Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #1  
Old December 26th, 2011, 07:42 AM
pcblues pcblues is offline
Senior Member
 
Join Date: Dec 2011
O/S: Windows 7 64-bit
Location: Australia
Posts: 135
Exclamation strange pc since "new dll has been loaded" please help-MOVED BY MURF


Hello,
A few days ago i had a firewall warning about someone scanning my computer during a phonecall from gmail , when i did a backtrace it
appeared to be Google
Next day everything was different , Firefox and IE wouldnt load pages properly
and each time i open a program a firewall window pops up , stating that a
" new dll has been loaded " by whatever program i'm trying to access and it asks for permission to access the network.
It also states that this can happen if i have updated these programs lately ,
but i have not done any updates recently, nor have i installed new programs.
When I tried to use skype , a "debugger" popped up, skype worked ok after debugging , but i am left with a ' debug.log" on the desktop that is empty and can not delete it.
I am a bit worried that things just dont seem right, could someone please advise what i should do !
Many thanks in advance..
Reply With Quote


  #2  
Old December 29th, 2011, 05:39 PM
alexpjhone alexpjhone is offline
New Member
 
Join Date: Dec 2011
Posts: 8
hi, you might run a complete system scan for viruses with updated version. you to prevent more complexities just restore system to last day / before coming the problem.
Reply With Quote
  #3  
Old December 30th, 2011, 12:56 AM
pcblues pcblues is offline
Senior Member
 
Join Date: Dec 2011
O/S: Windows 7 64-bit
Location: Australia
Posts: 135
hi alex, thanks for your reply.. i have run several thorough virus & spy/malware scans
but they all came up clean. i'm really baffled by this as this is the first time i've come across this problem and haven't been able to find any solutions or explanations for this on the net.
i was hoping that i could get some help here , but no luck so far .
Reply With Quote
  #4  
Old December 30th, 2011, 05:04 PM
Murf's Avatar
Murf Murf is offline
Moderator
 
Join Date: Oct 2001
O/S: Windows 10 Home
Location: Newport News VA
Age: 74
Posts: 17,201
I am moving this over to our Malware Removal forum. They are busy have patience. They can determine if in fact you are infected.
Reply With Quote
  #5  
Old December 31st, 2011, 12:22 AM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
Hi pcblues,

This sounds liike an issue with the google talk plugin. We can't fix that, other than suggesting an uninstall, try using Firefox or another Browser, or directing you to google for help. It's apparently a problem when using Internet Explorer with the plug-in enabled. But, let's have a look at your system anyway.

Click this link to download OldTimer's OTL to your desktop.
http://oldtimer.geekstogo.com/OTL.exe

Next, click OTL.exe to open the scan display.(Vista and windows7 Users, right click on OTL.exe and click on Run As Administrator) At the top check "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.
Reply With Quote
  #6  
Old December 31st, 2011, 01:49 AM
pcblues pcblues is offline
Senior Member
 
Join Date: Dec 2011
O/S: Windows 7 64-bit
Location: Australia
Posts: 135
Hi Mosaic ,

thanks for your quick response , first up i was wondering if the two events were in fact connected ,since the new dll issue started after the google plug in
problem.
The 'new dll' warning's mostly stopped now , i have run the suggested scan, your help is appreciated.. :-)

OTL logfile created on: 31/12/2011 10:22:34 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

958.36 Mb Total Physical Memory | 248.87 Mb Available Physical Memory | 25.97% Memory free
2.26 Gb Paging File | 1.68 Gb Available in Paging File | 74.32% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 42.87 Gb Free Space | 28.76% Space Free | Partition Type: NTFS
Drive E: | 12.17 Gb Total Space | 4.34 Gb Free Space | 35.65% Space Free | Partition Type: FAT32
Drive F: | 6.45 Gb Total Space | 1.57 Gb Free Space | 24.30% Space Free | Partition Type: FAT32
Drive H: | 2328.76 Gb Total Space | 479.54 Gb Free Space | 20.59% Space Free | Partition Type: NTFS

Computer Name: OWNER-44FFE017E | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/31 10:21:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/12/21 17:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/10 07:00:38 | 013,695,752 | ---- | M] (AVM Software Inc.) -- C:\Program Files\Paltalk Messenger\paltalk.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/09 16:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.ex e
PRC - [2004/10/15 19:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe
PRC - [2000/05/20 17:23:48 | 000,086,016 | ---- | M] () -- C:\WINDOWS\StartupMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/21 17:24:51 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/19 08:47:13 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/10 07:00:42 | 000,048,368 | ---- | M] () -- C:\Program Files\Paltalk Messenger\ctrlkey.dll
MOD - [2009/11/05 07:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2004/10/15 18:32:20 | 001,385,712 | ---- | M] () -- C:\Program Files\Sygate\SPF\tse.dll
MOD - [2004/10/15 18:32:18 | 000,832,744 | ---- | M] () -- C:\Program Files\Sygate\SPF\SyLink.dll
MOD - [2004/10/15 18:32:12 | 000,890,088 | ---- | M] () -- C:\Program Files\Sygate\SPF\SpNet.dll
MOD - [2000/05/20 17:23:48 | 000,086,016 | ---- | M] () -- C:\WINDOWS\StartupMonitor.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/09/10 13:43:04 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [On_Demand | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [On_Demand | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.ex e -- (Basics Service)
SRV - [2004/10/15 19:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) [Auto | Running] -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService)


========== Driver Services (SafeList) ==========

DRV - [2011/12/31 09:54:20 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04BA5035-14E5-4D8F-877C-84A6E80ACE5C}\MpKsl1c617d76.sys -- (MpKsl1c617d76)
DRV - [2011/09/10 13:42:57 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/09/10 13:42:56 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/10 12:07:31 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2010/09/23 17:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/07/29 00:25:42 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2009/12/30 12:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/01/14 20:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2006/11/15 16:34:00 | 004,225,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/15 11:38:28 | 000,634,880 | R--- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP)
DRV - [2006/10/18 19:39:58 | 000,017,920 | R--- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2006/10/17 22:22:26 | 000,009,216 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2004/10/15 18:32:44 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys -- (wg6n)
DRV - [2004/10/15 18:32:42 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys -- (wg5n)
DRV - [2004/10/15 18:32:40 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys -- (wg4n)
DRV - [2004/10/15 18:32:38 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n)
DRV - [2004/10/15 18:18:46 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2004/10/15 18:17:02 | 000,060,496 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer)
DRV - [2001/09/24 09:39:18 | 000,010,261 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVBulk.sys -- (LVBulk)
DRV - [2001/09/24 09:38:26 | 000,033,280 | ---- | M] (Logitech Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\LVSound2.sys -- (lusbaudio)
DRV - [2001/09/20 03:39:44 | 000,193,574 | ---- | M] (Tekom Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvvi500a.sys -- (LVVI500A)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/...ch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-117609710-790525478-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-117609710-790525478-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-117609710-790525478-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-117609710-790525478-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:2.0.21


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.145.5\npGoogleOneClick8.dl l (Google Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dl l (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{98B24BCC-B10A-42B6-8CC6-9C77322986D8}: C:\Documents and Settings\Owner\Local Settings\Application Data\{98B24BCC-B10A-42B6-8CC6-9C77322986D8} [2011/06/19 15:11:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/30 12:48:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/28 12:06:22 | 000,000,000 | ---D | M]

[2010/06/03 07:26:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/06/03 07:26:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/12/28 07:54:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\labmfapn.default\ext ensions
[2010/11/28 12:08:14 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\labmfapn.default\ext ensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2011/11/18 19:13:57 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\labmfapn.default\ext ensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/02/04 16:45:40 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\labmfapn.default\sea rchplugins\askcom.xml
[2011/12/30 12:48:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LABMFAPN.DEFAULT\EXT ENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LABMFAPN.DEFAULT\EXT ENSIONS\ARTUR.DUBOVOY@GMAIL.COM.XPI
[2011/12/21 17:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/21 14:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 14:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{google:originalQueryForSuggestion}sou rceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output =chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/09/05 14:40:48 | 000,614,259 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16324 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKU\S-1-5-21-117609710-790525478-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Run StartupMonitor] C:\WINDOWS\StartupMonitor.exe ()
O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-117609710-790525478-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/reso...an8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1185345645250 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{12037513-B6D4-4D38-8316-D65F17AD8C11}: DhcpNameServer = 10.1.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/24 19:59:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/05/29 22:32:24 | 000,000,194 | -HS- | M] () - E:\AUTOEXEC.BAK -- [ FAT32 ]
O32 - AutoRun File - [2000/06/08 17:00:00 | 000,000,079 | -HS- | M] () - E:\AUTOEXEC.DOS -- [ FAT32 ]
O32 - AutoRun File - [2007/11/17 13:29:34 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2011/03/17 20:02:58 | 000,000,000 | RH-D | M] - H:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 22:56:50 | 000,000,036 | RH-- | M] () - H:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Documents and Settings\Owner\My Documents\Légifelvételek az átszakadt gátról.pps
[2011/12/31 10:21:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/12/31 10:17:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/12/30 12:19:50 | 003,243,768 | ---- | C] (Javacool Software LLC ) -- C:\Documents and Settings\Owner\My Documents\spywareblastersetup45.exe
[2011/12/30 11:21:23 | 015,292,208 | ---- | C] (Mozilla) -- C:\Documents and Settings\Owner\My Documents\Firefox Setup 9.0.1.exe
[2011/12/30 10:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/12/25 12:43:40 | 074,638,528 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\msert.exe
[2011/12/22 18:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\GIFT
[2011/12/16 06:47:58 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2011/12/08 00:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\youtube videos
[2007/11/18 17:15:34 | 000,159,744 | ---- | C] (CANON INC.) -- C:\Program Files\SGTBox.exe
[2007/11/18 17:15:34 | 000,112,128 | ---- | C] (Canon Inc.) -- C:\Program Files\cfpJpeg.dll
[2007/11/18 17:15:34 | 000,087,552 | ---- | C] (Canon Inc.) -- C:\Program Files\Cfpapi.dll
[2007/11/18 17:15:34 | 000,073,728 | ---- | C] (CANON INC.) -- C:\Program Files\SGTBRES.dll
[2007/11/18 17:15:34 | 000,028,672 | ---- | C] (CANON INC.) -- C:\Program Files\chreg.exe
[2007/11/18 17:15:33 | 000,511,424 | ---- | C] (Microsoft Corporation) -- C:\Program Files\40comupd.exe
[2007/11/18 17:15:33 | 000,468,992 | ---- | C] (Canon Inc.) -- C:\Program Files\cefpix.dll
[2007/11/18 17:15:33 | 000,118,272 | ---- | C] (Media Cybernetics, L.P.) -- C:\Program Files\Ifftif32.dll
[2007/11/18 17:15:33 | 000,083,968 | ---- | C] (Media Cybernetics, L.P.) -- C:\Program Files\Iffjpg32.dll
[2007/11/18 17:15:33 | 000,025,600 | ---- | C] (Media Cybernetics, L.P.) -- C:\Program Files\Iffpcx32.dll
[2007/11/18 17:15:33 | 000,020,992 | ---- | C] (Media Cybernetics, L.P.) -- C:\Program Files\Hiffl32.dll
[2007/11/18 17:13:12 | 000,052,224 | ---- | C] (Caere Corporation) -- C:\Program Files\train.dll
[2007/11/18 17:13:12 | 000,034,304 | ---- | C] (IntelliQuest Communications, Inc.) -- C:\Program Files\TABCTL32.DLL
[2007/11/18 17:13:12 | 000,020,992 | ---- | C] (Caere Corporation) -- C:\Program Files\wizard32.dll
[2007/11/18 17:13:12 | 000,013,312 | ---- | C] (Caere Corporation) -- C:\Program Files\rgreslang.dll
[2007/11/18 17:13:11 | 003,146,240 | ---- | C] (Caere Corporation) -- C:\Program Files\rgreseng.dll
[2007/11/18 17:13:11 | 000,400,896 | ---- | C] (Caere Corporation) -- C:\Program Files\regcmn32.dll
[2007/11/18 17:13:11 | 000,255,488 | ---- | C] (Pipeline Communications, Inc.) -- C:\Program Files\PLINE32.DLL
[2007/11/18 17:13:11 | 000,147,456 | ---- | C] (Caere Corporation) -- C:\Program Files\opstor32.dll
[2007/11/18 17:13:11 | 000,050,384 | ---- | C] (Caere Corporation) -- C:\Program Files\OPWARE16.EXE
[2007/11/18 17:13:11 | 000,044,032 | ---- | C] (Caere Corporation) -- C:\Program Files\OPware32.exe
[2007/11/18 17:13:11 | 000,024,576 | ---- | C] (Caere Corporation) -- C:\Program Files\opsrc32.dll
[2007/11/18 17:13:11 | 000,013,600 | ---- | C] (Calera Recognition Systems) -- C:\Program Files\OPUTIL16.DLL
[2007/11/18 17:13:11 | 000,012,288 | ---- | C] (Caere Corporation) -- C:\Program Files\opscan32.src
[2007/11/18 17:13:10 | 001,290,752 | ---- | C] (Caere Corporation) -- C:\Program Files\opreseng.dll
[2007/11/18 17:13:10 | 000,102,736 | ---- | C] (Caere Corporation) -- C:\Program Files\oppro16.ocr
[2007/11/18 17:13:10 | 000,090,112 | ---- | C] (Caere Corporation) -- C:\Program Files\oppro32.ocr
[2007/11/18 17:13:10 | 000,008,704 | ---- | C] (Caere Corporation) -- C:\Program Files\opreg32.dll
[2007/11/18 17:13:10 | 000,008,192 | ---- | C] (Caere Corporation) -- C:\Program Files\opmem32.src
[2007/11/18 17:13:09 | 000,140,288 | ---- | C] (Caere Corporation) -- C:\Program Files\OPHOOK32.dll
[2007/11/18 17:13:09 | 000,073,728 | ---- | C] (Caere Corporation) -- C:\Program Files\OPImgLib.dll
[2007/11/18 17:13:09 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Program Files\OP9Deins.exe
[2007/11/18 17:13:09 | 000,011,264 | ---- | C] (Caere Corporation) -- C:\Program Files\opdisk32.src
[2007/11/18 17:13:09 | 000,004,112 | ---- | C] (Caere Corporation) -- C:\Program Files\OPHOOK16.DLL
[2007/11/18 17:13:08 | 000,926,208 | ---- | C] (Caere Corporation) -- C:\Program Files\omnipage.exe
[2007/11/18 17:13:08 | 000,235,008 | ---- | C] (Pipeline Communications, Inc.) -- C:\Program Files\IQ_COM32.DLL
[2007/11/18 17:13:08 | 000,182,272 | ---- | C] (Caere Corporation) -- C:\Program Files\metafile.dll
[2007/11/18 17:13:08 | 000,155,648 | ---- | C] (IntelliQuest Communications, Inc.) -- C:\Program Files\ITP32.EXE
[2007/11/18 17:13:08 | 000,059,392 | ---- | C] (Pipeline Communications, Inc.) -- C:\Program Files\CRAM32.DLL
[2007/11/18 17:13:08 | 000,048,640 | ---- | C] (Blue Sky Software) -- C:\Program Files\INETWH32.dll
[2007/11/18 17:13:08 | 000,038,400 | ---- | C] (Caere Corporation) -- C:\Program Files\ivwres0.dll
[2007/11/18 17:11:40 | 002,142,208 | ---- | C] (ArcSoft, Inc.) -- C:\Program Files\PhotoStudio.exe
[2007/11/18 17:11:39 | 000,131,072 | ---- | C] (Arcsoft Inc.) -- C:\Program Files\ArcInet.dll
[2007/11/18 17:11:28 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files\STI.DLL
[2005/02/16 11:06:16 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Program Files\HijackThis.exe
[2001/12/18 19:27:34 | 000,221,184 | ---- | C] (Logitech Inc.) -- C:\Program Files\WebCast.dll
[2001/12/18 19:26:36 | 000,274,432 | ---- | C] (Logitech Inc.) -- C:\Program Files\LWebCast.dll
[2001/12/18 19:26:28 | 000,163,840 | ---- | C] (Logitech Inc.) -- C:\Program Files\WebCam.dll
[2001/12/18 19:25:42 | 000,204,800 | ---- | C] (Logitech Inc.) -- C:\Program Files\LWebCam.dll
[2001/12/18 19:25:34 | 000,126,976 | ---- | C] (Logitech Inc.) -- C:\Program Files\WebCamRT.exe
[2001/12/18 19:24:50 | 000,032,768 | ---- | C] (Logitech Inc.) -- C:\Program Files\LWebCamR.dll
[2001/12/18 19:24:42 | 000,098,304 | ---- | C] (Logitech Inc.) -- C:\Program Files\WCStatus.dll
[2001/12/18 19:24:00 | 000,020,480 | ---- | C] (Logitech Inc.) -- C:\Program Files\LWCStatu.dll
[2001/12/18 19:23:26 | 000,057,344 | ---- | C] (Logitech Inc.) -- C:\Program Files\LWCComn.dll
[2001/12/18 19:23:20 | 000,053,248 | ---- | C] (Logitech Inc.) -- C:\Program Files\DualCam.exe
[2001/12/18 19:22:42 | 000,081,920 | ---- | C] (Logitech Inc.) -- C:\Program Files\LDualCam.dll
[2001/12/18 19:22:34 | 000,180,224 | ---- | C] (Logitech Inc.) -- C:\Program Files\WebAlbum.dll
[2001/12/18 19:21:44 | 000,241,664 | ---- | C] (Logitech Inc.) -- C:\Program Files\LWebAlbu.dll
[2001/12/18 19:21:08 | 000,159,744 | ---- | C] (Logitech Inc.) -- C:\Program Files\QCSup.dll
[2001/12/18 19:20:20 | 000,073,728 | ---- | C] (Logitech Inc.) -- C:\Program Files\LQCSup.dll
[2001/12/18 19:20:12 | 000,110,592 | ---- | C] (Logitech Inc.) -- C:\Program Files\VMail.dll
[2001/12/18 19:19:52 | 000,020,480 | ---- | C] (Logitech Inc.) -- C:\Program Files\LogiMail.exe
[2001/12/18 19:19:20 | 000,983,040 | ---- | C] (Logitech Inc.) -- C:\Program Files\LVMail.dll
[2001/12/18 19:19:12 | 000,077,824 | ---- | C] (Logitech Inc.) -- C:\Program Files\LVMComp.dll
[2001/12/18 19:18:24 | 000,020,480 | ---- | C] (Logitech Inc.) -- C:\Program Files\LLVMComp.dll
[2001/12/18 19:18:18 | 000,053,248 | ---- | C] (Logitech Inc.) -- C:\Program Files\LVMAVI.dll
[2001/12/18 19:18:04 | 000,036,864 | ---- | C] (Logitech Inc.) -- C:\Program Files\AOLMWiz.exe
[2001/12/18 19:17:30 | 000,028,672 | ---- | C] (Logitech Inc.) -- C:\Program Files\LAOLMWiz.dll
[2001/12/18 19:17:22 | 000,118,784 | ---- | C] (Logitech Inc.) -- C:\Program Files\Radar.dll
[2001/12/18 19:16:38 | 000,126,976 | ---- | C] (Logitech Inc.) -- C:\Program Files\LRadar.dll
[2001/12/18 19:16:30 | 000,204,800 | ---- | C] (Logitech Inc.) -- C:\Program Files\QuickCam.exe
[2001/12/18 19:15:20 | 003,641,344 | ---- | C] (Logitech Inc.) -- C:\Program Files\LQuickCa.dll
[2001/12/18 19:14:40 | 000,114,688 | ---- | C] (Logitech Inc.) -- C:\Program Files\Update.dll
[2001/12/18 19:13:56 | 000,036,864 | ---- | C] (Logitech Inc.) -- C:\Program Files\LUpdate.dll
[2001/12/18 19:13:48 | 000,184,320 | ---- | C] (Logitech Inc.) -- C:\Program Files\LIU_UPD.dll
[2001/12/18 19:13:40 | 000,163,840 | ---- | C] (Logitech Inc.) -- C:\Program Files\LIU_PROD.dll
[2001/12/18 19:13:32 | 000,057,344 | ---- | C] (Logitech Inc.) -- C:\Program Files\WaveChk.exe
[2001/12/18 19:12:56 | 000,421,888 | ---- | C] (Logitech Inc.) -- C:\Program Files\LWaveChe.dll
[2001/12/18 19:12:48 | 000,040,960 | ---- | C] (Logitech Inc.) -- C:\Program Files\QCWebPre.ocx
[2001/12/18 19:12:40 | 000,090,112 | ---- | C] (Logitech Inc.) -- C:\Program Files\QCPipe.dll
[2001/12/18 19:12:02 | 000,016,384 | ---- | C] (Logitech Inc.) -- C:\Program Files\LQCPipe.dll
[2001/12/18 19:11:56 | 000,065,536 | ---- | C] (Logitech Inc.) -- C:\Program Files\PUpdate.exe
[2001/12/18 19:11:44 | 000,106,496 | ---- | C] (Logitech Inc.) -- C:\Program Files\QCCtrl.dll
[2001/12/18 19:11:32 | 000,077,824 | ---- | C] (Logitech Inc.) -- C:\Program Files\PicVid.dll
[2001/12/18 19:10:54 | 000,180,224 | ---- | C] (Logitech Inc.) -- C:\Program Files\LPicVid.dll
[2001/12/18 19:10:46 | 000,290,816 | ---- | C] (Logitech Inc.) -- C:\Program Files\QCWebCOM.dll
[2001/12/18 19:09:44 | 000,659,456 | ---- | C] (Logitech Inc.) -- C:\Program Files\LQCWebCo.dll
[2001/12/18 19:09:36 | 000,061,440 | ---- | C] (Logitech Inc.) -- C:\Program Files\FileMenu.dll
[2001/12/18 19:08:54 | 000,020,480 | ---- | C] (Logitech Inc.) -- C:\Program Files\LFileMen.dll
[2001/12/18 19:08:48 | 000,065,536 | ---- | C] (Logitech Inc.) -- C:\Program Files\Edit.dll
[2001/12/18 19:08:10 | 000,032,768 | ---- | C] (Logitech Inc.) -- C:\Program Files\LEdit.dll
[2001/12/18 19:08:00 | 000,512,000 | ---- | C] (Logitech Inc.) -- C:\Program Files\Editor.exe
[2001/12/18 19:06:52 | 000,253,952 | ---- | C] (Logitech Inc.) -- C:\Program Files\LEditor.dll
[2001/12/18 19:06:44 | 000,241,664 | ---- | C] (Logitech Inc.) -- C:\Program Files\Album.dll
[2001/12/18 19:05:52 | 000,225,280 | ---- | C] (Logitech Inc.) -- C:\Program Files\LAlbum.dll
[2001/12/18 19:05:44 | 000,131,072 | ---- | C] (Logitech Inc.) -- C:\Program Files\Anim.dll
[2001/12/18 19:05:00 | 001,048,576 | ---- | C] (Logitech Inc.) -- C:\Program Files\LAnim.dll
[2001/12/18 19:04:32 | 000,360,448 | ---- | C] (Logitech Inc.) -- C:\Program Files\QCUI.dll
[2001/12/18 19:03:32 | 000,032,768 | ---- | C] (Logitech Inc.) -- C:\Program Files\LQCUI.dll
[2001/12/18 18:58:02 | 000,081,920 | ---- | C] (Logitech Inc.) -- C:\Program Files\QCImage.dll
[2001/12/18 18:57:52 | 000,126,976 | ---- | C] (Logitech Inc.) -- C:\Program Files\LVMMail.dll
[2001/12/18 18:56:56 | 000,028,672 | ---- | C] (Logitech Inc.) -- C:\Program Files\LLVMMail.dll
[2001/12/18 18:46:42 | 000,053,248 | ---- | C] (Logitech Inc.) -- C:\Program Files\AviToRV.dll
[2001/12/18 18:39:24 | 000,058,368 | ---- | C] (Cresta Systems, Inc.) -- C:\Program Files\Csh263.dll
[2001/12/18 18:39:24 | 000,023,040 | ---- | C] (Cresta Systems, Inc.) -- C:\Program Files\Csa2c.dll
[2001/12/18 18:18:40 | 000,106,496 | ---- | C] (SpotLife Inc.) -- C:\Program Files\SLINet.dll
[2001/12/18 18:18:36 | 000,056,320 | ---- | C] (Distinct Corporation) -- C:\Program Files\DSTNCT32.dll
[2001/12/18 18:18:36 | 000,047,104 | ---- | C] (Distinct Corporation) -- C:\Program Files\D32-FW.dll
[2001/12/18 18:18:36 | 000,039,936 | ---- | C] (Distinct Corporation) -- C:\Program Files\GHOST32.exe
[2001/05/17 15:45:50 | 000,500,224 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Rnco3260.dll
[2001/05/17 15:45:50 | 000,329,728 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Rmto3260.dll
[2001/05/17 15:45:50 | 000,090,624 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Rv203260.dll
[2001/05/17 15:45:50 | 000,041,472 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Sdpp3260.dll
[2001/05/17 15:45:50 | 000,030,208 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Rv103260.dll
[2001/05/17 15:45:50 | 000,028,160 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Rn5a3260.dll
[2001/05/17 15:45:50 | 000,017,408 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Sipr3260.dll
[2001/05/17 15:45:48 | 000,521,728 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Rmme3260.dll
[2001/05/17 15:45:48 | 000,510,976 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Rmbe3260.dll
[2001/05/17 15:45:48 | 000,379,904 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Pngu3264.dll
[2001/05/17 15:45:48 | 000,278,528 | R--- | C] (Real Networks, Inc) -- C:\Program Files\Pncrt.dll
[2001/05/17 15:45:48 | 000,272,384 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Erv23260.dll
[2001/05/17 15:45:48 | 000,092,672 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Erv13260.dll
[2001/05/17 15:45:48 | 000,011,264 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Pnrs3260.dll
[2001/05/17 15:45:46 | 000,447,488 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Encn3260.dll
[2001/05/17 15:45:46 | 000,084,992 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\14_43260.dll
[2001/05/17 15:45:46 | 000,078,848 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Ednt3260.dll
[2001/05/17 15:45:46 | 000,044,032 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\28_83260.dll
[2001/05/17 15:45:46 | 000,030,208 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Auth3260.dll
[2001/05/17 15:45:46 | 000,025,088 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Cook3260.dll
[2001/05/17 15:45:46 | 000,023,552 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Cokr3260.dll
[2001/05/17 15:45:46 | 000,023,552 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Basc3260.dll
[2001/05/17 15:45:46 | 000,021,504 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Enlv3260.dll
[2001/05/17 15:45:46 | 000,020,480 | R--- | C] (RealNetworks, Inc.) -- C:\Program Files\Dnet3260.dll
[2001/02/20 17:30:44 | 000,854,528 | R--- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Ltwvc12n.dll
[2001/02/20 11:10:56 | 000,189,952 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltscr12n.ocx
[2001/02/20 11:10:42 | 000,609,280 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Ltocx12n.ocx
[2001/02/20 11:07:50 | 000,144,384 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LTSCR12n.DLL
[2001/02/19 10:50:58 | 000,164,352 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpng12n.dll
[2001/02/19 10:49:04 | 000,314,368 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LFCMP12n.dll
[2001/02/19 10:36:18 | 000,027,136 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfwfx12n.dll
[2001/02/19 10:36:14 | 000,155,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lftif12n.dll
[2001/02/19 10:35:58 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lftga12n.dll
[2001/02/19 10:35:46 | 000,056,320 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpsd12n.dll
[2001/02/19 10:35:32 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lfpcd12n.dll
[2001/02/19 10:35:26 | 000,033,280 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpcx12n.dll
[2001/02/19 10:35:22 | 000,071,680 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfpct12n.dll
[2001/02/19 10:33:58 | 000,100,352 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lffpx12n.dll
[2001/02/19 10:32:14 | 000,036,864 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfbmp12n.dll
[2001/02/19 10:32:04 | 000,025,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lfavi12n.dll
[2001/02/19 10:31:54 | 000,078,336 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Lffax12n.dll
[2001/02/19 10:31:00 | 000,051,712 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lttmb12n.dll
[2001/02/19 10:30:56 | 000,066,048 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltlst12n.dll
[2001/02/19 10:30:20 | 000,309,760 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltdlg12n.dll
[2001/02/19 10:29:56 | 000,041,472 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\lttwn12n.dll
[2001/02/19 10:29:52 | 000,166,400 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Ltimg12n.dll
[2001/02/19 10:29:30 | 000,227,840 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Ltefx12n.dll
[2001/02/19 10:29:18 | 000,753,152 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\ltann12n.dll
[2001/02/19 10:28:58 | 000,121,344 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Ltfil12n.dll
[2001/02/19 10:28:42 | 000,279,040 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\LTDIS12n.dll
[2001/02/19 10:28:16 | 000,406,016 | ---- | C] (LEAD Technologies, Inc.) -- C:\Program Files\Ltkrn12n.dll
[2000/05/02 03:17:00 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Program Files\PCDLIB32.DLL
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
Reply With Quote
  #7  
Old December 31st, 2011, 01:54 AM
pcblues pcblues is offline
Senior Member
 
Join Date: Dec 2011
O/S: Windows 7 64-bit
Location: Australia
Posts: 135
========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\Owner\My Documents\Légifelvételek az átszakadt gátról.pps
[2011/12/31 10:21:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/12/31 10:04:40 | 000,012,536 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\andras 31 dec offline.rtf
[2011/12/31 09:59:21 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/31 09:55:58 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/31 09:53:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/31 00:23:09 | 000,003,054 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Andras 30 dec offline.rtf
[2011/12/31 00:21:28 | 000,056,466 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\jack 30 dec.rtf
[2011/12/31 00:18:37 | 000,008,504 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\allen 30 dec.rtf
[2011/12/31 00:16:37 | 000,220,951 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\rrrrrrrrrrrrrrrrrrrrrrrrr.rtf
[2011/12/31 00:03:34 | 137,326,492 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\JBNHNHJTB12.rar
[2011/12/30 22:39:54 | 000,014,385 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\happy new year images.jpg
[2011/12/30 22:34:20 | 001,576,960 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\BUÉK- jegesmedve.pps
[2011/12/30 16:39:18 | 000,001,611 | ---- | M] () -- C:\WINDOWS\pstudio.ini
[2011/12/30 16:39:18 | 000,000,028 | ---- | M] () -- C:\WINDOWS\album.ini
[2011/12/30 16:39:14 | 000,117,691 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\dll firefox 2.jpg
[2011/12/30 13:40:31 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/30 13:19:20 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
[2011/12/30 12:48:17 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/12/30 12:19:57 | 003,243,768 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\Owner\My Documents\spywareblastersetup45.exe
[2011/12/30 11:21:36 | 015,292,208 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner\My Documents\Firefox Setup 9.0.1.exe
[2011/12/30 11:15:56 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\rusty.rtf
[2011/12/30 11:06:40 | 000,099,461 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\net run time dll 30-dec01.jpg
[2011/12/30 10:58:29 | 000,463,010 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/30 10:58:29 | 000,078,956 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/30 10:17:30 | 000,087,738 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\firefox dll 30 dec1.jpg
[2011/12/30 09:25:16 | 000,011,872 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\andras hm.rtf
[2011/12/29 23:49:57 | 000,699,615 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\fw.zip
[2011/12/29 12:35:01 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/12/28 23:40:09 | 000,018,667 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\belle 28 dec.rtf
[2011/12/28 23:39:48 | 000,005,477 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\fs 28th dec.rtf
[2011/12/28 23:38:12 | 000,010,078 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\quiet 28 dec.rtf
[2011/12/28 22:45:29 | 000,330,782 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\rrrrrrrrr.rtf
[2011/12/28 14:02:31 | 000,006,853 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\FS 28 dec.rtf
[2011/12/28 14:02:10 | 000,060,322 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\blackice.. hmm.rtf
[2011/12/28 13:24:43 | 000,173,578 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\heathers room.rtf
[2011/12/27 18:07:48 | 000,002,178 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\blackice new year.rtf
[2011/12/27 09:11:42 | 000,080,865 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\dll 27-1.jpg
[2011/12/26 23:41:28 | 000,799,744 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Top_Images.pps
[2011/12/26 18:30:30 | 000,216,012 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\skype02.jpg
[2011/12/26 18:29:20 | 000,083,094 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\skype01.jpg
[2011/12/26 17:46:42 | 000,337,363 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Firewall 24-12-11.jpg
[2011/12/26 17:45:23 | 000,338,750 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Firewall 24-12.jpg
[2011/12/26 16:49:25 | 000,184,325 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Firewall major-02.jpg
[2011/12/26 16:46:21 | 000,143,128 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Firewall 1.jpg
[2011/12/26 15:52:17 | 000,066,400 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\paltalk dll.jpg
[2011/12/25 12:48:34 | 074,638,528 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\msert.exe
[2011/12/25 10:14:15 | 000,210,327 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\dll hmm1.jpg
[2011/12/24 23:16:40 | 000,207,091 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\port csan attack.jpg
[2011/12/24 22:24:26 | 000,007,453 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\fairies 2.rtf
[2011/12/24 22:15:14 | 000,002,475 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\fairies Christmas.rtf
[2011/12/24 17:45:48 | 000,000,332 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\pundit Christmas.rtf
[2011/12/22 19:38:36 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/22 09:07:31 | 000,121,101 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\dsl dec 2011-.jpg
[2011/12/20 23:03:36 | 000,333,767 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\snow 3.jpg
[2011/12/20 23:01:16 | 000,179,338 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\snow02.jpg
[2011/12/20 22:58:25 | 000,105,292 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Snow 01.jpg
[2011/12/19 23:51:31 | 000,118,563 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\A Ipad cover transfer.jpg
[2011/12/19 07:30:40 | 000,005,637 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\wiss offline 2.rtf
[2011/12/18 18:56:51 | 000,012,695 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\wiss reply to offline.rtf
[2011/12/18 08:00:56 | 000,002,366 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\wiss offline.rtf
[2011/12/17 23:39:30 | 000,084,035 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\room 17 dec.rtf
[2011/12/17 21:58:45 | 141,322,709 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Az Operett házhoz jön (HD).mp4
[2011/12/16 06:47:58 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2011/12/15 22:29:16 | 000,254,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/13 16:40:20 | 000,037,535 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\blackice offline.rtf
[2011/12/12 18:26:50 | 910,725,120 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\BackupG9-12.bkf
[2011/12/12 17:58:43 | 000,006,889 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\re blackice offline.rtf
[2011/12/11 17:41:45 | 000,004,324 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cc_20111211_174141.reg
[2011/12/10 18:25:26 | 000,058,720 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Marian show room lol1.jpg
[2011/12/10 13:37:07 | 000,089,561 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Byron bay.jpg
[2011/12/10 13:35:40 | 000,103,327 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\yellowstone.jpg
[2011/12/10 13:34:55 | 000,041,708 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Gobi Mongolia.jpg
[2011/12/10 13:32:22 | 000,027,732 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Kenya1.jpg
[2011/12/10 13:30:45 | 000,024,072 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Gobi-Desert-Mongolia.jpg
[2011/12/09 23:52:15 | 000,016,062 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\allan grrr offline.rtf
[2011/12/09 17:54:17 | 003,859,849 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\gin cured salmon 01.jpg
[2011/12/09 17:47:26 | 000,292,158 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Gin Cured Salmon.jpg
[2011/12/09 09:55:04 | 000,137,151 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Gillard 10-decBustsmain.jpg
[2011/12/09 00:28:47 | 000,522,880 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\marian room 9 dec.rtf
[2011/12/09 00:18:07 | 000,063,269 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Marian 9 dec OMG.rtf
[2011/12/08 19:11:00 | 000,944,574 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Prize Home Ticket-pdf.axx
[2011/12/08 19:08:07 | 000,053,134 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Endeavour dec 2011-jpg.axx
[2011/12/04 14:13:32 | 014,481,286 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\BM 2 - 4dec.mp3
[2011/12/04 13:48:38 | 011,879,518 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Jeffrey Gaines.mp3
[2011/12/04 11:54:38 | 010,256,763 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\BM 4 dec .mp3
[2011/12/02 13:18:18 | 000,012,512 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\1 Palpic1.jpg
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/31 10:04:40 | 000,012,536 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\andras 31 dec offline.rtf
[2011/12/31 00:23:09 | 000,003,054 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Andras 30 dec offline.rtf
[2011/12/31 00:20:08 | 000,056,466 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\jack 30 dec.rtf
[2011/12/31 00:18:36 | 000,008,504 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\allen 30 dec.rtf
[2011/12/31 00:16:37 | 000,220,951 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\rrrrrrrrrrrrrrrrrrrrrrrrr.rtf
[2011/12/30 23:53:48 | 137,326,492 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\JBNHNHJTB12.rar
[2011/12/30 22:39:53 | 000,014,385 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\happy new year images.jpg
[2011/12/30 22:34:15 | 001,576,960 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\BUÉK- jegesmedve.pps
[2011/12/30 16:39:14 | 000,117,691 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\dll firefox 2.jpg
[2011/12/30 11:15:56 | 000,001,877 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\rusty.rtf
[2011/12/30 11:06:40 | 000,099,461 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\net run time dll 30-dec01.jpg
[2011/12/30 10:17:30 | 000,087,738 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\firefox dll 30 dec1.jpg
[2011/12/30 09:25:16 | 000,011,872 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\andras hm.rtf
[2011/12/29 23:49:53 | 000,699,615 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\fw.zip
[2011/12/28 23:40:09 | 000,018,667 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\belle 28 dec.rtf
[2011/12/28 23:39:48 | 000,005,477 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\fs 28th dec.rtf
[2011/12/28 23:38:12 | 000,010,078 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\quiet 28 dec.rtf
[2011/12/28 22:45:29 | 000,330,782 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\rrrrrrrrr.rtf
[2011/12/28 14:02:31 | 000,006,853 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\FS 28 dec.rtf
[2011/12/28 14:02:10 | 000,060,322 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\blackice.. hmm.rtf
[2011/12/28 13:24:43 | 000,173,578 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\heathers room.rtf
[2011/12/27 18:07:48 | 000,002,178 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\blackice new year.rtf
[2011/12/27 09:11:42 | 000,080,865 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\dll 27-1.jpg
[2011/12/26 23:41:22 | 000,799,744 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Top_Images.pps
[2011/12/26 18:30:30 | 000,216,012 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\skype02.jpg
[2011/12/26 18:29:20 | 000,083,094 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\skype01.jpg
[2011/12/26 17:46:41 | 000,337,363 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Firewall 24-12-11.jpg
[2011/12/26 17:45:22 | 000,338,750 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Firewall 24-12.jpg
[2011/12/26 16:49:25 | 000,184,325 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Firewall major-02.jpg
[2011/12/26 16:46:21 | 000,143,128 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Firewall 1.jpg
[2011/12/26 15:52:17 | 000,066,400 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\paltalk dll.jpg
[2011/12/25 10:14:15 | 000,210,327 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\dll hmm1.jpg
[2011/12/24 23:16:40 | 000,207,091 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\port csan attack.jpg
[2011/12/24 22:24:26 | 000,007,453 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\fairies 2.rtf
[2011/12/24 22:15:14 | 000,002,475 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\fairies Christmas.rtf
[2011/12/24 17:45:48 | 000,000,332 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\pundit Christmas.rtf
[2011/12/22 09:07:31 | 000,121,101 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\dsl dec 2011-.jpg
[2011/12/20 23:03:36 | 000,333,767 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\snow 3.jpg
[2011/12/20 23:01:16 | 000,179,338 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\snow02.jpg
[2011/12/20 22:58:25 | 000,105,292 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Snow 01.jpg
[2011/12/19 23:51:31 | 000,118,563 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\A Ipad cover transfer.jpg
[2011/12/19 07:30:40 | 000,005,637 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\wiss offline 2.rtf
[2011/12/18 18:56:51 | 000,012,695 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\wiss reply to offline.rtf
[2011/12/18 08:00:56 | 000,002,366 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\wiss offline.rtf
[2011/12/17 23:39:30 | 000,084,035 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\room 17 dec.rtf
[2011/12/17 21:45:06 | 141,322,709 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Az Operett házhoz jön (HD).mp4
[2011/12/12 18:15:27 | 910,725,120 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\BackupG9-12.bkf
[2011/12/12 17:58:43 | 000,006,889 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\re blackice offline.rtf
[2011/12/11 20:46:56 | 000,037,535 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\blackice offline.rtf
[2011/12/11 17:41:43 | 000,004,324 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cc_20111211_174141.reg
[2011/12/10 18:25:26 | 000,058,720 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Marian show room lol1.jpg
[2011/12/10 13:37:07 | 000,089,561 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Byron bay.jpg
[2011/12/10 13:35:40 | 000,103,327 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\yellowstone.jpg
[2011/12/10 13:34:54 | 000,041,708 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Gobi Mongolia.jpg
[2011/12/10 13:32:21 | 000,027,732 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Kenya1.jpg
[2011/12/10 13:30:40 | 000,024,072 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Gobi-Desert-Mongolia.jpg
[2011/12/09 23:52:15 | 000,016,062 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\allan grrr offline.rtf
[2011/12/09 17:54:15 | 003,859,849 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\gin cured salmon 01.jpg
[2011/12/09 17:47:26 | 000,292,158 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Gin Cured Salmon.jpg
[2011/12/09 09:55:01 | 000,137,151 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Gillard 10-decBustsmain.jpg
[2011/12/09 00:28:47 | 000,522,880 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\marian room 9 dec.rtf
[2011/12/09 00:18:07 | 000,063,269 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Marian 9 dec OMG.rtf
[2011/12/08 19:11:00 | 000,944,574 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Prize Home Ticket-pdf.axx
[2011/12/08 19:08:06 | 000,053,134 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Endeavour dec 2011-jpg.axx
[2011/12/04 14:12:59 | 014,481,286 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\BM 2 - 4dec.mp3
[2011/12/04 13:47:29 | 011,879,518 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Jeffrey Gaines.mp3
[2011/12/04 11:54:18 | 010,256,763 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\BM 4 dec .mp3
[2011/12/02 13:18:18 | 000,012,512 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\1 Palpic1.jpg
[2011/09/29 14:08:17 | 000,001,226 | ---- | C] () -- C:\WINDOWS\SplitCam.INI
[2011/07/08 11:25:51 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011/06/19 17:11:28 | 000,000,087 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/06/19 15:11:46 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Rmafiyayiyohuy.dat
[2011/06/19 15:11:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xpiduqehis.bin
[2011/05/15 16:12:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/15 12:14:44 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/15 12:14:44 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/05/12 00:48:55 | 000,392,584 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/03/23 11:41:43 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/03/22 16:55:40 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/03/22 16:55:39 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/03/22 16:55:33 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/03/14 15:44:08 | 000,052,972 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/15 17:02:38 | 000,000,015 | ---- | C] () -- C:\WINDOWS\ASSE.dat
[2010/08/22 11:21:27 | 000,000,137 | ---- | C] () -- C:\WINDOWS\oports.INI
[2010/07/29 13:23:41 | 000,921,600 | ---- | C] () -- C:\WINDOWS\vorbisenc.dll
[2010/07/29 13:23:41 | 000,237,568 | ---- | C] () -- C:\WINDOWS\OggDS.dll
[2010/07/29 13:23:41 | 000,188,416 | ---- | C] () -- C:\WINDOWS\vorbis.dll
[2010/07/29 13:23:41 | 000,066,048 | ---- | C] () -- C:\WINDOWS\MP4.dll
[2010/07/29 13:23:41 | 000,045,056 | ---- | C] () -- C:\WINDOWS\ogg.dll
[2010/07/29 13:23:41 | 000,023,552 | ---- | C] () -- C:\WINDOWS\mkunicode.dll
[2010/06/28 22:07:24 | 000,069,632 | ---- | C] () -- C:\WINDOWS\realbap1.dll
[2010/06/28 22:07:24 | 000,045,568 | ---- | C] () -- C:\WINDOWS\realbsf1.dll
[2010/06/28 22:06:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\realbap1.dll
[2010/06/28 22:06:26 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\realbsf1.dll
[2009/11/10 17:35:23 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/01 08:46:46 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/08/17 17:19:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.b in
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/04 16:46:36 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/04/11 15:15:25 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/04/11 15:15:25 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/03/11 15:12:29 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2007/11/19 16:15:26 | 000,000,025 | ---- | C] () -- C:\WINDOWS\DrvErase.INI
[2007/11/18 17:15:34 | 000,036,864 | ---- | C] () -- C:\Program Files\SGTBPBM.exe
[2007/11/18 17:15:32 | 000,006,784 | ---- | C] () -- C:\Program Files\readme.wri
[2007/11/18 17:13:12 | 000,041,472 | ---- | C] () -- C:\Program Files\sfw32.lok
[2007/11/18 17:13:12 | 000,009,216 | ---- | C] () -- C:\Program Files\caerereg.exe
[2007/11/18 17:13:12 | 000,004,528 | ---- | C] () -- C:\Program Files\Setbrows.exe
[2007/11/18 17:13:12 | 000,001,004 | ---- | C] () -- C:\Program Files\SHELLEXT.REG
[2007/11/18 17:13:11 | 000,135,088 | ---- | C] () -- C:\Program Files\Phone.inf
[2007/11/18 17:13:11 | 000,001,270 | ---- | C] () -- C:\Program Files\opvc_s.bmp
[2007/11/18 17:13:11 | 000,001,270 | ---- | C] () -- C:\Program Files\opvc_n.bmp
[2007/11/18 17:13:11 | 000,000,606 | ---- | C] () -- C:\Program Files\Pipeline.ini
[2007/11/18 17:13:09 | 001,435,279 | ---- | C] () -- C:\Program Files\OPManual.pdf
[2007/11/18 17:13:09 | 000,250,880 | ---- | C] () -- C:\Program Files\OpFor80.Dot
[2007/11/18 17:13:09 | 000,043,008 | ---- | C] () -- C:\Program Files\OpFor70.Dot
[2007/11/18 17:13:08 | 000,091,648 | ---- | C] () -- C:\Program Files\aware97.ppa
[2007/11/18 17:13:08 | 000,065,024 | ---- | C] () -- C:\Program Files\aware97.xla
[2007/11/18 17:13:08 | 000,060,928 | ---- | C] () -- C:\Program Files\IVWord.wll
[2007/11/18 17:13:08 | 000,002,943 | ---- | C] () -- C:\Program Files\dll0.20
[2007/11/18 17:13:08 | 000,001,793 | ---- | C] () -- C:\Program Files\Mailform.ctl
[2007/11/18 17:13:07 | 000,144,896 | ---- | C] () -- C:\Program Files\aware97.dot
[2007/11/18 17:13:07 | 000,029,711 | ---- | C] () -- C:\Program Files\DeIsL1.isu
[2007/11/18 17:13:07 | 000,000,664 | ---- | C] () -- C:\Program Files\omnipage.dat
[2007/11/18 17:11:39 | 000,952,320 | ---- | C] () -- C:\Program Files\PhBase.dll
[2007/11/18 17:11:28 | 000,308,736 | ---- | C] () -- C:\Program Files\Fpxlib.dll
[2007/11/18 17:11:28 | 000,115,712 | ---- | C] () -- C:\Program Files\Filefpx.dll
[2007/11/18 17:11:27 | 000,049,016 | ---- | C] () -- C:\Program Files\Uninst.isu
[2007/11/18 16:35:02 | 000,054,556 | ---- | C] () -- C:\Program Files\gallery.chm
[2007/11/18 16:35:02 | 000,047,139 | ---- | C] () -- C:\Program Files\webcam.chm
[2007/11/18 16:35:02 | 000,039,243 | ---- | C] () -- C:\Program Files\QCWebCas.chm
[2007/11/18 16:35:01 | 000,053,710 | ---- | C] () -- C:\Program Files\pictvid.chm
[2007/11/18 16:35:01 | 000,050,304 | ---- | C] () -- C:\Program Files\animate.chm
[2007/11/18 16:35:01 | 000,045,347 | ---- | C] () -- C:\Program Files\walbum.chm
[2007/11/18 16:35:01 | 000,038,501 | ---- | C] () -- C:\Program Files\motion.chm
[2007/11/18 16:34:35 | 000,000,000 | ---- | C] () -- C:\Program Files\WebCamRT.exe.local
[2007/11/18 16:34:35 | 000,000,000 | ---- | C] () -- C:\Program Files\WaveChk.exe.local
[2007/11/18 16:34:35 | 000,000,000 | ---- | C] () -- C:\Program Files\QuickCam.exe.local
[2007/11/18 16:34:35 | 000,000,000 | ---- | C] () -- C:\Program Files\PUpdate.exe.local
[2007/11/18 16:34:35 | 000,000,000 | ---- | C] () -- C:\Program Files\LogiReg.exe.local
[2007/11/18 16:34:35 | 000,000,000 | ---- | C] () -- C:\Program Files\LogiMail.exe.local
[2007/11/18 16:34:35 | 000,000,000 | ---- | C] () -- C:\Program Files\HijackThis.exe.local
[2007/11/18 16:34:35 | 000,000,000 | ---- | C] () -- C:\Program Files\GHOST32.exe.local
[2007/11/18 16:34:35 | 000,000,000 | ---- | C] () -- C:\Program Files\Editor.exe.local
[2007/11/18 16:34:35 | 000,000,000 | ---- | C] () -- C:\Program Files\DualCam.exe.local
[2007/11/18 16:34:35 | 000,000,000 | ---- | C] () -- C:\Program Files\AOLMWiz.exe.local
[2007/11/18 16:27:36 | 001,197,419 | ---- | C] () -- C:\Program Files\QCamhtg.chm
[2007/11/18 16:26:02 | 000,028,120 | ---- | C] () -- C:\Program Files\Install.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/23 20:27:16 | 000,064,512 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\dach100.dll
[2007/09/23 20:19:30 | 000,000,146 | ---- | C] () -- C:\WINDOWS\anticrash.dat
[2007/09/23 20:19:30 | 000,000,120 | -H-- | C] () -- C:\WINDOWS\winshell.dat
[2007/07/29 11:25:28 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2007/07/27 18:32:01 | 000,054,784 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/26 11:20:31 | 000,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2007/07/25 16:48:26 | 000,626,688 | ---- | C] () -- C:\WINDOWS\System32\dfxg13.dll
[2007/07/25 15:50:00 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2007/07/25 15:48:24 | 000,000,021 | ---- | C] () -- C:\WINDOWS\phbase.ini
[2007/07/25 15:46:40 | 000,000,571 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/07/25 15:45:34 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2007/07/25 15:43:57 | 000,001,611 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2007/07/25 15:43:57 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2007/07/25 15:28:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007/07/25 15:25:46 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2007/07/25 14:51:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/07/25 03:42:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/07/25 03:41:03 | 000,254,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/07/24 21:51:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/07/24 20:27:37 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/07/24 20:21:57 | 002,706,432 | R--- | C] () -- C:\WINDOWS\System32\s3gcil_inv.dll
[2007/07/24 20:01:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/07/24 19:56:26 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/15 18:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 00:56:44 | 000,056,880 | ---- | C] () -- C:\WINDOWS\System32\scvideo.dll
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/03/31 22:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 22:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 22:00:00 | 000,463,010 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 22:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 22:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 22:00:00 | 000,078,956 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 22:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 22:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 22:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 22:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/12/18 19:01:28 | 000,082,400 | ---- | C] () -- C:\Program Files\QCam.chm
[2001/12/18 18:59:18 | 000,016,221 | ---- | C] () -- C:\Program Files\Warranties.chm
[2001/11/20 03:05:10 | 000,005,228 | ---- | C] () -- C:\Program Files\v320_240.prx
[2001/11/20 03:05:10 | 000,005,228 | ---- | C] () -- C:\Program Files\v176_144.prx
[2001/11/20 03:05:08 | 000,005,228 | ---- | C] () -- C:\Program Files\v160_120.prx
[2001/11/20 03:05:08 | 000,005,228 | ---- | C] () -- C:\Program Files\v160_112.prx
[2001/11/01 10:04:40 | 000,015,712 | ---- | C] () -- C:\Program Files\upd_info.dat
[2000/06/19 17:49:48 | 000,009,264 | ---- | C] () -- C:\Program Files\Click.wav
[2000/05/20 17:23:48 | 000,086,016 | ---- | C] () -- C:\WINDOWS\StartupMonitor.exe
[2000/04/12 15:28:12 | 000,118,784 | ---- | C] () -- C:\Program Files\LFKODAK.dll
[2000/04/12 15:24:10 | 000,338,944 | ---- | C] () -- C:\Program Files\Lffpx7.dll
[1999/09/22 17:33:40 | 000,032,768 | ---- | C] () -- C:\Program Files\LogiReg.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D5907B8
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BDCFAD6

< End of report >
Reply With Quote
  #8  
Old December 31st, 2011, 02:03 AM
pcblues pcblues is offline
Senior Member
 
Join Date: Dec 2011
O/S: Windows 7 64-bit
Location: Australia
Posts: 135
trouble posting extras log

I've tried posting the extras log in two parts, but keep getting this error message. can i zip it and post it as an attachment ?

"You have included 22 images in your message. You are limited to using 10 images so please go back and correct the problem and then continue again.

Images include use of smilies, the BB code [img] tag and HTML <img> tags. The use of these is all subject to them being enabled by the administrator
."
Reply With Quote
  #9  
Old December 31st, 2011, 02:08 AM
pcblues pcblues is offline
Senior Member
 
Join Date: Dec 2011
O/S: Windows 7 64-bit
Location: Australia
Posts: 135
extras log pt 1

OTL Extras logfile created on: 31/12/2011 10:22:34 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

958.36 Mb Total Physical Memory | 248.87 Mb Available Physical Memory | 25.97% Memory free
2.26 Gb Paging File | 1.68 Gb Available in Paging File | 74.32% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 42.87 Gb Free Space | 28.76% Space Free | Partition Type: NTFS
Drive E: | 12.17 Gb Total Space | 4.34 Gb Free Space | 35.65% Space Free | Partition Type: FAT32
Drive F: | 6.45 Gb Total Space | 1.57 Gb Free Space | 24.30% Space Free | Partition Type: FAT32
Drive H: | 2328.76 Gb Total Space | 479.54 Gb Free Space | 20.59% Space Free | Partition Type: NTFS

Computer Name: OWNER-44FFE017E | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
Reply With Quote
  #10  
Old December 31st, 2011, 02:12 AM
pcblues pcblues is offline
Senior Member
 
Join Date: Dec 2011
O/S: Windows 7 64-bit
Location: Australia
Posts: 135
extras log pt 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List]
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
Reply With Quote
  #11  
Old December 31st, 2011, 02:20 AM
pcblues pcblues is offline
Senior Member
 
Join Date: Dec 2011
O/S: Windows 7 64-bit
Location: Australia
Posts: 135
extras log pt 3

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabled:@xpsp2res.dll,-22008
"1723:TCP" = 1723:TCP:*isabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*isabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"139:TCP" = 139:TCP:LocalSubNetisabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========
Reply With Quote
  #12  
Old December 31st, 2011, 02:30 AM
pcblues pcblues is offline
Senior Member
 
Join Date: Dec 2011
O/S: Windows 7 64-bit
Location: Australia
Posts: 135
trouble posting extras

Hi Mosaic

No matter how small sections of the remaining log i'm trying to post, i keep getting the 'error' message. I just looked at what's been posted and i see all those " smileys" , amazing.. where did they come from?
I'll wait for your response before i try again.

thanks in advance !
Reply With Quote
  #13  
Old December 31st, 2011, 09:50 PM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
The smileys are the images the message means. Smileys are created by typing certain character combinations. Your log is full of those. So let's do this. Scroll down to the bottom of the page when you want to reply. You'll see the quick reply box. Below that, Click on the Go Advanced button. This will open up a new page.

On this page, you can disable smilies under Additional options. Then type out your post (or paste in your extras log) and the problem should be resolved.

Last edited by Mosaic1; December 31st, 2011 at 10:05 PM.
Reply With Quote
  #14  
Old January 1st, 2012, 01:06 AM
pcblues pcblues is offline
Senior Member
 
Join Date: Dec 2011
O/S: Windows 7 64-bit
Location: Australia
Posts: 135
extras ( finally )

Hi Mosaic,

lol yes i know smileys but i wasn't aware of that they would appear automatically. glad it's sorted, here's the rest of the log !
thanks again for your help !!

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yaho o! FT Server
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabl ed:Yahoo! Messenger
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home -- (Nero AG)
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Disabled:Nero ProductSetup -- (Nero AG)
"C:\Documents and Settings\Owner\Local Settings\Temp\Nero Web\SetupXu.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\Nero Web\SetupXu.exe:*:Disabled:Nero ProductSetup
"C:\Program Files\Soulseek\slsk.exe" = C:\Program Files\Soulseek\slsk.exe:*:Disabled:SoulSeek
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Micros oft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Disabled:avgamsv r.exe
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Disabled:avgcc.exe
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Disabled:avginet. exe
"C:\Program Files\Nicotine+\nicotine.exe" = C:\Program Files\Nicotine+\nicotine.exe:*:Disabled:Client for SoulSeek filesharing system.
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Disabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Soulseek-Test\slsk.exe" = C:\Program Files\Soulseek-Test\slsk.exe:*:Disabled:SoulSeek
"C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Paltalk Messenger\paltalk.exe" = C:\Program Files\Paltalk Messenger\paltalk.exe:*:Disabled:Paltalk 9.1 -- (AVM Software Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{06024F70-15BC-4447-B53A-F1A7BBA21033}" = Nero 7 Ultra Edition
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{128AF653-6E81-4525-BE84-43C297A35F28}_is1" = Object Fix Zip
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B39603F-2A77-40E6-950D-ED7B8307933D}" = Microsoft IntelliPoint 5.3
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.2.3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFAC4F-1712-401F-B2AE-590B170C9BCE}" = StartupMonitor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77E70C3C-DBB9-4C47-8663-1E1F81FEC623}" = Logitech QuickCam
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9509674F-3972-11DE-806D-005056806466}" = Google Earth
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E4C1DBF1-67D9-4973-9DEC-677E695E7CE0}" = AxCrypt 1.7.2126.0
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"ArcSoft PhotoBase" = ArcSoft PhotoBase
"ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000
"Audacity_is1" = Audacity 1.2.6
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSA495andPSA490" = Canon PowerShot A495 and PowerShot A490 Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS 2.2
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DFX for Musicmatch" = DFX for Musicmatch
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"FileASSASSIN" = FileASSASSIN
"Gtk+ Runtime Environment" = Gtk+ Runtime Environment 2.10.11-1
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.9.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"ManyCam" = ManyCam 2.6.60 (remove only)
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OmniPagePro9.0DeinstKey" = OmniPage Pro 9.0
"Open Ports Scanner_is1" = Open Ports Scanner 1.2
"Opera 11.11.2109" = Opera 11.11
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"Qlock" = Qlock Lite
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Switch" = Switch
"VIA Chrome9 HC IGP Display" = VIA/S3G Display Driver 6.14.10.0078
"VLC media player" = VLC media player 1.0.3
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-117609710-790525478-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]
"Uninstall" = ABC Now Uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27/12/2011 7:54:42 PM | Computer Name = OWNER-44FFE017E | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The content index metadata cannot be read. (0xc0041801)


Error - 27/12/2011 7:54:42 PM | Computer Name = OWNER-44FFE017E | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index metadata cannot be read. (0xc0041801)

Error - 28/12/2011 10:27:09 PM | Computer Name = OWNER-44FFE017E | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 29/12/2011 9:38:09 PM | Computer Name = OWNER-44FFE017E | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: WindowsLive.Writer.PostEditor, Version=14.0.8117.416, Culture=neutral,
PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020

Error - 29/12/2011 10:51:18 PM | Computer Name = OWNER-44FFE017E | Source = Windows Search Service | ID = 9002
Description = The Windows Search Service cannot load the property store information.

Context:
Windows Application, SystemIndex Catalog Details: 0x%08x (0x80041181 - The content
index server cannot find a description of the content index in its database. Search
will automatically attempt to recreate the content index description. If this
problem persists, stop and restart the search service and, if necessary, delete
and recreate the content index. )

Error - 29/12/2011 10:51:18 PM | Computer Name = OWNER-44FFE017E | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.JetPropStore> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: The content index metadata cannot
be read. (0xc0041801)

Error - 29/12/2011 10:51:19 PM | Computer Name = OWNER-44FFE017E | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: Element not found. (0x80070490)


Error - 29/12/2011 10:51:19 PM | Computer Name = OWNER-44FFE017E | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The content index metadata cannot be read. (0xc0041801)


Error - 29/12/2011 10:51:19 PM | Computer Name = OWNER-44FFE017E | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index metadata cannot be read. (0xc0041801)

Error - 30/12/2011 2:43:13 AM | Computer Name = OWNER-44FFE017E | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

[ System Events ]
Error - 30/12/2011 7:43:59 AM | Computer Name = OWNER-44FFE017E | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 30/12/2011 7:44:01 AM | Computer Name = OWNER-44FFE017E | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481

Error - 30/12/2011 7:48:04 AM | Computer Name = OWNER-44FFE017E | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 30/12/2011 7:48:06 AM | Computer Name = OWNER-44FFE017E | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481

Error - 30/12/2011 8:11:35 AM | Computer Name = OWNER-44FFE017E | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 30/12/2011 8:11:37 AM | Computer Name = OWNER-44FFE017E | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481

Error - 30/12/2011 8:13:36 AM | Computer Name = OWNER-44FFE017E | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.1.2 for the Network Card with network address
0019DB8C714A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a
DHCPNACK message).

Error - 30/12/2011 7:54:09 PM | Computer Name = OWNER-44FFE017E | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.1.2 for the Network Card with network address
0019DB8C714A has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a
DHCPNACK message).

Error - 30/12/2011 7:54:18 PM | Computer Name = OWNER-44FFE017E | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 30/12/2011 7:54:20 PM | Computer Name = OWNER-44FFE017E | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481


< End of report >
Reply With Quote
  #15  
Old January 4th, 2012, 06:23 AM
Mosaic1 Mosaic1 is offline
Malware Removal Team Advisor
 
Join Date: Jun 2001
Posts: 4,783
I don't think you're infected. But we can do some fine tuning and cleanups.

You have quite a few security programs installed. It appears most are disabled. That's good because if running simultaneously, they will conflict and cause poor performance not only in each other, but in Windows.
Plus they will interfere with cleanup tools.

You only need one Antimalware, 1 Anti Virus and 1 Firewall running in the background. You can either uninstall or disable any extra scanners and use them for second opinions.

----------------------
Outdated software can contain security holes which malware can exploit to install itself in your system.


http://get.adobe.com/flashplayer/com...tivex/?a=false
(For Adobe Reader and Flash Player)

http://java.com/en/download/manual.jsp


Some of these installers, although legitimate, will have extras like the ASK toolbar automatically selected to be installed. Uncheck anything extra and only install what you set out to install originally.

-------------------------
You have some settings which allow autorun.inf files to run. That can be dangerous if these file are pointing to malware. If a friend came over and inserted an infected flash drive he brought with him, you'd become infected.

Let's use Combofix to prevent autoruns.inf files from auto running, and also to have a look for any malware traces from the past. Combofix will also install the Recovery Console on your hard drive.

Please download Combofix from: Here
And save to the desktop.
After the download is complete, perform the following tasks before using the ComboFix tool to scan your PC:
Exit all windows that are currently open on your computer.
To prevent interference, temporarily disable your antivirus, antispyware, firewall and other security tools that may be running on your computer.


Double-click on the combofix icon found on your desktop.
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When finished, it will produce a logfile located at C:\combofix.txt.


Post the contents of that log in your next reply.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 08:19 AM.