Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #16  
Old January 4th, 2012, 07:52 AM
pcblues pcblues is offline
Senior Member
 
Join Date: Dec 2011
O/S: Windows 7 64-bit
Location: Australia
Posts: 135
Combofix log

Hi Mosaic ,
thanks for getting back to me , here's the Combofix log..

ComboFix 12-01-03.08 - Owner 04/01/2012 16:18:00.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.958.438 [GMT 10:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Sygate Personal Firewall *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Owner\Application Data\dach100.dll
c:\documents and settings\Owner\Application Data\Toolbar4
c:\documents and settings\Owner\Local Settings\Application Data\{98B24BCC-B10A-42B6-8CC6-9C77322986D8}
c:\documents and settings\Owner\Local Settings\Application Data\{98B24BCC-B10A-42B6-8CC6-9C77322986D8}\chrome.manifest
c:\documents and settings\Owner\Local Settings\Application Data\{98B24BCC-B10A-42B6-8CC6-9C77322986D8}\chrome\content\overlay.xul
c:\documents and settings\Owner\Local Settings\Application Data\{98B24BCC-B10A-42B6-8CC6-9C77322986D8}\install.rdf
c:\documents and settings\Owner\My Documents\Légifelvételek az átszakadt gátról.pps
c:\documents and settings\Owner\My Documents\Légifelvételek az átszakadt gátról.pps
c:\documents and settings\Owner\WINDOWS
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\SET9F.tmp
c:\windows\system32\SETA0.tmp
c:\windows\system32\SETA1.tmp
c:\windows\system32\SETA5.tmp
c:\windows\system32\SETA6.tmp
c:\windows\system32\SETA7.tmp
c:\windows\system32\SETAB.tmp
c:\windows\system32\SETAD.tmp
c:\windows\system32\SETDF.tmp
H:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-12-04 to 2012-01-04 )))))))))))))))))))))))))))))))
.
.
2012-01-04 06:27 . 2012-01-04 06:27 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F7E8305-A612-467A-865B-E0DEC3D21701}\offreg.dll
2012-01-04 05:59 . 2011-11-20 16:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F7E8305-A612-467A-865B-E0DEC3D21701}\mpengine.dll
2011-12-30 02:48 . 2011-12-21 07:24 121816 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-12-30 02:48 . 2011-12-21 07:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-30 02:48 . 2011-12-21 04:30 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2011-12-30 02:48 . 2011-12-21 04:30 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2011-12-30 02:48 . 2011-12-21 04:30 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2011-12-30 00:03 . 2011-12-30 00:03 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-15 20:47 . 2011-12-15 20:47 14664 ----a-w- c:\windows\stinger.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-11-23 13:25 . 2004-08-03 13:17 1859584 ------w- c:\windows\system32\win32k.sys
2011-11-20 16:47 . 2010-05-14 23:17 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-18 22:47 . 2011-05-18 00:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20 . 2004-08-03 14:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2004-08-03 14:56 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-03 14:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 11:23 . 2004-08-03 12:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-03 14:56 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-03 14:56 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-03 13:18 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-03 14:56 186880 ------w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2007-07-24 09:56 692736 ----a-w- c:\windows\system32\inetcomm.dll
2007-11-06 07:35 . 2005-02-16 01:06 218112 ------w- c:\program files\HijackThis.exe
2001-12-18 09:27 . 2001-12-18 09:27 221184 ------w- c:\program files\WebCast.dll
2001-12-18 09:26 . 2001-12-18 09:26 274432 ------w- c:\program files\LWebCast.dll
2001-12-18 09:26 . 2001-12-18 09:26 163840 ------w- c:\program files\WebCam.dll
2001-12-18 09:25 . 2001-12-18 09:25 204800 ------w- c:\program files\LWebCam.dll
2001-12-18 09:25 . 2001-12-18 09:25 126976 ------w- c:\program files\WebCamRT.exe
2001-12-18 09:24 . 2001-12-18 09:24 32768 ------w- c:\program files\LWebCamR.dll
2001-12-18 09:24 . 2001-12-18 09:24 98304 ------w- c:\program files\WCStatus.dll
2001-12-18 09:24 . 2001-12-18 09:24 20480 ------w- c:\program files\LWCStatu.dll
2001-12-18 09:23 . 2001-12-18 09:23 57344 ------w- c:\program files\LWCComn.dll
2001-12-18 09:23 . 2001-12-18 09:23 53248 ------w- c:\program files\DualCam.exe
2001-12-18 09:22 . 2001-12-18 09:22 81920 ------w- c:\program files\LDualCam.dll
2001-12-18 09:22 . 2001-12-18 09:22 180224 ------w- c:\program files\WebAlbum.dll
2001-12-18 09:21 . 2001-12-18 09:21 241664 ------w- c:\program files\LWebAlbu.dll
2001-12-18 09:21 . 2001-12-18 09:21 159744 ------w- c:\program files\QCSup.dll
2001-12-18 09:20 . 2001-12-18 09:20 73728 ------w- c:\program files\LQCSup.dll
2001-12-18 09:20 . 2001-12-18 09:20 110592 ------w- c:\program files\VMail.dll
2001-12-18 09:19 . 2001-12-18 09:19 20480 ------w- c:\program files\LogiMail.exe
2001-12-18 09:19 . 2001-12-18 09:19 983040 ------w- c:\program files\LVMail.dll
2001-12-18 09:19 . 2001-12-18 09:19 77824 ------w- c:\program files\LVMComp.dll
2001-12-18 09:18 . 2001-12-18 09:18 20480 ------w- c:\program files\LLVMComp.dll
2001-12-18 09:18 . 2001-12-18 09:18 53248 ------w- c:\program files\LVMAVI.dll
2001-12-18 09:18 . 2001-12-18 09:18 36864 ------w- c:\program files\AOLMWiz.exe
2001-12-18 09:17 . 2001-12-18 09:17 28672 ------w- c:\program files\LAOLMWiz.dll
2001-12-18 09:17 . 2001-12-18 09:17 118784 ------w- c:\program files\Radar.dll
2001-12-18 09:16 . 2001-12-18 09:16 126976 ------w- c:\program files\LRadar.dll
2001-12-18 09:16 . 2001-12-18 09:16 204800 ------w- c:\program files\QuickCam.exe
2001-12-18 09:15 . 2001-12-18 09:15 3641344 ------w- c:\program files\LQuickCa.dll
2001-12-18 09:14 . 2001-12-18 09:14 114688 ------w- c:\program files\Update.dll
2001-12-18 09:13 . 2001-12-18 09:13 36864 ------w- c:\program files\LUpdate.dll
2001-12-18 09:13 . 2001-12-18 09:13 184320 ------w- c:\program files\LIU_UPD.dll
2001-12-18 09:13 . 2001-12-18 09:13 163840 ------w- c:\program files\LIU_PROD.dll
2001-12-18 09:13 . 2001-12-18 09:13 57344 ------w- c:\program files\WaveChk.exe
2001-12-18 09:12 . 2001-12-18 09:12 421888 ------w- c:\program files\LWaveChe.dll
2001-12-18 09:12 . 2001-12-18 09:12 40960 ------w- c:\program files\QCWebPre.ocx
2001-12-18 09:12 . 2001-12-18 09:12 90112 ------w- c:\program files\QCPipe.dll
2001-12-18 09:12 . 2001-12-18 09:12 16384 ------w- c:\program files\LQCPipe.dll
2001-12-18 09:11 . 2001-12-18 09:11 65536 ------w- c:\program files\PUpdate.exe
2001-12-18 09:11 . 2001-12-18 09:11 106496 ------w- c:\program files\QCCtrl.dll
2001-12-18 09:11 . 2001-12-18 09:11 77824 ------w- c:\program files\PicVid.dll
2001-12-18 09:10 . 2001-12-18 09:10 180224 ------w- c:\program files\LPicVid.dll
2001-12-18 09:10 . 2001-12-18 09:10 290816 ------w- c:\program files\QCWebCOM.dll
2001-12-18 09:09 . 2001-12-18 09:09 659456 ------w- c:\program files\LQCWebCo.dll
2001-12-18 09:09 . 2001-12-18 09:09 61440 ------w- c:\program files\FileMenu.dll
2001-12-18 09:08 . 2001-12-18 09:08 20480 ------w- c:\program files\LFileMen.dll
2001-12-18 09:08 . 2001-12-18 09:08 65536 ------w- c:\program files\Edit.dll
2001-12-18 09:08 . 2001-12-18 09:08 32768 ------w- c:\program files\LEdit.dll
2001-12-18 09:08 . 2001-12-18 09:08 512000 ------w- c:\program files\Editor.exe
2001-12-18 09:06 . 2001-12-18 09:06 253952 ------w- c:\program files\LEditor.dll
2001-12-18 09:06 . 2001-12-18 09:06 241664 ------w- c:\program files\Album.dll
2001-12-18 09:05 . 2001-12-18 09:05 225280 ------w- c:\program files\LAlbum.dll
2001-12-18 09:05 . 2001-12-18 09:05 131072 ------w- c:\program files\Anim.dll
2001-12-18 09:05 . 2001-12-18 09:05 1048576 ------w- c:\program files\LAnim.dll
2001-12-18 09:04 . 2001-12-18 09:04 360448 ------w- c:\program files\QCUI.dll
2001-12-18 09:03 . 2001-12-18 09:03 32768 ------w- c:\program files\LQCUI.dll
2001-12-18 08:58 . 2001-12-18 08:58 81920 ------w- c:\program files\QCImage.dll
2001-12-18 08:57 . 2001-12-18 08:57 126976 ------w- c:\program files\LVMMail.dll
2001-12-18 08:56 . 2001-12-18 08:56 28672 ------w- c:\program files\LLVMMail.dll
2001-12-18 08:46 . 2001-12-18 08:46 53248 ------w- c:\program files\AviToRV.dll
2001-12-18 08:39 . 2001-12-18 08:39 58368 ------w- c:\program files\Csh263.dll
2001-12-18 08:39 . 2001-12-18 08:39 23040 ------w- c:\program files\Csa2c.dll
2001-12-18 08:18 . 2001-12-18 08:18 106496 ------w- c:\program files\SLINet.dll
2001-12-18 08:18 . 2001-12-18 08:18 56320 ------w- c:\program files\DSTNCT32.dll
2001-12-18 08:18 . 2001-12-18 08:18 47104 ------w- c:\program files\D32-FW.dll
2001-12-18 08:18 . 2001-12-18 08:18 39936 ------w- c:\program files\GHOST32.exe
2001-05-17 05:45 . 2001-05-17 05:45 90624 ------r- c:\program files\Rv203260.dll
2001-05-17 05:45 . 2001-05-17 05:45 500224 ------r- c:\program files\Rnco3260.dll
2001-05-17 05:45 . 2001-05-17 05:45 41472 ------r- c:\program files\Sdpp3260.dll
2001-05-17 05:45 . 2001-05-17 05:45 329728 ------r- c:\program files\Rmto3260.dll
2001-05-17 05:45 . 2001-05-17 05:45 30208 ------r- c:\program files\Rv103260.dll
2001-05-17 05:45 . 2001-05-17 05:45 28160 ------r- c:\program files\Rn5a3260.dll
2001-05-17 05:45 . 2001-05-17 05:45 17408 ------r- c:\program files\Sipr3260.dll
2001-05-17 05:45 . 2001-05-17 05:45 92672 ------r- c:\program files\Erv13260.dll
2001-05-17 05:45 . 2001-05-17 05:45 521728 ------r- c:\program files\Rmme3260.dll
2001-05-17 05:45 . 2001-05-17 05:45 510976 ------r- c:\program files\Rmbe3260.dll
2001-05-17 05:45 . 2001-05-17 05:45 379904 ------r- c:\program files\Pngu3264.dll
2001-05-17 05:45 . 2001-05-17 05:45 278528 ------r- c:\program files\Pncrt.dll
2001-05-17 05:45 . 2001-05-17 05:45 272384 ------r- c:\program files\Erv23260.dll
2001-05-17 05:45 . 2001-05-17 05:45 11264 ------r- c:\program files\Pnrs3260.dll
2001-05-17 05:45 . 2001-05-17 05:45 84992 ------r- c:\program files\14_43260.dll
2001-05-17 05:45 . 2001-05-17 05:45 78848 ------r- c:\program files\Ednt3260.dll
2001-05-17 05:45 . 2001-05-17 05:45 447488 ------r- c:\program files\Encn3260.dll
2001-05-17 05:45 . 2001-05-17 05:45 44032 ------r- c:\program files\28_83260.dll
2001-05-17 05:45 . 2001-05-17 05:45 30208 ------r- c:\program files\Auth3260.dll
2001-05-17 05:45 . 2001-05-17 05:45 25088 ------r- c:\program files\Cook3260.dll
2001-05-17 05:45 . 2001-05-17 05:45 23552 ------r- c:\program files\Cokr3260.dll
2001-05-17 05:45 . 2001-05-17 05:45 23552 ------r- c:\program files\Basc3260.dll
2011-12-21 07:24 . 2011-12-30 02:48 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
Reply With Quote


  #17  
Old January 4th, 2012, 07:53 AM
pcblues pcblues is offline
Senior Member
 
Join Date: Dec 2011
O/S: Windows 7 64-bit
Location: Australia
Posts: 135
combofix cont

*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 86016]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-08 15:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-03-12 03:49 153136 ------w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2004-01-14 01:10 409600 ------w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-08-12 11:44 133104 -----tw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-03-09 09:10 11776 ----a-w- c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2005-03-09 09:10 110592 ----a-w- c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 08:53 153136 ------w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"MDM"=2 (0x2)
"!SASCORE"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:*:Disabled:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:*:Disabled:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [28/02/2011 5:07 PM 64288]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/01/2008 8:06 PM 21632]
S1 MpKsl0442624c;MpKsl0442624c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DBE42E5B-3E7A-4818-B500-2FEF3A40B542}\MpKsl0442624c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DBE42E5B-3E7A-4818-B500-2FEF3A40B542}\MpKsl0442624c.sys [?]
S1 MpKsl04d714fe;MpKsl04d714fe;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F057A188-86BC-4FFC-B3A3-B0F8A9A5CF03}\MpKsl04d714fe.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F057A188-86BC-4FFC-B3A3-B0F8A9A5CF03}\MpKsl04d714fe.sys [?]
S1 MpKsl04e7a8e6;MpKsl04e7a8e6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78385172-5F18-4CA3-9ECD-F761AC66796D}\MpKsl04e7a8e6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78385172-5F18-4CA3-9ECD-F761AC66796D}\MpKsl04e7a8e6.sys [?]
S1 MpKsl06fe3795;MpKsl06fe3795;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B5F35DFA-EAD4-42CA-9AD6-F87E28003675}\MpKsl06fe3795.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B5F35DFA-EAD4-42CA-9AD6-F87E28003675}\MpKsl06fe3795.sys [?]
S1 MpKsl07051db3;MpKsl07051db3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D52EA41F-EFF2-4DF4-9946-8FD804D7349B}\MpKsl07051db3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D52EA41F-EFF2-4DF4-9946-8FD804D7349B}\MpKsl07051db3.sys [?]
S1 MpKsl0fd00710;MpKsl0fd00710;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{67E63138-B424-4FC0-89B8-CD6007A22E2A}\MpKsl0fd00710.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{67E63138-B424-4FC0-89B8-CD6007A22E2A}\MpKsl0fd00710.sys [?]
S1 MpKsl0fef358b;MpKsl0fef358b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12B7E7BA-BA45-4514-A6FF-1BFF1C45AE28}\MpKsl0fef358b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12B7E7BA-BA45-4514-A6FF-1BFF1C45AE28}\MpKsl0fef358b.sys [?]
S1 MpKsl14725c82;MpKsl14725c82;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC1204A3-49DC-4A7D-A896-79E2DD7F42FC}\MpKsl14725c82.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC1204A3-49DC-4A7D-A896-79E2DD7F42FC}\MpKsl14725c82.sys [?]
S1 MpKsl16d756a0;MpKsl16d756a0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1E110EEB-C94B-4A0D-A4CE-C091F6D8A510}\MpKsl16d756a0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1E110EEB-C94B-4A0D-A4CE-C091F6D8A510}\MpKsl16d756a0.sys [?]
S1 MpKsl170db3c1;MpKsl170db3c1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9411AD19-226D-4528-BFD1-4D3961856961}\MpKsl170db3c1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9411AD19-226D-4528-BFD1-4D3961856961}\MpKsl170db3c1.sys [?]
S1 MpKsl17388059;MpKsl17388059;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CA308C93-9098-453C-B37C-4C90A327D544}\MpKsl17388059.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CA308C93-9098-453C-B37C-4C90A327D544}\MpKsl17388059.sys [?]
S1 MpKsl1a9cd08c;MpKsl1a9cd08c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73543B71-A749-4224-8F5A-7886B107D2D4}\MpKsl1a9cd08c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73543B71-A749-4224-8F5A-7886B107D2D4}\MpKsl1a9cd08c.sys [?]
S1 MpKsl1e5d43c5;MpKsl1e5d43c5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F3BF802-D39F-47CC-B262-5EE2E3B513AF}\MpKsl1e5d43c5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F3BF802-D39F-47CC-B262-5EE2E3B513AF}\MpKsl1e5d43c5.sys [?]
S1 MpKsl1e9e9f23;MpKsl1e9e9f23;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{09BCBF48-1216-419F-B77E-2B26C7796722}\MpKsl1e9e9f23.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{09BCBF48-1216-419F-B77E-2B26C7796722}\MpKsl1e9e9f23.sys [?]
S1 MpKsl2525fa26;MpKsl2525fa26;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0CE80716-B638-45EC-8CA6-BA89CC57BC13}\MpKsl2525fa26.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0CE80716-B638-45EC-8CA6-BA89CC57BC13}\MpKsl2525fa26.sys [?]
S1 MpKsl25ea490b;MpKsl25ea490b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E0084CE-5EBD-43A1-80AD-E4A3A3877F79}\MpKsl25ea490b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E0084CE-5EBD-43A1-80AD-E4A3A3877F79}\MpKsl25ea490b.sys [?]
S1 MpKsl31969fec;MpKsl31969fec;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A57E9AE-1418-4C8A-B36A-68C5E0AA75AF}\MpKsl31969fec.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A57E9AE-1418-4C8A-B36A-68C5E0AA75AF}\MpKsl31969fec.sys [?]
S1 MpKsl32e546cd;MpKsl32e546cd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CD136741-69EA-4A18-A9E0-295FF86A73E4}\MpKsl32e546cd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CD136741-69EA-4A18-A9E0-295FF86A73E4}\MpKsl32e546cd.sys [?]
S1 MpKsl347fd480;MpKsl347fd480;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13B1C30D-B06B-41B9-AEF8-01B75FEC3478}\MpKsl347fd480.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13B1C30D-B06B-41B9-AEF8-01B75FEC3478}\MpKsl347fd480.sys [?]
S1 MpKsl389e5fd3;MpKsl389e5fd3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2BEF926-E1F8-4CD8-A27B-C4DE3EDE9366}\MpKsl389e5fd3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2BEF926-E1F8-4CD8-A27B-C4DE3EDE9366}\MpKsl389e5fd3.sys [?]
S1 MpKsl44382ad0;MpKsl44382ad0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8BF75AE2-B9FB-4ECB-9E85-A4DD8B873313}\MpKsl44382ad0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8BF75AE2-B9FB-4ECB-9E85-A4DD8B873313}\MpKsl44382ad0.sys [?]
S1 MpKsl4581b380;MpKsl4581b380;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{876378CA-6CEB-472A-8D2B-ED05CC8C6371}\MpKsl4581b380.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{876378CA-6CEB-472A-8D2B-ED05CC8C6371}\MpKsl4581b380.sys [?]
S1 MpKsl476dc0a5;MpKsl476dc0a5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D0FA2223-1485-42DC-A636-4FA333182B2D}\MpKsl476dc0a5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D0FA2223-1485-42DC-A636-4FA333182B2D}\MpKsl476dc0a5.sys [?]
S1 MpKsl4a352475;MpKsl4a352475;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2192018D-66AE-4AA8-892A-6D50AB8D13D7}\MpKsl4a352475.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2192018D-66AE-4AA8-892A-6D50AB8D13D7}\MpKsl4a352475.sys [?]
S1 MpKsl4a3e149b;MpKsl4a3e149b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73127315-7B70-4B4C-950B-4BB82F8F0A0C}\MpKsl4a3e149b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73127315-7B70-4B4C-950B-4BB82F8F0A0C}\MpKsl4a3e149b.sys [?]
S1 MpKsl4b432d5f;MpKsl4b432d5f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9D03D915-0FD9-4F43-9260-C8F85F0CA4F9}\MpKsl4b432d5f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9D03D915-0FD9-4F43-9260-C8F85F0CA4F9}\MpKsl4b432d5f.sys [?]
S1 MpKsl4d3b2835;MpKsl4d3b2835;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A333EE50-A3E4-4EEE-8895-6A827C9DA5A1}\MpKsl4d3b2835.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A333EE50-A3E4-4EEE-8895-6A827C9DA5A1}\MpKsl4d3b2835.sys [?]
S1 MpKsl531cdd1b;MpKsl531cdd1b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D4F88B97-7A4B-46E2-9AAE-D3871C49181A}\MpKsl531cdd1b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D4F88B97-7A4B-46E2-9AAE-D3871C49181A}\MpKsl531cdd1b.sys [?]
S1 MpKsl54464d27;MpKsl54464d27;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CFF4B4D1-ABAB-4E68-9F10-2594266067C3}\MpKsl54464d27.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CFF4B4D1-ABAB-4E68-9F10-2594266067C3}\MpKsl54464d27.sys [?]
S1 MpKsl54b2b00a;MpKsl54b2b00a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1E655F2F-68B5-445A-B7F5-985D30394083}\MpKsl54b2b00a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1E655F2F-68B5-445A-B7F5-985D30394083}\MpKsl54b2b00a.sys [?]
S1 MpKsl55176185;MpKsl55176185;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A333EE50-A3E4-4EEE-8895-6A827C9DA5A1}\MpKsl55176185.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A333EE50-A3E4-4EEE-8895-6A827C9DA5A1}\MpKsl55176185.sys [?]
S1 MpKsl58e80e7d;MpKsl58e80e7d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06873E88-92AF-43E8-A544-D8966D30D91C}\MpKsl58e80e7d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06873E88-92AF-43E8-A544-D8966D30D91C}\MpKsl58e80e7d.sys [?]
S1 MpKsl5ff4343d;MpKsl5ff4343d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{779818EB-5AC2-4F6B-977D-DE7807471A29}\MpKsl5ff4343d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{779818EB-5AC2-4F6B-977D-DE7807471A29}\MpKsl5ff4343d.sys [?]
S1 MpKsl63a08d8f;MpKsl63a08d8f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{23D6BDCF-D123-4A0A-9DA7-0CB3A50E6B93}\MpKsl63a08d8f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{23D6BDCF-D123-4A0A-9DA7-0CB3A50E6B93}\MpKsl63a08d8f.sys [?]
S1 MpKsl63d448cd;MpKsl63d448cd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A84E07A1-8B4D-429A-9BEF-FA99B913C155}\MpKsl63d448cd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A84E07A1-8B4D-429A-9BEF-FA99B913C155}\MpKsl63d448cd.sys [?]
S1 MpKsl66d4758f;MpKsl66d4758f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D68669C-1105-4E01-95EB-40D92641CDB9}\MpKsl66d4758f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D68669C-1105-4E01-95EB-40D92641CDB9}\MpKsl66d4758f.sys [?]
S1 MpKsl68794898;MpKsl68794898;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F11742DD-2C9A-44C0-867E-1A5C55A05EB7}\MpKsl68794898.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F11742DD-2C9A-44C0-867E-1A5C55A05EB7}\MpKsl68794898.sys [?]
S1 MpKsl69a89e20;MpKsl69a89e20;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F1C3E15B-EBDF-4DE1-A7B6-1FCFBF2749CC}\MpKsl69a89e20.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F1C3E15B-EBDF-4DE1-A7B6-1FCFBF2749CC}\MpKsl69a89e20.sys [?]
S1 MpKsl7277b35b;MpKsl7277b35b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5E8FC6BD-D0D4-4AB0-BB9B-69D9D6624A7D}\MpKsl7277b35b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5E8FC6BD-D0D4-4AB0-BB9B-69D9D6624A7D}\MpKsl7277b35b.sys [?]
S1 MpKsl74affbca;MpKsl74affbca;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{51BD395A-821D-4830-B9A4-87979AB5C449}\MpKsl74affbca.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{51BD395A-821D-4830-B9A4-87979AB5C449}\MpKsl74affbca.sys [?]
S1 MpKsl7746c900;MpKsl7746c900;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8BF75AE2-B9FB-4ECB-9E85-A4DD8B873313}\MpKsl7746c900.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8BF75AE2-B9FB-4ECB-9E85-A4DD8B873313}\MpKsl7746c900.sys [?]
S1 MpKsl77cfd85a;MpKsl77cfd85a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2B21C7C-A87F-4DBA-AC56-9E93AE1864D1}\MpKsl77cfd85a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2B21C7C-A87F-4DBA-AC56-9E93AE1864D1}\MpKsl77cfd85a.sys [?]
S1 MpKsl780ecef3;MpKsl780ecef3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{77FF2CDE-1FCD-4D62-AA43-DA9329BA9953}\MpKsl780ecef3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{77FF2CDE-1FCD-4D62-AA43-DA9329BA9953}\MpKsl780ecef3.sys [?]
S1 MpKsl79af2e12;MpKsl79af2e12;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{563561D8-E47E-43CD-939A-3D343EDCAB90}\MpKsl79af2e12.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{563561D8-E47E-43CD-939A-3D343EDCAB90}\MpKsl79af2e12.sys [?]
S1 MpKsl828ed4b5;MpKsl828ed4b5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0AB6A7EE-6B93-4041-BDDC-85322B8F9D69}\MpKsl828ed4b5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0AB6A7EE-6B93-4041-BDDC-85322B8F9D69}\MpKsl828ed4b5.sys [?]
S1 MpKsl82c14685;MpKsl82c14685;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73577042-36AC-4726-AAB4-E6F84321CE3D}\MpKsl82c14685.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73577042-36AC-4726-AAB4-E6F84321CE3D}\MpKsl82c14685.sys [?]
S1 MpKsl8300e066;MpKsl8300e066;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD9F832C-5FC4-4406-A686-69DD8D6758AD}\MpKsl8300e066.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD9F832C-5FC4-4406-A686-69DD8D6758AD}\MpKsl8300e066.sys [?]
S1 MpKsl85d4e895;MpKsl85d4e895;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ADCB5BDF-4662-4394-97DD-9DD45F7C38BF}\MpKsl85d4e895.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ADCB5BDF-4662-4394-97DD-9DD45F7C38BF}\MpKsl85d4e895.sys [?]
S1 MpKsl8b599d77;MpKsl8b599d77;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A84E07A1-8B4D-429A-9BEF-FA99B913C155}\MpKsl8b599d77.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A84E07A1-8B4D-429A-9BEF-FA99B913C155}\MpKsl8b599d77.sys [?]
S1 MpKsl8ef04148;MpKsl8ef04148;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65185880-8ADF-4A07-BA7E-0FBA16E1C96A}\MpKsl8ef04148.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65185880-8ADF-4A07-BA7E-0FBA16E1C96A}\MpKsl8ef04148.sys [?]
S1 MpKsl8f1a0ffc;MpKsl8f1a0ffc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8B61C390-81FB-4148-8734-D7CB00AA8653}\MpKsl8f1a0ffc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8B61C390-81FB-4148-8734-D7CB00AA8653}\MpKsl8f1a0ffc.sys [?]
S1 MpKsl9381ffdf;MpKsl9381ffdf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC9CE89A-A10C-41B4-B9B5-6400805F795D}\MpKsl9381ffdf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CC9CE89A-A10C-41B4-B9B5-6400805F795D}\MpKsl9381ffdf.sys [?]
S1 MpKsl949d035b;MpKsl949d035b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{225991F4-9807-4EBA-820B-819A25A825BF}\MpKsl949d035b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{225991F4-9807-4EBA-820B-819A25A825BF}\MpKsl949d035b.sys [?]
S1 MpKsl97d768a8;MpKsl97d768a8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{627AC2B5-1926-4AA0-B352-32690B06B5A6}\MpKsl97d768a8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{627AC2B5-1926-4AA0-B352-32690B06B5A6}\MpKsl97d768a8.sys [?]
S1 MpKsl99fb742d;MpKsl99fb742d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73543B71-A749-4224-8F5A-7886B107D2D4}\MpKsl99fb742d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{73543B71-A749-4224-8F5A-7886B107D2D4}\MpKsl99fb742d.sys [?]
S1 MpKsla06baf18;MpKsla06baf18;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AC2B1B64-07DC-4445-9C7D-69FB3A3D33D3}\MpKsla06baf18.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AC2B1B64-07DC-4445-9C7D-69FB3A3D33D3}\MpKsla06baf18.sys [?]
S1 MpKsla4199e76;MpKsla4199e76;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{08E39082-FD73-442B-8028-47D179D3824E}\MpKsla4199e76.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{08E39082-FD73-442B-8028-47D179D3824E}\MpKsla4199e76.sys [?]
S1 MpKsla67c915e;MpKsla67c915e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{71F8CBEE-E893-4973-974F-B989F38107B9}\MpKsla67c915e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{71F8CBEE-E893-4973-974F-B989F38107B9}\MpKsla67c915e.sys [?]
S1 MpKsla9b69f0b;MpKsla9b69f0b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C491561-7EFD-4FD2-8D9A-246F7DFC98BB}\MpKsla9b69f0b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C491561-7EFD-4FD2-8D9A-246F7DFC98BB}\MpKsla9b69f0b.sys [?]
S1 MpKslab914ad3;MpKslab914ad3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{74095CF3-68EE-4CDB-9FBA-14FD3589582C}\MpKslab914ad3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{74095CF3-68EE-4CDB-9FBA-14FD3589582C}\MpKslab914ad3.sys [?]
S1 MpKslac37ab63;MpKslac37ab63;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B31C48D-298A-4A5B-90E4-2E8A0F441FC2}\MpKslac37ab63.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B31C48D-298A-4A5B-90E4-2E8A0F441FC2}\MpKslac37ab63.sys [?]
S1 MpKslb017db8e;MpKslb017db8e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65A33B11-BAAA-4911-B6EB-8CD29632E11F}\MpKslb017db8e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65A33B11-BAAA-4911-B6EB-8CD29632E11F}\MpKslb017db8e.sys [?]
S1 MpKslb7b0eec0;MpKslb7b0eec0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CFF3385F-64E8-4798-B4D1-8502B9F4A7C7}\MpKslb7b0eec0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CFF3385F-64E8-4798-B4D1-8502B9F4A7C7}\MpKslb7b0eec0.sys [?]
S1 MpKslb90720e9;MpKslb90720e9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9411AD19-226D-4528-BFD1-4D3961856961}\MpKslb90720e9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9411AD19-226D-4528-BFD1-4D3961856961}\MpKslb90720e9.sys [?]
S1 MpKslba402bc1;MpKslba402bc1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04BA5035-14E5-4D8F-877C-84A6E80ACE5C}\MpKslba402bc1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04BA5035-14E5-4D8F-877C-84A6E80ACE5C}\MpKslba402bc1.sys [?]
S1 MpKslbd638e8f;MpKslbd638e8f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A95F77FC-B515-4F75-A671-7AB342666345}\MpKslbd638e8f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A95F77FC-B515-4F75-A671-7AB342666345}\MpKslbd638e8f.sys [?]
S1 MpKslc1b88511;MpKslc1b88511;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0012149C-998D-4A62-9AF9-8A911EC2E173}\MpKslc1b88511.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0012149C-998D-4A62-9AF9-8A911EC2E173}\MpKslc1b88511.sys [?]
S1 MpKslc8a89a79;MpKslc8a89a79;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{86045522-88E4-457C-9765-623151C97077}\MpKslc8a89a79.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{86045522-88E4-457C-9765-623151C97077}\MpKslc8a89a79.sys [?]
S1 MpKslc9988885;MpKslc9988885;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{698005E9-D368-4FB2-BAA4-E077E34F884C}\MpKslc9988885.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{698005E9-D368-4FB2-BAA4-E077E34F884C}\MpKslc9988885.sys [?]
S1 MpKslcb4215d8;MpKslcb4215d8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A95F77FC-B515-4F75-A671-7AB342666345}\MpKslcb4215d8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A95F77FC-B515-4F75-A671-7AB342666345}\MpKslcb4215d8.sys [?]
S1 MpKslcd879e77;MpKslcd879e77;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD9F832C-5FC4-4406-A686-69DD8D6758AD}\MpKslcd879e77.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD9F832C-5FC4-4406-A686-69DD8D6758AD}\MpKslcd879e77.sys [?]
S1 MpKslce5f8911;MpKslce5f8911;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0012149C-998D-4A62-9AF9-8A911EC2E173}\MpKslce5f8911.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0012149C-998D-4A62-9AF9-8A911EC2E173}\MpKslce5f8911.sys [?]
S1 MpKslcebf61ac;MpKslcebf61ac;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD946BD3-F7B2-426D-8DC6-8DA3DE26769F}\MpKslcebf61ac.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD946BD3-F7B2-426D-8DC6-8DA3DE26769F}\MpKslcebf61ac.sys [?]
S1 MpKslcee42b1a;MpKslcee42b1a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F54EE5AD-869C-4DB9-89E2-1EF4C02FB0F4}\MpKslcee42b1a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F54EE5AD-869C-4DB9-89E2-1EF4C02FB0F4}\MpKslcee42b1a.sys [?]
S1 MpKsld214dea7;MpKsld214dea7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{52D95736-FC3E-45B4-8AB3-441A3609C83C}\MpKsld214dea7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{52D95736-FC3E-45B4-8AB3-441A3609C83C}\MpKsld214dea7.sys [?]
S1 MpKsld3324570;MpKsld3324570;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E0E75FEA-3CE0-41DB-84EF-467F2A9E6FE4}\MpKsld3324570.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E0E75FEA-3CE0-41DB-84EF-467F2A9E6FE4}\MpKsld3324570.sys [?]
S1 MpKsld37df071;MpKsld37df071;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B5C7C971-81FF-41A1-82AF-7814ADF1930F}\MpKsld37df071.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B5C7C971-81FF-41A1-82AF-7814ADF1930F}\MpKsld37df071.sys [?]
S1 MpKsld5cb1f02;MpKsld5cb1f02;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{35BBC291-8B5E-4611-BE7E-8141EF98BDB1}\MpKsld5cb1f02.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{35BBC291-8B5E-4611-BE7E-8141EF98BDB1}\MpKsld5cb1f02.sys [?]
S1 MpKsld72f371c;MpKsld72f371c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7A14661E-B9D3-41C8-A6E1-3C8C8B5FBF60}\MpKsld72f371c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7A14661E-B9D3-41C8-A6E1-3C8C8B5FBF60}\MpKsld72f371c.sys [?]
S1 MpKsld85dca15;MpKsld85dca15;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BABD71A5-44C6-48D8-8FB8-45BCAEBC8457}\MpKsld85dca15.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BABD71A5-44C6-48D8-8FB8-45BCAEBC8457}\MpKsld85dca15.sys [?]
S1 MpKsld9902cf3;MpKsld9902cf3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2BEF926-E1F8-4CD8-A27B-C4DE3EDE9366}\MpKsld9902cf3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2BEF926-E1F8-4CD8-A27B-C4DE3EDE9366}\MpKsld9902cf3.sys [?]
S1 MpKslda21f164;MpKslda21f164;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD9F832C-5FC4-4406-A686-69DD8D6758AD}\MpKslda21f164.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD9F832C-5FC4-4406-A686-69DD8D6758AD}\MpKslda21f164.sys [?]
S1 MpKsldb862bb4;MpKsldb862bb4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E117128-EFEF-4CC4-8F15-1C85FD0FADB1}\MpKsldb862bb4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E117128-EFEF-4CC4-8F15-1C85FD0FADB1}\MpKsldb862bb4.sys [?]
S1 MpKsldcba8684;MpKsldcba8684;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3ACAA8DB-DE9D-441A-9533-A4902092204C}\MpKsldcba8684.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3ACAA8DB-DE9D-441A-9533-A4902092204C}\MpKsldcba8684.sys [?]
S1 MpKsle35b8dc1;MpKsle35b8dc1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E286A830-A000-47FB-9FBF-57725A94CB6C}\MpKsle35b8dc1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E286A830-A000-47FB-9FBF-57725A94CB6C}\MpKsle35b8dc1.sys [?]
S1 MpKsle4bc8eb4;MpKsle4bc8eb4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96356D5F-481E-4420-84CD-96A72CC45580}\MpKsle4bc8eb4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{96356D5F-481E-4420-84CD-96A72CC45580}\MpKsle4bc8eb4.sys [?]
S1 MpKsle617bb7a;MpKsle617bb7a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2B21C7C-A87F-4DBA-AC56-9E93AE1864D1}\MpKsle617bb7a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2B21C7C-A87F-4DBA-AC56-9E93AE1864D1}\MpKsle617bb7a.sys [?]
S1 MpKsleabf6615;MpKsleabf6615;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED3E375E-5EA9-4C8F-A0A0-B6CDBB315CD8}\MpKsleabf6615.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED3E375E-5EA9-4C8F-A0A0-B6CDBB315CD8}\MpKsleabf6615.sys [?]
S1 MpKslf01453fe;MpKslf01453fe;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B5F35DFA-EAD4-42CA-9AD6-F87E28003675}\MpKslf01453fe.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B5F35DFA-EAD4-42CA-9AD6-F87E28003675}\MpKslf01453fe.sys [?]
S1 MpKslf084c8c9;MpKslf084c8c9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{01CA3F70-C35C-4CB5-95B1-6B437A37DE6D}\MpKslf084c8c9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{01CA3F70-C35C-4CB5-95B1-6B437A37DE6D}\MpKslf084c8c9.sys [?]
S1 MpKslf1dec2d3;MpKslf1dec2d3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B6C39D18-9E6F-4D4D-AE53-B62B08030847}\MpKslf1dec2d3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B6C39D18-9E6F-4D4D-AE53-B62B08030847}\MpKslf1dec2d3.sys [?]
S1 MpKslfc0fdf81;MpKslfc0fdf81;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{25C5754A-D28A-4B90-8FA8-85316B13793E}\MpKslfc0fdf81.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{25C5754A-D28A-4B90-8FA8-85316B13793E}\MpKslfc0fdf81.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [29/07/2010 12:25 AM 25112]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revofl t.sys [26/06/2010 9:55 AM 27064]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
S4 !SASCORE;SAS Core Service;"c:\program files\SUPERAntiSpyware\SASCORE.EXE" --> c:\program files\SUPERAntiSpyware\SASCORE.EXE [?]
S4 gupdate1c9eed8d4f11bcc;Google Update Service (gupdate1c9eed8d4f11bcc);c:\program files\Google\Update\GoogleUpdate.exe [17/06/2009 9:18 AM 133104]
.
Contents of the 'Scheduled Tasks' folder
.
2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 23:18]
.
2010-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca545 faa06ed8c.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 23:18]
.
2010-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-790525478-839522115-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-12 11:44]
.
2010-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-790525478-839522115-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-12 11:44]
.
2012-01-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 05:39]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\labmfapn.default\
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
MSConfigStartUp-CTFMON - (no file)
MSConfigStartUp-PeerBlock - c:\program files\PeerBlock\peerblock.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-04 16:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\v sdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-117609710-790525478-839522115-1003\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{0AB35367-4185-323A-6D2F-12D373C6AEE8}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaddjdlnhhhanidlpm"=hex:6a,61,67,70,69,64,69,64,6 1,6e,6f,67,70,67,6a,61,64,6f,
66,67,00,f1
"hanchmjjdinddllf"=hex:6b,61,68,70,6f,63,68,64,61, 68,6f,6e,64,6e,66,65,69,67,
66,68,64,6c,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3752)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\SSSensor.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Sygate\SPF\smc.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.ex e
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\StartupMonitor.exe
.
************************************************** ************************
.
Completion time: 2012-01-04 16:38:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-04 06:38
.
Pre-Run: 39,552,266,240 bytes free
Post-Run: 39,709,405,184 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - B9CB154A3F521BBA9FE4A1B7D89E4947
Reply With Quote
  #18  
Old January 4th, 2012, 08:15 AM
pcblues pcblues is offline
Senior Member
 
Join Date: Dec 2011
O/S: Windows 7 64-bit
Location: Australia
Posts: 135
Hello Mosaic ,
Just a note to say that i truly appreciate your help !
I'd love to know the explanation for all these ' new dll' warnings , they don't pop up quite as much as in the beginning ,
but they still come up in spite of the fact that i haven't updated any programs lately.
It amazed me to see several yahoo entries in the log, i have uninstalled yahoo
messenger a long, long time ago and don't use any other yahoo programs.
Anyway , thanks again for your time , awaiting your comments and or recommendations on the Combofix log.
Regards "pcblues"
Reply With Quote
  #19  
Old January 4th, 2012, 08:28 AM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
You're welcome, pcblues.

Quote:
I'd love to know the explanation for all these ' new dll' warnings

Next warning, look closely at the title bar in the message box with the warning. What does it say?

LOr even better, when the message appears, Press CTRL + C

Then open notepad and paste. This will get the contents of the message box and the title bar. Please post that in its entirety.

We can use otl.exe to do some clean up of anything left behind. Please run a new scan and post the log. There will not be an extras.txt this time.
Reply With Quote
  #20  
Old January 5th, 2012, 01:24 AM
pcblues pcblues is offline
Senior Member
 
Join Date: Dec 2011
O/S: Windows 7 64-bit
Location: Australia
Posts: 135
new otl scan

OTL logfile created on: 5/01/2012 9:59:09 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

958.36 Mb Total Physical Memory | 524.65 Mb Available Physical Memory | 54.75% Memory free
2.26 Gb Paging File | 1.95 Gb Available in Paging File | 86.25% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 36.02 Gb Free Space | 24.17% Space Free | Partition Type: NTFS
Drive E: | 12.17 Gb Total Space | 4.42 Gb Free Space | 36.31% Space Free | Partition Type: FAT32
Drive F: | 6.45 Gb Total Space | 1.57 Gb Free Space | 24.30% Space Free | Partition Type: FAT32
Drive H: | 2328.76 Gb Total Space | 434.07 Gb Free Space | 18.64% Space Free | Partition Type: NTFS

Computer Name: OWNER-44FFE017E | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/04 22:14:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/09 16:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.ex e
PRC - [2004/10/15 19:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe
PRC - [2000/05/20 17:23:48 | 000,086,016 | ---- | M] () -- C:\WINDOWS\StartupMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2009/11/05 07:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2004/10/15 18:32:20 | 001,385,712 | ---- | M] () -- C:\Program Files\Sygate\SPF\tse.dll
MOD - [2004/10/15 18:32:18 | 000,832,744 | ---- | M] () -- C:\Program Files\Sygate\SPF\SyLink.dll
MOD - [2004/10/15 18:32:12 | 000,890,088 | ---- | M] () -- C:\Program Files\Sygate\SPF\SpNet.dll
MOD - [2000/05/20 17:23:48 | 000,086,016 | ---- | M] () -- C:\WINDOWS\StartupMonitor.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (!SASCORE)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [On_Demand | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.ex e -- (Basics Service)
SRV - [2004/10/15 19:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) [Auto | Running] -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService)


========== Driver Services (SafeList) ==========

DRV - [2012/01/05 09:08:24 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{25EB9D79-1994-4F83-B01A-87495A39F520}\MpKslb487f05e.sys -- (MpKslb487f05e)
DRV - [2011/05/10 12:07:31 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2010/09/23 17:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/07/29 00:25:42 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2009/12/30 12:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/01/14 20:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2006/11/15 16:34:00 | 004,225,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/15 11:38:28 | 000,634,880 | R--- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP)
DRV - [2006/10/18 19:39:58 | 000,017,920 | R--- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2006/10/17 22:22:26 | 000,009,216 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2004/10/15 18:32:44 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys -- (wg6n)
DRV - [2004/10/15 18:32:42 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys -- (wg5n)
DRV - [2004/10/15 18:32:40 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys -- (wg4n)
DRV - [2004/10/15 18:32:38 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n)
DRV - [2004/10/15 18:18:46 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2004/10/15 18:17:02 | 000,060,496 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer)
DRV - [2001/09/24 09:39:18 | 000,010,261 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVBulk.sys -- (LVBulk)
DRV - [2001/09/24 09:38:26 | 000,033,280 | ---- | M] (Logitech Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\LVSound2.sys -- (lusbaudio)
DRV - [2001/09/20 03:39:44 | 000,193,574 | ---- | M] (Tekom Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvvi500a.sys -- (LVVI500A)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/...ch/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-117609710-790525478-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-117609710-790525478-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:2.0.21


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.145.5\npGoogleOneClick8.dl l (Google Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dl l (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/30 12:48:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/28 12:06:22 | 000,000,000 | ---D | M]

[2010/06/03 07:26:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/06/03 07:26:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/12/28 07:54:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\labmfapn.default\ext ensions
[2010/11/28 12:08:14 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\labmfapn.default\ext ensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2011/11/18 19:13:57 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\labmfapn.default\ext ensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/02/04 16:45:40 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\labmfapn.default\sea rchplugins\askcom.xml
[2011/12/30 12:48:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LABMFAPN.DEFAULT\EXT ENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LABMFAPN.DEFAULT\EXT ENSIONS\ARTUR.DUBOVOY@GMAIL.COM.XPI
[2011/12/21 17:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/21 14:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 14:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{google:originalQueryForSuggestion}sou rceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output =chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2012/01/04 16:30:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Run StartupMonitor] C:\WINDOWS\StartupMonitor.exe ()
O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-117609710-790525478-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-117609710-790525478-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-117609710-790525478-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-117609710-790525478-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe File not found
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1185345645250 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{12037513-B6D4-4D38-8316-D65F17AD8C11}: DhcpNameServer = 10.1.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/24 19:59:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/05/29 22:32:24 | 000,000,194 | -HS- | M] () - E:\AUTOEXEC.BAK -- [ FAT32 ]
O32 - AutoRun File - [2000/06/08 17:00:00 | 000,000,079 | -HS- | M] () - E:\AUTOEXEC.DOS -- [ FAT32 ]
O32 - AutoRun File - [2007/11/17 13:29:34 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2011/03/17 20:02:58 | 000,000,000 | R--D | M] - H:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/04 22:14:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/01/04 17:17:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/04 16:15:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/04 16:12:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/04 16:12:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/04 16:12:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/04 16:12:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/04 16:11:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/04 15:41:29 | 004,368,790 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/01/04 15:40:25 | 004,368,790 | ---- | C] (Swearware) -- C:\Documents and Settings\Owner\My Documents\ComboFix.exe
[2012/01/01 14:54:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\fw
[2012/01/01 13:18:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\fwbeautifulphotos
[2011/12/31 10:17:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/12/30 11:21:23 | 015,292,208 | ---- | C] (Mozilla) -- C:\Documents and Settings\Owner\My Documents\Firefox Setup 9.0.1.exe
[2011/12/30 10:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/12/22 18:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\GIFT
[2011/12/16 06:47:58 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2011/12/08 00:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\youtube videos
[2007/11/18 17:15:34 | 000,159,744 | ---- | C] (CANON INC.) -- C:\Program Files\SGTBox.exe
[2007/11/18 17:15:34 | 000,112,128 | ---- | C] (Canon Inc.) -- C:\Program Files\cfpJpeg.dll
[2007/11/18 17:15:34 | 000,087,552 | ---- | C] (Canon Inc.) -- C:\Program Files\Cfpapi.dll
[2007/11/18 17:15:34 | 000,073,728 | ---- | C] (CANON INC.) -- C:\Program Files\SGTBRES.dll
[2007/11/18 17:15:34 | 000,028,672 | ---- | C] (CANON INC.) -- C:\Program Files\chreg.exe
[2007/11/18 17:15:33 | 000,511,424 | ---- | C] (Microsoft Corporation) -- C:\Program Files\40comupd.exe
[2007/11/18 17:15:33 | 000,468,992 | ---- | C] (Canon Inc.) -- C:\Program Files\cefpix.dll
[2007/11/18 17:15:33 | 000,118,272 | ---- | C] (Media Cybernetics, L.P.) -- C:\Program Files\Ifftif32.dll
[2007/11/18 17:15:33 | 000,083,968 | ---- | C] (Media Cybernetics, L.P.) -- C:\Program Files\Iffjpg32.dll
[2007/11/18 17:15:33 | 000,025,600 | ---- | C] (Media Cybernetics, L.P.) -- C:\Program Files\Iffpcx32.dll
[2007/11/18 17:15:33 | 000,020,992 | ---- | C] (Media Cybernetics, L.P.) -- C:\Program Files\Hiffl32.dll
[2007/11/18 17:13:12 | 000,052,224 | ---- | C] (Caere Corporation) -- C:\Program Files\train.dll
[2007/11/18 17:13:12 | 000,034,304 | ---- | C] (IntelliQuest Communications, Inc.) -- C:\Program Files\TABCTL32.DLL
[2007/11/18 17:13:12 | 000,020,992 | ---- | C] (Caere Corporation) -- C:\Program Files\wizard32.dll
[2007/11/18 17:13:12 | 000,013,312 | ---- | C] (Caere Corporation) -- C:\Program Files\rgreslang.dll
[2007/11/18 17:13:11 | 003,146,240 | ---- | C] (Caere Corporation) -- C:\Program Files\rgreseng.dll
[2007/11/18 17:13:11 | 000,400,896 | ---- | C] (Caere Corporation) -- C:\Program Files\regcmn32.dll
[2007/11/18 17:13:11 | 000,255,488 | ---- | C] (Pipeline Communications, Inc.) -- C:\Program Files\PLINE32.DLL
[2007/11/18 17:13:11 | 000,147,456 | ---- | C] (Caere Corporation) -- C:\Program Files\opstor32.dll
[2007/11/18 17:13:11 | 000,050,384 | ---- | C] (Caere Corporation) -- C:\Program Files\OPWARE16.EXE
[2007/11/18 17:13:11 | 000,044,032 | ---- | C] (Caere Corporation) -- C:\Program Files\OPware32.exe
[2007/11/18 17:13:11 | 000,024,576 | ---- | C] (Caere Corporation) -- C:\Program Files\opsrc32.dll
[2007/11/18 17:13:11 | 000,013,600 | ---- | C] (Calera Recognition Systems) -- C:\Program Files\OPUTIL16.DLL
[2007/11/18 17:13:11 | 000,012,288 | ---- | C] (Caere Corporation) -- C:\Program Files\opscan32.src
[2007/11/18 17:13:10 | 001,290,752 | ---- | C] (Caere Corporation) -- C:\Program Files\opreseng.dll
[2007/11/18 17:13:10 | 000,102,736 | ---- | C] (Caere Corporation) -- C:\Program Files\oppro16.ocr
[2007/11/18 17:13:10 | 000,090,112 | ---- | C] (Caere Corporation) -- C:\Program Files\oppro32.ocr
[2007/11/18 17:13:10 | 000,008,704 | ---- | C] (Caere Corporation) -- C:\Program Files\opreg32.dll
[2007/11/18 17:13:10 | 000,008,192 | ---- | C] (Caere Corporation) -- C:\Program Files\opmem32.src
[2007/11/18 17:13:09 | 000,140,288 | ---- | C] (Caere Corporation) -- C:\Program Files\OPHOOK32.dll
[2007/11/18 17:13:09 | 000,073,728 | ---- | C] (Caere Corporation) -- C:\Program Files\OPImgLib.dll
[2007/11/18 17:13:09 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Program Files\OP9Deins.exe
[2007/11/18 17:13:09 | 000,011,264 | ---- | C] (Caere Corporation) -- C:\Program Files\opdisk32.src
[2007/11/18 17:13:09 | 000,004,112 | ---- | C] (Caere Corporation) -- C:\Program Files\OPHOOK16.DLL
[2007/11/18 17:13:08 | 000,926,208 | ---- | C] (Caere Corporation) -- C:\Program Files\omnipage.exe
[2007/11/18 17:13:08 | 000,235,008 | ---- | C] (Pipeline Communications, Inc.) -- C:\Program Files\IQ_COM32.DLL
[2007/11/18 17:13:08 | 000,182,272 | ---- | C] (Caere Corporation) -- C:\Program Files\metafile.dll
[2007/11/18 17:13:08 | 000,155,648 | ---- | C] (IntelliQuest Communications, Inc.) -- C:\Program Files\ITP32.EXE
[2007/11/18 17:13:08 | 000,059,392 | ---- | C] (Pipeline Communications, Inc.) -- C:\Program Files\CRAM32.DLL
[2007/11/18 17:13:08 | 000,048,640 | ---- | C] (Blue Sky Software) -- C:\Program Files\INETWH32.dll
[2007/11/18 17:13:08 | 000,038,400 | ---- | C] (Caere Corporation) -- C:\Program Files\ivwres0.dll
[2007/11/18 17:11:40 | 002,142,208 | ---- | C] (ArcSoft, Inc.) -- C:\Program Files\PhotoStudio.exe
[2007/11/18 17:11:39 | 000,131,072 | ---- | C] (Arcsoft Inc.) -- C:\Program Files\ArcInet.dll
[2007/11/18 17:11:28 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files\STI.DLL
[2005/02/16 11:06:16 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Program Files\HijackThis.exe
[2001/12/18 19:27:34 | 000,221,184 | ---- | C] (Logitech Inc.) -- C:\Program Files\WebCast.dll
[2001/12/18 19:26:36 | 000,274,432 | ---- | C] (Logitech Inc.) -- C:\Program Files\LWebCast.dll
[2001/12/18 19:26:28 | 000,163,840 | ---- | C] (Logitech Inc.) -- C:\Program Files\WebCam.dll
[2001/12/18 19:25:42 | 000,204,800 | ---- | C] (Logitech Inc.) -- C:\Program Files\LWebCam.dll
[2001/12/18 19:25:34 | 000,126,976 | ---- | C] (Logitech Inc.) -- C:\Program Files\WebCamRT.exe
[2001/12/18 19:24:50 | 000,032,768 | ---- | C] (Logitech Inc.) -- C:\Program Files\LWebCamR.dll
[2001/12/18 19:24:42 | 000,098,304 | ---- | C] (Logitech Inc.) -- C:\Program Files\WCStatus.dll
[2001/12/18 19:24:00 | 000,020,480 | ---- | C] (Logitech Inc.) -- C:\Program Files\LWCStatu.dll
[2001/12/18 19:23:26 | 000,057,344 | ---- | C] (Logitech Inc.) -- C:\Program Files\LWCComn.dll
[2001/12/18 19:23:20 | 000,053,248 | ---- | C] (Logitech Inc.) -- C:\Program Files\DualCam.exe
[2001/12/18 19:22:42 | 000,081,920 | ---- | C] (Logitech Inc.) -- C:\Program Files\LDualCam.dll
[2001/12/18 19:22:34 | 000,180,224 | ---- | C] (Logitech Inc.) -- C:\Program Files\WebAlbum.dll
[2001/12/18 19:21:44 | 000,241,664 | ---- | C] (Logitech Inc.) -- C:\Program Files\LWebAlbu.dll
[2001/12/18 19:21:08 | 000,159,744 | ---- | C] (Logitech Inc.) -- C:\Program Files\QCSup.dll
[2001/12/18 19:20:20 | 000,073,728 | ---- | C] (Logitech Inc.) -- C:\Program Files\LQCSup.dll
[2001/12/18 19:20:12 | 000,110,592 | ---- | C] (Logitech Inc.) -- C:\Program Files\VMail.dll
[2001/12/18 19:19:52 | 000,020,480 | ---- | C] (Logitech Inc.) -- C:\Program Files\LogiMail.exe
[2001/12/18 19:19:20 | 000,983,040 | ---- | C] (Logitech Inc.) -- C:\Program Files\LVMail.dll
[2001/12/18 19:19:12 | 000,077,824 | ---- | C] (Logitech Inc.) -- C:\Program Files\LVMComp.dll
[2001/12/18 19:18:24 | 000,020,480 | ---- | C] (Logitech Inc.) -- C:\Program Files\LLVMComp.dll
[2001/12/18 19:18:18 | 000,053,248 | ---- | C] (Logitech Inc.) -- C:\Program Files\LVMAVI.dll
[2001/12/18 19:18:04 | 000,036,864 | ---- | C] (Logitech Inc.) -- C:\Program Files\AOLMWiz.exe
[2001/12/18 19:17:30 | 000,028,672 | ---- | C] (Logitech Inc.) -- C:\Program Files\LAOLMWiz.dll
[2001/12/18 19:17:22 | 000,118,784 | ---- | C] (Logitech Inc.) -- C:\Program Files\Radar.dll
[2001/12/18 19:16:38 | 000,126,976 | ---- | C] (Logitech Inc.) -- C:\Program Files\LRadar.dll
[2001/12/18 19:16:30 | 000,204,800 | ---- | C] (Logitech Inc.) -- C:\Program Files\QuickCam.exe
[2001/12/18 19:15:20 | 003,641,344 | ---- | C] (Logitech Inc.) -- C:\Program Files\LQuickCa.dll
[2001/12/18 19:14:40 | 000,114,688 | ---- | C] (Logitech Inc.) -- C:\Program Files\Update.dll
[2001/12/18 19:13:56 | 000,036,864 | ---- | C] (Logitech Inc.) -- C:\Program Files\LUpdate.dll
[2001/12/18 19:13:48 | 000,184,320 | ---- | C] (Logitech Inc.) -- C:\Program Files\LIU_UPD.dll
[2001/12/18 19:13:40 | 000,163,840 | ---- | C] (Logitech Inc.) -- C:\Program Files\LIU_PROD.dll
[2001/12/18 19:13:32 | 000,057,344 | ---- | C] (Logitech Inc.) -- C:\Program Files\WaveChk.exe
[2001/12/18 19:12:56 | 000,421,888 | ---- | C] (Logitech Inc.) -- C:\Program Files\LWaveChe.dll
[2001/12/18 19:12:48 | 000,040,960 | ---- | C] (Logitech Inc.) -- C:\Program Files\QCWebPre.ocx
[2001/12/18 19:12:40 | 000,090,112 | ---- | C] (Logitech Inc.) -- C:\Program Files\QCPipe.dll
[2001/12/18 19:12:02 | 000,016,384 | ---- | C] (Logitech Inc.) -- C:\Program Files\LQCPipe.dll
[2001/12/18 19:11:56 | 000,065,536 | ---- | C] (Logitech Inc.) -- C:\Program Files\PUpdate.exe
[2001/12/18 19:11:44 | 000,106,496 | ---- | C] (Logitech Inc.) -- C:\Program Files\QCCtrl.dll
[2001/12/18 19:11:32 | 000,077,824 | ---- | C] (Logitech Inc.) -- C:\Program Files\PicVid.dll
[2001/12/18 19:10:54 | 000,180,224 | ---- | C] (Logitech Inc.) -- C:\Program Files\LPicVid.dll
[2001/12/18 19:10:46 | 000,290,816 | ---- | C] (Logitech Inc.) -- C:\Program Files\QCWebCOM.dll
[2001/12/18 19:09:44 | 000,659,456 | ---- | C] (Logitech Inc.) -- C:\Program Files\LQCWebCo.dll
[2001/12/18 19:09:36 | 000,061,440 | ---- | C] (Logitech Inc.) -- C:\Program Files\FileMenu.dll
[2001/12/18 19:08:54 | 000,020,480 | ---- | C] (Logitech Inc.) -- C:\Program Files\LFileMen.dll
[2001/12/18 19:08:48 | 000,065,536 | ---- | C] (Logitech Inc.) -- C:\Program Files\Edit.dll
[2001/12/18 19:08:10 | 000,032,768 | ---- | C] (Logitech Inc.) -- C:\Program Files\LEdit.dll
[2001/12/18 19:08:00 | 000,512,000 | ---- | C] (Logitech Inc.) -- C:\Program Files\Editor.exe
[2001/12/18 19:06:52 | 000,253,952 | ---- | C] (Logitech Inc.) -- C:\Program Files\LEditor.dll
[2001/12/18 19:06:44 | 000,241,664 | ---- | C] (Logitech Inc.) -- C:\Program Files\Album.dll
[2001/12/18 19:05:52 | 000,225,280 | ---- | C] (Logitech Inc.) -- C:\Program Files\LAlbum.dll
[2001/12/18 19:05:44 | 000,131,072 | ---- | C] (Logitech Inc.) -- C:\Program Files\Anim.dll
[2001/12/18 19:05:00 | 001,048,576 | ---- | C] (Logitech Inc.) -- C:\Program Files\LAnim.dll
[2001/12/18 19:04:32 | 000,360,448 | ---- | C] (Logitech Inc.) -- C:\Program Files\QCUI.dll
[2001/12/18 19:03:32 | 000,032,768 | ---- | C] (Logitech Inc.) -- C:\Program Files\LQCUI.dll
[2001/12/18 18:58:02 | 000,081,920 | ---- | C] (Logitech Inc.) -- C:\Program Files\QCImage.dll
[2001/12/18 18:57:52 | 000,126,976 | ---- | C] (Logitech Inc.) -- C:\Program Files\LVMMail.dll
[2001/12/18 18:56:56 | 000,028,672 | ---- | C] (Logitech Inc.) -- C:\Program Files\LLVMMail.dll
[2001/12/18 18:46:42 | 000,053,248 | ---- | C] (Logitech Inc.) -- C:\Program Files\AviToRV.dll
[2001/12/18 18:39:24 | 000,058,368 | ---- | C] (Cresta Systems, Inc.) -- C:\Program Files\Csh263.dll
[2001/12/18 18:39:24 | 000,023,040 | ---- | C] (Cresta Systems, Inc.) -- C:\Program Files\Csa2c.dll
[2001/12/18 18:18:40 | 000,106,496 | ---- | C] (SpotLife Inc.) -- C:\Program Files\SLINet.dll
[2001/12/18 18:18:36 | 000,056,320 | ---- | C] (Distinct Corporation) -- C:\Program Files\DSTNCT32.dll
[2001/12/18 18:18:36 | 000,047,104 | ---- | C] (Distinct Corporation) -- C:\Program Files\D32-FW.dll
[2001/12/18 18:18:36 | 000,039,936 | ---- | C] (Distinct Corporation) -- C:\Program Files\GHOST32.exe
[2001/05/17 15:45:50 | 000,500,224 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Rnco3260.dll
[2001/05/17 15:45:50 | 000,329,728 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Rmto3260.dll
[2001/05/17 15:45:50 | 000,090,624 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Rv203260.dll
[2001/05/17 15:45:50 | 000,041,472 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Sdpp3260.dll
[2001/05/17 15:45:50 | 000,030,208 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Rv103260.dll
[2001/05/17 15:45:50 | 000,028,160 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Rn5a3260.dll
[2001/05/17 15:45:50 | 000,017,408 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Sipr3260.dll
[2001/05/17 15:45:48 | 000,521,728 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Rmme3260.dll
[2001/05/17 15:45:48 | 000,510,976 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Rmbe3260.dll
[2001/05/17 15:45:48 | 000,379,904 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Pngu3264.dll
[2001/05/17 15:45:48 | 000,278,528 | R--- | C] (Real Networks, Inc) -- C:\Program Files\Pncrt.dll
[2001/05/17 15:45:48 | 000,272,384 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Erv23260.dll
[2001/05/17 15:45:48 | 000,092,672 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Erv13260.dll
[2001/05/17 15:45:48 | 000,011,264 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Pnrs3260.dll
[2001/05/17 15:45:46 | 000,447,488 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Encn3260.dll
[2001/05/17 15:45:46 | 000,084,992 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\14_43260.dll
[2001/05/17 15:45:46 | 000,078,848 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Ednt3260.dll
[2001/05/17 15:45:46 | 000,044,032 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\28_83260.dll
[2001/05/17 15:45:46 | 000,030,208 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Auth3260.dll
[2001/05/17 15:45:46 | 000,025,088 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Cook3260.dll
[2001/05/17 15:45:46 | 000,023,552 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Cokr3260.dll
[2001/05/17 15:45:46 | 000,023,552 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Basc3260.dll
[2001/05/17 15:45:46 | 000,021,504 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Enlv3260.dll
[2001/05/17 15:45:46 | 000,020,480 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Dnet3260.dll
[2001/02/20 17:30:44 | 000,854,528 | R--- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Ltwvc12n.dll
[2001/02/20 11:10:56 | 000,189,952 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltscr12n.ocx
[2001/02/20 11:10:42 | 000,609,280 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Ltocx12n.ocx
[2001/02/20 11:07:50 | 000,144,384 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LTSCR12n.DLL
[2001/02/19 10:50:58 | 000,164,352 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpng12n.dll
[2001/02/19 10:49:04 | 000,314,368 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFCMP12n.dll
[2001/02/19 10:36:18 | 000,027,136 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfwfx12n.dll
[2001/02/19 10:36:14 | 000,155,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lftif12n.dll
[2001/02/19 10:35:58 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lftga12n.dll
[2001/02/19 10:35:46 | 000,056,320 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpsd12n.dll
[2001/02/19 10:35:32 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcd12n.dll
[2001/02/19 10:35:26 | 000,033,280 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpcx12n.dll
[2001/02/19 10:35:22 | 000,071,680 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpct12n.dll
[2001/02/19 10:33:58 | 000,100,352 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lffpx12n.dll
[2001/02/19 10:32:14 | 000,036,864 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfbmp12n.dll
[2001/02/19 10:32:04 | 000,025,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfavi12n.dll
[2001/02/19 10:31:54 | 000,078,336 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lffax12n.dll
[2001/02/19 10:31:00 | 000,051,712 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lttmb12n.dll
[2001/02/19 10:30:56 | 000,066,048 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltlst12n.dll
[2001/02/19 10:30:20 | 000,309,760 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltdlg12n.dll
[2001/02/19 10:29:56 | 000,041,472 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lttwn12n.dll
[2001/02/19 10:29:52 | 000,166,400 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Ltimg12n.dll
[2001/02/19 10:29:30 | 000,227,840 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Ltefx12n.dll
[2001/02/19 10:29:18 | 000,753,152 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltann12n.dll
[2001/02/19 10:28:58 | 000,121,344 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Ltfil12n.dll
[2001/02/19 10:28:42 | 000,279,040 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LTDIS12n.dll
[2001/02/19 10:28:16 | 000,406,016 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Ltkrn12n.dll
[2000/05/02 03:17:00 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Program Files\PCDLIB32.DLL
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
Reply With Quote
  #21  
Old January 5th, 2012, 01:26 AM
pcblues pcblues is offline
Senior Member
 
Join Date: Dec 2011
O/S: Windows 7 64-bit
Location: Australia
Posts: 135
otl scan cont

========== Files - Modified Within 30 Days ==========

[2012/01/05 09:18:34 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
[2012/01/05 09:13:24 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/05 09:10:07 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/05 09:07:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/05 01:05:23 | 000,770,560 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\room 5 jan.rtf
[2012/01/05 00:51:12 | 000,015,857 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\waving.rtf
[2012/01/04 22:22:08 | 006,727,680 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\TrainRide.pps
[2012/01/04 22:14:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/01/04 16:30:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/04 16:15:28 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/04 15:41:51 | 004,368,790 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/01/04 15:40:53 | 004,368,790 | ---- | M] (Swearware) -- C:\Documents and Settings\Owner\My Documents\ComboFix.exe
[2012/01/04 12:34:15 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/01/03 23:45:26 | 000,125,440 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\JAl Karma.pps
[2012/01/03 23:41:34 | 000,009,992 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\fs 4 jan.rtf
[2012/01/03 23:40:26 | 000,616,261 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\room 4 jan.rtf
[2012/01/03 23:35:56 | 000,040,201 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\summer huhhh.rtf
[2012/01/03 13:42:54 | 000,001,602 | ---- | M] () -- C:\WINDOWS\pstudio.ini
[2012/01/03 13:42:54 | 000,000,028 | ---- | M] () -- C:\WINDOWS\album.ini
[2012/01/03 09:49:43 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/03 02:01:14 | 000,006,037 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Allen 2 jan.rtf
[2012/01/03 02:00:00 | 000,750,790 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\doc 2.rtf
[2012/01/03 01:12:54 | 000,602,024 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\doc 1.rtf
[2012/01/03 00:38:08 | 000,010,387 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\belle doc code.rtf
[2012/01/02 13:23:56 | 001,345,349 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\bb room.rtf
[2012/01/01 19:57:29 | 040,045,016 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\7 billion.rar
[2012/01/01 18:17:07 | 000,004,013 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\radar 1-jan.rtf
[2012/01/01 18:14:17 | 000,411,293 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\blue avenue 1 jan 12.rtf
[2012/01/01 10:20:50 | 002,398,126 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\fwbeautifulphotos.zip
[2012/01/01 01:53:18 | 000,271,783 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\dylans.rtf
[2011/12/31 23:01:42 | 001,359,112 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\blues avenue 1 jan.rtf
[2011/12/30 22:39:54 | 000,014,385 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\happy new year images.jpg
[2011/12/30 16:39:14 | 000,117,691 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\dll firefox 2.jpg
[2011/12/30 12:48:17 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/12/30 11:21:36 | 015,292,208 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner\My Documents\Firefox Setup 9.0.1.exe
[2011/12/30 11:06:40 | 000,099,461 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\net run time dll 30-dec01.jpg
[2011/12/30 10:58:29 | 000,463,010 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/30 10:58:29 | 000,078,956 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/30 10:17:30 | 000,087,738 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\firefox dll 30 dec1.jpg
[2011/12/29 23:49:57 | 000,699,615 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\fw.zip
[2011/12/27 09:11:42 | 000,080,865 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\dll 27-1.jpg
[2011/12/26 18:30:30 | 000,216,012 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\skype02.jpg
[2011/12/26 18:29:20 | 000,083,094 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\skype01.jpg
[2011/12/26 17:46:42 | 000,337,363 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Firewall 24-12-11.jpg
[2011/12/26 17:45:23 | 000,338,750 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Firewall 24-12.jpg
[2011/12/26 16:49:25 | 000,184,325 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Firewall major-02.jpg
[2011/12/26 16:46:21 | 000,143,128 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Firewall 1.jpg
[2011/12/26 15:52:17 | 000,066,400 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\paltalk dll.jpg
[2011/12/25 10:14:15 | 000,210,327 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\dll hmm1.jpg
[2011/12/24 23:16:40 | 000,207,091 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\port scan attack.jpg
[2011/12/20 23:03:36 | 000,333,767 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\snow 3.jpg
[2011/12/20 23:01:16 | 000,179,338 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\snow02.jpg
[2011/12/20 22:58:25 | 000,105,292 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Snow 01.jpg
[2011/12/16 06:47:58 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2011/12/15 22:29:16 | 000,254,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/12 18:26:50 | 910,725,120 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\BackupG9-12.bkf
[2011/12/11 17:41:45 | 000,004,324 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cc_20111211_174141.reg
[2011/12/10 13:37:07 | 000,089,561 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Byron bay.jpg
[2011/12/10 13:35:40 | 000,103,327 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\yellowstone.jpg
[2011/12/10 13:34:55 | 000,041,708 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Gobi Mongolia.jpg
[2011/12/10 13:32:22 | 000,027,732 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Kenya1.jpg
[2011/12/10 13:30:45 | 000,024,072 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Gobi-Desert-Mongolia.jpg
[2011/12/09 17:54:17 | 003,859,849 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\gin cured salmon 01.jpg
[2011/12/09 17:47:26 | 000,292,158 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Gin Cured Salmon.jpg
[2011/12/09 09:55:04 | 000,137,151 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Gillard 10-decBustsmain.jpg
[2011/12/08 19:08:07 | 000,053,134 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Endeavour dec 2011-jpg.axx
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/05 01:05:23 | 000,770,560 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\room 5 jan.rtf
[2012/01/05 00:51:12 | 000,015,857 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\waving.rtf
[2012/01/04 22:21:56 | 006,727,680 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\TrainRide.pps
[2012/01/04 16:15:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/04 16:15:25 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/04 16:12:11 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/04 16:12:11 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/04 16:12:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/04 16:12:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/04 16:12:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/03 23:45:14 | 000,125,440 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\JAl Karma.pps
[2012/01/03 23:41:34 | 000,009,992 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\fs 4 jan.rtf
[2012/01/03 23:36:16 | 000,616,261 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\room 4 jan.rtf
[2012/01/03 23:35:56 | 000,040,201 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\summer huhhh.rtf
[2012/01/03 02:01:14 | 000,006,037 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Allen 2 jan.rtf
[2012/01/03 02:00:00 | 000,750,790 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\doc 2.rtf
[2012/01/03 00:38:08 | 000,010,387 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\belle doc code.rtf
[2012/01/02 23:35:58 | 000,602,024 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\doc 1.rtf
[2012/01/02 13:23:56 | 001,345,349 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\bb room.rtf
[2012/01/01 19:56:53 | 040,045,016 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\7 billion.rar
[2012/01/01 18:17:07 | 000,004,013 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\radar 1-jan.rtf
[2012/01/01 18:14:17 | 000,411,293 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\blue avenue 1 jan 12.rtf
[2012/01/01 10:20:48 | 002,398,126 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\fwbeautifulphotos.zip
[2012/01/01 01:53:18 | 000,271,783 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\dylans.rtf
[2011/12/31 23:01:42 | 001,359,112 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\blues avenue 1 jan.rtf
[2011/12/30 22:39:53 | 000,014,385 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\happy new year images.jpg
[2011/12/30 16:39:14 | 000,117,691 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\dll firefox 2.jpg
[2011/12/30 11:06:40 | 000,099,461 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\net run time dll 30-dec01.jpg
[2011/12/30 10:17:30 | 000,087,738 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\firefox dll 30 dec1.jpg
[2011/12/29 23:49:53 | 000,699,615 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\fw.zip
[2011/12/27 09:11:42 | 000,080,865 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\dll 27-1.jpg
[2011/12/26 18:30:30 | 000,216,012 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\skype02.jpg
[2011/12/26 18:29:20 | 000,083,094 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\skype01.jpg
[2011/12/26 17:46:41 | 000,337,363 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Firewall 24-12-11.jpg
[2011/12/26 17:45:22 | 000,338,750 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Firewall 24-12.jpg
[2011/12/26 16:49:25 | 000,184,325 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Firewall major-02.jpg
[2011/12/26 16:46:21 | 000,143,128 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Firewall 1.jpg
[2011/12/26 15:52:17 | 000,066,400 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\paltalk dll.jpg
[2011/12/25 10:14:15 | 000,210,327 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\dll hmm1.jpg
[2011/12/24 23:16:40 | 000,207,091 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\port scan attack.jpg
[2011/12/20 23:03:36 | 000,333,767 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\snow 3.jpg
[2011/12/20 23:01:16 | 000,179,338 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\snow02.jpg
[2011/12/20 22:58:25 | 000,105,292 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Snow 01.jpg
[2011/12/12 18:15:27 | 910,725,120 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\BackupG9-12.bkf
[2011/12/11 17:41:43 | 000,004,324 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cc_20111211_174141.reg
[2011/12/10 13:37:07 | 000,089,561 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Byron bay.jpg
[2011/12/10 13:35:40 | 000,103,327 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\yellowstone.jpg
[2011/12/10 13:34:54 | 000,041,708 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Gobi Mongolia.jpg
[2011/12/10 13:32:21 | 000,027,732 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Kenya1.jpg
[2011/12/10 13:30:40 | 000,024,072 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Gobi-Desert-Mongolia.jpg
[2011/12/09 17:54:15 | 003,859,849 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\gin cured salmon 01.jpg
[2011/12/09 17:47:26 | 000,292,158 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Gin Cured Salmon.jpg
[2011/12/09 09:55:01 | 000,137,151 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Gillard 10-decBustsmain.jpg
[2011/12/08 19:08:06 | 000,053,134 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Endeavour dec 2011-jpg.axx
[2011/09/29 14:08:17 | 000,001,226 | ---- | C] () -- C:\WINDOWS\SplitCam.INI
[2011/07/08 11:25:51 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011/06/19 17:11:28 | 000,000,087 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/06/19 15:11:46 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Rmafiyayiyohuy.dat
[2011/06/19 15:11:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xpiduqehis.bin
[2011/05/15 16:12:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/15 12:14:44 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/15 12:14:44 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/05/12 00:48:55 | 000,392,584 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/03/23 11:41:43 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/03/22 16:55:40 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/03/22 16:55:39 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/03/22 16:55:33 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/03/14 15:44:08 | 000,052,972 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/15 17:02:38 | 000,000,015 | ---- | C] () -- C:\WINDOWS\ASSE.dat
[2010/08/22 11:21:27 | 000,000,137 | ---- | C] () -- C:\WINDOWS\oports.INI
[2010/07/29 13:23:41 | 000,921,600 | ---- | C] () -- C:\WINDOWS\vorbisenc.dll
[2010/07/29 13:23:41 | 000,237,568 | ---- | C] () -- C:\WINDOWS\OggDS.dll
[2010/07/29 13:23:41 | 000,188,416 | ---- | C] () -- C:\WINDOWS\vorbis.dll
[2010/07/29 13:23:41 | 000,066,048 | ---- | C] () -- C:\WINDOWS\MP4.dll
[2010/07/29 13:23:41 | 000,045,056 | ---- | C] () -- C:\WINDOWS\ogg.dll
[2010/07/29 13:23:41 | 000,023,552 | ---- | C] () -- C:\WINDOWS\mkunicode.dll
[2010/06/28 22:07:24 | 000,069,632 | ---- | C] () -- C:\WINDOWS\realbap1.dll
[2010/06/28 22:07:24 | 000,045,568 | ---- | C] () -- C:\WINDOWS\realbsf1.dll
[2010/06/28 22:06:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\realbap1.dll
[2010/06/28 22:06:26 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\realbsf1.dll
[2009/11/10 17:35:23 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/01 08:46:46 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/08/17 17:19:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.b in
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/04 16:46:36 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/04/11 15:15:25 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/04/11 15:15:25 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/03/11 15:12:29 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2007/11/19 16:15:26 | 000,000,025 | ---- | C] () -- C:\WINDOWS\DrvErase.INI
[2007/11/18 17:15:34 | 000,036,864 | ---- | C] () -- C:\Program Files\SGTBPBM.exe
[2007/11/18 17:15:32 | 000,006,784 | ---- | C] () -- C:\Program Files\readme.wri
[2007/11/18 17:13:12 | 000,041,472 | ---- | C] () -- C:\Program Files\sfw32.lok
[2007/11/18 17:13:12 | 000,009,216 | ---- | C] () -- C:\Program Files\caerereg.exe
[2007/11/18 17:13:12 | 000,004,528 | ---- | C] () -- C:\Program Files\Setbrows.exe
[2007/11/18 17:13:12 | 000,001,004 | ---- | C] () -- C:\Program Files\SHELLEXT.REG
[2007/11/18 17:13:11 | 000,135,088 | ---- | C] () -- C:\Program Files\Phone.inf
[2007/11/18 17:13:11 | 000,001,270 | ---- | C] () -- C:\Program Files\opvc_s.bmp
[2007/11/18 17:13:11 | 000,001,270 | ---- | C] () -- C:\Program Files\opvc_n.bmp
[2007/11/18 17:13:11 | 000,000,606 | ---- | C] () -- C:\Program Files\Pipeline.ini
[2007/11/18 17:13:09 | 001,435,279 | ---- | C] () -- C:\Program Files\OPManual.pdf
[2007/11/18 17:13:09 | 000,250,880 | ---- | C] () -- C:\Program Files\OpFor80.Dot
[2007/11/18 17:13:09 | 000,043,008 | ---- | C] () -- C:\Program Files\OpFor70.Dot
[2007/11/18 17:13:08 | 000,091,648 | ---- | C] () -- C:\Program Files\aware97.ppa
[2007/11/18 17:13:08 | 000,065,024 | ---- | C] () -- C:\Program Files\aware97.xla
[2007/11/18 17:13:08 | 000,060,928 | ---- | C] () -- C:\Program Files\IVWord.wll
[2007/11/18 17:13:08 | 000,002,943 | ---- | C] () -- C:\Program Files\dll0.20
[2007/11/18 17:13:08 | 000,001,793 | ---- | C] () -- C:\Program Files\Mailform.ctl
[2007/11/18 17:13:07 | 000,144,896 | ---- | C] () -- C:\Program Files\aware97.dot
[2007/11/18 17:13:07 | 000,029,711 | ---- | C] () -- C:\Program Files\DeIsL1.isu
[2007/11/18 17:13:07 | 000,000,664 | ---- | C] () -- C:\Program Files\omnipage.dat
[2007/11/18 17:11:39 | 000,952,320 | ---- | C] () -- C:\Program Files\PhBase.dll
[2007/11/18 17:11:28 | 000,308,736 | ---- | C] () -- C:\Program Files\Fpxlib.dll
[2007/11/18 17:11:28 | 000,115,712 | ---- | C] () -- C:\Program Files\Filefpx.dll
[2007/11/18 17:11:27 | 000,049,016 | ---- | C] () -- C:\Program Files\Uninst.isu
[2007/11/18 16:35:02 | 000,054,556 | ---- | C] () -- C:\Program Files\gallery.chm
[2007/11/18 16:35:02 | 000,047,139 | ---- | C] () -- C:\Program Files\webcam.chm
[2007/11/18 16:35:02 | 000,039,243 | ---- | C] () -- C:\Program Files\QCWebCas.chm
[2007/11/18 16:35:01 | 000,053,710 | ---- | C] () -- C:\Program Files\pictvid.chm
[2007/11/18 16:35:01 | 000,050,304 | ---- | C] () -- C:\Program Files\animate.chm
[2007/11/18 16:35:01 | 000,045,347 | ---- | C] () -- C:\Program Files\walbum.chm
[2007/11/18 16:35:01 | 000,038,501 | ---- | C] () -- C:\Program Files\motion.chm
[2007/11/18 16:34:35 | 000,000,000 | ---- | C] () -- C:\Program Files\WebCamRT.exe.local
[2007/11/18 16:34:35 | 000,000,000 | ---- | C] () -- C:\Program Files\WaveChk.exe.local
[2007/11/18 16:34:35 | 000,000,000 | ---- | C] () -- C:\Program Files\QuickCam.exe.local
[2007/11/18 16:34:35 | 000,000,000 | ---- | C] () -- C:\Program Files\PUpdate.exe.local
[2007/11/18 16:34:35 | 000,000,000 | ---- | C] () -- C:\Program Files\LogiReg.exe.local
[2007/11/18 16:34:35 | 000,000,000 | ---- | C] () -- C:\Program Files\LogiMail.exe.local
[2007/11/18 16:34:35 | 000,000,000 | ---- | C] () -- C:\Program Files\HijackThis.exe.local
[2007/11/18 16:34:35 | 000,000,000 | ---- | C] () -- C:\Program Files\GHOST32.exe.local
[2007/11/18 16:34:35 | 000,000,000 | ---- | C] () -- C:\Program Files\Editor.exe.local
[2007/11/18 16:34:35 | 000,000,000 | ---- | C] () -- C:\Program Files\DualCam.exe.local
[2007/11/18 16:34:35 | 000,000,000 | ---- | C] () -- C:\Program Files\AOLMWiz.exe.local
[2007/11/18 16:27:36 | 001,197,419 | ---- | C] () -- C:\Program Files\QCamhtg.chm
[2007/11/18 16:26:02 | 000,028,120 | ---- | C] () -- C:\Program Files\Install.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/23 20:19:30 | 000,000,146 | ---- | C] () -- C:\WINDOWS\anticrash.dat
[2007/09/23 20:19:30 | 000,000,120 | -H-- | C] () -- C:\WINDOWS\winshell.dat
[2007/07/29 11:25:28 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2007/07/27 18:32:01 | 000,056,832 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/26 11:20:31 | 000,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2007/07/25 16:48:26 | 000,626,688 | ---- | C] () -- C:\WINDOWS\System32\dfxg13.dll
[2007/07/25 15:50:00 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2007/07/25 15:48:24 | 000,000,021 | ---- | C] () -- C:\WINDOWS\phbase.ini
[2007/07/25 15:46:40 | 000,000,571 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/07/25 15:45:34 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2007/07/25 15:43:57 | 000,001,602 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2007/07/25 15:43:57 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2007/07/25 15:28:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/07/25 15:25:46 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2007/07/25 14:51:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/07/25 03:42:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/07/25 03:41:03 | 000,254,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/07/24 21:51:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/07/24 20:27:37 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/07/24 20:21:57 | 002,706,432 | R--- | C] () -- C:\WINDOWS\System32\s3gcil_inv.dll
[2007/07/24 20:01:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/07/24 19:56:26 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/15 18:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 00:56:44 | 000,056,880 | ---- | C] () -- C:\WINDOWS\System32\scvideo.dll
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/03/31 22:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 22:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 22:00:00 | 000,463,010 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 22:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 22:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 22:00:00 | 000,078,956 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 22:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 22:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 22:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 22:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/12/18 19:01:28 | 000,082,400 | ---- | C] () -- C:\Program Files\QCam.chm
[2001/12/18 18:59:18 | 000,016,221 | ---- | C] () -- C:\Program Files\Warranties.chm
[2001/11/20 03:05:10 | 000,005,228 | ---- | C] () -- C:\Program Files\v320_240.prx
[2001/11/20 03:05:10 | 000,005,228 | ---- | C] () -- C:\Program Files\v176_144.prx
[2001/11/20 03:05:08 | 000,005,228 | ---- | C] () -- C:\Program Files\v160_120.prx
[2001/11/20 03:05:08 | 000,005,228 | ---- | C] () -- C:\Program Files\v160_112.prx
[2001/11/01 10:04:40 | 000,015,712 | ---- | C] () -- C:\Program Files\upd_info.dat
[2000/06/19 17:49:48 | 000,009,264 | ---- | C] () -- C:\Program Files\Click.wav
[2000/05/20 17:23:48 | 000,086,016 | ---- | C] () -- C:\WINDOWS\StartupMonitor.exe
[2000/04/12 15:28:12 | 000,118,784 | ---- | C] () -- C:\Program Files\LFKODAK.dll
[2000/04/12 15:24:10 | 000,338,944 | ---- | C] () -- C:\Program Files\Lffpx7.dll
[1999/09/22 17:33:40 | 000,032,768 | ---- | C] () -- C:\Program Files\LogiReg.exe

< End of report >
Reply With Quote
  #22  
Old January 5th, 2012, 01:39 AM
pcblues pcblues is offline
Senior Member
 
Join Date: Dec 2011
O/S: Windows 7 64-bit
Location: Australia
Posts: 135
new dll warning

Hi Mosaic ,

This time OTL only created one log.. i hope that's how it suppose to be..
About the " new dll' warnings, not realizing that i can save the text , i have been taking screen shots of the warnings, since i am unable to post attachments , i can not post those. Pls let me know if there's a way of sending them to you.
However, there was another one this morning , i've managed to copy the contents of that , here it is.

Thanks again.. cheers

The new DLLs have been loaded:
C:\WINDOWS\system32\wtsapi32.dll
C:\WINDOWS\system32\faultrep.dll

To disable DLL Authentication go to the security tab under the Tools, Options menu.

File Version : 10.106.4634.1018
File Description : Paltalk Messenger
File Path : C:\Program Files\Paltalk Messenger\paltalk.exe
Process ID : 0xC30 (Heximal) 3120 (Decimal)

Connection origin : local initiated
Protocol : TCP
Local Address : 10.1.1.2
Local Port : 1039
Remote Name : client.paltalk.com
Remote Address : 64.40.15.14
Remote Port : 80 (HTTP - World Wide Web)

Ethernet packet details:
Ethernet II (Packet Length: 68)
Destination: 00-25-69-5a-19-e8
Source: 00-19-db-8c-71-4a
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 128
Protocol: 0x6 (TCP - Transmission Control Protocol)
Header checksum: 0x6e97 (Correct)
Source: 10.1.1.2
Destination: 64.40.15.14
Transmission Control Protocol (TCP)
Source port: 1039
Destination port: 80
Sequence number: 409538429
Acknowledgment number: 3236301623
Header length: 20
Flags:
0... .... = Congestion Window Reduce (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .1.. = Reset: Set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Checksum: 0x355d (Correct)
Data (0 Bytes)

Binary dump of the packet:
0000: 00 25 69 5A 19 E8 00 19 : DB 8C 71 4A 08 00 45 00 | .%iZ......qJ..E.
0010: 00 28 09 29 40 00 80 06 : 97 6E 0A 01 01 02 40 28 | .(.)@....n....@(
0020: 0F 0E 04 0F 00 50 18 69 : 0F 7D C0 E6 0B 37 50 14 | .....P.i.}...7P.
0030: 00 00 5D 35 00 00 15 03 : 01 00 12 1F 5F 18 D7 DC | ..]5........_...
0040: D0 AD ED 7B : | ...{


Application changed since last used , process ID 3120
Reply With Quote
  #23  
Old January 5th, 2012, 02:02 AM
pcblues pcblues is offline
Senior Member
 
Join Date: Dec 2011
O/S: Windows 7 64-bit
Location: Australia
Posts: 135
one more thing..

When i look in the Event Viewer, i see a lot of tcpip, event ID 4226 and Dhcp , event Id 1007 warnings , would this be related to the ' new dll" issue and i am wondering if there's anything i can/should do to correct this.
Reply With Quote
  #24  
Old January 5th, 2012, 02:22 AM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
I'm looking into why Sygate is alerting you any time a program which accesses the internet is loaded. Did you recently change any of the firewall settings? Did the program auto update itself?

I am going to sign off in a minute or two. But as to the screenshots, Here'ws how to get the scrteenshots to us. These directions are compliments of my teammate, Aaflac.
  • Open MediaFire
  • Place the mouse over the white area in the middle of the window, and it will then say: Click here to start uploading
  • Click the area.
  • In the Select Files to Upload prompt, click the [+] sign (bottom left).
  • In the prompt that appears, navigate to where the file is presently found, for example, the Desktop.
  • Once you get to the file, highlight it, and press the Open button (lower right)
  • The name of the file shows up under File Name in the MediaFire window
  • Now, press the Begin Upload button.
  • The file is uploaded, and to the far right of the File Name, you will see: Copy Link
  • Click on Copy Link, and it will say: Data copied to the Clipboard. That means the data was copied, so now you
    can paste it in your reply.


We'll see what other files are being considered as new and which programs are loading them. Then we'll examine them once I have the names.
Reply With Quote
  #25  
Old January 5th, 2012, 05:02 AM
pcblues pcblues is offline
Senior Member
 
Join Date: Dec 2011
O/S: Windows 7 64-bit
Location: Australia
Posts: 135
upload link

Hi Mosaic

Great idea , here's the link to the zipped folder on Mediafire !

http://www.mediafire.com/?hop5k7l2rrmb14g

Thank you...
Reply With Quote
  #26  
Old January 5th, 2012, 05:55 AM
pcblues pcblues is offline
Senior Member
 
Join Date: Dec 2011
O/S: Windows 7 64-bit
Location: Australia
Posts: 135
Sorry Mosaic , forgot to answer your questions in my previous post .
None of the programs i'm using, including the firewall, allowed to auto-update and i haven't updated any manually around the time this started happening,
but a few days after this started, Firefox went kinda funny and crashed, and i had to install a new version on top of the old one.
Reply With Quote
  #27  
Old January 7th, 2012, 04:18 AM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
Installing a new version of firefox could explain it.

Looking at your screenshots shows normal activity. The programs loading are going where they should and not to a malware site.

Combofix did remove a plug-in.

From what I know of the dll authentication in Sygate firewall, this will stop once everything has either been ok'd or blocked from loading when you get an alert.
Reply With Quote
  #28  
Old January 7th, 2012, 05:02 AM
pcblues pcblues is offline
Senior Member
 
Join Date: Dec 2011
O/S: Windows 7 64-bit
Location: Australia
Posts: 135
sygate crashed

Hi Mosaic , thanks for your response.

Since my last post, Sygate has crashed , the "applications" section was totally empty , and the barrage of " new dll's " started all over as well as the usual pop ups asking to allow every single program .

After some research , I have come to the conclusion that :
Sygate is outdated , can not be updated and somehow it stopped to function properly .
Not sure if you agree with this , but i think it was the glitch in Sygate that caused all the warnings about new dll's.

Today , again after comparing the free firewalls available i found two that had the best reviews ( Comodo & Zone alarm) , and after a lot of consideration i have decided to give Zone alarm a try . It is now installed and running fine.. and thankfully no " new dll" pop ups.

I would be interested to hear your views ( and any recommendations )
on the above.

Regards " pcblues"
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 03:41 PM.