TechSpot

Trouble with adding a post in the forums

By WillCom
Aug 27, 2010
  1. hi, im extremely new to this site and need help. i have repeated software craches,system hangs,very slugish, i even battle to get on the net. i worked through the 8step virus\spyware removal instructions, saved the .log's but finding alot of difficulty to post it? Can anyony plz advice.

    Thank You!
     
  2. crunchie

    crunchie Malware Helper Posts: 728

    Hi and welcome to TechSpot forums :).

    ====

    I suggest you post them the same way you have posted your message :). Just copy the log then paste (Ctrl + V)) them into your reply box.
    You may need to split the logs over more than one post.
     
  3. WillCom

    WillCom TS Rookie Topic Starter Posts: 31

    Ok Thanks for your speady reply/help!
    I'll try that now.
     
  4. WillCom

    WillCom TS Rookie Topic Starter Posts: 31

    Hi, system craches&laggs.got svchost.exe&Acgeneral.dll errors

    Hi, system craches&laggs.got svchost.exe&Acgeneral.dll errors.
    I worked through the 8step virus removal, saved the log files as requested.
    system was fine,i installed Bit Defender,scanned the system,it found viruses,it could not repair all the files so i opped for delete. now im getting "Generic Host Process For Win32 Services Error Signatures".
    szAppName:svchost.exe szAppVer:5.1.2600.5512
    szModName:AcGeneral.dll szModVer:5.1.2600.5512 offset:000116e2
    Error Report Contens:
    c:\Docume~1\Bee\Locals~1\Temp\WER424b.dir00\svchost.exe.mdmp
    c:\Docume~1\Bee\Locals~1\Temp\WER424b.dir00\appcompat.txt

    here is some info i got on the svchost.exe File Version:5.1.2600.5512
    (xpsp.080413-2111)

    dont know if all of that would be of any extra help...

    Ok, now for the logs that i save after running the 8step programe.

    Attached log files:
    zipped and attached as requested.

    I really hope you can assist.

    Thank You.

    Ok..Here they are, the saved log files:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4483

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    8/26/2010 8:09:59 PM
    mbam-log-2010-08-26 (20-09-59).txt

    Scan type: Quick scan
    Objects scanned: 127098
    Time elapsed: 24 minute(s), 22 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit quick scan 2010-08-26 20:21:45
    Windows 5.1.2600 Service Pack 3
    Running: GMER.exe; Driver: C:\DOCUME~1\Bee\LOCALS~1\Temp\pxtdqpow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
    AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
    AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
    AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

    ---- Services - GMER 1.0.15 ----

    Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] nojjcsj <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----



    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Bee at 20:29:54.58 on Thu 08/26/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.267 [GMT 2:00]

    AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\system32\lxcjcoms.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Bee\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
    TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [LXCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCJtime.dll,_RunDLLEntry@16
    mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033
    mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
    mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

    ============= SERVICES / DRIVERS ===============

    R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-10-6 82696]
    R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-2-12 104456]
    R3 st3bus28;st3bus28;c:\windows\system32\drivers\st3bus28.sys [2002-12-28 8416]
    R3 st3mp28;st3mp28;c:\windows\system32\drivers\st3mp28.sys [2002-12-28 95328]
    S2 nojjcsj;texuzwhme;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2009-1-20 172032]

    =============== Created Last 30 ================

    2010-08-26 17:35:24 0 d-----w- c:\docume~1\bee\applic~1\Malwarebytes
    2010-08-26 17:34:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-26 17:34:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-08-26 17:34:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-26 17:34:22 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-26 14:12:06 0 d-----w- c:\docume~1\bee\applic~1\Auslogics
    2010-08-26 14:09:23 0 d-----w- c:\program files\Auslogics
    2010-08-26 13:09:00 0 d-sh--w- c:\documents and settings\bee\IECompatCache
    2010-08-26 13:07:50 0 d-sh--w- c:\documents and settings\bee\PrivacIE
    2010-08-26 12:57:09 0 d-sh--w- c:\documents and settings\bee\IETldCache
    2010-08-26 12:41:19 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2010-08-26 12:40:41 0 d-----w- c:\windows\ie8updates
    2010-08-26 12:40:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2010-08-26 12:40:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-08-26 12:40:13 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2010-08-26 12:40:10 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2010-08-26 12:40:09 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2010-08-26 12:40:08 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2010-08-26 12:40:07 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2010-08-26 12:34:27 0 dc-h--w- c:\windows\ie8
    2010-08-26 11:48:14 0 d-----w- c:\program files\MSXML 4.0
    2010-08-26 11:28:04 0 d-----w- c:\docume~1\bee\applic~1\NewSoft
    2010-08-26 09:46:49 0 d-----w- c:\windows\system32\NtmsData
    2010-08-25 15:25:43 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2010-08-25 15:25:43 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2010-08-25 15:24:51 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-08-25 15:18:56 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2010-08-25 15:18:54 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2010-08-25 15:18:51 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2010-08-25 14:04:36 0 d-----w- c:\windows\system32\PreInstall
    2010-08-25 14:04:33 26144 ----a-w- c:\windows\system32\spupdsvc.exe
    2010-08-25 14:04:29 0 d--h--w- c:\windows\$hf_mig$
    2010-08-25 12:48:48 0 d-----w- c:\windows\system32\SoftwareDistribution
    2010-08-25 12:44:29 13700 ----a-w- c:\windows\system32\wpa.bak
    2010-08-25 11:49:37 850 ----a-w- c:\windows\system32\ProductTweaks.xml
    2010-08-25 11:49:15 385 ----a-w- c:\windows\system32\user_gensett.xml
    2010-08-25 11:47:22 81984 ----a-w- c:\windows\system32\bdod.bin
    2010-08-25 11:46:40 121 ----a-w- c:\windows\bdagent.INI
    2010-08-25 10:39:02 0 d-----w- c:\docume~1\bee\applic~1\BitDefender
    2010-08-25 10:38:15 0 d-----w- c:\program files\BitDefender
    2010-08-25 10:38:15 0 d-----w- c:\docume~1\alluse~1\applic~1\BitDefender
    2010-08-25 10:22:14 0 d-----w- c:\program files\common files\BitDefender
    2010-08-24 13:43:19 110592 ----a-w- c:\windows\system32\tsccvid.dll
    2010-08-24 10:48:47 0 d-----w- c:\windows\Cache
    2010-08-24 06:59:08 0 d-----w- c:\docume~1\bee\applic~1\SolidWorks
    2010-08-23 17:04:30 0 d-----w- c:\program files\common files\eDrawings2005
    2010-08-23 17:03:16 0 d-----w- c:\docume~1\bee\applic~1\DWGEditor
    2010-08-23 17:03:14 42 ----a-w- c:\windows\trailer.xws
    2010-08-23 17:03:11 23 ---ha-w- c:\windows\yacht.xws
    2010-08-23 17:02:48 639052 ----a-w- c:\windows\system32\BBPDFPortMon.dll
    2010-08-23 16:53:42 0 d-----w- c:\program files\common files\SolidWorks Shared
    2010-08-23 16:53:31 0 d-----w- c:\program files\common files\Bluebeam Software
    2010-08-23 16:42:51 0 d-----w- c:\program files\Bluebeam Software
    2010-08-23 16:42:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Bluebeam Software
    2010-08-23 16:35:36 0 d-----w- c:\program files\D-Tools
    2010-08-23 11:10:52 88566 ----a-w- c:\windows\system32\nvapps.xml
    2010-08-23 11:10:52 208896 ----a-w- c:\windows\system32\nvudisp.exe
    2010-08-23 11:10:52 17056 ----a-w- c:\windows\system32\nvdisp.nvu
    2010-08-23 11:10:52 0 d-----w- c:\windows\nview
    2010-08-23 11:10:34 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
    2010-08-23 11:09:36 0 d-----w- C:\NVIDIA
    2010-08-23 11:03:25 0 d-sh--w- c:\documents and settings\bee\UserData
    2010-08-23 11:00:09 3243 ----a-w- c:\windows\system32\wbem\Outlook_01cb42b259f12840.mof
    2010-08-23 10:58:53 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
    2010-08-23 10:58:53 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2010-08-23 10:58:08 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
    2010-08-23 10:58:08 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
    2010-08-23 10:58:08 113664 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
    2010-08-23 10:58:08 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
    2010-08-23 10:57:27 0 d-----w- c:\program files\Altech
    2010-08-23 07:45:52 32592 ----a-w- c:\windows\system32\msonpmon.dll
    2010-08-23 07:31:08 0 d-----w- c:\windows\SHELLNEW
    2010-08-23 06:46:20 0 d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
    2010-08-23 06:44:28 28672 ----a-w- c:\windows\hookdllX.dll
    2010-08-23 06:44:28 0 d-----w- c:\program files\common files\NewSoft
    2010-08-23 06:44:15 11776 ----a-w- c:\windows\system32\pmsbfn32.dll
    2010-08-23 06:44:15 0 d-----w- c:\windows\system32\color
    2010-08-23 06:44:15 0 d-----w- c:\program files\Lexmark Applications
    2010-08-23 06:44:09 257 ----a-w- c:\windows\setup.iss
    2010-08-23 06:43:30 0 d-----w- c:\program files\Lx_cats
    2010-08-23 06:43:05 40960 ----a-w- c:\windows\system32\lxcjvs.dll
    2010-08-23 06:43:04 344064 ----a-w- c:\windows\system32\lxcjcoin.dll
    2010-08-23 06:42:47 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2010-08-23 06:42:47 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2010-08-23 06:42:39 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
    2010-08-23 06:42:39 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
    2010-08-23 06:42:35 413696 ----a-w- c:\windows\system32\lxcjdrs.dll
    2010-08-23 06:42:34 61440 ----a-w- c:\windows\system32\lxcjcnv4.dll
    2010-08-23 06:13:06 0 d-----w- c:\program files\Lexmark 8300 Series
    2010-08-22 13:38:23 384 ----a-w- c:\windows\pfe32.ini
    2010-08-22 13:14:01 0 d-----w- c:\program files\CNC Software, Inc
    2010-08-22 12:47:15 457216 ----a-w- c:\windows\system32\drivers\hardlock.sys
    2010-08-22 12:47:13 6656 ----a-w- c:\windows\system32\haspvdd.dll
    2010-08-22 12:47:13 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys
    2010-08-22 12:47:13 383 ----a-w- c:\windows\system32\haspdos.sys
    2010-08-22 12:47:13 2577 ----a-w- c:\windows\system32\config.hsp
    2010-08-22 12:45:04 86016 ----a-w- c:\windows\system32\MCLSTCTL.OCX
    2010-08-22 12:45:04 53248 ----a-w- c:\windows\system32\MCREAL.OCX
    2010-08-22 12:45:04 53248 ----a-w- c:\windows\system32\MCBITMAP.OCX
    2010-08-22 12:45:04 45056 ----a-w- c:\windows\system32\MCINT.OCX
    2010-08-22 12:45:04 29028 ----a-w- c:\windows\system32\MSPLIT.EXE
    2010-08-22 12:45:04 21638 ----a-w- c:\windows\system32\Mpack.exe
    2010-08-22 12:45:04 17858 ----a-w- c:\windows\system32\Munpack.exe
    2010-08-22 12:45:04 15956 ----a-w- c:\windows\system32\MJOIN.EXE
    2010-08-22 12:17:58 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
    2010-08-22 11:52:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Nero
    2010-08-22 11:52:36 0 d-----w- c:\program files\Nero
    2010-08-22 11:22:25 0 d-----w- c:\program files\common files\ODBC
    2010-08-22 11:22:20 0 d-----w- c:\program files\common files\SpeechEngines
    2010-08-22 11:21:48 0 d-----r- c:\documents and settings\all users\Documents
    2010-08-22 11:02:50 0 d-----w- c:\program files\Realtek Sound Manager
    2010-08-22 11:02:49 0 d-----w- c:\program files\AvRack
    2010-08-22 11:02:37 0 d-----w- c:\program files\Realtek AC97
    2010-08-22 09:59:33 0 d-sh--w- c:\documents and settings\all users\DRM
    2010-08-22 09:58:53 0 d--h--w- c:\program files\WindowsUpdate
    2010-08-22 09:58:01 0 d-----w- c:\program files\common files\MSSoap
    2010-08-22 09:55:31 0 d-----w- c:\program files\Online Services
    2010-08-22 09:55:20 0 d-----w- c:\program files\Messenger
    2010-08-22 09:55:16 0 d-----w- c:\program files\MSN Gaming Zone
    2010-08-22 09:54:34 0 d-----w- c:\program files\Windows NT

    ==================== Find3M ====================

    2010-08-25 15:59:10 104456 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
    2010-08-22 09:56:10 21640 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 12:10:44 81920 ------w- c:\windows\system32\ieencode.dll

    ============= FINISH: 20:33:20.64 ==============
     

    Attached Files:

  5. crunchie

    crunchie Malware Helper Posts: 728

    I am looking at your logs now. Please do not start a new thread again, but just answer in this one :).

    Do not attach zip files please and can you please paste the logs as requested, not attach them.
     
  6. WillCom

    WillCom TS Rookie Topic Starter Posts: 31

    O...ok.will do that immediately.
    Thanks
     
  7. WillCom

    WillCom TS Rookie Topic Starter Posts: 31

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/22/2010 12:06:05 PM
    System Uptime: 8/26/2010 8:14:01 PM (0 hours ago)

    Motherboard: MSI | | MS-6559
    Processor: Intel(R) Pentium(R) 4 CPU 1.60GHz | PGA478 | 1611/100mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 10 GiB total, 1.995 GiB free.
    D: is FIXED (NTFS) - 9 GiB total, 4.968 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    H: is CDROM ()
    I: is CDROM ()
    J: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: PCI Simple Communications Controller
    Device ID: PCI\VEN_11C1&DEV_048F&SUBSYS_00011848&REV_02\3&61AAA01&0&38
    Manufacturer:
    Name: PCI Simple Communications Controller
    PNP Device ID: PCI\VEN_11C1&DEV_048F&SUBSYS_00011848&REV_02\3&61AAA01&0&38
    Service:

    ==== System Restore Points ===================

    RP1: 8/23/2010 1:13:05 PM - System Checkpoint
    RP2: 8/23/2010 6:35:34 PM - Installed DAEMON Tools
    RP3: 8/23/2010 6:37:35 PM - 23-08-2010RESTORE1
    RP4: 8/23/2010 6:42:13 PM - Installed SolidWorks 2005 SP0
    RP5: 8/23/2010 7:02:59 PM - Printer Driver BluebeamPSDriver Installed
    RP6: 8/23/2010 7:04:26 PM - Installed PDMWorks Clients 2005
    RP7: 8/23/2010 7:05:24 PM - Installed eDrawings 2005
    RP8: 8/24/2010 12:51:31 PM - Installed Adobe Reader 6.0
    RP9: 8/24/2010 2:40:51 PM - Removed Adobe Reader 6.0
    RP10: 8/24/2010 2:41:16 PM - Installed Adobe Reader 9.1.
    RP11: 8/24/2010 3:10:50 PM - 24-08-2010RSTRPOINT2
    RP12: 8/24/2010 3:11:19 PM - Revo Uninstaller's restore point - Mastercam 9 SP1
    RP13: 8/24/2010 3:11:43 PM - Removed Mastercam 9 SP1
    RP14: 8/24/2010 3:40:33 PM - Installed Mastercam 9 SP1
    RP15: 8/24/2010 3:45:18 PM - Installed Mastercam 9.0 Service Pack 1
    RP16: 8/25/2010 9:05:42 AM - Printer Driver Send To Microsoft OneNote Driver Installed
    RP17: 8/25/2010 12:37:46 PM - Installed BitDefender Internet Security 2009
    RP18: 8/25/2010 4:04:14 PM - Software Distribution Service 3.0
    RP19: 8/25/2010 7:58:32 PM - 25810stmslugish
    RP20: 8/26/2010 11:44:05 AM - ranBitDfstlslugzcvhosterr
    RP21: 8/26/2010 3:05:42 PM - Installed Windows XP WgaNotify.

    ==== Installed Programs ======================


    ABBYY FineReader 6.0 Sprint
    Acrobat.com
    Adobe AIR
    Adobe Reader 9.1
    Altech
    Auslogics BoostSpeed
    BitDefender Internet Security 2009
    DAEMON Tools
    eDrawings 2005
    Hotfix for Windows XP (KB981793)
    Lexmark 8300 Series
    Malwarebytes' Anti-Malware
    Mastercam 9 SP1
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 7 Essentials
    NVIDIA Drivers
    PDMWorks Clients 2005
    Presto! Forms 3.50.02
    Presto! PageManager 7.12.10
    Print to Fax
    Realtek AC'97 Audio
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2183461)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB982214)
    SolidWorks 2005 SP0
    Update for Windows Internet Explorer 8 (KB982664)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 8
    Windows Media Format Runtime

    ==== Event Viewer Messages From Past Week ========

    8/26/2010 7:27:12 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    8/26/2010 7:27:12 PM, error: Service Control Manager [7034] - The lxcj_device service terminated unexpectedly. It has done this 1 time(s).
    8/25/2010 7:56:07 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/25/2010 7:56:06 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
    8/25/2010 4:10:35 PM, error: Service Control Manager [7023] - The texuzwhme service terminated with the following error: The specified module could not be found.
    8/25/2010 12:39:30 PM, error: PSched [14107] - QoS [Adapter NDISWANIP]: The Packet Scheduler could not initialize the virtual miniport with NDIS.
    8/25/2010 11:44:56 AM, error: Print [6161] - The document Microsoft Office Outlook - Memo Style owned by Bee failed to print on printer Lexmark 8300 Series. Data type: LEMF. Size of the spool file in bytes: 294712. Number of bytes printed: 294712. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\CAD. Win32 error code returned by the print processor: 0 (0x0).
    8/25/2010 1:50:21 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    8/25/2010 1:48:55 PM, error: Service Control Manager [7023] - The texuzwhme service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
    8/23/2010 5:56:54 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 960 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    8/23/2010 1:27:53 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    8/23/2010 1:12:53 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    8/22/2010 9:56:50 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 480 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    8/22/2010 5:56:48 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 240 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    8/22/2010 3:56:48 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    8/22/2010 2:56:47 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    8/22/2010 12:46:38 PM, error: Service Control Manager [7000] - The MSICPL service failed to start due to the following error: The system cannot find the file specified.

    ==== End Of File ===========================
     
  8. WillCom

    WillCom TS Rookie Topic Starter Posts: 31

    Hi...is this done right?
    the way that i pasted the logs?
     
  9. crunchie

    crunchie Malware Helper Posts: 728

    Please run GMER again and then right click on the following line;

    Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] nojjcsj and select disable and reboot the pc. Run GMER again and then right click that service and select delete.

    Reboot again and rescan with GMER and post the log.
     
  10. WillCom

    WillCom TS Rookie Topic Starter Posts: 31

    Hi...i did as you requested...

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit quick scan 2010-08-28 13:28:59
    Windows 5.1.2600 Service Pack 3
    Running: GMER.exe; Driver: C:\DOCUME~1\Bee\LOCALS~1\Temp\pxtdqpow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
    AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
    AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
    AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

    ---- EOF - GMER 1.0.15 ----
     
  11. crunchie

    crunchie Malware Helper Posts: 728

    Looks like that worked ok.

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

    ==

    Can you list the problems you are still having please.
     
  12. WillCom

    WillCom TS Rookie Topic Starter Posts: 31

    ok...thanks...will do so...
     
  13. WillCom

    WillCom TS Rookie Topic Starter Posts: 31

    it says "text is too long(70912 characters),shorten to 20000

    im going to break it up for you... is that ok?
     
  14. crunchie

    crunchie Malware Helper Posts: 728

    No worries :)
     
  15. WillCom

    WillCom TS Rookie Topic Starter Posts: 31

    OTL logfile created on: 8/28/2010 3:23:38 PM - Run 1
    OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Bee\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    511.00 Mb Total Physical Memory | 302.00 Mb Available Physical Memory | 59.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 9.77 Gb Total Space | 1.76 Gb Free Space | 18.00% Space Free | Partition Type: NTFS
    Drive D: | 8.87 Gb Total Space | 4.94 Gb Free Space | 55.68% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: CAD
    Current User Name: Bee
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/08/28 15:17:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bee\Desktop\OTL.exe
    PRC - [2010/08/25 17:59:11 | 000,413,696 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    PRC - [2010/08/25 17:59:04 | 001,638,240 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
    PRC - [2010/08/25 17:58:59 | 000,442,368 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
    PRC - [2010/08/25 17:58:48 | 000,782,336 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
    PRC - [2008/04/14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/10/12 10:32:50 | 000,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
    PRC - [2007/01/30 16:30:39 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcjcoms.exe
    PRC - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
    PRC - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
    PRC - [2002/12/28 12:14:56 | 000,077,824 | ---- | M] (DAEMON.S HOME) -- C:\Program Files\D-Tools\daemon.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/08/28 15:17:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bee\Desktop\OTL.exe
    MOD - [2008/04/14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - [2010/08/25 17:59:11 | 000,413,696 | ---- | M] (BitDefender SRL) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
    SRV - [2010/08/25 17:59:04 | 001,638,240 | ---- | M] (BitDefender S. R. L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV)
    SRV - [2010/08/25 17:58:29 | 000,323,584 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
    SRV - [2009/01/20 19:16:20 | 000,172,032 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3)
    SRV - [2007/01/30 16:30:39 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxcjcoms.exe -- (lxcj_device)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- F:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
    DRV - [2010/08/25 17:59:10 | 000,104,456 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfndisf.sys -- (Bdfndisf)
    DRV - [2010/08/25 17:58:32 | 000,137,224 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
    DRV - [2010/08/25 17:58:31 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
    DRV - [2010/08/22 14:47:15 | 000,457,216 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
    DRV - [2010/08/22 14:47:13 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
    DRV - [2009/01/12 12:27:58 | 000,008,832 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr)
    DRV - [2008/12/10 20:42:46 | 000,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
    DRV - [2008/10/06 18:16:16 | 000,082,696 | ---- | M] (BitDefender S.R.L.) [Kernel | Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys -- (BDVEDISK)
    DRV - [2008/09/26 18:01:00 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2008/09/18 12:09:12 | 000,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
    DRV - [2008/09/02 14:32:06 | 000,013,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
    DRV - [2008/04/14 02:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2008/04/14 02:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/04/14 00:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
    DRV - [2007/10/12 10:32:48 | 004,019,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2007/07/12 05:49:16 | 000,096,384 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
    DRV - [2006/10/22 12:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2002/12/28 12:16:58 | 000,095,328 | ---- | M] (Generic) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\st3mp28.sys -- (st3mp28)
    DRV - [2002/12/28 12:16:40 | 000,008,416 | ---- | M] (Generic) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\st3bus28.sys -- (st3bus28)
    DRV - [2001/08/17 16:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\tbextension\ [2010/08/25 12:38:35 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2008/04/14 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
    O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
    O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender)
    O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON.S HOME)
    O4 - HKLM..\Run: [LXCJCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.DLL (Lexmark International Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Bee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/08/22 12:01:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{52540db5-ade7-11df-938a-005022980000}\Shell - "" = AutoRun
    O33 - MountPoints2\{52540db5-ade7-11df-938a-005022980000}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{52540db5-ade7-11df-938a-005022980000}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
    O33 - MountPoints2\{52540db8-ade7-11df-938a-005022980000}\Shell - "" = AutoRun
    O33 - MountPoints2\{52540db8-ade7-11df-938a-005022980000}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{52540db8-ade7-11df-938a-005022980000}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: nojjcsj - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)
     
  16. WillCom

    WillCom TS Rookie Topic Starter Posts: 31

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/08/28 15:21:21 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bee\Desktop\OTL.exe
    [2010/08/26 19:35:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bee\Application Data\Malwarebytes
    [2010/08/26 19:34:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/08/26 19:34:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/08/26 19:34:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/08/26 19:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/08/26 16:19:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bee\Desktop\SharedDocs on Kevin (Kevin)
    [2010/08/26 16:19:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bee\Desktop\data.sch on Cnc
    [2010/08/26 16:19:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bee\Desktop\data.lgn on Cnc
    [2010/08/26 15:09:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bee\IECompatCache
    [2010/08/26 15:07:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bee\PrivacIE
    [2010/08/26 15:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    [2010/08/26 14:57:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bee\IETldCache
    [2010/08/26 14:40:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
    [2010/08/26 14:38:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
    [2010/08/26 14:34:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2010/08/26 13:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
    [2010/08/26 13:28:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bee\Application Data\NewSoft
    [2010/08/26 11:46:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
    [2010/08/25 16:04:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
    [2010/08/25 16:04:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
    [2010/08/25 14:48:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
    [2010/08/25 12:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bee\Application Data\BitDefender
    [2010/08/25 12:38:15 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
    [2010/08/25 12:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
    [2010/08/25 12:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
    [2010/08/25 10:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
    [2010/08/25 10:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2010/08/25 10:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bee\Application Data\WinRAR
    [2010/08/25 09:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bee\Local Settings\Application Data\PCHealth
    [2010/08/24 14:46:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
    [2010/08/24 14:45:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bee\Application Data\Macromedia
    [2010/08/24 14:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
    [2010/08/24 12:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bee\Application Data\AdobeUM
    [2010/08/24 12:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bee\Local Settings\Application Data\Adobe
    [2010/08/24 12:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bee\My Documents\My eBooks
    [2010/08/24 12:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bee\Application Data\Adobe
    [2010/08/24 12:52:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2010/08/24 12:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2010/08/24 12:48:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cache
    [2010/08/24 08:59:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bee\Application Data\SolidWorks
    [2010/08/23 19:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\eDrawings2005
    [2010/08/23 19:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bee\Application Data\DWGEditor
    [2010/08/23 19:02:48 | 000,639,052 | ---- | C] (Bluebeam Software, Inc.) -- C:\WINDOWS\System32\BBPDFPortMon.dll
    [2010/08/23 18:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SolidWorks Shared
    [2010/08/23 18:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bluebeam Software
    [2010/08/23 18:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\Bluebeam Software
    [2010/08/23 18:42:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Bluebeam Software
    [2010/08/23 18:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\D-Tools
    [2010/08/23 14:12:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bee\Local Settings\Application Data\BVRP Software
    [2010/08/23 13:55:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bee\Local Settings\Application Data\Help
    [2010/08/23 13:55:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bee\Application Data\Help
    [2010/08/23 13:36:00 | 000,605,112 | ---- | C] (VS Revo Group) -- C:\Documents and Settings\Bee\Desktop\revouninstaller.exe
    [2010/08/23 13:10:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
    [2010/08/23 13:09:36 | 000,000,000 | ---D | C] -- C:\NVIDIA
    [2010/08/23 13:03:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bee\UserData
    [2010/08/23 12:58:08 | 000,621,056 | ---- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
    [2010/08/23 12:58:08 | 000,113,664 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
    [2010/08/23 12:58:08 | 000,101,376 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
    [2010/08/23 12:58:08 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
    [2010/08/23 12:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\Altech
    [2010/08/23 09:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
    [2010/08/23 09:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
    [2010/08/23 09:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
    [2010/08/23 09:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
    [2010/08/23 09:31:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
    [2010/08/23 09:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bee\Local Settings\Application Data\Microsoft Help
    [2010/08/23 09:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2010/08/23 09:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    [2010/08/23 09:29:44 | 000,000,000 | RH-D | C] -- C:\MSOCache
    [2010/08/23 08:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
    [2010/08/23 08:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
    [2010/08/23 08:45:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bee\WINDOWS
    [2010/08/23 08:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\NewSoft
    [2010/08/23 08:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Applications
    [2010/08/23 08:44:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\color
    [2010/08/23 08:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Lx_cats
    [2010/08/23 08:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 8300 Series
    [2010/08/23 08:12:52 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjinpa.dll
    [2010/08/23 08:12:52 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjiesc.dll
    [2010/08/23 08:12:52 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjhcp.dll
    [2010/08/23 08:12:51 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjserv.dll
    [2010/08/23 08:12:51 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjusb1.dll
    [2010/08/23 08:12:50 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjpmui.dll
    [2010/08/23 08:12:50 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjprox.dll
    [2010/08/23 08:12:50 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjpplc.dll
    [2010/08/23 08:12:49 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjlmpm.dll
    [2010/08/23 08:12:48 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjih.exe
    [2010/08/23 08:12:47 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjhbn3.dll
    [2010/08/23 08:12:46 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjcoms.exe
    [2010/08/23 08:12:46 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjcomm.dll
    [2010/08/23 08:12:45 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjcomc.dll
    [2010/08/23 08:12:45 | 000,381,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcjcfg.exe
    [2010/08/23 08:12:44 | 000,069,632 | ---- | C] (Lexmark International) -- C:\WINDOWS\System32\lxcjcfg.dll
    [2010/08/22 15:26:45 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/08/22 15:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\CNC Software, Inc
    [2010/08/22 14:47:15 | 000,457,216 | ---- | C] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\drivers\hardlock.sys
    [2010/08/22 14:47:13 | 000,047,616 | ---- | C] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\drivers\Haspnt.sys
    [2010/08/22 14:47:13 | 000,006,656 | ---- | C] (Aladdin Knowledge Systems.) -- C:\WINDOWS\System32\haspvdd.dll
    [2010/08/22 14:45:04 | 000,086,016 | ---- | C] (CNC Software, Inc.) -- C:\WINDOWS\System32\MCLSTCTL.OCX
    [2010/08/22 14:45:04 | 000,053,248 | ---- | C] (CNC Software, Inc.) -- C:\WINDOWS\System32\MCREAL.OCX
    [2010/08/22 14:45:04 | 000,053,248 | ---- | C] (CNC Software Inc.) -- C:\WINDOWS\System32\MCBITMAP.OCX
    [2010/08/22 14:45:04 | 000,045,056 | ---- | C] (CNC Software, Inc.) -- C:\WINDOWS\System32\MCINT.OCX
    [2010/08/22 13:54:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bee\Application Data\Ahead
    [2010/08/22 13:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
    [2010/08/22 13:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
    [2010/08/22 13:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
    [2010/08/22 13:51:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
    [2010/08/22 13:24:11 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
    [2010/08/22 13:22:26 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
    [2010/08/22 13:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
    [2010/08/22 13:22:20 | 000,000,000 | R--D | C] -- C:\Program Files
    [2010/08/22 13:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
    [2010/08/22 13:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
    [2010/08/22 13:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
    [2010/08/22 13:21:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
    [2010/08/22 13:21:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
    [2010/08/22 13:21:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
    [2010/08/22 13:21:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
    [2010/08/22 13:21:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
    [2010/08/22 13:21:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
    [2010/08/22 13:21:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
    [2010/08/22 13:21:21 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
    [2010/08/22 13:21:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
    [2010/08/22 13:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings
    [2010/08/22 13:17:18 | 000,000,000 | -HSD | C] -- C:\System Volume Information
    [2010/08/22 13:11:57 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
    [2010/08/22 13:11:57 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
    [2010/08/22 13:11:57 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
    [2010/08/22 13:11:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
    [2010/08/22 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
    [2010/08/22 13:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek Sound Manager
    [2010/08/22 13:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\AvRack
    [2010/08/22 13:02:37 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97
    [2010/08/22 13:02:26 | 000,000,000 | R--D | C] -- C:\Program Files\InstallShield Installation Information
    [2010/08/22 13:02:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
    [2010/08/22 12:47:10 | 000,096,384 | R--- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\Rtnicxp.sys
    [2010/08/22 12:47:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
    [2010/08/22 12:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bee\Application Data\Identities
    [2010/08/22 12:33:57 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
    [2010/08/22 12:33:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bee\My Documents\My Music
    [2010/08/22 12:33:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bee\My Documents\My Pictures
    [2010/08/22 12:33:48 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Bee\Application Data\Microsoft
    [2010/08/22 12:33:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bee\SendTo
    [2010/08/22 12:33:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bee\Recent
    [2010/08/22 12:33:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bee\Application Data
    [2010/08/22 12:33:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bee\Start Menu
    [2010/08/22 12:33:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bee\My Documents
    [2010/08/22 12:33:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Bee\Favorites
    [2010/08/22 12:33:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bee\Cookies
    [2010/08/22 12:33:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Bee\Templates
    [2010/08/22 12:33:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Bee\PrintHood
    [2010/08/22 12:33:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Bee\NetHood
    [2010/08/22 12:33:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Bee\Local Settings
     
  17. WillCom

    WillCom TS Rookie Topic Starter Posts: 31

    [2010/08/22 12:33:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bee\Local Settings\Application Data\Microsoft
    [2010/08/22 12:33:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bee\Desktop
    [2010/08/22 12:09:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
    [2010/08/22 12:07:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
    [2010/08/22 12:07:49 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
    [2010/08/22 12:07:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2010/08/22 12:07:47 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
    [2010/08/22 12:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
    [2010/08/22 12:07:35 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
    [2010/08/22 12:05:04 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
    [2010/08/22 12:05:04 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
    [2010/08/22 12:05:04 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
    [2010/08/22 12:03:08 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
    [2010/08/22 12:02:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
    [2010/08/22 12:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
    [2010/08/22 12:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
    [2010/08/22 11:59:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
    [2010/08/22 11:59:13 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
    [2010/08/22 11:59:13 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
    [2010/08/22 11:58:53 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
    [2010/08/22 11:58:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
    [2010/08/22 11:58:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
    [2010/08/22 11:58:02 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
    [2010/08/22 11:58:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
    [2010/08/22 11:57:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
    [2010/08/22 11:57:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
    [2010/08/22 11:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
    [2010/08/22 11:57:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
    [2010/08/22 11:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
    [2010/08/22 11:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
    [2010/08/22 11:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
    [2010/08/22 11:57:03 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
    [2010/08/22 11:57:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
    [2010/08/22 11:55:55 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
    [2010/08/22 11:55:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
    [2010/08/22 11:55:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
    [2010/08/22 11:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
    [2010/08/22 11:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
    [2010/08/22 11:55:20 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
    [2010/08/22 11:55:16 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
    [2010/08/22 11:54:36 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
    [2010/08/22 11:54:35 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
    [2010/08/22 11:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
    [2010/08/22 11:54:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
    [2010/08/22 11:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
    [2010/08/22 11:54:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
    [2010/08/22 11:54:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos


    ========== Files - Modified Within 90 Days ==========

    [2010/08/28 15:21:31 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Bee\NTUSER.DAT
    [2010/08/28 15:17:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bee\Desktop\OTL.exe
    [2010/08/28 15:11:00 | 000,000,254 | ---- | M] () -- C:\WINDOWS\pfe32.ini
    [2010/08/28 13:27:06 | 000,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
    [2010/08/28 13:26:48 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2010/08/28 13:26:43 | 000,013,700 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/08/28 13:26:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/08/28 13:26:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/08/28 13:26:19 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
    [2010/08/28 13:25:16 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
    [2010/08/28 13:25:04 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Bee\ntuser.ini
    [2010/08/27 14:52:02 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Bee\Desktop\Shortcut to Internet.lnk
    [2010/08/27 14:51:57 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Bee\Desktop\Shortcut to E-mail.lnk
    [2010/08/27 08:11:21 | 000,360,124 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/08/27 08:11:21 | 000,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/08/27 08:11:21 | 000,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/08/27 08:04:46 | 000,288,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/08/27 03:21:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/08/26 20:54:13 | 000,000,811 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/08/26 19:34:47 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/08/26 14:57:21 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Bee\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/08/26 13:32:01 | 000,008,345 | ---- | M] () -- C:\WINDOWS\System32\NEWSOFT
    [2010/08/25 17:59:10 | 000,104,456 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys
    [2010/08/25 14:44:26 | 000,013,700 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
    [2010/08/25 13:49:37 | 000,000,850 | ---- | M] () -- C:\WINDOWS\System32\ProductTweaks.xml
    [2010/08/25 13:49:15 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
    [2010/08/25 12:39:03 | 000,001,863 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Internet Security 2009.lnk
    [2010/08/25 12:28:32 | 000,002,139 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SolidWorks 2005 .lnk
    [2010/08/25 11:29:38 | 000,080,984 | ---- | M] () -- C:\Documents and Settings\Bee\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/08/25 11:13:29 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Bee\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2010/08/24 15:42:18 | 000,000,267 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mill 9 SP1.lnk
    [2010/08/24 15:28:36 | 005,886,442 | -H-- | M] () -- C:\Documents and Settings\Bee\Local Settings\Application Data\IconCache.db
    [2010/08/23 19:05:29 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\Bee\Application Data\Microsoft\Internet Explorer\Quick Launch\eDrawings 2005.lnk
    [2010/08/23 19:05:29 | 000,001,818 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eDrawings 2005.lnk
    [2010/08/23 19:04:58 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PDMWorks 2005 Standalone Client.lnk
    [2010/08/23 19:04:58 | 000,001,699 | ---- | M] () -- C:\Documents and Settings\Bee\Application Data\Microsoft\Internet Explorer\Quick Launch\PDMWorks 2005 Standalone Client.lnk
    [2010/08/23 19:03:14 | 000,000,042 | ---- | M] () -- C:\WINDOWS\trailer.xws
    [2010/08/23 19:03:11 | 000,000,023 | -H-- | M] () -- C:\WINDOWS\yacht.xws
    [2010/08/23 19:02:19 | 000,001,868 | ---- | M] () -- C:\Documents and Settings\Bee\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks 2005 .lnk
    [2010/08/23 12:58:27 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Altech.lnk
    [2010/08/23 08:47:30 | 000,016,908 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
    [2010/08/23 08:46:04 | 000,000,257 | ---- | M] () -- C:\WINDOWS\setup.iss
    [2010/08/23 08:45:43 | 000,151,566 | ---- | M] () -- C:\WINDOWS\System32\UninstIPP.isu
    [2010/08/22 15:33:52 | 000,000,454 | ---- | M] () -- C:\Documents and Settings\Bee\Desktop\Shortcut to NC.lnk
    [2010/08/22 14:47:15 | 000,457,216 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\drivers\hardlock.sys
    [2010/08/22 14:47:13 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\drivers\Haspnt.sys
    [2010/08/22 14:47:13 | 000,006,656 | ---- | M] (Aladdin Knowledge Systems.) -- C:\WINDOWS\System32\haspvdd.dll
    [2010/08/22 14:47:13 | 000,002,620 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/08/22 14:47:13 | 000,000,383 | ---- | M] () -- C:\WINDOWS\System32\haspdos.sys
    [2010/08/22 14:09:34 | 000,002,361 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk
    [2010/08/22 13:51:55 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
    [2010/08/22 13:36:33 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
    [2010/08/22 13:22:19 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/08/22 12:34:12 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Bee\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2010/08/22 12:07:39 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
    [2010/08/22 12:06:18 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
    [2010/08/22 12:01:31 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\config.hsp
    [2010/08/22 12:01:31 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2010/08/22 12:01:31 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/08/22 12:01:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
    [2010/08/22 12:01:31 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/08/22 12:01:31 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/08/22 12:01:19 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2010/08/22 12:01:19 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2010/08/22 12:00:59 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
    [2010/08/22 11:59:13 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
    [2010/08/22 11:59:13 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
    [2010/08/22 11:59:02 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
    [2010/08/22 11:59:02 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
    [2010/08/22 11:59:02 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
    [2010/08/22 11:59:02 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
    [2010/08/22 11:59:02 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
    [2010/08/22 11:59:02 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
    [2010/08/22 11:56:10 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2010/08/22 11:55:52 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
    [2010/08/22 11:55:52 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
    [2010/08/22 11:38:23 | 000,000,211 | -HS- | M] () -- C:\boot.ini
     
  18. WillCom

    WillCom TS Rookie Topic Starter Posts: 31

    ========== Files Created - No Company Name ==========

    [2010/08/27 14:52:02 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Bee\Desktop\Shortcut to Internet.lnk
    [2010/08/27 14:51:57 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Bee\Desktop\Shortcut to E-mail.lnk
    [2010/08/26 19:34:47 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/08/25 14:44:29 | 000,013,700 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
    [2010/08/25 13:49:37 | 000,000,850 | ---- | C] () -- C:\WINDOWS\System32\ProductTweaks.xml
    [2010/08/25 13:49:15 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
    [2010/08/25 13:47:22 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
    [2010/08/25 13:46:40 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
    [2010/08/25 12:39:03 | 000,001,863 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Internet Security 2009.lnk
    [2010/08/25 08:55:19 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Bee\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2010/08/24 15:42:18 | 000,000,267 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mill 9 SP1.lnk
    [2010/08/23 19:04:58 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\Bee\Application Data\Microsoft\Internet Explorer\Quick Launch\eDrawings 2005.lnk
    [2010/08/23 19:04:58 | 000,001,818 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\eDrawings 2005.lnk
    [2010/08/23 19:04:58 | 000,001,765 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PDMWorks 2005 Standalone Client.lnk
    [2010/08/23 19:04:58 | 000,001,699 | ---- | C] () -- C:\Documents and Settings\Bee\Application Data\Microsoft\Internet Explorer\Quick Launch\PDMWorks 2005 Standalone Client.lnk
    [2010/08/23 19:03:14 | 000,000,042 | ---- | C] () -- C:\WINDOWS\trailer.xws
    [2010/08/23 19:03:11 | 000,000,023 | -H-- | C] () -- C:\WINDOWS\yacht.xws
    [2010/08/23 19:02:19 | 000,002,139 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SolidWorks 2005 .lnk
    [2010/08/23 19:02:19 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\Bee\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks 2005 .lnk
    [2010/08/23 13:10:52 | 000,088,566 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
    [2010/08/23 13:10:52 | 000,017,056 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
    [2010/08/23 12:58:27 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Altech.lnk
    [2010/08/23 08:45:52 | 000,008,345 | ---- | C] () -- C:\WINDOWS\System32\NEWSOFT
    [2010/08/23 08:45:41 | 000,151,566 | ---- | C] () -- C:\WINDOWS\System32\UninstIPP.isu
    [2010/08/23 08:45:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
    [2010/08/23 08:44:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\hookdllX.dll
    [2010/08/23 08:44:15 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
    [2010/08/23 08:44:09 | 000,000,257 | ---- | C] () -- C:\WINDOWS\setup.iss
    [2010/08/23 08:43:05 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcjvs.dll
    [2010/08/23 08:43:04 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxcjcoin.dll
    [2010/08/23 08:42:34 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcjcnv4.dll
    [2010/08/23 08:12:52 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\lxcjinst.dll
    [2010/08/23 08:12:52 | 000,016,908 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.ulf
    [2010/08/23 08:12:47 | 000,296,650 | ---- | C] () -- C:\WINDOWS\System32\lxcjhelp.chm
    [2010/08/23 08:12:44 | 000,002,284 | ---- | C] () -- C:\WINDOWS\System32\lxcj.loc
    [2010/08/22 15:38:23 | 000,000,254 | ---- | C] () -- C:\WINDOWS\pfe32.ini
    [2010/08/22 15:33:54 | 000,000,454 | ---- | C] () -- C:\Documents and Settings\Bee\Desktop\Shortcut to NC.lnk
    [2010/08/22 14:47:13 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\config.hsp
    [2010/08/22 14:47:13 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
    [2010/08/22 14:45:04 | 000,029,028 | ---- | C] () -- C:\WINDOWS\System32\MSPLIT.EXE
    [2010/08/22 14:45:04 | 000,021,638 | ---- | C] () -- C:\WINDOWS\System32\Mpack.exe
    [2010/08/22 14:45:04 | 000,017,858 | ---- | C] () -- C:\WINDOWS\System32\Munpack.exe
    [2010/08/22 14:45:04 | 000,015,956 | ---- | C] () -- C:\WINDOWS\System32\MJOIN.EXE
    [2010/08/22 14:09:34 | 000,002,361 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk
    [2010/08/22 13:36:32 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
    [2010/08/22 13:22:30 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2010/08/22 13:22:21 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
    [2010/08/22 13:22:21 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
    [2010/08/22 13:22:21 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
    [2010/08/22 13:22:20 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
    [2010/08/22 13:22:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
    [2010/08/22 13:22:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
    [2010/08/22 13:22:16 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
    [2010/08/22 13:22:16 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
    [2010/08/22 13:22:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
    [2010/08/22 13:22:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
    [2010/08/22 13:22:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
    [2010/08/22 13:22:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
    [2010/08/22 13:22:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
    [2010/08/22 13:22:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
    [2010/08/22 13:22:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
    [2010/08/22 13:22:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
    [2010/08/22 13:22:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
    [2010/08/22 13:22:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
    [2010/08/22 13:22:12 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
    [2010/08/22 13:22:12 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
    [2010/08/22 13:22:12 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
    [2010/08/22 13:22:12 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
    [2010/08/22 13:22:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
    [2010/08/22 13:22:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
    [2010/08/22 13:22:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
    [2010/08/22 13:22:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
    [2010/08/22 13:22:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
    [2010/08/22 13:22:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
    [2010/08/22 13:22:11 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
    [2010/08/22 13:22:11 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
    [2010/08/22 13:22:11 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
    [2010/08/22 13:22:11 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
    [2010/08/22 13:22:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
    [2010/08/22 13:22:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
    [2010/08/22 13:22:09 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
    [2010/08/22 13:22:09 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
    [2010/08/22 13:22:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
    [2010/08/22 13:22:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
    [2010/08/22 13:22:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
    [2010/08/22 13:22:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
    [2010/08/22 13:22:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
    [2010/08/22 13:22:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
    [2010/08/22 13:22:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
    [2010/08/22 13:22:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
    [2010/08/22 13:22:03 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
    [2010/08/22 13:21:46 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
    [2010/08/22 13:21:46 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
    [2010/08/22 13:21:46 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
    [2010/08/22 13:21:46 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
    [2010/08/22 13:21:46 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
    [2010/08/22 13:21:46 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
    [2010/08/22 13:21:46 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
    [2010/08/22 13:21:46 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
    [2010/08/22 13:21:45 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
    [2010/08/22 13:21:45 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
    [2010/08/22 13:21:45 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
    [2010/08/22 13:21:45 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
    [2010/08/22 13:21:45 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
    [2010/08/22 13:21:45 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
    [2010/08/22 13:21:45 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
    [2010/08/22 13:21:45 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
    [2010/08/22 13:21:44 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
    [2010/08/22 13:21:44 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
    [2010/08/22 13:21:44 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
    [2010/08/22 13:20:52 | 000,288,496 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/08/22 13:19:51 | 000,000,211 | -HS- | C] () -- C:\boot.ini
    [2010/08/22 13:19:45 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
    [2010/08/22 13:03:29 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2010/08/22 13:03:16 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2010/08/22 13:03:15 | 000,141,016 | R--- | C] () -- C:\WINDOWS\System32\alsndmgr.wav
    [2010/08/22 13:02:49 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
    [2010/08/22 12:34:12 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Bee\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2010/08/22 12:33:57 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Bee\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/08/22 12:33:50 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Bee\ntuser.ini
    [2010/08/22 12:33:49 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Bee\ntuser.dat.LOG
    [2010/08/22 12:33:48 | 002,097,152 | -H-- | C] () -- C:\Documents and Settings\Bee\NTUSER.DAT
    [2010/08/22 12:33:46 | 536,399,872 | -HS- | C] () -- C:\hiberfil.sys
    [2010/08/22 12:07:39 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
    [2010/08/22 12:06:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2010/08/22 12:05:52 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
    [2010/08/22 12:04:55 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
    [2010/08/22 12:04:55 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
    [2010/08/22 12:04:53 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
    [2010/08/22 12:04:18 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
    [2010/08/22 12:04:17 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
    [2010/08/22 12:04:05 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
    [2010/08/22 12:04:04 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
    [2010/08/22 12:04:01 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
    [2010/08/22 12:03:48 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
    [2010/08/22 12:03:41 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
    [2010/08/22 12:03:34 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
    [2010/08/22 12:03:12 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
    [2010/08/22 12:03:07 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
    [2010/08/22 12:03:07 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
    [2010/08/22 12:03:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
    [2010/08/22 12:03:06 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
    [2010/08/22 12:03:06 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
    [2010/08/22 12:03:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
    [2010/08/22 12:03:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
    [2010/08/22 12:03:05 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
    [2010/08/22 12:03:05 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
    [2010/08/22 12:03:05 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
    [2010/08/22 12:03:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
    [2010/08/22 12:03:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
    [2010/08/22 12:03:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
    [2010/08/22 12:03:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
    [2010/08/22 12:03:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
    [2010/08/22 12:03:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
    [2010/08/22 12:03:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
    [2010/08/22 12:03:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
    [2010/08/22 12:03:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
    [2010/08/22 12:03:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
    [2010/08/22 12:03:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
    [2010/08/22 12:03:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
    [2010/08/22 12:03:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
    [2010/08/22 12:03:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
    [2010/08/22 12:03:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
    [2010/08/22 12:03:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
    [2010/08/22 12:03:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
    [2010/08/22 12:03:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
    [2010/08/22 12:03:02 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
    [2010/08/22 12:03:02 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
    [2010/08/22 12:03:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
    [2010/08/22 12:03:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
    [2010/08/22 12:03:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
    [2010/08/22 12:03:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
    [2010/08/22 12:03:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
    [2010/08/22 12:03:01 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
    [2010/08/22 12:03:01 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
    [2010/08/22 12:03:01 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
    [2010/08/22 12:03:01 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
    [2010/08/22 12:03:01 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
    [2010/08/22 12:03:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
    [2010/08/22 12:03:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
    [2010/08/22 12:03:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
    [2010/08/22 12:03:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
    [2010/08/22 12:03:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
    [2010/08/22 12:03:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
    [2010/08/22 12:03:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
    [2010/08/22 12:02:59 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
    [2010/08/22 12:02:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
    [2010/08/22 12:02:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
    [2010/08/22 12:02:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
    [2010/08/22 12:02:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
    [2010/08/22 12:02:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
    [2010/08/22 12:02:58 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
    [2010/08/22 12:02:58 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
    [2010/08/22 12:02:58 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
    [2010/08/22 12:02:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
    [2010/08/22 12:02:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
    [2010/08/22 12:02:57 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
    [2010/08/22 12:02:56 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
    [2010/08/22 12:01:31 | 000,002,620 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/08/22 12:01:31 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
    [2010/08/22 12:01:31 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
    [2010/08/22 12:01:31 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
    [2010/08/22 12:01:31 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
    [2010/08/22 12:01:19 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
    [2010/08/22 12:01:19 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
    [2010/08/22 12:01:16 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
    [2010/08/22 11:59:13 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
    [2010/08/22 11:59:13 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
    [2010/08/22 11:59:02 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
     
  19. WillCom

    WillCom TS Rookie Topic Starter Posts: 31

    [2010/08/22 11:59:02 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
    [2010/08/22 11:59:02 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
    [2010/08/22 11:59:02 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
    [2010/08/22 11:59:02 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
    [2010/08/22 11:59:02 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
    [2010/08/22 11:58:30 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
    [2010/08/22 11:58:13 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
    [2010/08/22 11:58:13 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
    [2010/08/22 11:58:07 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf

    [2010/08/22 11:57:24 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
    [2010/08/22 11:56:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2010/08/22 11:54:58 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
    [2010/08/22 11:54:58 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
    [2010/08/22 11:54:58 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
    [2010/08/22 11:54:58 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
    [2010/08/22 11:54:58 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
    [2010/08/22 11:54:57 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
    [2010/08/22 11:54:57 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
    [2010/08/22 11:54:57 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
    [2010/08/22 11:54:57 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
    [2010/08/22 11:54:57 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
    [2010/08/22 11:54:57 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
    [2010/08/22 11:54:57 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
    [2010/08/22 11:54:57 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
    [2010/08/22 11:54:56 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
    [2010/08/22 11:54:56 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
    [2010/08/22 11:54:56 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
    [2010/08/22 11:54:56 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
    [2010/08/22 11:54:56 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
    [2010/08/22 11:54:56 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
    [2010/08/22 11:54:54 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
    [2010/08/22 11:54:54 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
    [2010/08/22 11:54:53 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
    [2010/08/22 11:54:47 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
    [2008/10/09 16:31:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
    [2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
    [2006/10/22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2006/10/22 12:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2006/10/22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [2003/12/09 00:08:20 | 002,539,520 | ---- | C] () -- C:\WINDOWS\System32\Bbgspdf.dll
    [2003/12/02 13:39:08 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\InstallPrinter.dll
    [2003/01/30 06:04:00 | 000,618,496 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
    [2002/03/13 16:46:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

    ========== LOP Check ==========

    [2010/08/25 12:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
    [2010/08/23 18:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluebeam Software
    [2010/08/23 08:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
    [2010/08/25 12:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bee\Application Data\BitDefender
    [2010/08/23 19:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bee\Application Data\DWGEditor
    [2010/08/26 13:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bee\Application Data\NewSoft

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2008/04/14 14:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

    < MD5 for: ATAPI.SYS >
    [2008/04/14 14:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2008/04/14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2009/01/20 19:16:14 | 000,001,536 | ---- | M] () MD5=58B81BFA8841E41639BDD81A7FEE2B8E -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll
    [2008/04/14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
    [2008/04/14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

    < MD5 for: NETLOGON.DLL >
    [2008/04/14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
    [2008/04/14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2008/04/14 14:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
    [2008/04/14 14:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2010/08/22 13:19:49 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2010/08/22 13:19:49 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2010/08/22 13:19:49 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
    < End of report >
     
  20. WillCom

    WillCom TS Rookie Topic Starter Posts: 31

    OTL Extras logfile created on: 8/28/2010 3:23:38 PM - Run 1
    OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Bee\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    511.00 Mb Total Physical Memory | 302.00 Mb Available Physical Memory | 59.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 9.77 Gb Total Space | 1.76 Gb Free Space | 18.00% Space Free | Partition Type: NTFS
    Drive D: | 8.87 Gb Total Space | 4.94 Gb Free Space | 55.68% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: CAD
    Current User Name: Bee
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\PROGRA~1\MICROS~2\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\PROGRA~1\MICROS~2\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "3409:TCP" = 3409:TCP:*:Enabled:fnrpjst

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\lxcjcoms.exe" = C:\WINDOWS\system32\lxcjcoms.exe:*:Enabled:8300 Series Server -- ( )
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0801DB64-A004-4640-BF13-F05D75409627}" = BitDefender Internet Security 2009
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2A8C5C0E-DC54-46BF-92AE-A062C63A1033}" = Nero 7 Essentials
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
    "{5E479D3B-4A87-42B9-A91E-2EB2284A54D4}" = DAEMON Tools
    "{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}" = Presto! PageManager 7.12.10
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{97917FA0-00C5-4351-AD6B-87AB99C52792}" = eDrawings 2005
    "{9FB978C4-FB73-42E3-9DCA-0748984D7FBF}" = PDMWorks Clients 2005
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{B79920F8-AB6E-45B2-B257-900BBA969FF7}" = Presto! Forms 3.50.02
    "{B7FFC71C-CD9C-4A48-8DD1-12BC9B43B2BB}" = SolidWorks 2005 SP0
    "{DA97E170-9898-4280-8BE1-6D53624EA0AE}" = Mastercam 9 SP1
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "Adobe AIR" = Adobe AIR
    "Altech" = Altech
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ie8" = Windows Internet Explorer 8
    "Lexmark 8300 Series" = Lexmark 8300 Series
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "NVIDIA Drivers" = NVIDIA Drivers
    "Windows Media Format Runtime" = Windows Media Format Runtime

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 8/26/2010 2:50:44 PM | Computer Name = CAD | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 8/26/2010 2:50:45 PM | Computer Name = CAD | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 8/26/2010 2:51:08 PM | Computer Name = CAD | Source = Application Hang | ID = 1001
    Description = Fault bucket 1180947459.

    Error - 8/26/2010 2:51:11 PM | Computer Name = CAD | Source = Application Hang | ID = 1001
    Description = Fault bucket 1180947459.

    Error - 8/26/2010 2:58:40 PM | Computer Name = CAD | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 8/26/2010 2:58:47 PM | Computer Name = CAD | Source = Application Hang | ID = 1001
    Description = Fault bucket 1180947459.

    Error - 8/27/2010 2:14:53 AM | Computer Name = CAD | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 8/27/2010 2:15:08 AM | Computer Name = CAD | Source = Application Hang | ID = 1001
    Description = Fault bucket 1180947459.

    Error - 8/27/2010 3:45:47 AM | Computer Name = CAD | Source = Application Hang | ID = 1002
    Description = Hanging application MILL9.EXE, version 0.0.0.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 8/27/2010 7:56:24 AM | Computer Name = CAD | Source = Application Hang | ID = 1002
    Description = Hanging application AcroRd32.exe, version 9.1.0.163, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    [ OSession Events ]
    Error - 8/25/2010 4:36:46 AM | Computer Name = CAD | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7166
    seconds with 1680 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 8/27/2010 4:03:20 AM | Computer Name = CAD | Source = Print | ID = 6161
    Description = The document Microsoft Office Outlook - Memo Style owned by Bee failed
    to print on printer Lexmark 8300 Series. Data type: LEMF. Size of the spool file
    in bytes: 1345548. Number of bytes printed: 1345548. Total number of pages in the
    document: 4. Number of pages printed: 0. Client machine: \\CAD. Win32 error code
    returned by the print processor: 0 (0x0).

    Error - 8/27/2010 7:56:50 AM | Computer Name = CAD | Source = Service Control Manager | ID = 7034
    Description = The lxcj_device service terminated unexpectedly. It has done this
    1 time(s).

    Error - 8/27/2010 7:56:50 AM | Computer Name = CAD | Source = Service Control Manager | ID = 7034
    Description = The NVIDIA Display Driver Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 8/27/2010 8:00:06 AM | Computer Name = CAD | Source = Service Control Manager | ID = 7023
    Description = The texuzwhme service terminated with the following error: %%126

    Error - 8/27/2010 9:02:22 AM | Computer Name = CAD | Source = Service Control Manager | ID = 7023
    Description = The texuzwhme service terminated with the following error: %%126

    Error - 8/27/2010 9:03:35 AM | Computer Name = CAD | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
    Service service to connect.

    Error - 8/27/2010 9:03:35 AM | Computer Name = CAD | Source = Service Control Manager | ID = 7000
    Description = The Application Layer Gateway Service service failed to start due
    to the following error: %%1053

    Error - 8/27/2010 9:20:50 AM | Computer Name = CAD | Source = Service Control Manager | ID = 7023
    Description = The texuzwhme service terminated with the following error: %%126

    Error - 8/28/2010 2:25:18 AM | Computer Name = CAD | Source = Service Control Manager | ID = 7023
    Description = The texuzwhme service terminated with the following error: %%126

    Error - 8/28/2010 2:25:19 AM | Computer Name = CAD | Source = sr | ID = 1
    Description = The System Restore filter encountered the unexpected error '0xC0000001'
    while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
    the volume.


    < End of report >
     
  21. crunchie

    crunchie Malware Helper Posts: 728

    Ok. Can you let me know what problems you are still having please.

    ==

    Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.
    • You will need to use Internet Explorer to complete this scan.
    • You will need to temporarily Disable your current Anti-virus program.
    • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
    • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

    NOTE: If you are unable to complete the ESET scan, please try another from the list below:

     
  22. WillCom

    WillCom TS Rookie Topic Starter Posts: 31

    the pc still extremely slow,take forever to open apps.
    so far havent had that error,dont want to speak to soon though...will keep you updated on what the pc does,any funny things of some sort...

    Thanks Alot for your time and effort in helping me!
     
  23. crunchie

    crunchie Malware Helper Posts: 728

    Ok. post the results of the on-line scan and we will see what else we can look at.
     
  24. WillCom

    WillCom TS Rookie Topic Starter Posts: 31

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    esets_scanner_update returned -1 esets_gle=36882
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=d3734ed4f5a57341ac95c18b7f72f4ac
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-08-29 09:04:49
    # local_time=2010-08-29 11:04:49 (+0200, South Africa Standard Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=2053 16776869 100 97 942 203553384 0 0
    # compatibility_mode=8192 67108863 100 0 9192 9192 0 0
    # scanned=38699
    # found=0
    # cleaned=0
    # scan_time=2289
     
  25. WillCom

    WillCom TS Rookie Topic Starter Posts: 31

    What did you study to be able to help yourself in so much depth?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...