Dang. I'm sure this is some sort of rootkit. (TDL4?) It's not the first time I've had one of these buggers, and I've grown pretty good at spotting it when one of these is trying to force it's way in. And I've gotten good at getting rid of these sort of critters. Honest. But this time it deployed while my back was turned, and it had plenty of time to do it's dirty work. By the time I noticed anything was wrong, (a blue screen of death was the first clue), it was too late.
Google redirects, OS behaving oddly, programs won't start (Malwarebytes shut itself off, etc.) , all the signs of a rootkit.
I spent some time trying to get rid of it myself, and I did manage to bring the machine back to life, using Malwarebytes and Kapersky virus removerthingy. It showed several examples of the same rootkit, "patched.mf" somethingorother, and did get them out.
BUT,.... I realize that in the process I've got it at the point now where I do need the help of someone like you- so here I am. (I think in removing the bad stuff it yanked out some good stuff.)
----------> So in a word, .... "Help." (Or rather, "Please help.")
I can see that the virus is still lurking in my machine, and I need to get it out. Then no doubt I need to fix some damage that it caused. I know it would prolly be better to re-install the OS, but I've been to that rodeo before and I know it's no fun to re-install everything and for months afterward realize there are things I'm missing. Rather try to bring it back to life with your help. I have confidence that someone who knows what they are doing can help me to get this box back to running well.
For starters, these are some immediate problems that I need to fix:
1.) Can't run a lot of programs. I get the dreaded, "can't access that program", "perhaps you don't have permission" popup.
2.) There are still lots of nasty looking files and registry horrors hiding deep inside my system.
3.) Can't get online. (See #1 above.) Can't even get at the Windows firewall in Control Panel. ("don't have permission, blah-blah".) I am using another machine to post here, and a flash drive to go from one machine to the other as needed.
I am running Windows XP, SP2
Here is my log. (Yikes. There are some scary looking things in there. Did I mention, "Please help"? :-)
OTL logfile created on: 8/20/2011 5:01:05 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\steve\Desktop\geekstogo
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1022.11 Mb Total Physical Memory | 704.54 Mb Available Physical Memory | 68.93% Memory free
2.40 Gb Paging File | 2.21 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.18 Gb Total Space | 7.58 Gb Free Space | 6.94% Space Free | Partition Type: NTFS
Computer Name: D6YKGDD1 | User Name: steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/08/20 16:44:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\steve\Desktop\geekstogo\OTL.com
PRC - [2009/03/03 13:50:33 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/06/06 16:28:18 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/05/14 15:23:32 | 001,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/11/02 15:05:50 | 000,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2005/09/23 23:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2005/07/22 23:25:06 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2005/07/22 23:25:04 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2007/06/06 16:35:02 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2007/06/06 16:34:54 | 001,474,560 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2007/05/14 15:24:00 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2007/05/09 15:59:44 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2005/10/13 14:53:36 | 000,090,223 | ---- | M] () -- C:\Program Files\Dell\QuickSet\preflibcl.dll
MOD - [2005/06/28 13:59:48 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (wltrysvc)
SRV - File not found [Auto | Stopped] -- -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - File not found [Auto | Stopped] -- -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [On_Demand | Stopped] -- -- ({84618CD0-BA25-43A1-B97EB2A93FB2C99E})
SRV - [2007/08/09 08:37:20 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
========== Driver Services (SafeList) ==========
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\steve\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\steve\Local Settings\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)
DRV - [2007/06/06 16:28:16 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/05/09 15:59:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/05/08 22:49:02 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/05/08 22:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/08 22:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/08 22:46:06 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/04/23 22:15:46 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/04/23 22:15:46 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/04/23 22:15:44 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/18 20:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/11/02 13:31:38 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2005/11/17 04:33:52 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/02/16 17:51:26 | 000,016,128 | ---- | M] (Digital Networks North America, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RIOUNIV.SYS -- (RIOUNIV)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.stevefisk.../work_start.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51677
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3D7C3E1-0A58-4A19-BEFF-2A8C2E7E65DE}: C:\Documents and Settings\steve\Local Settings\Application Data\{C3D7C3E1-0A58-4A19-BEFF-2A8C2E7E65DE}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/02 18:53:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/02 18:53:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/09/03 11:57:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2009/05/29 17:24:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\steve\Application Data\Mozilla\Extensions
[2011/08/17 03:15:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\steve\Application Data\Mozilla\Firefox\Profiles\mcfmaym4.default\extensions
[2011/08/02 18:54:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\steve\Application Data\Mozilla\Firefox\Profiles\mcfmaym4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/02 18:47:43 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\steve\Application Data\Mozilla\Firefox\Profiles\mcfmaym4.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011/08/02 18:51:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/19 18:29:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/07/08 03:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/19 18:29:14 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/01/19 14:38:58 | 000,000,211 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk = C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe ()
O4 - Startup: C:\Documents and Settings\steve\Start Menu\Programs\Startup\Shortcut to SDMain.lnk = C:\Program Files\Spybot - Search & Destroy\SDMain.exe (Safer Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\eooggtfb: DllName - fdplcjm.dll - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{72263b6e-4572-11dc-9350-001c2387e9ba}\Shell\AutoRun\command - "" = E:\PCConnect.exe
O33 - MountPoints2\{c93fb507-07b6-11de-935e-001c2387e9ba}\Shell - "" = AutoRun
O33 - MountPoints2\{c93fb507-07b6-11de-935e-001c2387e9ba}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c93fb507-07b6-11de-935e-001c2387e9ba}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/08/20 16:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Desktop\geekstogo
[2011/08/19 20:20:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\steve\Start Menu\Programs\Administrative Tools
[2011/08/19 20:20:42 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\steve\Desktop\dds.scr
[2011/08/19 19:53:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Desktop\bleeping
[2011/08/18 13:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/08/18 07:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/08/18 07:12:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/08/18 03:18:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Desktop\dell-project
[2011/08/18 03:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Desktop\New Folder
[2011/08/18 02:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Desktop\New Folder (3)
[2011/08/17 22:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Start Menu\Programs\RegCure
[2011/08/17 22:19:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RegCure
[2011/08/17 13:34:48 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/08/17 12:59:11 | 000,000,000 | ---D | C] -- C:\MGtools
[2011/08/17 12:56:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Application Data\SUPERAntiSpyware.com
[2011/08/17 12:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/08/17 12:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/08/17 12:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/17 12:42:12 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\steve\Desktop\RootRepeal.exe
[2011/08/17 12:26:44 | 012,483,776 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\steve\Desktop\SUPERAntiSpyware.exe
[2011/08/17 12:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Desktop\showthread.php_files
[2011/08/17 11:28:15 | 000,000,000 | ---D | C] -- C:\Avenger
[2011/08/17 03:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/08/17 03:51:56 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\steve\Desktop\esetsmartinstaller_enu.exe
[2011/08/17 03:41:07 | 000,309,320 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys
[2011/08/17 03:39:32 | 007,045,869 | ---- | C] (BitDefender LLC) -- C:\Documents and Settings\steve\Desktop\BDRemovalTool_TDSS_TDL4__x86.exe
[2011/08/17 03:19:01 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/08/17 02:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2011/08/17 02:48:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\steve\Recent
[2011/08/17 01:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Desktop\tdsskiller
[2011/08/16 19:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/16 17:02:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pL15401GdHlG15401
[2011/08/16 16:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Local Settings\Application Data\{2A114C1F-D940-41CF-8EE7-977EEAF395AA}
[2011/08/10 00:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Desktop\Copy of New Folder (2)
[2011/08/10 00:42:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Desktop\New Folder (2)
[2011/08/09 19:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/08/09 19:09:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/08/09 19:08:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2011/08/09 19:07:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Local Settings\Application Data\Temp
[2011/08/09 19:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/08/09 19:06:38 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/08/09 19:06:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Local Settings\Application Data\Google
[2011/08/03 17:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\dwhelper
[2011/08/02 18:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Desktop\8-2
[2011/07/26 17:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\steve\Desktop\7-26
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/08/20 17:00:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/08/20 16:56:34 | 000,041,335 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/08/20 16:56:27 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/20 16:55:52 | 1071,837,184 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/20 09:18:12 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/19 20:18:52 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\steve\Desktop\dds.scr
[2011/08/19 19:59:34 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\steve\defogger_reenable
[2011/08/18 15:27:54 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\Shortcut to firefox.lnk
[2011/08/18 15:27:01 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\Shortcut to mbam.lnk
[2011/08/18 15:09:26 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\steve\Start Menu\Programs\Startup\Shortcut to SDMain.lnk
[2011/08/18 14:30:10 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/18 13:27:09 | 000,000,653 | ---- | M] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2011/08/18 13:13:42 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/08/18 13:13:42 | 000,000,844 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\Spybot - Search & Destroy.lnk
[2011/08/18 10:00:10 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\Shortcut to SDMain.lnk
[2011/08/18 08:40:08 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2011/08/18 08:36:49 | 000,001,409 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\settings.dat
[2011/08/18 08:36:49 | 000,000,111 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\dht.dat
[2011/08/18 08:36:49 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\rss.dat
[2011/08/18 08:34:25 | 000,000,058 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\resume.dat.old
[2011/08/18 08:03:54 | 000,135,168 | ---- | M] () -- C:\zip.exe
[2011/08/18 08:03:54 | 000,019,286 | ---- | M] () -- C:\cleanup.exe
[2011/08/18 08:03:54 | 000,000,574 | ---- | M] () -- C:\cleanup.bat
[2011/08/18 07:33:12 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/18 06:27:28 | 000,000,015 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\settings.dat.old
[2011/08/18 05:58:03 | 000,043,084 | ---- | M] () -- C:\Documents and Settings\steve\My Documents\cc_20110818_055739.reg
[2011/08/18 03:30:34 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\exefix_xp.com
[2011/08/18 02:34:16 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\sdsetup_revwire207.exe
[2011/08/17 17:09:49 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
[2011/08/17 13:41:52 | 000,043,408 | -HS- | M] () -- C:\WINDOWS\System32\c_17975.nl_
[2011/08/17 13:34:30 | 004,175,495 | R--- | M] () -- C:\Documents and Settings\steve\Desktop\ComboFix.exe
[2011/08/17 13:23:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\2363981562
[2011/08/17 13:20:40 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\avenger.zip
[2011/08/17 13:03:03 | 016,941,112 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\SAS_75270.COM
[2011/08/17 12:59:04 | 002,419,140 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\MGtools.exe
[2011/08/17 12:56:40 | 000,001,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/17 12:53:33 | 000,068,684 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\GooredFix_d7057.html
[2011/08/17 12:31:35 | 102,578,536 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\setup_11.0.0.1245.x01_2011_08_17_13_14.exe
[2011/08/17 12:31:33 | 012,483,776 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\steve\Desktop\SUPERAntiSpyware.exe
[2011/08/17 12:24:13 | 000,465,298 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\RootRepeal.rar
[2011/08/17 12:15:46 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\MBRCheck.exe
[2011/08/17 12:02:18 | 000,091,877 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\showthread.php.htm
[2011/08/17 11:30:41 | 000,309,320 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\TrufosAlt.sys
[2011/08/17 03:52:21 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\steve\Desktop\esetsmartinstaller_enu.exe
[2011/08/17 03:49:38 | 000,000,345 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\rkill.pif.htm
[2011/08/17 03:47:28 | 001,404,720 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\TDSSKiller.exe
[2011/08/17 03:40:55 | 007,045,869 | ---- | M] (BitDefender LLC) -- C:\Documents and Settings\steve\Desktop\BDRemovalTool_TDSS_TDL4__x86.exe
[2011/08/17 02:59:14 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2011/08/17 02:54:01 | 000,000,459 | ---- | M] () -- C:\Documents and Settings\steve\Application Data\Microsoft\Internet Explorer\Quick Launch\RegCure.lnk
[2011/08/17 02:54:01 | 000,000,441 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2011/08/17 01:57:05 | 001,388,507 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\tdsskiller.zip
[2011/08/17 00:47:23 | 000,010,120 | ---- | M] () -- C:\Documents and Settings\steve\My Documents\cc_20110817_004708.reg
[2011/08/16 23:43:06 | 000,041,335 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/08/09 19:09:15 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/08/09 19:08:46 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/08/09 19:08:46 | 000,001,798 | ---- | M] () -- C:\Documents and Settings\steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/23 10:56:25 | 000,001,641 | ---- | M] () -- C:\Documents and Settings\steve\Desktop\Firefox Profile Manager.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/08/19 19:59:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\steve\defogger_reenable
[2011/08/18 15:27:54 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\Shortcut to firefox.lnk
[2011/08/18 15:27:01 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\Shortcut to mbam.lnk
[2011/08/18 15:09:26 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\steve\Start Menu\Programs\Startup\Shortcut to SDMain.lnk
[2011/08/18 14:28:24 | 000,001,917 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/08/18 13:27:09 | 000,000,653 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2011/08/18 13:13:42 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/08/18 13:13:42 | 000,000,844 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\Spybot - Search & Destroy.lnk
[2011/08/18 10:00:10 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\Shortcut to SDMain.lnk
[2011/08/18 09:35:57 | 1071,837,184 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/18 08:40:08 | 000,004,128 | ---- | C] () -- C:\INFCACHE.1
[2011/08/18 08:36:49 | 000,000,111 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\dht.dat
[2011/08/18 08:36:49 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\rss.dat
[2011/08/18 08:24:24 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\resume.dat.old
[2011/08/18 07:59:34 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\sdsetup_revwire207.exe
[2011/08/18 05:57:42 | 000,043,084 | ---- | C] () -- C:\Documents and Settings\steve\My Documents\cc_20110818_055739.reg
[2011/08/18 03:42:47 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\exefix_xp.com
[2011/08/17 13:33:47 | 004,175,495 | R--- | C] () -- C:\Documents and Settings\steve\Desktop\ComboFix.exe
[2011/08/17 13:21:55 | 000,135,168 | ---- | C] () -- C:\zip.exe
[2011/08/17 13:21:55 | 000,019,286 | ---- | C] () -- C:\cleanup.exe
[2011/08/17 13:21:55 | 000,000,574 | ---- | C] () -- C:\cleanup.bat
[2011/08/17 13:20:35 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\avenger.zip
[2011/08/17 12:59:54 | 016,941,112 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\SAS_75270.COM
[2011/08/17 12:58:35 | 002,419,140 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\MGtools.exe
[2011/08/17 12:56:40 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/17 12:53:32 | 000,068,684 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\GooredFix_d7057.html
[2011/08/17 12:42:19 | 000,001,409 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\settings.dat
[2011/08/17 12:42:19 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\settings.dat.old
[2011/08/17 12:24:11 | 000,465,298 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\RootRepeal.rar
[2011/08/17 12:15:49 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\MBRCheck.exe
[2011/08/17 12:09:18 | 102,578,536 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\setup_11.0.0.1245.x01_2011_08_17_13_14.exe
[2011/08/17 12:02:17 | 000,091,877 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\showthread.php.htm
[2011/08/17 03:49:37 | 000,000,345 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\rkill.pif.htm
[2011/08/17 03:23:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\2363981562
[2011/08/17 02:54:12 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/08/17 02:54:06 | 000,000,372 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2011/08/17 02:54:01 | 000,000,459 | ---- | C] () -- C:\Documents and Settings\steve\Application Data\Microsoft\Internet Explorer\Quick Launch\RegCure.lnk
[2011/08/17 02:54:01 | 000,000,441 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2011/08/17 01:57:03 | 001,388,507 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\tdsskiller.zip
[2011/08/17 00:47:11 | 000,010,120 | ---- | C] () -- C:\Documents and Settings\steve\My Documents\cc_20110817_004708.reg
[2011/08/16 19:39:10 | 000,043,408 | -HS- | C] () -- C:\WINDOWS\System32\c_17975.nl_
[2011/08/09 19:09:15 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/08/09 19:08:46 | 000,001,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/08/09 19:08:46 | 000,001,798 | ---- | C] () -- C:\Documents and Settings\steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/09 19:07:04 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/09 19:07:03 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/23 10:35:51 | 000,001,641 | ---- | C] () -- C:\Documents and Settings\steve\Desktop\Firefox Profile Manager.lnk
[2011/07/15 19:10:34 | 000,001,530 | -HS- | C] () -- C:\Documents and Settings\steve\Local Settings\Application Data\34wv7hh1k0014ag643xvy71h0x2bc64rq475obl6
[2011/07/15 19:10:34 | 000,001,530 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\34wv7hh1k0014ag643xvy71h0x2bc64rq475obl6
[2011/07/07 16:48:09 | 000,001,430 | -HS- | C] () -- C:\Documents and Settings\steve\Local Settings\Application Data\1hu4i5i6c1wx6ngdh3brb4vh33mo74i8k66043
[2011/07/07 16:48:09 | 000,001,430 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1hu4i5i6c1wx6ngdh3brb4vh33mo74i8k66043
[2011/06/02 20:02:16 | 000,004,678 | -HS- | C] () -- C:\Documents and Settings\steve\Local Settings\Application Data\647hcv5th6f5utprr43bgqh563kbejcc53b2u7
[2011/06/02 20:02:16 | 000,004,678 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\647hcv5th6f5utprr43bgqh563kbejcc53b2u7
[2011/05/27 19:01:22 | 000,003,616 | -HS- | C] () -- C:\Documents and Settings\steve\Local Settings\Application Data\s7846w86gi86yo4j3444wfp8hl
[2011/05/27 19:01:22 | 000,003,616 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\s7846w86gi86yo4j3444wfp8hl
[2011/05/18 20:18:23 | 000,015,000 | -HS- | C] () -- C:\Documents and Settings\steve\Local Settings\Application Data\ueu4ue45lg20w7c4ddf
[2011/05/18 20:18:23 | 000,015,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ueu4ue45lg20w7c4ddf
[2011/01/14 16:52:21 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/19 16:12:21 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/07/07 13:08:18 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2009/07/07 13:07:36 | 000,000,058 | ---- | C] () -- C:\WINDOWS\EPSPRX580.ini
[2009/07/07 12:28:59 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/07/07 12:28:59 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/07/07 12:28:59 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/07/07 12:28:59 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/07/07 12:28:59 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/07/07 12:28:59 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/07/07 12:28:59 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/07/07 12:28:59 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/07/07 12:28:59 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/07/07 12:28:59 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/07/07 12:28:59 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/07/07 12:28:59 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/07/07 12:28:59 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/07/07 12:28:59 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/07/07 12:28:59 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/07/07 12:28:59 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/06/02 15:59:00 | 000,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2009/06/02 15:46:52 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2009/06/02 15:45:56 | 000,001,393 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2009/06/02 15:45:56 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2009/06/02 15:45:51 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2009/05/19 16:35:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/09 07:51:52 | 000,000,147 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/09 07:10:27 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2009/03/28 17:25:34 | 000,010,756 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2007/12/30 00:32:58 | 000,001,158 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/08/08 01:56:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/07/31 01:41:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/07/31 01:31:34 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2007/07/31 01:27:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/07/31 01:27:04 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/07/31 01:10:21 | 000,041,335 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2007/07/31 01:04:24 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2007/07/31 01:04:23 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/07/31 01:04:05 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/07/31 01:04:05 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/07/31 01:04:05 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/07/31 01:04:04 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/07/31 01:04:04 | 001,018,804 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/07/31 01:04:04 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/07/31 01:04:03 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/07/31 01:04:02 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/07/31 01:04:01 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/07/31 01:03:03 | 000,001,118 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/07/22 23:25:07 | 000,005,428 | ---- | C] () -- C:\WINDOWS\hpfmdl_s04_main.dat
[2005/07/22 23:25:07 | 000,000,362 | ---- | C] () -- C:\WINDOWS\hpfins_s04_main.dat
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,202,528 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,405,878 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,064,262 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:17 | 006,566,656 | ---- | C] () -- C:\WINDOWS\System32\htscxjgq.dat
[2004/08/10 13:51:17 | 000,633,600 | ---- | C] () -- C:\WINDOWS\System32\kbuxwhib.dat
[2004/08/10 13:51:17 | 000,219,392 | ---- | C] () -- C:\WINDOWS\System32\viliuyzf.dat
[2004/08/10 13:51:17 | 000,050,944 | ---- | C] () -- C:\WINDOWS\System32\biooqdck.dat
[2004/08/10 13:51:17 | 000,047,360 | ---- | C] () -- C:\WINDOWS\System32\ingfjqqb.dat
[2004/08/10 13:51:17 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\hyfizoei.dat
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/10 13:50:55 | 000,388,608 | ---- | C] () -- C:\WINDOWS\System32\cmd.exe
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== LOP Check ==========
[2009/07/07 13:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/08/16 19:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pL15401GdHlG15401
[2007/07/31 01:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2010/06/24 18:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/08/18 07:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/03 17:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Canon
[2011/08/09 19:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\FrostWire
[2010/10/13 14:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\GetRightToGo
[2009/06/17 13:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\iccrmbqo
[2011/04/17 14:24:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\StreamTorrent
[2009/04/21 19:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Template
[2011/03/08 18:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\ThumbsPlus
[2007/08/09 08:53:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\steve\Application Data\Thunderbird
[2011/08/17 22:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\uTorrent
[2007/08/09 08:46:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\steve\Application Data\Visicom Media
[2009/05/15 19:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\steve\Application Data\Vso
[2011/08/20 17:00:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2011/08/17 02:59:14 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794
< End of report >