Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

antispyware doctor?


  • This topic is locked This topic is locked
15 replies to this topic

#1 chormnado

chormnado

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 07 September 2010 - 01:28 PM

it all started with antispyware doctor. I have seemingly disabled that, but believe it isn't completely removed.

Maybe I did something wrong, but I've never been able to load "malwarebyte's AntiMalware'. I have installed over five times. nada. Doesn't boot up. I've since used a variety of removal tools like adaware, novashield, iobit 360... some of which have found and removed(?) trojans, etc....

I still feel like something is in there, though admittedly, my computer is behaving better. Not great, but better.

It's not my intent to take up a lot of your time, but it would be much appreciated if you could have a look.

William

p.s. - I tried to turn attach into a .zip file and could not. Sorry.

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:53 PM

Posted 13 September 2010 - 12:53 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 chormnado

chormnado
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 15 September 2010 - 01:09 AM

It sure did get awhile to get some help, but I was hopeful someone would lend a hand. Gleatly appreciated sir/madam.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 9/14/2010 10:27:55 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Vilhelm\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

478.00 Mb Total Physical Memory | 58.00 Mb Available Physical Memory | 12.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): c:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 69.56 Gb Free Space | 46.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FREESCHOOL
Current User Name: Vilhelm
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/14 22:08:07 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vilhelm\My Documents\Downloads\OTL.exe
PRC - [2010/06/11 18:14:24 | 001,280,344 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360tray.exe
PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/07 16:59:50 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/05 14:50:00 | 000,494,920 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/10/14 16:42:38 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009/02/27 08:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/27 08:22:10 | 001,368,064 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2009/02/27 07:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/02/27 07:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/09/24 15:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2007/04/16 16:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2004/10/15 20:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe
PRC - [2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/05/22 19:55:38 | 000,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2002/12/17 11:40:22 | 000,049,152 | R--- | M] () -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe


========== Modules (SafeList) ==========

MOD - [2010/09/14 22:08:07 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vilhelm\My Documents\Downloads\OTL.exe
MOD - [2010/09/03 10:41:34 | 000,039,936 | ---- | M] () -- C:\WINDOWS\system32\winamnc.dll
MOD - [2010/09/03 10:41:29 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Vilhelm\Local Settings\Application Data\Desktop Cleanup Wizard\dskclnwiz.dll
MOD - [2010/07/30 10:18:26 | 000,232,960 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360mon.dll
MOD - [2004/10/15 19:32:10 | 000,083,096 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\SSSensor.dll
MOD - [2004/08/04 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\STOPzilla!\szntsvc.exe -- (STOPzilla Local Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - File not found [Auto | Stopped] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/17 10:10:56 | 003,587,904 | ---- | M] (NovaShield, Inc.) [Auto | Running] -- C:\Program Files\NovaShield\NSServ.exe -- (NSService)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/10/14 16:42:38 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/02/27 08:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/02/27 07:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2009/02/27 07:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2008/09/24 15:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2004/10/15 20:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) [Auto | Running] -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/06/17 10:11:58 | 000,792,704 | ---- | M] (NovaShield, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\NSKernel.sys -- (NovaShieldFilterDriver)
DRV - [2010/06/17 10:11:58 | 000,013,696 | ---- | M] (NovaShield, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NSNetmon.sys -- (NovaShieldTDIDriver)
DRV - [2009/03/25 15:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/09/24 11:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/08/13 18:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/01/07 15:36:16 | 002,216,064 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2007/01/25 13:04:30 | 000,005,273 | ---- | M] (Arrowkey) [Kernel | Auto | Running] -- C:\Program Files\Quintessential Media Player\cdrpdacc.sys -- (CDRPDACC) Quinnware CDDA Driver (by InfinaDyne)
DRV - [2005/06/09 14:39:56 | 000,099,712 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/10/15 19:32:44 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys -- (wg6n)
DRV - [2004/10/15 19:32:42 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys -- (wg5n)
DRV - [2004/10/15 19:32:40 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys -- (wg4n)
DRV - [2004/10/15 19:32:38 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n)
DRV - [2004/10/15 19:18:46 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2004/10/15 19:17:02 | 000,060,496 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer)
DRV - [2004/09/21 10:49:46 | 003,151,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel®
DRV - [2004/06/28 16:03:42 | 000,276,480 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004/06/28 16:03:02 | 000,292,864 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2004/06/11 04:03:41 | 000,069,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2004/06/11 04:03:27 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/06/11 04:03:27 | 000,682,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/11 04:03:27 | 000,199,552 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/05/26 17:10:36 | 000,182,720 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1482476501-1972579041-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
IE - HKU\S-1-5-21-1482476501-1972579041-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1482476501-1972579041-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/17 14:01:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/21 15:18:16 | 000,000,000 | ---D | M]

[2009/10/15 15:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vilhelm\Application Data\Mozilla\Extensions
[2010/09/13 09:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vilhelm\Application Data\Mozilla\Firefox\Profiles\y5bpevxa.default\extensions
[2010/09/13 09:48:47 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Documents and Settings\Vilhelm\Application Data\Mozilla\Firefox\Profiles\y5bpevxa.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/09/14 22:06:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/21 16:05:31 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (C:\WINDOWS\system32\cfko9d.dll) - {B1BA40A2-75F2-51BD-F413-04B13A2C8953} - C:\WINDOWS\System32\cfko9d.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-1482476501-1972579041-839522115-1004\..\Toolbar\ShellBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-1482476501-1972579041-839522115-1004\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [Acronis Toolbar Helper] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [bywwtqsys] C:\WINDOWS\System32\xxyxvv.dll (Symantec Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [HNUkmHTgob] C:\DOCUME~1\Vilhelm\LOCALS~1\Temp\drweb.exe File not found
O4 - HKLM..\Run: [HNUkmHTgosf] C:\DOCUME~1\Vilhelm\LOCALS~1\Temp\taskmgr.exe File not found
O4 - HKLM..\Run: [HNUkmHTgta] C:\DOCUME~1\Vilhelm\LOCALS~1\Temp\user.exe File not found
O4 - HKLM..\Run: [HP Software Update] c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe ()
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\IMKR6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [MKaoc] C:\WINDOWS\debug.exe File not found
O4 - HKLM..\Run: [MKbtc] C:\WINDOWS\hexdump.exe File not found
O4 - HKLM..\Run: [MKcZ] C:\WINDOWS\mdm.exe File not found
O4 - HKLM..\Run: [MKdw+] C:\WINDOWS\nvsvc32.exe File not found
O4 - HKLM..\Run: [MKee] C:\WINDOWS\user.exe File not found
O4 - HKLM..\Run: [MKeuf] C:\WINDOWS\spoolsv.exe File not found
O4 - HKLM..\Run: [MKevc] C:\WINDOWS\setup.exe File not found
O4 - HKLM..\Run: [MKZSc] C:\WINDOWS\avp32.exe File not found
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NovaShield] C:\Program Files\NovaShield\NovaShield.exe (NovaShield, Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [xxxurpaudio] C:\WINDOWS\System32\rqrssp.dll (Symantec Corporation)
O4 - HKU\.DEFAULT..\Run: [jkjggdaudio] C:\WINDOWS\System32\rqrssp.dll (Symantec Corporation)
O4 - HKU\.DEFAULT..\Run: [ljgeeesys] C:\WINDOWS\System32\xxyxvv.dll (Symantec Corporation)
O4 - HKU\S-1-5-18..\Run: [jkjggdaudio] C:\WINDOWS\System32\rqrssp.dll (Symantec Corporation)
O4 - HKU\S-1-5-18..\Run: [ljgeeesys] C:\WINDOWS\System32\xxyxvv.dll (Symantec Corporation)
O4 - HKU\S-1-5-21-1482476501-1972579041-839522115-1004..\Run: [COM+ Manager] C:\Documents and Settings\Vilhelm\.COMMgr\complmgr.exe File not found
O4 - HKU\S-1-5-21-1482476501-1972579041-839522115-1004..\Run: [HNUkmHTgob] C:\DOCUME~1\Vilhelm\LOCALS~1\Temp\drweb.exe File not found
O4 - HKU\S-1-5-21-1482476501-1972579041-839522115-1004..\Run: [HNUkmHTgosf] C:\DOCUME~1\Vilhelm\LOCALS~1\Temp\taskmgr.exe File not found
O4 - HKU\S-1-5-21-1482476501-1972579041-839522115-1004..\Run: [HNUkmHTgta] C:\DOCUME~1\Vilhelm\LOCALS~1\Temp\user.exe File not found
O4 - HKU\S-1-5-21-1482476501-1972579041-839522115-1004..\Run: [mediafix70700en02.exe] C:\Documents and Settings\Vilhelm\Application Data\273F300F9A8177253353B2EE95F29549\mediafix70700en02.exe File not found
O4 - HKU\S-1-5-21-1482476501-1972579041-839522115-1004..\Run: [MKaoc] C:\WINDOWS\debug.exe File not found
O4 - HKU\S-1-5-21-1482476501-1972579041-839522115-1004..\Run: [MKbtc] C:\WINDOWS\hexdump.exe File not found
O4 - HKU\S-1-5-21-1482476501-1972579041-839522115-1004..\Run: [MKcZ] C:\WINDOWS\mdm.exe File not found
O4 - HKU\S-1-5-21-1482476501-1972579041-839522115-1004..\Run: [MKdw+] C:\WINDOWS\nvsvc32.exe File not found
O4 - HKU\S-1-5-21-1482476501-1972579041-839522115-1004..\Run: [MKee] C:\WINDOWS\user.exe File not found
O4 - HKU\S-1-5-21-1482476501-1972579041-839522115-1004..\Run: [MKeuf] C:\WINDOWS\spoolsv.exe File not found
O4 - HKU\S-1-5-21-1482476501-1972579041-839522115-1004..\Run: [MKevc] C:\WINDOWS\setup.exe File not found
O4 - HKU\S-1-5-21-1482476501-1972579041-839522115-1004..\Run: [MKZSc] C:\WINDOWS\avp32.exe File not found
O4 - HKU\S-1-5-21-1482476501-1972579041-839522115-1004..\Run: [wvturpaudio] C:\WINDOWS\System32\rqrssp.dll (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-1972579041-839522115-1004\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1482476501-1972579041-839522115-1004\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1482476501-1972579041-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-1972579041-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1267047578611 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1267047570596 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\winamnc.dll) - C:\WINDOWS\system32\winamnc.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O22 - SharedTaskScheduler: {B1BA40A2-75F2-51BD-F413-04B13A2C8953} - hasf87hdfuidhfiudfhdiu - C:\WINDOWS\System32\cfko9d.dll File not found
O24 - Desktop WallPaper: C:\WINDOWS\Amber Migration.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Amber Migration.bmp
O30 - LSA: Authentication Packages - (xxyxvv.dll) - C:\WINDOWS\System32\xxyxvv.dll (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/15 13:43:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{146bea8a-cd03-11de-9815-00c09f53c960}\Shell - "" = AutoRun
O33 - MountPoints2\{146bea8a-cd03-11de-9815-00c09f53c960}\Shell\Auto\command - "" = auto.exe
O33 - MountPoints2\{146bea8a-cd03-11de-9815-00c09f53c960}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{655106d2-b9e2-11de-980d-00c09f53c960}\Shell - "" = AutoRun
O33 - MountPoints2\{655106d2-b9e2-11de-980d-00c09f53c960}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{655106d2-b9e2-11de-980d-00c09f53c960}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/09/14 22:21:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/09/14 15:45:59 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/09/13 09:54:07 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia
[2010/09/13 09:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vilhelm\Application Data\TuneUpMedia
[2010/09/13 09:53:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
[2010/09/10 09:17:02 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2010/09/10 08:55:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/09/10 08:52:44 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2010/09/10 08:52:44 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2010/09/10 08:52:42 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2010/09/10 08:52:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2010/09/10 08:52:33 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2010/09/10 08:52:33 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2010/09/10 08:52:33 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2010/09/10 08:52:28 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2010/09/10 08:52:25 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2010/09/10 08:52:25 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010/09/10 08:52:25 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2010/09/10 08:52:25 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2010/09/10 08:52:24 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2010/09/10 08:52:24 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2010/09/10 08:52:24 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2010/09/10 08:52:24 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2010/09/10 08:52:24 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2010/09/10 08:52:23 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2010/09/10 08:52:23 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2010/09/10 08:52:22 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2010/09/10 08:52:22 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2010/09/10 08:52:22 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2010/09/10 08:52:22 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010/09/10 08:52:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010/09/10 08:52:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010/09/10 08:52:21 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2010/09/10 08:52:21 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2010/09/10 08:52:21 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2010/09/10 08:52:21 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2010/09/10 08:52:21 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2010/09/10 08:52:21 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2010/09/10 08:52:21 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2010/09/10 08:52:21 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2010/09/10 08:52:20 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2010/09/10 08:52:20 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2010/09/10 08:52:20 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2010/09/10 08:52:19 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2010/09/10 08:52:14 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2010/09/10 08:52:14 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2010/09/10 08:52:11 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/09/10 08:52:11 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/09/10 08:52:11 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/09/10 08:52:11 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2010/09/10 08:52:08 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2010/09/10 08:52:08 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010/09/10 08:52:05 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2010/09/10 08:52:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2010/09/10 08:52:04 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2010/09/10 08:52:01 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2010/09/10 08:52:01 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2010/09/10 08:52:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2010/09/10 08:51:52 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2010/09/10 08:51:46 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2010/09/10 08:51:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2010/09/10 08:51:27 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2010/09/10 08:51:27 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2010/09/10 08:51:25 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2010/09/10 08:51:24 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2010/09/10 08:51:24 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2010/09/10 08:51:22 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2010/09/10 08:51:17 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2010/09/10 08:51:15 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2010/09/10 08:51:00 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2010/09/10 08:50:57 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2010/09/10 08:50:57 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2010/09/10 08:50:57 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2010/09/10 08:50:57 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2010/09/10 08:50:56 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2010/09/10 08:50:56 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2010/09/10 08:50:56 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2010/09/10 08:50:56 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010/09/10 08:50:56 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010/09/10 08:50:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2010/09/10 08:50:55 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2010/09/10 08:50:55 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2010/09/10 08:50:55 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2010/09/10 08:50:55 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2010/09/10 08:50:55 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2010/09/10 08:50:55 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2010/09/10 08:50:54 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2010/09/10 08:50:54 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2010/09/10 08:50:54 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010/09/10 08:50:54 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010/09/10 08:50:54 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2010/09/10 08:50:53 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2010/09/10 08:50:52 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2010/09/10 08:50:52 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2010/09/10 08:50:51 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2010/09/10 08:50:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2010/09/10 08:50:49 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2010/09/10 08:50:49 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2010/09/10 08:50:49 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2010/09/10 08:50:48 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010/09/10 08:50:48 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010/09/10 08:50:48 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010/09/10 08:50:48 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2010/09/10 08:50:32 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2010/09/10 08:50:27 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2010/09/10 08:50:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2010/09/10 08:50:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2010/09/10 08:50:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2010/09/10 08:50:25 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/09/10 08:50:10 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2010/09/10 08:50:09 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2010/09/10 08:50:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2010/09/10 08:49:57 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2010/09/10 08:49:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2010/09/10 08:49:56 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2010/09/10 08:49:56 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2010/09/10 08:49:49 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2010/09/10 08:49:49 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2010/09/10 08:49:49 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2010/09/10 08:49:49 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2010/09/10 08:49:48 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2010/09/10 08:49:48 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2010/09/10 08:49:48 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2010/09/10 08:49:48 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2010/09/10 08:49:48 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2010/09/10 08:49:48 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2010/09/10 08:49:47 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2010/09/10 08:49:47 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2010/09/10 08:49:47 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2010/09/10 08:49:47 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2010/09/10 08:49:47 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2010/09/10 08:49:46 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2010/09/10 08:49:45 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2010/09/10 08:49:45 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2010/09/10 08:49:45 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2010/09/10 08:49:44 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2010/09/10 08:49:43 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2010/09/10 08:38:12 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010/09/10 08:38:12 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010/09/10 08:38:11 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TINTLGNT.IME
[2010/09/10 08:38:11 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010/09/10 08:38:11 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010/09/10 08:38:11 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010/09/10 08:38:11 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010/09/10 08:38:11 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010/09/10 08:38:11 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010/09/10 08:38:11 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CINTLGNT.IME
[2010/09/10 08:38:11 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010/09/10 08:38:06 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PINTLGNT.IME
[2010/09/10 08:38:06 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010/09/10 08:38:06 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010/09/10 08:38:06 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010/09/10 08:38:02 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010/09/10 08:37:38 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010/09/10 08:37:38 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2010/09/10 08:37:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010/09/10 08:37:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2010/09/07 10:23:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/07 10:23:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/07 10:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/06 21:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/06 21:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\Love
[2010/09/04 21:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vilhelm\Local Settings\Application Data\Threat Expert
[2010/09/04 18:18:42 | 001,546,624 | ---- | C] (Mirage Computer Systems (www.mirage-systems.de)) -- C:\WINDOWS\System32\LicProtectorEasyGo264.dll
[2010/09/04 18:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\NovaShield
[2010/09/04 18:18:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Logfiles
[2010/09/04 18:18:31 | 000,792,704 | ---- | C] (NovaShield, Inc.) -- C:\WINDOWS\System32\drivers\NSKernel.sys
[2010/09/04 18:18:31 | 000,013,696 | ---- | C] (NovaShield, Inc.) -- C:\WINDOWS\System32\drivers\NSNetmon.sys
[2010/09/04 18:09:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vilhelm\Desktop\New Folder (2)
[2010/09/04 15:36:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vilhelm\Local Settings\Application Data\Sunbelt Software
[2010/09/04 15:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/09/04 14:34:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vilhelm\Application Data\IObit
[2010/09/04 14:34:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/09/04 14:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/09/04 14:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft HiJackFree
[2010/09/04 12:07:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vilhelm\Application Data\STOPzilla!
[2010/09/04 12:07:03 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/09/04 09:43:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/09/04 09:33:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vilhelm\Application Data\Malwarebytes
[2010/09/04 09:29:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/04 08:51:39 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2010/09/04 08:50:53 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdl.dll
[2010/09/04 08:50:52 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn1.exe
[2010/09/04 08:50:52 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe
[2010/09/04 08:50:52 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe
[2010/09/04 08:50:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/09/03 15:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/09/03 10:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vilhelm\Local Settings\Application Data\WinZip
[2010/09/03 10:47:10 | 000,078,848 | -H-- | C] (Symantec Corporation) -- C:\WINDOWS\System32\rqrssp.dll
[2010/09/03 10:41:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Vilhelm\.COMMgr
[2010/09/03 10:41:44 | 000,140,288 | ---- | C] (GnuWin32 <http://gnuwin32.sourceforge.net>) -- C:\WINDOWS\System32\pcre3.dll
[2010/09/03 10:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vilhelm\Local Settings\Application Data\Desktop Cleanup Wizard
[2010/09/03 10:41:15 | 000,071,680 | -H-- | C] (Symantec Corporation) -- C:\WINDOWS\System32\nnmkhf.dll
[2010/09/03 10:41:15 | 000,071,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\xxyxvv.dll
[2010/09/03 10:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vilhelm\Application Data\273F300F9A8177253353B2EE95F29549
[2010/09/03 10:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vilhelm\Local Settings\Application Data\Windows Server
[2010/09/03 10:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/08/23 21:20:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vilhelm\My Documents\Nero Collections
[2004/08/04 05:00:00 | 000,143,360 | R--- | C] (Vzgztgr Rj) -- C:\Documents and Settings\Vilhelm\Application Data\sdra64.exe
[16 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/14 22:36:29 | 000,000,155 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/09/14 22:33:50 | 002,883,584 | ---- | M] () -- C:\Documents and Settings\Vilhelm\NTUSER.DAT
[2010/09/14 22:32:22 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\Vilhelm\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/14 22:23:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/14 22:23:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/14 22:23:38 | 501,731,328 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/14 22:22:27 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Vilhelm\ntuser.ini
[2010/09/14 22:19:21 | 000,000,336 | -H-- | M] () -- C:\aaw7boot.cmd
[2010/09/14 22:09:22 | 000,000,846 | ---- | M] () -- C:\Documents and Settings\Vilhelm\Desktop\Shortcut to OTL.lnk
[2010/09/14 22:03:11 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\Vilhelm\Desktop\Shortcut to TELUS_Network_Settings.lnk
[2010/09/14 21:59:19 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/14 15:45:56 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/09/14 09:20:05 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/13 09:54:46 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Companion.lnk
[2010/09/13 09:49:28 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\Vilhelm\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/09/13 09:49:28 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2010/09/11 15:03:11 | 000,042,072 | ---- | M] () -- C:\Documents and Settings\Vilhelm\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/10 09:17:19 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/10 09:17:19 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/10 09:17:18 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/10 08:55:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/10 08:54:50 | 000,186,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/10 08:54:03 | 000,000,314 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/09/10 08:49:23 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/09/10 08:49:20 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/09/10 08:49:20 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/09/10 08:49:05 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/10 08:47:30 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/09/10 08:47:30 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/09/10 08:47:20 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/09/10 08:47:20 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/09/10 08:47:20 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/09/10 08:47:20 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/09/10 08:47:20 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/09/10 08:47:20 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/09/10 08:46:59 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/10 08:46:22 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/09/10 08:44:14 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/09/10 08:37:40 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/09 23:22:22 | 000,000,191 | ---- | M] () -- C:\Documents and Settings\Vilhelm\Application Data\default.rss
[2010/09/08 17:35:23 | 000,270,025 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/09/08 14:55:44 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/09/07 10:23:34 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/07 10:20:14 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Vilhelm\defogger_reenable
[2010/09/07 09:32:02 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Vilhelm\Desktop\dds.scr
[2010/09/07 09:31:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Vilhelm\Desktop\Defogger.exe
[2010/09/07 09:30:51 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Vilhelm\Desktop\gmer.zip
[2010/09/06 21:36:29 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Vilhelm\Local Settings\Application Data\housecall.guid.cache
[2010/09/06 21:28:56 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Vilhelm\Desktop\HijackThis.lnk
[2010/09/05 08:47:32 | 000,004,326 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/04 18:18:54 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NovaShield.lnk
[2010/09/04 18:01:50 | 004,305,348 | -H-- | M] () -- C:\Documents and Settings\Vilhelm\Local Settings\Application Data\IconCache.db
[2010/09/04 14:34:35 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2010/09/04 14:34:35 | 000,000,153 | ---- | M] () -- C:\Documents and Settings\Vilhelm\Desktop\IObit Freeware.url
[2010/09/04 14:24:46 | 000,000,723 | ---- | M] () -- C:\Documents and Settings\Vilhelm\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft HiJackFree.lnk
[2010/09/04 14:24:46 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft HiJackFree.lnk
[2010/09/04 12:52:52 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Vilhelm\Desktop\Shortcut to Downloads.lnk
[2010/09/04 10:17:30 | 000,000,776 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2010/09/04 10:13:15 | 000,004,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/09/03 10:47:10 | 000,078,848 | -H-- | M] (Symantec Corporation) -- C:\WINDOWS\System32\rqrssp.dll
[2010/09/03 10:46:55 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/09/03 10:46:54 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/09/03 10:42:41 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\wovkvzc.dll
[2010/09/03 10:42:41 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\uehblgzlt.dll
[2010/09/03 10:42:41 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\qkx98mwd.dll
[2010/09/03 10:42:41 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\qg7g7iw.dll
[2010/09/03 10:42:41 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\nr4qdmcm.dll
[2010/09/03 10:42:35 | 000,078,336 | ---- | M] () -- C:\WINDOWS\System32\drivers\zkxumylds1.sys
[2010/09/03 10:41:45 | 000,140,288 | ---- | M] (GnuWin32 <http://gnuwin32.sourceforge.net>) -- C:\WINDOWS\System32\pcre3.dll
[2010/09/03 10:41:36 | 000,012,288 | ---- | M] () -- C:\WINDOWS\System32\winbudump.exe
[2010/09/03 10:41:34 | 000,039,936 | ---- | M] () -- C:\WINDOWS\System32\winamnc.dll
[2010/09/03 10:41:29 | 000,039,936 | ---- | M] () -- C:\WINDOWS\System32\winamnc_backup.dll
[2010/09/03 10:41:15 | 000,071,680 | -H-- | M] (Symantec Corporation) -- C:\WINDOWS\System32\nnmkhf.dll
[2010/09/03 10:41:15 | 000,071,680 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\xxyxvv.dll
[2010/08/23 23:24:57 | 000,000,477 | ---- | M] () -- C:\Documents and Settings\Vilhelm\Desktop\Shortcut to Azureus Downloads.lnk
[2010/08/23 21:20:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Vilhelm\Application Data\downloads.m3u
[16 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/14 22:19:19 | 000,000,336 | -H-- | C] () -- C:\aaw7boot.cmd
[2010/09/14 22:09:22 | 000,000,846 | ---- | C] () -- C:\Documents and Settings\Vilhelm\Desktop\Shortcut to OTL.lnk
[2010/09/14 22:03:10 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\Vilhelm\Desktop\Shortcut to TELUS_Network_Settings.lnk
[2010/09/13 09:54:46 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TuneUp Companion.lnk
[2010/09/13 09:49:28 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2010/09/10 08:54:48 | 501,731,328 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/10 08:50:53 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/09/10 08:50:23 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/09/10 08:50:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/09/10 08:50:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/09/10 08:50:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/09/10 08:50:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/09/10 08:50:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/09/10 08:50:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/09/10 08:50:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/09/10 08:50:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/09/10 08:50:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/09/10 08:50:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/09/10 08:50:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/09/10 08:50:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/09/10 08:50:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/09/10 08:50:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/09/10 08:50:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/09/10 08:50:19 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/09/10 08:50:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/09/10 08:50:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/09/10 08:50:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/09/10 08:50:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/09/10 08:50:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/09/10 08:50:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/09/10 08:50:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/09/10 08:50:18 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/09/10 08:50:18 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/09/10 08:50:18 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/09/10 08:50:18 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/09/10 08:50:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/09/10 08:50:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/09/10 08:50:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/09/10 08:50:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/09/10 08:50:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/09/10 08:50:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/09/10 08:50:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/09/10 08:50:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/09/10 08:50:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/09/10 08:50:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/09/10 08:50:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/09/10 08:47:30 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/09/10 08:47:20 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/09/10 08:47:20 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/09/10 08:47:20 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/09/10 08:47:20 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/09/10 08:38:11 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/09/10 08:38:06 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/09/10 08:38:00 | 000,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP
[2010/09/10 08:38:00 | 000,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP
[2010/09/10 08:37:27 | 000,168,806 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat
[2010/09/10 08:37:27 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/09/10 08:37:27 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/09/10 08:37:27 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/09/10 08:37:27 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/09/10 08:37:27 | 000,007,029 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/09/10 08:37:26 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/09/10 08:37:26 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/09/10 08:37:26 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/09/10 08:37:26 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/09/10 08:37:26 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/09/10 08:37:26 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/09/10 08:37:26 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/09/10 08:37:26 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/09/10 08:37:25 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/09/10 08:37:25 | 000,382,952 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/09/07 10:23:34 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/07 10:20:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Vilhelm\defogger_reenable
[2010/09/07 09:31:57 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Vilhelm\Desktop\dds.scr
[2010/09/07 09:31:40 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Vilhelm\Desktop\Defogger.exe
[2010/09/07 09:30:38 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Vilhelm\Desktop\gmer.zip
[2010/09/06 21:36:29 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Vilhelm\Local Settings\Application Data\housecall.guid.cache
[2010/09/06 21:28:56 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Vilhelm\Desktop\HijackThis.lnk
[2010/09/04 18:18:54 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NovaShield.lnk
[2010/09/04 15:38:24 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/04 14:34:35 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2010/09/04 14:34:35 | 000,000,153 | ---- | C] () -- C:\Documents and Settings\Vilhelm\Desktop\IObit Freeware.url
[2010/09/04 14:24:46 | 000,000,723 | ---- | C] () -- C:\Documents and Settings\Vilhelm\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft HiJackFree.lnk
[2010/09/04 14:24:46 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft HiJackFree.lnk
[2010/09/04 12:52:52 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Vilhelm\Desktop\Shortcut to Downloads.lnk
[2010/09/04 10:04:39 | 000,000,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2010/09/04 10:01:33 | 000,004,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/09/03 10:46:55 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/09/03 10:46:54 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/09/03 10:42:41 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\wovkvzc.dll
[2010/09/03 10:42:41 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\uehblgzlt.dll
[2010/09/03 10:42:41 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\qkx98mwd.dll
[2010/09/03 10:42:41 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\qg7g7iw.dll
[2010/09/03 10:42:41 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\nr4qdmcm.dll
[2010/09/03 10:41:44 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\winamnc_backup.dll
[2010/09/03 10:41:35 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\winbudump.exe
[2010/09/03 10:41:34 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\winamnc.dll
[2010/09/03 10:41:08 | 000,078,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\zkxumylds1.sys
[2010/08/23 23:24:57 | 000,000,477 | ---- | C] () -- C:\Documents and Settings\Vilhelm\Desktop\Shortcut to Azureus Downloads.lnk
[2010/08/23 21:20:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Vilhelm\Application Data\downloads.m3u
[2010/02/24 18:23:13 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/02/24 14:26:49 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/01/03 16:51:32 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\Vilhelm\Application Data\default.rss
[2009/12/15 15:39:11 | 000,000,155 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/15 15:20:47 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/12/15 15:02:51 | 000,094,040 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/12/15 11:36:07 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Vilhelm\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/11 13:38:42 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/11 13:38:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/10/15 15:44:48 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2009/10/15 15:44:47 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2009/10/15 14:20:09 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/10/15 14:19:19 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/10/15 14:19:19 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/10/15 14:19:19 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/10/15 14:19:19 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/10/15 14:19:19 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/10/15 14:19:19 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/10/15 14:15:06 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2009/10/15 13:52:57 | 000,000,237 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/10/15 19:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll
[2004/08/04 05:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/01/13 19:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Documents and Settings\Vilhelm\My Documents\programs\DriverGenius\Backup\Driver Backup 2-24-2010-17757\Intel® 82801DBM Ultra ATA Storage Controller - 24CA\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Documents and Settings\Vilhelm\My Documents\programs\DriverGenius\Backup\Driver Backup 2-24-2010-17757\Primary IDE Channel\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Documents and Settings\Vilhelm\My Documents\programs\DriverGenius\Backup\Driver Backup 2-24-2010-17757\Secondary IDE Channel\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/05/14 16:47:18 | 001,546,624 | ---- | M] (Mirage Computer Systems (www.mirage-systems.de)) Unable to obtain MD5 -- C:\WINDOWS\system32\LicProtectorEasyGo264.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/09/10 01:35:07 | 000,299,008 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/09/10 08:13:45 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010/09/10 01:35:07 | 020,971,520 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/09/10 01:35:07 | 004,456,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/06/17 10:11:58 | 000,792,704 | ---- | M] (NovaShield, Inc.) -- C:\WINDOWS\system32\drivers\NSKernel.sys
[2010/06/17 10:11:58 | 000,013,696 | ---- | M] (NovaShield, Inc.) -- C:\WINDOWS\system32\drivers\NSNetmon.sys
[2010/09/14 15:45:56 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys
[2010/09/03 10:42:35 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\drivers\zkxumylds1.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
< End of report >


#4 chormnado

chormnado
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 15 September 2010 - 01:11 AM

oh, here's the other one.

~~~~~~~~~~~~~~~~~~~~~~~~
OTL Extras logfile created on: 9/14/2010 10:27:55 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Vilhelm\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

478.00 Mb Total Physical Memory | 58.00 Mb Available Physical Memory | 12.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): c:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 69.56 Gb Free Space | 46.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FREESCHOOL
Current User Name: Vilhelm
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1482476501-1972579041-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{474fafd3-5bdc-4fec-8213-0bc909cd5803}" = Activation (Nero 9)
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{6FA269F8-38CB-4DF7-AA0D-36E3CE789485}" = HP Software Update
"{70CEDB87-A750-498A-B168-36F66C4A2090}" = TIxx21/x515
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7BBD57D6-09B1-4CC3-9664-A0D53EE25247}" = PSShortcutsP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{c783d98e-1473-4310-b944-ea56a8bf4eb0}" = Gracenote Plug-in
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD6072D-7813-40FD-88B3-ED1ACBCACECC}" = RuntimeLibsVC05
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{d067943a-8b5f-4d65-83ac-3d956e9a2156}" = Nero 9
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}" = Intel® PROSet/Wireless WiFi Software
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{fc588b02-1c29-4651-8d43-89ab9e473acf}" = DTS Plug-in
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ask Toolbar_is1" = Vuze Toolbar
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Driver
"CBLight 2009" = CBLight 2009
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_3080103C" = SoftV92 Data Fax Modem with SmartCP
"Conexant PCI Audio" = Conexant AC-Link Audio
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Emsisoft HiJackFree_is1" = Emsisoft HiJackFree 4.0
"FairStars Audio Converter Pro_is1" = FairStars Audio Converter Pro 1.15
"HijackThis" = HijackThis 2.0.2
"InstallShield_{70CEDB87-A750-498A-B168-36F66C4A2090}" = Texas Instruments PCIxx21/x515 drivers.
"IObit Security 360_is1" = IObit Security 360
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NeroVision!UninstallKey" = NeroVision Express 2
"NovaShield_is1" = NovaShield 3.0.26
"Only Astrology" = Only Astrology
"ProInst" = Intel PROSet Wireless
"Quintessential Media Player" = Quintessential Media Player
"Registry Mechanic_is1" = Registry Mechanic 9.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TuneUpMedia" = TuneUp Companion 1.7.1
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/7/2010 2:40:25 AM | Computer Name = FREESCHOOL | Source = Bonjour Service | ID = 100
Description =

Error - 8/7/2010 2:44:24 AM | Computer Name = FREESCHOOL | Source = Bonjour Service | ID = 100
Description =

Error - 8/7/2010 2:44:24 AM | Computer Name = FREESCHOOL | Source = Bonjour Service | ID = 100
Description =

Error - 8/7/2010 2:44:24 AM | Computer Name = FREESCHOOL | Source = Bonjour Service | ID = 100
Description =

Error - 8/7/2010 4:49:36 PM | Computer Name = FREESCHOOL | Source = Bonjour Service | ID = 100
Description =

Error - 8/7/2010 4:49:41 PM | Computer Name = FREESCHOOL | Source = Bonjour Service | ID = 100
Description =

Error - 8/7/2010 4:49:41 PM | Computer Name = FREESCHOOL | Source = Bonjour Service | ID = 100
Description =

Error - 8/7/2010 5:43:25 PM | Computer Name = FREESCHOOL | Source = Bonjour Service | ID = 100
Description =

Error - 8/7/2010 5:43:25 PM | Computer Name = FREESCHOOL | Source = Bonjour Service | ID = 100
Description =

Error - 8/7/2010 5:43:25 PM | Computer Name = FREESCHOOL | Source = Bonjour Service | ID = 100
Description =

[ System Events ]
Error - 9/15/2010 12:52:57 AM | Computer Name = FREESCHOOL | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 9/15/2010 12:52:57 AM | Computer Name = FREESCHOOL | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 9/15/2010 1:23:52 AM | Computer Name = FREESCHOOL | Source = Service Control Manager | ID = 7000
Description = The STOPzilla Local Service service failed to start due to the following
error: %%2

Error - 9/15/2010 1:23:52 AM | Computer Name = FREESCHOOL | Source = Service Control Manager | ID = 7000
Description = The ASKService service failed to start due to the following error:
%%2

Error - 9/15/2010 1:23:52 AM | Computer Name = FREESCHOOL | Source = Service Control Manager | ID = 7000
Description = The ASKUpgrade service failed to start due to the following error:
%%2

Error - 9/15/2010 1:23:52 AM | Computer Name = FREESCHOOL | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
%%2

Error - 9/15/2010 1:24:05 AM | Computer Name = FREESCHOOL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

Error - 9/15/2010 1:24:36 AM | Computer Name = FREESCHOOL | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 9/15/2010 1:24:36 AM | Computer Name = FREESCHOOL | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 9/15/2010 1:24:36 AM | Computer Name = FREESCHOOL | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.


< End of report >


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:53 PM

Posted 15 September 2010 - 04:39 AM

Heya,


I'm a madam and thanks for not assuming. thumbup2.gif Sadly we have more people asking for help than people able to help and we get backlogged. However BleepingComputer guarantees that your topic will be replied too eventually and we try to reply in chronological order.

Your logs show some leftovers indeed. Please run a scan with ComboFix next:

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 chormnado

chormnado
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 15 September 2010 - 03:17 PM

hey Myrti,

I followed the instructions as best I could. I disabled everything, I ran combofix, it deleted some stuff, and (admittedly I walked away, I tire of staring at the screen) then it restarted. I didn't see the screen, so I dunno if it was supposed to(?). When it reloaded, several programs started, and it tried to create a logfile, but nothing happened after ten minutes.

I rebooted again, and things seem much better(!), but still no logfile.

I won't run combofix again without your consent.

William

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:53 PM

Posted 15 September 2010 - 04:52 PM

Hi,

before running ComboFix again, please check if you can fin a log in C:\combofix.txt

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 chormnado

chormnado
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 16 September 2010 - 02:07 AM

hmmm.... this doesn't look complete to me.

~~~~~~~~~~~~~~~~~~~~~

ComboFix 10-09-14.05 - Vilhelm 09/15/2010 12:48:12.1.1 - x86
Running from: C:\Documents and Settings\Vilhelm\Desktop\ComboFix.exe
FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
* Created a new restore point
.



#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:53 PM

Posted 16 September 2010 - 10:08 AM

Hi,

no, indeed not. Please rename combofix.com to fun.com and try to run it again.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 chormnado

chormnado
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 17 September 2010 - 11:11 AM

SO it worked this time, hopefully.

It seems my computer is working much better, though I'm finding thumbs.db files in a lot of places.

Will

p.s. - thank you, thank you, thank you.

~~~~~~~~~~~~~~~~~~~~~~
ComboFix 10-09-14.05 - Vilhelm 09/17/2010 8:59.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.478.127 [GMT -7:00]
Running from: c:\documents and settings\Vilhelm\Desktop\fun.exe
FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Vilhelm\Application Data\273F300F9A8177253353B2EE95F29549\enemies-names.txt
c:\documents and settings\Vilhelm\Application Data\273F300F9A8177253353B2EE95F29549\local.ini
c:\documents and settings\Vilhelm\Application Data\sdra64.exe
c:\documents and settings\Vilhelm\Local Settings\Application Data\Desktop Cleanup Wizard\dskclnwiz.dll
c:\documents and settings\Vilhelm\Local Settings\Application Data\Windows Server\admin.txt
c:\documents and settings\Vilhelm\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Vilhelm\Local Settings\Application Data\Windows Server\server.dat
c:\documents and settings\Vilhelm\Local Settings\Application Data\Windows Server\uses32.dat
c:\documents and settings\Vilhelm\Recent\Thumbs.db
c:\windows\system32\drivers\zkxumylds1.sys
c:\windows\system32\nr4qdmcm.dll
c:\windows\system32\qg7g7iw.dll
c:\windows\system32\qkx98mwd.dll
c:\windows\system32\rqrssp.dll
c:\windows\system32\uehblgzlt.dll
c:\windows\system32\winamnc.dll
c:\windows\system32\winamnc_backup.dll
c:\windows\system32\winbudump.exe
c:\windows\system32\wovkvzc.dll
c:\windows\system32\xxyxvv.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-17 to 2010-09-17 )))))))))))))))))))))))))))))))
.

2010-09-15 05:19 . 2010-09-15 05:19 336 ---ha-w- C:\aaw7boot.cmd
2010-09-14 22:45 . 2010-09-14 22:45 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-13 16:54 . 2010-09-13 16:54 -------- d-----w- c:\program files\TuneUpMedia
2010-09-13 16:54 . 2010-09-16 20:33 -------- d-----w- c:\documents and settings\Vilhelm\Application Data\TuneUpMedia
2010-09-13 16:53 . 2010-09-13 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUpMedia
2010-09-13 16:50 . 2010-09-13 16:50 310208 ----a-w- c:\documents and settings\Vilhelm\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
2010-09-10 16:17 . 2006-02-07 16:35 135168 ----a-w- c:\windows\system32\igfxres.dll
2010-09-10 15:51 . 2001-08-18 05:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2010-09-10 15:51 . 2004-08-04 12:00 111104 -c--a-w- c:\windows\system32\dllcache\mtstocom.exe
2010-09-10 15:51 . 2004-08-04 12:00 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2010-09-10 15:51 . 2004-08-04 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2010-09-10 15:51 . 2004-08-04 12:00 92032 -c--a-w- c:\windows\system32\dllcache\mga.dll
2010-09-10 15:51 . 2001-08-18 05:36 65536 -c--a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2010-09-10 15:51 . 2004-08-04 12:00 22528 -c--a-w- c:\windows\system32\dllcache\lpdsvc.dll
2010-09-10 15:51 . 2004-08-04 12:00 18944 -c--a-w- c:\windows\system32\dllcache\lprmon.dll
2010-09-10 15:51 . 2004-08-04 12:00 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2010-09-10 15:51 . 2004-08-04 12:00 18432 -c--a-w- c:\windows\system32\dllcache\jupiw.dll
2010-09-10 15:51 . 2004-08-04 12:00 35328 -c--a-w- c:\windows\system32\dllcache\iprip.dll
2010-09-10 15:51 . 2004-08-04 12:00 39936 -c--a-w- c:\windows\system32\dllcache\hostmib.dll
2010-09-10 15:49 . 2003-03-24 23:52 16384 -c--a-w- c:\windows\system32\dllcache\tcptsat.dll
2010-09-10 15:38 . 2004-08-04 12:00 480256 -c--a-w- c:\windows\system32\dllcache\cintsetp.exe
2010-09-10 15:38 . 2004-08-04 12:00 198656 -c--a-w- c:\windows\system32\dllcache\cintime.dll
2010-09-10 15:38 . 2004-08-04 12:00 97792 -c--a-w- c:\windows\system32\dllcache\chtmbx.dll
2010-09-10 15:38 . 2004-08-04 12:00 56320 -c--a-w- c:\windows\system32\dllcache\chtskdic.dll
2010-09-10 15:38 . 2004-08-04 12:00 455168 -c--a-w- c:\windows\system32\dllcache\tintsetp.exe
2010-09-10 15:38 . 2004-08-04 12:00 44032 -c--a-w- c:\windows\system32\dllcache\tintlphr.exe
2010-09-10 15:38 . 2004-08-04 12:00 173568 -c--a-w- c:\windows\system32\dllcache\chtskf.dll
2010-09-10 15:38 . 2004-08-04 12:00 10240 -c--a-w- c:\windows\system32\dllcache\tmigrate.dll
2010-09-10 15:38 . 2004-08-04 12:00 70144 -c--a-w- c:\windows\system32\dllcache\pintlphr.exe
2010-09-10 15:38 . 2004-08-04 12:00 67584 -c--a-w- c:\windows\system32\dllcache\pmigrate.dll
2010-09-10 15:38 . 2004-08-04 12:00 59392 -c--a-w- c:\windows\system32\dllcache\imscinst.exe
2010-09-10 15:38 . 2004-08-04 12:00 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2010-09-10 15:37 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-09-10 15:37 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-09-10 15:37 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-09-10 15:37 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-09-07 04:28 . 2010-09-07 04:28 -------- d-----w- c:\program files\Trend Micro
2010-09-07 04:12 . 2010-09-08 16:20 -------- d-----w- c:\program files\Love
2010-09-05 04:21 . 2010-09-05 04:21 -------- d-----w- c:\documents and settings\Vilhelm\Local Settings\Application Data\Threat Expert
2010-09-04 22:39 . 2010-09-04 22:39 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Sunbelt Software
2010-09-04 22:36 . 2010-09-04 22:36 -------- d-----w- c:\documents and settings\Vilhelm\Local Settings\Application Data\Sunbelt Software
2010-09-04 22:33 . 2010-09-15 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-09-04 21:34 . 2010-09-04 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-09-04 21:34 . 2010-09-04 21:34 -------- d-----w- c:\program files\IObit
2010-09-04 21:24 . 2010-09-04 21:24 -------- d-----w- c:\program files\Emsisoft HiJackFree
2010-09-04 19:07 . 2010-09-04 19:07 -------- d-----w- c:\documents and settings\Vilhelm\Application Data\STOPzilla!
2010-09-04 19:07 . 2010-09-04 19:19 -------- d-----w- c:\program files\STOPzilla!
2010-09-04 16:43 . 2010-09-04 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-09-04 16:33 . 2010-09-04 16:33 -------- d-----w- c:\documents and settings\Vilhelm\Application Data\Malwarebytes
2010-09-04 16:29 . 2010-09-04 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-04 15:51 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-09-04 15:50 . 2004-08-04 12:00 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
2010-09-04 15:50 . 2004-08-04 12:00 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe
2010-09-04 15:50 . 2004-08-04 12:00 214528 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
2010-09-04 15:50 . 2004-08-04 12:00 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
2010-09-03 22:16 . 2010-09-09 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-09-03 19:28 . 2010-09-03 19:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-09-03 17:54 . 2010-09-03 17:54 -------- d-----w- c:\documents and settings\Vilhelm\Local Settings\Application Data\WinZip
2010-09-03 17:41 . 2010-09-03 17:41 140288 ----a-w- c:\windows\system32\pcre3.dll
2010-09-03 17:41 . 2010-09-03 17:41 71680 ---ha-w- c:\windows\system32\nnmkhf.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 19:30 . 2009-10-17 01:04 -------- d-----w- c:\documents and settings\Vilhelm\Application Data\Azureus
2010-09-13 16:54 . 2010-05-21 22:22 -------- d-----w- c:\program files\iTunes
2010-09-13 16:49 . 2009-10-17 01:03 -------- d-----w- c:\program files\Vuze
2010-09-11 22:03 . 2009-10-17 01:04 42072 ----a-w- c:\documents and settings\Vilhelm\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-10 15:46 . 2009-10-15 20:40 23392 ----a-w- c:\windows\system32\emptyregdb.dat
2010-09-10 15:15 . 2010-02-24 21:43 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-09 01:38 . 2009-10-15 23:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-07 18:36 . 2009-10-15 23:36 -------- d-----w- c:\documents and settings\Vilhelm\Application Data\U3
2010-09-07 15:46 . 2010-03-12 00:54 -------- d-----w- c:\program files\Common Files\LightScribe
2010-09-04 21:30 . 2010-05-21 22:12 -------- d-----w- c:\program files\Bonjour
2010-09-04 17:17 . 2010-09-04 17:04 776 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2010-09-04 17:13 . 2010-09-04 17:01 4056 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-09-03 20:25 . 2009-12-10 18:16 -------- d-----w- c:\documents and settings\Vilhelm\Application Data\Apple Computer
2010-09-03 19:24 . 2010-01-18 03:32 -------- d-----w- c:\program files\Ahead
2010-09-03 17:55 . 2009-12-15 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-08-22 23:36 . 2009-12-15 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-07-26 16:20 . 2010-02-21 23:06 -------- d-----w- c:\documents and settings\Vilhelm\Application Data\Skype
2010-07-25 16:08 . 2010-02-21 23:13 -------- d-----w- c:\documents and settings\Vilhelm\Application Data\skypePM
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-05-23 483328]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-27 98304]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-04-30 208958]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-18 149280]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-02-27 1368064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-18 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-4-5 494920]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2/24/2010 2:53 PM 583640]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe --> c:\program files\AskBarDis\bar\bin\AskService.exe [?]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe --> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?]
S2 STOPzilla Local Service;STOPzilla Local Service;c:\program files\STOPzilla!\szntsvc.exe /service "STOPzilla Local Service" --> c:\program files\STOPzilla!\szntsvc.exe [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 19:38 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Vilhelm\Application Data\Mozilla\Firefox\Profiles\y5bpevxa.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-COM+ Manager - c:\documents and settings\Vilhelm\.COMMgr\complmgr.exe
HKCU-Run-MKdw+ - c:\windows\nvsvc32.exe
HKCU-Run-MKee - c:\windows\user.exe
HKCU-Run-MKcZ - c:\windows\mdm.exe
HKCU-Run-MKevc - c:\windows\setup.exe
HKCU-Run-MKZSc - c:\windows\avp32.exe
HKCU-Run-MKbtc - c:\windows\hexdump.exe
HKCU-Run-MKeuf - c:\windows\spoolsv.exe
HKCU-Run-MKaoc - c:\windows\debug.exe
HKCU-Run-wvturpaudio - rqrssp.dll
HKLM-Run-MKdw+ - c:\windows\nvsvc32.exe
HKLM-Run-MKee - c:\windows\user.exe
HKLM-Run-MKcZ - c:\windows\mdm.exe
HKLM-Run-MKevc - c:\windows\setup.exe
HKLM-Run-MKZSc - c:\windows\avp32.exe
HKLM-Run-Acronis Toolbar Helper - c:\documents and settings\Vilhelm\Local Settings\Application Data\Desktop Cleanup Wizard\dskclnwiz.dll
HKLM-Run-MKbtc - c:\windows\hexdump.exe
HKLM-Run-MKeuf - c:\windows\spoolsv.exe
HKLM-Run-MKaoc - c:\windows\debug.exe
HKLM-Run-xxxurpaudio - rqrssp.dll
HKLM-Run-bywwtqsys - xxyxvv.dll
HKU-Default-Run-ljgeeesys - xxyxvv.dll
HKU-Default-Run-jkjggdaudio - rqrssp.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-17 09:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????5?7?9?0??????? ???B???????????????B? ??????
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
COM+ Manager = "c:\documents and settings\Vilhelm\.COMMgr\complmgr.exe"?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\netprovcredman.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-09-17 09:07:38
ComboFix-quarantined-files.txt 2010-09-17 16:07

Pre-Run: 79,737,933,824 bytes free
Post-Run: 79,716,335,616 bytes free

- - End Of File - - 7050A0B7D618C1FDF93A06E2613C1505


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:53 PM

Posted 20 September 2010 - 04:28 AM

Hi,

the thumbs.db is a normal windows file. It is normally hidden, but we have modified the settings so that all files are visible during cleaning. We will rehide them at the end of the cleaning.

How is the PC doing now?

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 chormnado

chormnado
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 22 September 2010 - 03:53 PM

seems to be working just great.

thank you so, so much

Will

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:53 PM

Posted 23 September 2010 - 04:49 PM

Hi,

happy to hear that. Please run a scan with Eset so we can check that there are no leftovers:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 chormnado

chormnado
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 24 September 2010 - 03:37 PM

ok, I tried. I mean I downloaded the program, but when I run it, it says "Can Not Update. Is Proxy Configured?" I tried to sort out how to set up(?) a proxy, but to no avail. Please instruct, oh wise one.

p.s. - that wasn't sarcasm.

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:53 PM

Posted 26 September 2010 - 07:31 AM

Hi,

ok, lets try a different scan then. Kaspersky runs within the browser and should work:

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users