System tool, a long horrid story

[Triumph]

Hey there,

This is my last resort, asking at forum, probably not the best choice since I tried A LOT. I've spend a whole day trying to get rid off System Tool.

I have no DDS report yet, but I will update this post tomorrow as I just can't stand to look at my comp anymore..

In a nut shell, here's what I did;

01) After I saw the fake messages coming up I immediately googled system tool as the fake warnings were called.
02) Some instructions said; "It's easy just go to application data/random/random.exe rename and delete..
03) Renamed and I thought, I'll delete the files when I'm rebooted..
04) Could not boot into windows anymore, safe mode, nothing worked, all gave a 0x000021a BSOD.
05) Created UBDC4win disc to start up and maybe get the chance to remove some trojans
06) Worked, a tiny bit I guess, found some trojans etc deleted them, rebooted, not a chance of loading win xp.
07) After several hours of trying I saw a topic where someone renamed csrss.exe winlogon.exe win32k.sys and msgina.dll while copying them from a winxp cd in the recovery console.
08) Tried that, finally my good old windows xp login screen...
09) Logged in.. black screen, task manager worked, so explorer.exe wasn't loaded I guessed. I was wrong, explorer.exe was now renamed to explorer. Renaming didn't work.
10) Installed MBAM and ran it, will post the log of this as well tomorrow, it found some trojans again..


But all in all, I can run everything, it's just that explorer doesn't start anymore (and yes i've seen the registry stuff about it, tried renaming etc etc). Nothing seems to work, not even replacing explorer.exe from the winxp cd.

As said, I'll post the logs tomorrow, hope someone has already some tips maybe. Thanks in advance!

David

 

[oldman960]

Hi Triumph, welcome to the forum.

To make cleaning this machine easier

• Please do not uninstall/install any programs unless asked to
  It is more difficult when files/programs are appearing in/disappearing from the logs.
• Please do not run any scans other than those requested
• Please follow all instructions in the order posted
• All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
• Do not attach any logs/reports, etc.. unless specifically requested to do so.
• If you have problems with or do not understand the instructions, Please ask before continuing.
• Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

Instead of DDS could you run a different program instead?

Since explorer doesn't seem to be running I'm guessing you are running programs from task manager? If that is the case please download it to C:\ and run it via taskmanager.

Open Task Manager with ctrl,alt

• In Task Manager, click the Options button
• check mark Allways on Top
• This will keep Taskmanager from disappearing when you click on anything else.
• Using your left mouse button, click on the top blue portion of Task Manager and slide it down to the lower part of your screen so these instructions are visible.

Download OTL to C:\

Next

• Holding down your left mouse button, highlight all the bolded text below.
• right click the highlighted text and choose copy

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lîk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Deskuop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
/md5stop


To run OTL from task manager

In Task Manager

• click file
• click New Task(Run...)
• type the following line into the open: field
  C:\otl.exe
• click ok

Once OTL opens

• When the window appears, underneath Output at the top change it to Minimal Output
• Check the boxes beside LOP Check and Purity Check.
• In the window under Custom Scans/Fixes, right click and select paste. The text you copied earlier should appear.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Please post back with

• the MBAM log
• both OTL logs
• if you have ran DDS post that as well

Thanks

 

[Triumph]

MBAM Log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5970

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

6-3-2011 4:57:02
mbam-log-2011-03-06 (04-56-58).txt

Scan type: Full scan (C:\|F:\|)
Objects scanned: 284990
Time elapsed: 12 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Driver Setup (Worm.Palevo) -> Value: Microsoft Driver Setup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mbolqtsv (Trojan.FakeAlert.Gen) -> Value: mbolqtsv -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bipro (Trojan.Agent.Gen) -> Value: bipro -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Advanced DHTML Enable (Trojan.Agent) -> Value: Advanced DHTML Enable -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Triumph]

OTL.EXE

OTL logfile created on: 6-3-2011 11:18:27 - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = c:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000413 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 8,10 Gb Free Space | 33,16% Space Free | Partition Type: NTFS
Drive D: | 581,89 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 44,52 Gb Total Space | 6,12 Gb Free Space | 13,75% Space Free | Partition Type: NTFS
Drive I: | 982,01 Mb Total Space | 492,16 Mb Free Space | 50,12% Space Free | Partition Type: FAT32

Computer Name: DAVIDINTEL | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - c:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Sweex\LW312\Utility\UI.exe ()
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Modules (SafeList) ==========

MOD - c:\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SpyHunter 4 Service) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (RT80x86) -- C:\WINDOWS\system32\drivers\rt2860.sys (Ralink Technology, Corp.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (sfman) Creative SoundFont Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) Creative Interface Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) Creative SB Live! (WDM) -- C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.)
DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.http: "188.40.72.198"
FF - prefs.js..network.proxy.http_port: 80

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-02-15 19:34:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-11-05 12:08:58 | 000,000,000 | ---D | M]

[2009-03-25 20:45:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions
[2011-02-02 18:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\q69qb81l.default\extensions
[2011-02-02 18:13:15 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\q69qb81l.default\extensions\firebug@software.joehewitt.com
[2011-02-02 18:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009-11-02 21:24:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011-03-06 02:51:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HitmanPro35] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
O4 - HKCU..\Run: [LightScribe Control Panel] File not found
O4 - HKCU..\Run: [nyxnqeop] File not found
O4 - HKCU..\Run: [rpmrdwes] File not found
O4 - HKCU..\Run: [walyukrn] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sweex utility.lnk = C:\Program Files\Sweex\LW312\Utility\UI.exe ()
O4 - Startup: C:\Documents and Settings\David\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Documents and Settings\David\Start Menu\Programs\Startup\Sweex utility.lnk = C:\Program Files\Sweex\LW312\Utility\UI.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} http://192.168.1.41:2222/tsweb/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\System32\explorer.exe ()
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-03-25 19:16:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004-08-04 13:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16620634377289728)

========== Files/Folders - Created Within 30 Days ==========

[2011-03-06 11:16:16 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2011-03-06 05:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011-03-06 05:12:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Start Menu\Programs\HiJackThis
[2011-03-06 05:09:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011-03-06 05:03:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\TFC.exe
[2011-03-06 04:18:05 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011-03-06 04:17:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-03-06 03:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Start Menu\Programs\SpyHunter
[2011-03-06 03:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-03-06 03:26:01 | 000,000,000 | ---D | C] -- C:\I386
[2011-03-06 03:19:35 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthusb.sys
[2011-03-06 03:19:35 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2011-03-06 03:19:34 | 000,274,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011-03-06 03:19:34 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthpan.sys
[2011-03-06 03:19:34 | 000,035,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthprint.sys
[2011-03-06 03:19:33 | 000,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys
[2011-03-06 03:19:33 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011-03-06 03:19:33 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthenum.sys
[2011-03-06 03:19:32 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011-03-06 03:19:32 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011-03-06 03:19:32 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011-03-06 03:19:31 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011-03-06 03:19:31 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011-03-06 03:19:31 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011-03-06 03:19:30 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011-03-06 03:19:28 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011-03-06 03:19:27 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2011-03-06 03:19:27 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011-03-06 03:19:27 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011-03-06 03:19:27 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011-03-06 03:19:26 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011-03-06 03:19:26 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011-03-06 03:19:26 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011-03-06 03:19:25 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011-03-06 03:19:25 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011-03-06 03:19:25 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011-03-06 03:19:21 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2011-03-06 03:19:18 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2011-03-06 03:19:17 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011-03-06 03:19:17 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2011-03-06 03:19:17 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2011-03-06 03:19:17 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2011-03-06 03:19:16 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2011-03-06 03:19:16 | 000,014,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2011-03-06 03:19:15 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011-03-06 03:19:15 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2011-03-06 03:19:15 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011-03-06 03:19:15 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011-03-06 03:19:14 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011-03-06 03:19:14 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011-03-06 03:19:14 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011-03-06 03:19:13 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011-03-06 03:19:13 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2011-03-06 03:19:13 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2011-03-06 03:19:12 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2011-03-06 03:19:04 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv10nt5.dll
[2011-03-06 03:19:04 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv06nt5.dll
[2011-03-06 03:19:03 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv04nt5.dll
[2011-03-06 03:19:03 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv02nt5.dll
[2011-03-06 03:19:02 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\atv01nt5.dll
[2011-03-06 03:19:01 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ativvaxx.dll
[2011-03-06 03:19:00 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativtmxx.dll
[2011-03-06 03:18:59 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativmvxx.ax
[2011-03-06 03:18:59 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativdaxx.ax
[2011-03-06 03:18:57 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2011-03-06 03:18:57 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2011-03-06 03:18:57 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxsxx.sys
[2011-03-06 03:18:56 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxbxx.sys
[2011-03-06 03:18:55 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atintuxx.sys
[2011-03-06 03:18:55 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinsnxx.sys
[2011-03-06 03:18:55 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinttxx.sys
[2011-03-06 03:18:54 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinrvxx.sys
[2011-03-06 03:18:54 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinraxx.sys
[2011-03-06 03:18:54 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinpdxx.sys
[2011-03-06 03:18:54 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinmdxx.sys
[2011-03-06 03:18:53 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2011-03-06 03:18:53 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2011-03-06 03:18:53 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinbtxx.sys
[2011-03-06 03:18:52 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2011-03-06 03:18:52 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2011-03-06 03:18:52 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2011-03-06 03:18:52 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2011-03-06 03:18:51 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3duag.dll
[2011-03-06 03:18:51 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2011-03-06 03:18:50 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3d1ag.dll
[2011-03-06 03:18:50 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys
[2011-03-06 03:18:49 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvaa.dll
[2011-03-06 03:18:49 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtaa.sys
[2011-03-06 03:18:49 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2cqag.dll
[2011-03-06 03:18:49 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvag.dll
[2011-03-06 03:18:48 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1tuxx.sys
[2011-03-06 03:18:48 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1xsxx.sys
[2011-03-06 03:18:48 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1xbxx.sys
[2011-03-06 03:18:47 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1rvxx.sys
[2011-03-06 03:18:47 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1raxx.sys
[2011-03-06 03:18:47 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1snxx.sys
[2011-03-06 03:18:47 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1ttxx.sys
[2011-03-06 03:18:46 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1btxx.sys
[2011-03-06 03:18:46 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1pdxx.sys
[2011-03-06 03:18:46 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1mdxx.sys
[2011-03-06 03:18:45 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2011-03-06 03:18:45 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2011-03-06 03:18:43 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011-03-06 03:18:41 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2011-03-06 03:18:41 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2011-03-06 03:18:41 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2011-03-06 03:18:37 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2011-03-06 03:18:36 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2011-03-06 03:18:36 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2011-03-06 03:18:35 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\dllcache\amdagp.sys
[2011-03-06 03:18:35 | 000,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\alim1541.sys
[2011-03-06 03:18:35 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011-03-06 03:18:35 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2011-03-06 03:18:34 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2011-03-06 03:18:34 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2011-03-06 03:18:34 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2011-03-06 03:18:34 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2011-03-06 03:18:34 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2011-03-06 03:18:26 | 000,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agpcpq.sys
[2011-03-06 03:18:26 | 000,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agp440.sys
[2011-03-06 03:18:25 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2011-03-06 03:18:24 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv11nt5.dll
[2011-03-06 03:18:24 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv09nt5.dll
[2011-03-06 03:18:24 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv08nt5.dll
[2011-03-06 03:18:23 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv07nt5.dll
[2011-03-06 03:18:23 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv05nt5.dll
[2011-03-06 03:18:22 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv01nt5.dll
[2011-03-06 03:18:22 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\adv02nt5.dll
[2011-03-06 03:18:18 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2011-03-06 03:18:18 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011-03-06 03:18:16 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011-03-06 03:18:15 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011-03-06 03:18:14 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011-03-06 03:18:14 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011-03-06 03:18:14 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2011-03-06 03:18:14 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2011-03-06 03:18:13 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2011-03-06 03:18:13 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011-03-06 03:18:12 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2011-03-06 03:18:12 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2011-03-06 03:18:12 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2011-03-06 03:18:12 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2011-03-06 03:18:11 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011-03-06 03:18:11 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011-03-06 03:18:11 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2011-03-06 03:18:11 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2011-03-06 03:18:10 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011-03-06 03:18:10 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011-03-06 03:18:10 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011-03-06 03:18:10 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2011-03-06 03:18:10 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2011-03-06 03:18:09 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2011-03-06 03:17:50 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2011-03-06 03:17:47 | 002,180,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011-03-06 02:38:04 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011-03-06 02:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011-03-06 02:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Malwarebytes
[2011-03-06 02:01:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-03-06 02:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011-03-06 02:01:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-03-06 02:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-03-06 00:48:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temporary Internet Files
[2011-03-06 00:48:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011-03-06 00:48:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Recent
[2011-03-06 00:48:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Recent
[2011-03-06 00:48:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\History
[2011-03-05 20:36:59 | 000,000,000 | ---D | C] -- C:\Virus Removal Tool
[2011-02-26 18:13:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Local Settings\Application Data\CutePDF Writer
[2011-02-26 18:12:16 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS
[2011-02-26 18:11:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CutePDF
[2011-02-26 18:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2011-02-26 16:41:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\New Folder
[2011-02-26 16:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Apple Computer
[2011-02-26 16:31:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011-02-26 16:31:43 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2011-02-26 16:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011-02-26 16:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011-02-26 16:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011-02-26 16:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011-02-26 16:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011-02-26 16:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Local Settings\Application Data\Apple
[2011-02-26 16:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011-02-26 16:30:54 | 004,184,352 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2011-02-26 16:30:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011-02-26 16:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011-02-26 16:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Local Settings\Application Data\Apple Computer
[2011-02-11 21:08:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2011-02-11 21:04:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2011-02-11 21:03:51 | 009,721,960 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.EXE
[2011-02-11 21:03:51 | 006,188,648 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys
[2011-02-11 21:03:51 | 001,489,512 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2011-02-11 21:03:51 | 000,891,496 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.CPL
[2011-02-11 21:03:51 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2011-02-11 21:03:51 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2011-02-11 21:03:51 | 000,054,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstXP.dll
[2011-02-11 21:03:49 | 002,815,592 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2011-02-11 21:03:49 | 002,180,712 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2011-02-11 21:03:49 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2011-02-11 21:03:49 | 001,395,800 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\Monfilt.sys
[2011-02-11 21:03:48 | 000,064,104 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
[2011-02-11 21:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011-02-11 21:03:42 | 001,251,944 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2011-02-11 20:23:44 | 004,122,368 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\alcxwdm.sys
[2011-02-11 20:23:44 | 000,084,584 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2011-02-11 20:23:43 | 010,528,768 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTLCPL.exe
[2011-02-11 20:23:43 | 000,285,288 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL
[2011-02-11 20:23:24 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97
[2011-02-11 20:23:22 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe
[2011-02-11 20:23:22 | 000,217,088 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcrmv.exe
[2011-02-11 20:05:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Local Settings\Application Data\eSupport.com

========== Files - Modified Within 30 Days ==========

[2011-03-06 11:18:11 | 072,141,124 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011-03-06 11:16:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2011-03-06 11:10:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-03-06 05:17:00 | 000,002,803 | ---- | M] () -- C:\Documents and Settings\David\Desktop\HiJackThis.lnk
[2011-03-06 05:03:36 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\TFC.exe
[2011-03-06 04:07:00 | 000,000,356 | RHS- | M] () -- C:\boot.ini
[2011-03-06 02:51:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011-03-06 02:47:13 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\David\Desktop\hosts-perm.bat
[2011-03-06 02:38:06 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\David\Desktop\SpyHunter.lnk
[2011-03-06 02:01:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-03-05 15:04:32 | 000,000,330 | RHS- | M] () -- C:\bootini.bak
[2011-03-04 23:56:32 | 000,000,095 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2011-03-04 14:15:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-03-02 13:10:54 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\David\Local Settings\Application Data\PUTTY.RND
[2011-02-28 19:26:35 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Flash CS4 Professional.lnk
[2011-02-26 16:41:03 | 000,227,386 | ---- | M] () -- C:\Documents and Settings\David\Desktop\tets.wab
[2011-02-26 16:40:42 | 000,006,457 | ---- | M] () -- C:\Documents and Settings\David\Desktop\test.csv
[2011-02-26 16:39:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2011-02-26 16:31:45 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011-02-26 16:31:11 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011-02-26 16:31:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011-02-25 11:30:30 | 001,438,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-02-22 22:20:26 | 000,076,617 | ---- | M] () -- C:\Documents and Settings\David\Desktop\realm.jpg
[2011-02-21 12:09:26 | 000,003,805 | ---- | M] () -- C:\Documents and Settings\David\Desktop\pic1.jpg
[2011-02-18 13:11:58 | 000,011,288 | ---- | M] () -- C:\Documents and Settings\David\Desktop\friendsinfashion2.jpg
[2011-02-18 13:06:44 | 000,010,017 | ---- | M] () -- C:\Documents and Settings\David\Desktop\friendsinfashion.jpg
[2011-02-17 13:42:02 | 000,002,692 | ---- | M] () -- C:\Documents and Settings\David\Desktop\b gaelic.jpg
[2011-02-11 21:08:06 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2011-02-11 21:08:06 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2011-02-11 21:05:17 | 000,434,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-02-11 21:05:17 | 000,068,828 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-02-09 16:07:02 | 000,004,606 | ---- | M] () -- C:\Documents and Settings\David\Desktop\html.html
[2011-02-09 16:06:10 | 000,006,504 | ---- | M] () -- C:\Documents and Settings\David\Desktop\style.css

========== Files Created - No Company Name ==========

[2011-03-06 05:12:31 | 000,002,803 | ---- | C] () -- C:\Documents and Settings\David\Desktop\HiJackThis.lnk
[2011-03-06 04:06:59 | 000,000,567 | ---- | C] () -- C:\Documents and Settings\David\Start Menu\Programs\Startup\Sweex utility.lnk
[2011-03-06 04:06:59 | 000,000,567 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sweex utility.lnk
[2011-03-06 04:06:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\David\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2011-03-06 03:51:33 | 000,359,533 | ---- | C] () -- C:\WINDOWS\System32\explorer.exe
[2011-03-06 03:50:58 | 000,359,533 | ---- | C] () -- C:\WINDOWS\explorer.oldexe
[2011-03-06 03:19:01 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011-03-06 03:19:01 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011-03-06 03:19:00 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011-03-06 03:18:59 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011-03-06 03:18:58 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011-03-06 03:18:58 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011-03-06 03:18:58 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011-03-06 03:18:58 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011-03-06 03:18:57 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011-03-06 03:18:51 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011-03-06 02:47:23 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\David\Desktop\hosts-perm.bat
[2011-03-06 02:38:06 | 000,001,973 | ---- | C] () -- C:\Documents and Settings\David\Desktop\SpyHunter.lnk
[2011-03-06 02:14:40 | 000,359,533 | ---- | C] () -- C:\WINDOWS\System32\bla.exe
[2011-03-06 02:01:56 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-03-02 13:02:36 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\PUTTY.RND
[2011-02-28 19:26:35 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Flash CS4 Professional.lnk
[2011-02-28 19:25:46 | 000,002,024 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Pixel Bender Toolkit.lnk
[2011-02-28 19:23:19 | 000,001,104 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
[2011-02-26 18:11:05 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011-02-26 16:41:03 | 000,227,386 | ---- | C] () -- C:\Documents and Settings\David\Desktop\tets.wab
[2011-02-26 16:40:41 | 000,006,457 | ---- | C] () -- C:\Documents and Settings\David\Desktop\test.csv
[2011-02-26 16:31:45 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011-02-26 16:31:11 | 000,001,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011-02-26 16:31:00 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011-02-26 16:30:59 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011-02-22 22:20:26 | 000,076,617 | ---- | C] () -- C:\Documents and Settings\David\Desktop\realm.jpg
[2011-02-21 12:09:26 | 000,003,805 | ---- | C] () -- C:\Documents and Settings\David\Desktop\pic1.jpg
[2011-02-18 13:11:58 | 000,011,288 | ---- | C] () -- C:\Documents and Settings\David\Desktop\friendsinfashion2.jpg
[2011-02-18 13:06:44 | 000,010,017 | ---- | C] () -- C:\Documents and Settings\David\Desktop\friendsinfashion.jpg
[2011-02-17 13:42:02 | 000,002,692 | ---- | C] () -- C:\Documents and Settings\David\Desktop\b gaelic.jpg
[2011-02-11 21:08:06 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2011-02-11 21:08:05 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2011-02-11 20:23:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011-02-11 20:23:43 | 000,141,016 | ---- | C] () -- C:\WINDOWS\System32\alsndmgr.wav
[2011-02-09 16:07:02 | 000,004,606 | ---- | C] () -- C:\Documents and Settings\David\Desktop\html.html
[2011-02-09 16:06:10 | 000,006,504 | ---- | C] () -- C:\Documents and Settings\David\Desktop\style.css
[2010-11-12 14:32:55 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010-11-12 14:32:53 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010-11-12 14:32:53 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010-11-12 14:30:34 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010-11-12 14:04:33 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010-09-27 11:25:13 | 000,013,930 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010-08-30 18:55:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-08-30 18:55:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-08-30 18:55:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-08-30 18:50:47 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\0d41PoG.dat
[2010-08-30 18:39:52 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010-07-11 17:25:41 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\fusioncache.dat
[2010-06-10 08:36:19 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\David\Application Data\winscp.rnd
[2010-03-31 02:27:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010-03-31 02:18:32 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010-02-26 14:38:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009-10-20 14:24:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-09-26 18:29:19 | 001,105,800 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009-09-14 23:46:02 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009-09-14 23:45:55 | 000,111,928 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009-09-14 23:45:40 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009-09-12 20:33:45 | 000,000,534 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009-08-07 18:51:34 | 000,178,430 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009-08-07 16:17:00 | 000,064,790 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2009-04-15 21:52:12 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll
[2009-04-03 19:32:57 | 000,116,224 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-03-27 12:48:05 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009-03-25 20:45:58 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009-03-25 20:45:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009-03-25 20:08:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009-03-25 20:06:43 | 001,438,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-03-25 19:32:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009-03-25 19:18:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009-03-25 19:14:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007-01-31 14:48:36 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP7311.ini
[2004-08-04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004-08-04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004-08-04 13:00:00 | 000,434,838 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004-08-04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004-08-04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004-08-04 13:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004-08-04 13:00:00 | 000,068,828 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004-08-04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004-08-04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004-08-04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-08-04 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004-08-04 13:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004-08-04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004-08-04 13:00:00 | 000,000,080 | ---- | C] () -- C:\WINDOWS\explorer.exe.scf
[1997-06-13 16:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2011-03-06 01:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009-04-29 10:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010-08-30 18:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010-08-30 18:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011-02-26 16:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010-04-22 16:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Belastingdienst
[2009-04-29 10:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\DAEMON Tools Lite
[2009-10-12 18:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\ImgBurn
[2009-11-09 02:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Octoshape
[2010-03-31 02:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Samsung
[2010-09-29 20:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\TS3Client

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009-08-04 22:06:23 | 000,000,000 | ---- | M] () -- C:\AILog.txt
[2009-03-25 19:16:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-08-30 18:00:01 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011-03-06 04:07:00 | 000,000,356 | RHS- | M] () -- C:\boot.ini
[2011-03-05 15:04:32 | 000,000,330 | RHS- | M] () -- C:\bootini.bak
[2004-08-03 22:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010-08-30 19:06:53 | 000,013,572 | ---- | M] () -- C:\ComboFix.txt
[2009-03-25 19:16:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009-03-25 19:16:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-03-25 19:16:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004-08-04 13:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011-03-06 11:16:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2011-03-06 11:10:25 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011-03-06 02:44:23 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2010-08-30 18:15:02 | 000,348,672 | ---- | M] () -- C:\rmbg3svx.nt
[2009-07-16 21:30:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009-07-16 21:30:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010-11-08 19:17:09 | 000,000,060 | ---- | M] () -- C:\tracert.txt
[2011-03-06 00:54:17 | 000,095,645 | ---- | M] () -- C:\Win-Files.txt

< %systemroot%\Fonts\*.com >
[2006-04-18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006-06-29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006-04-18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006-06-29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009-03-25 19:16:47 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008-07-06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006-04-10 14:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2003-06-18 16:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008-07-06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009-03-25 20:05:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009-03-25 20:05:56 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009-03-25 20:05:56 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lîk /x >
[2009-03-25 19:16:58 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
[2009-03-25 19:16:58 | 000,001,607 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
[2009-03-25 19:16:58 | 000,000,398 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Catalog.lnk
[2009-03-25 19:16:58 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Deskuop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >


< MD5 for: EXPLORER.EX_ >
[2004-08-04 13:00:00 | 000,359,533 | ---- | M] () MD5=4F061B12F3D5457315A0314954E7EF46 -- C:\I386\EXPLORER.EX_

< MD5 for: EXPLORER.EXE >
[2004-08-04 13:00:00 | 000,359,533 | ---- | M] () MD5=4F061B12F3D5457315A0314954E7EF46 -- C:\WINDOWS\system32\explorer.exe

< MD5 for: EXPLORER.EXE.SCF >
[2004-08-04 13:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.exe.scf

< MD5 for: EXPLORER.EXE-082F38A9.PF >
[2011-03-04 17:22:52 | 000,073,584 | ---- | M] () MD5=2040DD67B35F1D8E0D4BEA0B08F80FDC -- C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf

< MD5 for: EXPLORER.OLDEXE >
[2004-08-04 13:00:00 | 000,359,533 | ---- | M] () MD5=4F061B12F3D5457315A0314954E7EF46 -- C:\WINDOWS\explorer.oldexe

< MD5 for: EXPLORER.SC_ >
[2004-08-04 13:00:00 | 000,000,181 | ---- | M] () MD5=BC5B38879C56DFBC05C8B5C43AC4D739 -- C:\I386\EXPLORER.SC_

< MD5 for: IEXPLORE.CH_ >
[2004-08-04 13:00:00 | 000,199,077 | ---- | M] () MD5=5F64795662F162CCD8B30969B6682029 -- C:\I386\IEXPLORE.CH_

< MD5 for: IEXPLORE.CHM >
[2004-08-04 13:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\Help\iexplore.chm
[2006-09-01 07:43:50 | 000,503,758 | ---- | M] () MD5=652E46500C149D1DC948BF9CEA8C4933 -- C:\Program Files\IE7\iexplore.chm

< MD5 for: IEXPLORE.EX_ >
[2004-08-04 13:00:00 | 000,037,895 | ---- | M] () MD5=F83009589844F0C30801CC2221F06AB9 -- C:\I386\IEXPLORE.EX_

< MD5 for: IEXPLORE.EXE >
[2009-04-20 12:56:28 | 000,031,232 | ---- | M] () MD5=AE72E8619CB31D84DA25E2435E55003C -- C:\ComboFix\iexplore.exe
[2007-08-13 17:43:56 | 000,622,080 | ---- | M] (Microsoft Corporation) MD5=DE49B348A18369B4626FBA1D49B07FB4 -- C:\Program Files\IE7\iexplore.exe
[2004-08-04 13:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
[2004-08-04 13:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\ERDNT\cache\IEXPLORE.EXE
[2004-08-04 13:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\system32\dllcache\iexplore.exe

< MD5 for: IEXPLORE.EXE.LOCAL >
[2010-06-22 14:29:30 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Program Files\IE7\iexplore.exe.local

< MD5 for: IEXPLORE.EXE.MUI >
[2007-08-13 17:43:36 | 000,573,440 | ---- | M] (Microsoft Corporation) MD5=B58D8A1C7EE0E922EC7D2616DA136FC3 -- C:\Program Files\IE7\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-26A4253F.PF >
[2011-03-03 18:08:47 | 000,080,640 | ---- | M] () MD5=6126EFACD950EC9C2A65C8EA98226CFB -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-26A4253F.pf

< MD5 for: IEXPLORE.HL_ >
[2004-08-04 13:00:00 | 000,059,881 | ---- | M] () MD5=D23388C8D5D82D4D1C3B0B6A256E3CB7 -- C:\I386\IEXPLORE.HL_

< MD5 for: IEXPLORE.HLP >
[2004-08-04 13:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\WINDOWS\Help\iexplore.hlp

< MD5 for: WINLOGON.EX_ >
[2004-08-04 13:00:00 | 000,261,115 | ---- | M] () MD5=F41C4F5745589D0BB8268C02B71594CA -- C:\I386\WINLOGON.EX_

< MD5 for: WINLOGON.EXE >
[2004-08-04 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004-08-04 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINLOGON.OLD >
[2004-08-04 13:00:00 | 000,261,115 | ---- | M] () MD5=F41C4F5745589D0BB8268C02B71594CA -- C:\WINDOWS\system32\winlogon.old

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

< End of report >

 

[Triumph]

OTL Extras logfile created on: 6-3-2011 11:18:27 - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = c:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000413 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 8,10 Gb Free Space | 33,16% Space Free | Partition Type: NTFS
Drive D: | 581,89 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 44,52 Gb Total Space | 6,12 Gb Free Space | 13,75% Space Free | Partition Type: NTFS
Drive I: | 982,01 Mb Total Space | 492,16 Mb Free Space | 50,12% Space Free | Partition Type: FAT32

Computer Name: DAVIDINTEL | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L
Drive [find] -- %SystemRoot%\Explorer.exe

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*isabled:Adobe CSI CS4
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*isabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Adobe\Adobe Flash CS4\Flash.exe" = C:\Program Files\Adobe\Adobe Flash CS4\Flash.exe:*isabled:Adobe Flash CS4 Professional -- (Adobe Systems Incorporated.)
"F:\WOW\Launcher.exe" = F:\WOW\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Documents and Settings\David\Local Settings\Apps\2.0\DG58PY6H.0TQ\EBLBB6L5.E57\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe" = C:\Documents and Settings\David\Local Settings\Apps\2.0\DG58PY6H.0TQ\EBLBB6L5.E57\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10F5387D-1728-423A-A578-B00982CF2646}" = Windows Live Messenger
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B0098FF-1816-4F42-8203-FA29F5735596}" = Samsung PC Studio 3
"{1BD6AE96-4742-4498-9D03-9451C7E5A214}" = Windows Live aanmeldhulp
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A8F82E8-7B86-4AFD-BFBC-2BA4C2CF52DB}" = Windows Live Call
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2C34CB9F-F271-48A6-B75E-00B199D8F217}" = Sweex LW312 Driver
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{41EBC322-660F-4D16-A0DF-53147210CBDB}" = SpyHunter
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{562B9CA4-6E52-4F87-ACEC-912FC004F1F0}" = Windows Live Essentials
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1043-7B44-A93000000001}" = Adobe Reader 9.3.2 - Nederlands
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Age of Empires 2.0" = Microsoft Age of Empires II
"AVG9Uninstall" = AVG Free 9.0
"BitLord" = BitLord 1.1
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Easy Cover Print 2.3" = Easy Cover Print 2.3
"EditPlus 2" = EditPlus 2
"ESET Online Scanner" = ESET Online Scanner v3
"Fraps" = Fraps (remove only)
"IE7 Standalone_is1" = Internet Explorer 7 Standalone
"ImgBurn" = ImgBurn
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"QuicktimeAlt_is1" = QuickTime Alternative 1.47
"RealAlt_is1" = Real Alternative 1.7.5
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"VLC media player" = VLC media player 1.0.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.7
"WMCSetup" = Windows Media Connect
"World of Warcraft" = World of Warcraft
"WS_FTP Pro" = Ipswitch WS_FTP Pro
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21-11-2010 14:35:06 | Computer Name = DAVIDINTEL | Source = Application Hang | ID = 1002
Description = Hanging application wsftppro.exe, version 8.0.3.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 16-12-2010 20:04:20 | Computer Name = DAVIDINTEL | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.

Error - 6-1-2011 17:25:49 | Computer Name = DAVIDINTEL | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.

Error - 5-2-2011 15:31:48 | Computer Name = DAVIDINTEL | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.

Error - 15-2-2011 9:58:55 | Computer Name = DAVIDINTEL | Source = Application Hang | ID = 1002
Description = Hanging application Wow.exe, version 4.0.6.13623, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 20-2-2011 14:08:22 | Computer Name = DAVIDINTEL | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.

Error - 25-2-2011 11:58:52 | Computer Name = DAVIDINTEL | Source = Application Error | ID = 1000
Description = Faulting application wsftppro.exe, version 8.0.3.0, faulting module
wsftpext.dll, version 8.0.3.0, fault address 0x00039142.

Error - 28-2-2011 14:50:44 | Computer Name = DAVIDINTEL | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.

Error - 1-3-2011 6:36:42 | Computer Name = DAVIDINTEL | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.

Error - 1-3-2011 14:45:37 | Computer Name = DAVIDINTEL | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.

[ System Events ]
Error - 6-3-2011 0:04:00 | Computer Name = DAVIDINTEL | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 6-3-2011 0:04:02 | Computer Name = DAVIDINTEL | Source = Service Control Manager | ID = 7031
Description = The Mobiel Apple apparaat service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6-3-2011 0:04:02 | Computer Name = DAVIDINTEL | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly. It has done this 1
time(s).

Error - 6-3-2011 0:04:02 | Computer Name = DAVIDINTEL | Source = Service Control Manager | ID = 7034
Description = The Bonjour-service service terminated unexpectedly. It has done
this 1 time(s).

Error - 6-3-2011 0:04:02 | Computer Name = DAVIDINTEL | Source = Service Control Manager | ID = 7031
Description = The AVG Free WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 6-3-2011 0:05:29 | Computer Name = DAVIDINTEL | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 6-3-2011 0:05:29 | Computer Name = DAVIDINTEL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i2omgmt

Error - 6-3-2011 0:05:35 | Computer Name = DAVIDINTEL | Source = NetBT | ID = 4307
Description = Initialization failed because the transport refused to open initial
Addresses.

Error - 6-3-2011 6:10:39 | Computer Name = DAVIDINTEL | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 6-3-2011 6:10:39 | Computer Name = DAVIDINTEL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i2omgmt


< End of report >

 

[Triumph]

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by David at 11:30:32,89 on zo 06-03-2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2321 [GMT 1:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sweex\LW312\Utility\UI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\otl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\David\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [walyukrn] c:\documents and settings\david\local settings\application data\ydcjxkjhl\ylpqbbushdw.exe
uRun: [rpmrdwes] c:\documents and settings\david\local settings\application data\wpxjxcwya\ytekjewshdw.exe
uRun: [nyxnqeop] c:\documents and settings\david\local settings\application data\toukxiufr\ymrbfyyshdw.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime alternative\QTTask.exe" -atboottime
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\david\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\docume~1\david\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\david\startm~1\programs\startup\sweexu~1.lnk - c:\program files\sweex\lw312\utility\UI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sweexu~1.lnk - c:\program files\sweex\lw312\utility\UI.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} - hxxp://192.168.1.41:2222/tsweb/msrdp.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: {40130880-28F3-4446-8F52-358CEFE7B002} = 62.179.104.196,213.46.228.196
TCP: {5D2D4ED9-5765-4B17-A4BF-75C045F78631} = 62.179.104.196,213.46.228.196
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\david\applic~1\mozilla\firefox\profiles\q69qb81l.default\
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin6.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-25 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-25 29584]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-25 308136]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-11-5 327000]
R3 RT80x86;Sweex Wireless PCI Card Driver;c:\windows\system32\drivers\rt2860.sys [2010-9-27 1015424]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;\??\c:\program files\finalwire\aida64 extreme edition\kerneld.x32 --> c:\program files\finalwire\aida64 extreme edition\kerneld.x32 [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-2-11 1691480]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
=============== Created Last 30 ================
.
2011-03-06 10:30:27 -------- d-----w- C:\ERDNT
2011-03-06 10:16:16 581120 ----a-w- C:\OTL.exe
2011-03-06 04:17:00 388096 ----a-r- c:\docume~1\david\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-06 04:17:00 -------- d-----w- c:\program files\Trend Micro
2011-03-06 04:09:06 -------- d-----w- c:\program files\ESET
2011-03-06 03:18:05 -------- d-s---w- C:\ComboFix
2011-03-06 02:51:33 359533 ----a-w- c:\windows\system32\explorer.exe
2011-03-06 02:26:01 -------- d-----w- C:\I386
2011-03-06 02:18:59 9472 -c--a-w- c:\windows\system32\dllcache\ativmdcd.sys
2011-03-06 02:17:50 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-03-06 02:17:47 2180992 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-03-06 01:38:07 110080 ----a-r- c:\docume~1\david\applic~1\microsoft\installer\{41ebc322-660f-4d16-a0df-53147210cbdb}\IconF7A21AF7.exe
2011-03-06 01:38:07 110080 ----a-r- c:\docume~1\david\applic~1\microsoft\installer\{41ebc322-660f-4d16-a0df-53147210cbdb}\IconD7F16134.exe
2011-03-06 01:38:04 -------- d-----w- C:\sh4ldr
2011-03-06 01:38:04 -------- d-----w- c:\program files\Enigma Software Group
2011-03-06 01:14:40 359533 ----a-w- c:\windows\system32\bla.exe
2011-03-06 01:02:00 -------- d-----w- c:\docume~1\david\applic~1\Malwarebytes
2011-03-06 01:01:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-06 01:01:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-06 01:01:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-06 01:01:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-05 23:48:07 -------- d-----w- c:\windows\Recent
2011-03-05 19:36:59 -------- d-----w- C:\Virus Removal Tool
2011-02-26 17:13:48 -------- d-----w- c:\docume~1\david\locals~1\applic~1\CutePDF Writer
2011-02-26 17:12:16 -------- d-----w- c:\program files\GPLGS
2011-02-26 17:11:05 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2011-02-26 17:10:59 -------- d-----w- c:\program files\Acro Software
2011-02-26 15:30:59 -------- d-----w- c:\docume~1\david\locals~1\applic~1\Apple
2011-02-26 15:30:54 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-26 15:30:54 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-26 15:29:59 -------- d-----w- c:\docume~1\david\locals~1\applic~1\Apple Computer
2011-02-11 20:08:03 -------- d-----w- c:\windows\system32\Lang
2011-02-11 20:04:49 -------- d-----w- c:\windows\system32\RTCOM
2011-02-11 19:23:44 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2011-02-11 19:05:49 -------- d-----w- c:\docume~1\david\locals~1\applic~1\eSupport.com
.
==================== Find3M ====================
.
.
============= FINISH: 11:30:46,06 ===============

 

[oldman960]

Hi Triumph,

Let's see if we can get the desktop back then finish cleaning this machine.

Next, create this batch file.

• Highlight all the bolded text box below
  
  expand C:\I386\EXPLORER.EX_ C:\windows\explorer.exe
• right click the highlighted text and select copy

In Task Manager

• click file
• click New Task(Run...)
• type the following line into the open: field
  notepad
• click ok

When the notepad opens

• Click "Format" and be certain that Word Wrap is not checked.
• Right click in the notepad and select paste. The text should appear.
• Click File, Save as..., and set the Save in to your C:\
• In the filename box, type (including quotation marks) as the filename: "myfix.bat"
• Click save

In Task Manager

• click file
• click New Task(Run...)
• type the following line into the open: field
  C:\myfix.bat
• click ok

You may see a black window briefly flash, that normal.

In Task Manager

• click file
• click New Task(Run...)
• type the following line into the open: field
  explorer.exe
• click ok

Is your desktop back?

Thanks

 

[Triumph]

Hey, thanks for the reply.

I tried what you posted, but nothing happens, when I press "OK" after typing explorer.exe I see the process coming up in the Processes Tab from the Windows Task Manager but then it just goes away in a split second.

I really think it's a registry thing.

But I'll keep my hands off till you reply back

Hope we can fix it.

Thanks again.

 

[Triumph]

Because it went away so fast I couldn't really see the name of the process, I captured it in the end, it's called ntvdm.exe

Here the screenshots of my task manager:

 

[Triumph]

Hmm I also found quite a few disturbing exe's loading in my msconfig:

 

[oldman960]

Hi Triumph,

Those files are reported as missing but we'll see if they are gone for sure. We'll also check if our file replacement worked.

We'll use OTL again.

Highlight all the text in the text box and select copy

• Do Not copy the word CODE
• please note the fix starts with the :

:Services

:OTL
O4 - HKCU..\Run: [nyxnqeop] File not found
O4 - HKCU..\Run: [rpmrdwes] File not found
O4 - HKCU..\Run: [walyukrn] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

:Reg

:Files
c:\documents and settings\david\local settings\application data\ydcjxkjhl
c:\documents and settings\david\local settings\application data\wpxjxcwya
c:\documents and settings\david\local settings\application data\toukxiufr
C:\WINDOWS\system32\explorer.exe

:Commands
[emptytemp]
[createrestorepoint]
[Reboot]

Open OTL via taskmanger as you did before

• When OTL opens right click in the Window under Custom Scans/Fixes and select paste
• Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
  Please post the OTL fixog.
  
  Next
  
  Please open OTL if it is not opened after the reboot.
  
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, click the None button near the top (it may looked greyed out)
    
  • In the window under Custom Scans/Fixes copy and paste the following
    
    
    
    /md5start
    explorer.*
    ntvdm.*
    /md5stop
    
    
    
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.
  
  Please post back with
  • OTL fix log
  • OTL.txt
  Thanks

 

[Triumph]

My desktop is back!
Just did the first step, posting the log:

Going to do the next step!!


All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\nyxnqeop deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\rpmrdwes deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\walyukrn deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
========== REGISTRY ==========
========== FILES ==========
File\Folder c:\documents and settings\david\local settings\application data\ydcjxkjhl not found.
File\Folder c:\documents and settings\david\local settings\application data\wpxjxcwya not found.
File\Folder c:\documents and settings\david\local settings\application data\toukxiufr not found.
Item C:\WINDOWS\system32\explorer.exe is whitelisted and cannot be moved.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: David
->Temp folder emptied: 98334 bytes
->Temporary Internet Files folder emptied: 3654242 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 59098311 bytes
->Flash cache emptied: 611 bytes

User: David 2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 60,00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.2 log created on 03062011_210651

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[Triumph]

Step 2 OLT.txt

OTL logfile created on: 6-3-2011 21:11:42 - Run 2
OTL by OldTimer - Version 3.2.22.2 Folder = C:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000413 | Country: Netherlands | Language: NLD | Date Format: d-M-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,41 Gb Total Space | 7,98 Gb Free Space | 32,70% Space Free | Partition Type: NTFS
Drive D: | 581,89 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 44,52 Gb Total Space | 6,12 Gb Free Space | 13,75% Space Free | Partition Type: NTFS
Drive I: | 982,01 Mb Total Space | 492,16 Mb Free Space | 50,12% Space Free | Partition Type: FAT32

Computer Name: DAVIDINTEL | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========



< MD5 for: EXPLORER.EX_ >
[2004-08-04 13:00:00 | 000,359,533 | ---- | M] () MD5=4F061B12F3D5457315A0314954E7EF46 -- C:\I386\EXPLORER.EX_

< MD5 for: EXPLORER.EXE >
[2004-08-04 13:00:00 | 000,359,533 | ---- | M] () MD5=4F061B12F3D5457315A0314954E7EF46 -- C:\WINDOWS\system32\explorer.exe
[2004-08-04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe
[2004-08-04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: EXPLORER.EXE.SCF >
[2004-08-04 13:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.exe

< MD5 for: EXPLORER.EXE-082F38A9.PF >
[2011-03-04 17:22:52 | 000,073,584 | ---- | M] () MD5=2040DD67B35F1D8E0D4BEA0B08F80FDC -- C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf

< MD5 for: EXPLORER.OLDEXE >
[2004-08-04 13:00:00 | 000,359,533 | ---- | M] () MD5=4F061B12F3D5457315A0314954E7EF46 -- C:\WINDOWS\explorer.oldexe

< MD5 for: EXPLORER.SC_ >
[2004-08-04 13:00:00 | 000,000,181 | ---- | M] () MD5=BC5B38879C56DFBC05C8B5C43AC4D739 -- C:\I386\EXPLORER.SC_

< MD5 for: NTVDM.EX_ >
[2004-08-04 13:00:00 | 000,197,872 | ---- | M] () MD5=F797CDFAD86BBFA0687C9169BB17F9DC -- C:\I386\NTVDM.EX_

< MD5 for: NTVDM.EXE >
[2004-08-04 13:00:00 | 000,419,840 | ---- | M] (Microsoft Corporation) MD5=0738F4B53D967E46CC5E51F84BC1EB39 -- C:\WINDOWS\system32\dllcache\ntvdm.exe
[2004-08-04 13:00:00 | 000,419,840 | ---- | M] (Microsoft Corporation) MD5=0738F4B53D967E46CC5E51F84BC1EB39 -- C:\WINDOWS\system32\ntvdm.exe

< MD5 for: NTVDM.EXE-1A10A423.PF >
[2011-03-06 19:45:49 | 000,012,276 | ---- | M] () MD5=13875AB5F23FFB535C4FCD7290C5B48A -- C:\WINDOWS\Prefetch\NTVDM.EXE-1A10A423.pf

< MD5 for: NTVDM.JPG >
[2011-03-06 19:48:20 | 000,149,990 | ---- | M] () MD5=C9A6608A0B199EC97C38976523B303FB -- C:\Documents and Settings\David\My Documents\My Pictures\ntvdm.jpg

< End of report >

 

[Triumph]

Does this mean I'm virus free now?

Or do you recommend scanning? If so which program(s) would you recommend?

Thanks a ton!

 

[oldman960]

Hi Triumph,

Good job! The reboot convinced Windows to use the correct file.

Next, create this batch file.

Open a new Notepad session

• Click the Start button, click run
• in the run box type notepad
• click ok
• In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  
• Copy and paste all the text in the code box below into the Notepad.

Do Not copy the word CODE

ren C:\windows\system32\explorer.exe explorer.old

In the notepad

• Click File, Save as..., and set the Save in to your Desktop
• In the filename box, type (including quotation marks) as the filename: "fix.bat"
• Click save

You will have a new file on your desktop called fix.bat with an icon that looks like a gear.

Double click fix.bat to run it.


Next

*Please move OTL.exe to your desktop or MBAM may flag it.*


You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

• Click the Update tab
• Click Check for Updates
• If an update is found, it will download and install the latest version.
• The program will close to update and reopen.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Next

One more scan to check our handiwork.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


Go here to run an online scannner from
ESET

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
• Click Scan.
• Wait for the scan to finish.
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. or C:\Program Files\ESET\log.txtWe will need this later.

Please post back with the ESET log.


After the ESET scan please run OTL again.

• Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output
• UNCheck the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad window. OTL.Txt.


Please post back with

• MBAM log
• ESET log
• OTL.txt

Any remaining issues?

Thanks

 

[Triumph]

Hey again thanks for the reply, i Will work on this tomorrow thanks again

 

[oldman960]

Hi Triumph,

:bigthumb:

 

[Triumph]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5979

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

7-3-2011 10:54:36
mbam-log-2011-03-07 (10-54-36).txt

Scan type: Quick scan
Objects scanned: 165158
Time elapsed: 1 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Triumph]

Eset.log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=1b7b355a602a4a4d94c5b7139b6dbc74
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-06 04:17:17
# local_time=2011-03-06 05:17:17 (+0100, W. Europe Standard Time)
# country="Netherlands"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1024 16777175 100 0 16651476 16651476 0 0
# compatibility_mode=8192 67108863 100 0 3727 3727 0 0
# scanned=10571
# found=0
# cleaned=0
# scan_time=365
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=1b7b355a602a4a4d94c5b7139b6dbc74
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-07 10:57:24
# local_time=2011-03-07 11:57:24 (+0100, W. Europe Standard Time)
# country="Netherlands"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 110837 110837 0 0
# compatibility_mode=1024 16777175 100 0 16759060 16759060 0 0
# compatibility_mode=8192 67108863 100 0 111311 111311 0 0
# scanned=125634
# found=0
# cleaned=0
# scan_time=3186

 

[Triumph]

Hi there,

No infections found, so I guess that is good news! Again!

I have a few questions though if I may;

- I want to clean up my comp now, uninstall unused programs etc
- Clear my hard drive of files I never use etc
- Clear my msconfig start up list somewhat, with only the necessary stuff checked

What is the best way to do this, with keeping my registry clean.

I normally use regcleaner afterwards, but I read in the sticky topics you guys don't recommend using those kind of cleaners. Is there any other way?