-11 21:03:51 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2011-02-11 21:03:51 | 000,054,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstXP.dll
[2011-02-11 21:03:49 | 002,815,592 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2011-02-11 21:03:49 | 002,180,712 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2011-02-11 21:03:49 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2011-02-11 21:03:49 | 001,395,800 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\Monfilt.sys
[2011-02-11 21:03:48 | 000,064,104 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
[2011-02-11 21:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011-02-11 21:03:42 | 001,251,944 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2011-02-11 20:23:44 | 004,122,368 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\alcxwdm.sys
[2011-02-11 20:23:44 | 000,084,584 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2011-02-11 20:23:43 | 010,528,768 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTLCPL.exe
[2011-02-11 20:23:43 | 000,285,288 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL
[2011-02-11 20:23:24 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97
[2011-02-11 20:23:22 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe
[2011-02-11 20:23:22 | 000,217,088 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcrmv.exe
[2011-02-11 20:05:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Local Settings\Application Data\eSupport.com
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-03-07 14:24:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-03-07 14:23:02 | 000,000,356 | RHS- | M] () -- C:\boot.ini
[2011-03-07 13:52:14 | 000,000,095 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2011-03-07 12:53:04 | 000,004,507 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-03-07 12:53:03 | 000,434,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-03-07 12:53:03 | 000,068,828 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-03-07 12:37:59 | 000,116,224 | ---- | M] () -- C:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-03-07 12:28:58 | 000,000,312 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Curse Client.appref-ms
[2011-03-07 12:28:39 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\mIRC.lnk
[2011-03-07 12:28:07 | 000,000,986 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WarcraftIIIAutoRefresh.exe.lnk
[2011-03-07 10:56:05 | 072,160,149 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011-03-06 11:16:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
[2011-03-06 02:51:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011-03-06 02:01:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-03-05 15:04:32 | 000,000,330 | RHS- | M] () -- C:\bootini.bak
[2011-03-04 14:15:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-03-02 13:10:54 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\David\Local Settings\Application Data\PUTTY.RND
[2011-02-28 19:26:35 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Flash CS4 Professional.lnk
[2011-02-26 16:39:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2011-02-26 16:31:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011-02-25 11:30:30 | 001,438,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-02-11 21:08:06 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2011-02-11 21:08:06 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-03-07 12:28:58 | 000,000,312 | ---- | C] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Curse Client.appref-ms
[2011-03-07 12:28:39 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\mIRC.lnk
[2011-03-07 12:28:07 | 000,000,986 | ---- | C] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WarcraftIIIAutoRefresh.exe.lnk
[2011-03-06 04:06:59 | 000,000,567 | ---- | C] () -- C:\Documents and Settings\David\Start Menu\Programs\Startup\Sweex utility.lnk
[2011-03-06 03:51:33 | 000,359,533 | ---- | C] () -- C:\WINDOWS\System32\explorer.old
[2011-03-06 03:50:58 | 000,359,533 | ---- | C] () -- C:\WINDOWS\explorer.oldexe
[2011-03-06 03:19:01 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011-03-06 03:19:01 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011-03-06 03:19:00 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011-03-06 03:18:59 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011-03-06 03:18:58 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011-03-06 03:18:58 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011-03-06 03:18:58 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011-03-06 03:18:58 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011-03-06 03:18:57 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011-03-06 03:18:51 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011-03-06 02:14:40 | 000,359,533 | ---- | C] () -- C:\WINDOWS\System32\bla.exe
[2011-03-06 02:01:56 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-03-02 13:02:36 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\PUTTY.RND
[2011-02-28 19:26:35 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Flash CS4 Professional.lnk
[2011-02-28 19:25:46 | 000,002,024 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Pixel Bender Toolkit.lnk
[2011-02-28 19:23:19 | 000,001,104 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
[2011-02-26 18:11:05 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011-02-26 16:31:00 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011-02-26 16:30:59 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011-02-11 21:08:06 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2011-02-11 21:08:05 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2011-02-11 20:23:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011-02-11 20:23:43 | 000,141,016 | ---- | C] () -- C:\WINDOWS\System32\alsndmgr.wav
[2010-11-12 14:32:55 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010-11-12 14:32:53 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010-11-12 14:32:53 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010-11-12 14:30:34 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010-11-12 14:04:33 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010-09-27 11:25:13 | 000,013,930 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010-08-30 18:55:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-08-30 18:55:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-08-30 18:55:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-08-30 18:50:47 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\0d41PoG.dat
[2010-08-30 18:39:52 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010-07-11 17:25:41 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\fusioncache.dat
[2010-06-10 08:36:19 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\David\Application Data\winscp.rnd
[2010-03-31 02:27:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010-03-31 02:18:32 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010-02-26 14:38:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009-10-20 14:24:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-09-26 18:29:19 | 001,105,800 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009-09-14 23:46:02 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009-09-14 23:45:55 | 000,111,928 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009-09-14 23:45:40 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009-09-12 20:33:45 | 000,000,534 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009-08-07 18:51:34 | 000,178,430 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009-08-07 16:17:00 | 000,064,790 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2009-04-15 21:52:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll
[2009-04-03 19:32:57 | 000,116,224 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-03-27 12:48:05 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009-03-25 20:45:58 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009-03-25 20:45:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009-03-25 20:08:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009-03-25 20:06:43 | 001,438,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-03-25 19:32:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009-03-25 19:18:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009-03-25 19:14:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007-01-31 14:48:36 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP7311.ini
[2004-08-04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004-08-04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004-08-04 13:00:00 | 000,434,838 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004-08-04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004-08-04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004-08-04 13:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004-08-04 13:00:00 | 000,068,828 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004-08-04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004-08-04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004-08-04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-08-04 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004-08-04 13:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004-08-04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004-08-04 13:00:00 | 000,000,080 | ---- | C] () -- C:\WINDOWS\explorer.exe.scf
[1997-06-13 16:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >

oldman960
2011-03-08, 07:05
Hi Triumph,

If you read the article HERE (http://forums.spybot.info/showthread.php?t=30113) and the articles it links to, you will better understand why registry cleaners are not only not recommended but why they are not needed.

As pointed out defragmentating your file system will go a long ways to improving your computer's preformance. Cleaning the registry does next to nothing as far a performance goes.

boot.ini


timeout=3
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=""
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=3

Removing lines from here will not help speed the computer up if that is what you are after. By default the only lines that will execute are the blue ones.

I'm not sure what this line is, it might be a failed or incomplete install.

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=""

I'll see what I can find out about the spybot entry as it may be protecting or backing something up. I see it in other logs with Spybot installed.

I'd say it could be changed to



timeout=3
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Startup items

You may find this of interest in deciding what you want to allow at startup.
http://www.pacs-portal.co.uk/

Discussion can be found HERE (http://forums.spybot.info/forumdisplay.php?f=59)


Your java is out of date. Click your start button, open Control panel.
Locate the [b]Java icon (it looks like a coffee cup)
double click it to open it
click the Update tab
Click update now


After the java is updated, reboot your computer if not prompted to.


We'll tidy up a bit with with OTL then clean up the tools.

Next, Double click on OTL.exe
Under the [B]Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :



:Services

:Files
C:\WINDOWS\System32\explorer.old
C:\WINDOWS\explorer.oldexe
C:\WINDOWS\System32\bla.exe

:Commands
[emptytemp]


Then click the Run Fix button at the top
Let the program run unhindered

No need to post the log.


We'll clean up the tools.

From your desktop, please delete, if present
any notepads/logs that we created
dds.scr
fix.bat


You can also delete C:\myfix.bat

Next

* Create a new restore point

You must be logged on to an administrator account
Go to Start - All Programs - Accessories - System Tools - System Restore.
Click Create a restore point, and then click Next.
In the text box labeled Restore Point Description, type a name for this restore point
click create

* Remove old restore points


Go to Start - All Programs - Accessories - system tools.
Launch the Disk Cleanup tool and let it run.
When it finishes a box with tabs will appear, select the more options tab.
On this tab you will find a section for System Restore.
If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.


Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.


I suggest you keep MBAM. Keep MBAM updated and use it regularly.


ESET can be uninstalled via add/remove programs.


Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Just add a firewall and you are on your way to building a secure system.

* If you are behind a router Windows firewall should be fine. Otherwise a 3rd party firewall with outbound monitoring is recommended.

Click FIREWALL (http://www.firewallguide.com/software.htm) for tips, reviews and links to good, free and paid for firewalls. (Note: Zone Alarm is becoming bloatware,IMO)


You should also use Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) to help immunize your computer.

- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.

OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS (http://www.mvps.org/winhelp2002/hosts.htm)

Please read the info on disabling the DNS Client before installing a custom hosts file.


-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.


- Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (http://www.update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us)(using Internet Explorer) and download and install all critical updates on a regular basis


- Ensure that Automatic Update is turned on so you get all the latest patches.
Click start, control panel, click Security Center.


- Keep your antivirus program updated, as well as any other security programs you have.


-More tips and programs can be found HERE (http://forums.whatthetech.com/Preventing_Malware_Tools_Practices_Safe_Computing_t98700.html)

- You may also want to read this article By Tony Klein
http://www.freedomlist.com/forum/viewtopic.php?t=22879

We will keep this thread open for a couple of days. Please post back if you have any problems or questions. Please post back when you have finished so this thread can be marked "Resolved".

Take care

Triumph
2011-03-08, 12:29
As pointed out defragmentating your file system will go a long ways to improving your computer's preformance. Cleaning the registry does next to nothing as far a performance goes.

You should also use Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) to help immunize your computer.

- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.



Ok I did the following;

- Updated Java -> Rebooted
- Ran OTL Fix -> Rebooted
- Ran OTL Cleanup -> Rebooted
- Created System Restore Point -> Rebooted
- Deleted older restore points
- Changed my boot.ini into something logical -> Rebooted

Everything is fine I think, I will keep Malwarebytes, I am behind a router, so my windows firewall should be enough.

- I still have to do the defragmentation.

1 Question;

- Spywareblaster.
I never ever ever use the internet explorer installed on my computer, I am a webdesigner so sometimes I have to see how my websites look in internet explorer, now for that I use a standalone Internet Explorer, which allows me just to see how a normally installed internet explorer would render my website. I never 'surf' with that, I only use it to visit my own created webpages.

Now my question is, should I use spywareblaster regardless of me not using internet explorer at all?

Triumph
2011-03-08, 12:56
One last question;

I use my 2 harddrives in a RAID 0 enviroment which caused me a lot of hassle in the past reinstalling windows because I actually need a floppy drive and diskettes with the drivers, now I heard that if you 'ghost' your installation you could save yourself a lot of time if I ever need to reinstall.

Is this;

a) A good idea to do and use as backup?
b) What software would you recommend doing this with?

oldman960
2011-03-08, 19:03
Hi Triumph,

SpywareBlaster will work with other browsers.
http://www.javacoolsoftware.com/spywareblaster.html#Browsers


A custom Hosts file will also work with other browsers and applications that access the internet.

Drive imaging is a very good backup/recovery stratagy. There are some free programs and several paid for programs.

http://www.techsupportalert.com/best-free-drive-imaging-program.htm

Or put this into a google search (without the "" marks)

"open source drive imaging software"

For some hits that include paid for programs google

"drive image software"

You will need to research the programs to find which one will fit the bill for your needs.

Triumph
2011-03-10, 14:27
You can close the topic now, I can't begin to explain how much you helped and how grateful I am, really really thanks a ton!

oldman960
2011-03-10, 15:25
Hi Triumph,

You are welcome.