Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows XP recovery issues

Started by n9ne , May 29 2011 06:02 PM

  • This topic is locked This topic is locked

#1
n9ne
Posted 29 May 2011 - 06:02 PM

n9ne

    Member

  • Member
  • PipPip
  • 21 posts
This started the other day when my pc got infected with "xp total security", so i followed a guide online and downloaded Rkill and malwarebytes to remove it. However i've noticed that my firefox is still being hijacked with redirects when i do a google search and most worringly of all this whole thing has now taken a turn for the worse. This evening i got an alert that i had a harddrive error and then 'Windows XP Recovery' popped up outta nowhere. I restarted my machine, and all my desktop icons are gone, all the programs from my start menus have gone and the 'all programs' section on the start menu is coming up as 'empty'. I actually don't know how to get rid of this, i just bought a copy of kaspersky 2011 to install which i will do the instant it arrives, but i wantn to clean the drive first. Help anyone? Be forever in your debt if someone can help me out!

Here is my OTL log

OTL logfile created on: 30/05/2011 00:52:12 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Spektro\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 71.73% Memory free
4.84 Gb Paging File | 4.24 Gb Available in Paging File | 87.57% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.76 Gb Total Space | 79.88 Gb Free Space | 34.32% Space Free | Partition Type: NTFS
Drive D: | 232.82 Gb Total Space | 119.46 Gb Free Space | 51.31% Space Free | Partition Type: NTFS
Drive G: | 32.60 Gb Total Space | 0.56 Gb Free Space | 1.71% Space Free | Partition Type: REV UDF
Drive I: | 3.72 Gb Total Space | 1.54 Gb Free Space | 41.33% Space Free | Partition Type: FAT32

Computer Name: SPEKTROSKOPY | User Name: Spektro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/30 00:51:43 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Spektro\Desktop\OTL.exe
PRC - [2011/05/13 09:25:31 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/03/23 09:37:00 | 004,655,720 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
PRC - [2009/10/14 16:43:08 | 000,612,864 | -HS- | M] (amBX) -- C:\Program Files\amBX\System\amBX_Service.exe
PRC - [2009/10/07 10:16:50 | 000,472,280 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/10/07 10:15:42 | 001,461,080 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/09/28 16:27:38 | 000,229,376 | ---- | M] (Koninklijke Philips N.V.) -- C:\Program Files\amBX\Control Panel\amBXDaemon.exe
PRC - [2008/10/03 14:06:18 | 000,061,440 | ---- | M] (Koninklijke Philips N.V.) -- C:\Program Files\amBX\Gaming FXGen\amBXAppMgrHelper.exe
PRC - [2008/10/03 14:03:56 | 000,237,568 | ---- | M] (Koninklijke Philips N.V.) -- C:\Program Files\amBX\Gaming FXGen\amBXAppMgr.exe
PRC - [2008/06/09 14:51:48 | 000,540,672 | ---- | M] (Philips) -- C:\Program Files\amBX\Device Drivers\Philips USB\Philips_amBX_USB_HAL.exe
PRC - [2008/06/09 14:51:48 | 000,010,752 | ---- | M] () -- C:\Program Files\amBX\Device Drivers\Philips USB\Philips_HAL_Starter.exe
PRC - [2007/04/04 02:01:42 | 000,774,144 | R--- | M] () -- C:\Program Files\Motorola\Motorola PcSync\Application Launcher\Application Launcher.exe
PRC - [2007/03/16 04:23:20 | 000,983,040 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2007/01/05 03:02:04 | 000,225,280 | ---- | M] (Popwire AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
PRC - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2005/01/14 10:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe
PRC - [2004/08/23 13:53:38 | 000,053,248 | ---- | M] (Iomega Corp) -- C:\Program Files\Iomega\REV System Software\RevUDF.exe
PRC - [2004/08/04 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 13:00:00 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\attrib.exe
PRC - [2004/07/22 09:16:10 | 000,057,344 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\REV System Software\ImIconXp.exe
PRC - [2003/06/18 02:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
PRC - [2003/02/20 23:45:40 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2002/10/29 09:18:24 | 000,049,152 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
PRC - [2002/03/19 16:51:28 | 000,548,864 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe


========== Modules (SafeList) ==========

MOD - [2011/05/30 00:51:43 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Spektro\Desktop\OTL.exe
MOD - [2008/10/03 14:03:04 | 000,057,344 | ---- | M] (Koninklijke Philips N.V.) -- C:\Program Files\amBX\Gaming FXGen\LoadLibInterceptor.dll
MOD - [2007/10/24 01:47:56 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll
MOD - [2007/10/24 01:47:56 | 000,558,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcp80.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2004/08/04 13:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2003/02/20 23:45:52 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL
MOD - [2000/11/29 21:49:44 | 000,049,152 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\TabHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/14 01:21:49 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/23 14:29:29 | 006,084,416 | ---- | M] (SurfRight B.V.) [On_Demand | Stopped] -- C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe -- (HitmanPro35Crusader)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/23 09:37:00 | 004,655,720 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV - [2009/10/14 16:43:08 | 000,612,864 | -HS- | M] (amBX) [Auto | Running] -- C:\Program Files\amBX\System\amBX_Service.exe -- (amBX Service)
SRV - [2009/10/07 10:21:14 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/10/07 10:16:50 | 000,472,280 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2008/06/09 14:51:48 | 000,540,672 | ---- | M] (Philips) [On_Demand | Running] -- C:\Program Files\amBX\Device Drivers\Philips USB\Philips_amBX_USB_HAL.exe -- (Philips amBX USB HAL)
SRV - [2008/06/09 14:51:48 | 000,010,752 | ---- | M] () [Auto | Running] -- C:\Program Files\amBX\Device Drivers\Philips USB\Philips_HAL_Starter.exe -- (Philips HAL Starter)
SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005/01/14 10:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)
SRV - [2004/08/23 13:53:38 | 000,053,248 | ---- | M] (Iomega Corp) [Auto | Running] -- C:\Program Files\Iomega\REV System Software\RevUDF.exe -- (RevUDFService)
SRV - [2002/03/19 16:51:28 | 000,548,864 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2000/05/24 16:20:36 | 000,015,360 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\ATMsrvc.exe -- (ATMsrvc)


========== Driver Services (SafeList) ==========

DRV - [2009/10/07 10:18:34 | 000,055,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/10/07 10:18:34 | 000,032,072 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/10/07 10:18:30 | 000,073,760 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/10/07 10:12:22 | 000,054,184 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2009/10/07 10:11:10 | 000,040,824 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008/06/09 14:52:04 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2008/02/20 13:47:34 | 000,027,936 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007/02/16 12:35:32 | 000,017,536 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/02/13 01:12:04 | 000,021,376 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2007/02/13 01:12:04 | 000,021,376 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/01/23 20:03:44 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2006/12/14 11:27:18 | 000,040,832 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/05/05 19:21:00 | 000,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvport.sys -- (nvport)
DRV - [2006/03/29 08:49:26 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005/11/21 06:48:20 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005/08/30 01:49:38 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2005/08/30 01:49:34 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2005/08/30 01:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2005/07/01 10:15:06 | 000,025,344 | R--- | M] (Iomega) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\IABFilt.sys -- (IABFilt)
DRV - [2005/03/22 02:48:39 | 000,217,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\a320raid.sys -- (a320raid)
DRV - [2005/02/24 13:29:14 | 000,162,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.sys -- (PAC207)
DRV - [2004/07/13 12:22:38 | 000,016,006 | ---- | M] (Iomega Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imdrvfsf.sys -- (imdrvfsf)
DRV - [2003/03/27 17:58:56 | 000,287,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTDVDA2K.SYS -- (ctdvda2k)
DRV - [2003/03/26 22:33:58 | 000,498,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/03/26 22:32:32 | 000,189,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/03/26 22:32:02 | 000,141,536 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hap16v2k.sys -- (hap16v2k)
DRV - [2003/03/26 22:31:40 | 000,823,616 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/03/06 16:10:34 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2003/02/20 23:24:46 | 000,116,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003/02/20 23:24:34 | 000,135,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/02/20 23:24:18 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/02/20 23:22:38 | 000,135,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 14:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidswvd.sys -- (HIDSwvd)
DRV - [2001/04/09 14:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PenClass.sys -- (PenClass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.7
FF - prefs.js..extensions.enabledItems: [email protected]:4.5.2.0
FF - prefs.js..extensions.enabledItems: {BDE82193-7B50-4AE7-8B19-5E82BD1198AE}:1.9.1
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20110508
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\extensions\\{BDE82193-7B50-4AE7-8B19-5E82BD1198AE}: C:\Documents and Settings\Spektro\Local Settings\Application Data\{BDE82193-7B50-4AE7-8B19-5E82BD1198AE} [2011/04/16 04:27:47 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/13 09:25:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/13 09:25:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/04/30 13:20:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/10/31 20:09:47 | 000,000,000 | ---D | M]

[2009/12/19 05:52:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Spektro\Application Data\Mozilla\Extensions
[2010/11/06 00:34:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Spektro\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/12/19 05:52:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Spektro\Application Data\Mozilla\Extensions\MediaCoder
[2011/05/12 22:26:16 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Spektro\Application Data\Mozilla\Firefox\Profiles\jc770icc.default\extensions
[2010/11/10 00:04:46 | 000,000,000 | -H-D | M] (Aero Fox XL) -- C:\Documents and Settings\Spektro\Application Data\Mozilla\Firefox\Profiles\jc770icc.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2010/02/10 19:48:19 | 000,000,000 | -H-D | M] (CacheViewer) -- C:\Documents and Settings\Spektro\Application Data\Mozilla\Firefox\Profiles\jc770icc.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2010/06/28 12:34:02 | 000,000,000 | -H-D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Spektro\Application Data\Mozilla\Firefox\Profiles\jc770icc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/11/17 18:55:11 | 000,000,000 | -H-D | M] (20-20 3D Viewer) -- C:\Documents and Settings\Spektro\Application Data\Mozilla\Firefox\Profiles\jc770icc.default\extensions\[email protected]
[2008/05/16 04:19:27 | 000,000,000 | -H-D | M] (Download Embedded) -- C:\Documents and Settings\Spektro\Application Data\Mozilla\Firefox\Profiles\jc770icc.default\extensions\[email protected]
[2010/11/10 00:04:51 | 000,000,000 | -H-D | M] (Virtus Search Opt-in) -- C:\Documents and Settings\Spektro\Application Data\Mozilla\Firefox\Profiles\jc770icc.default\extensions\[email protected]
[2011/05/11 22:41:11 | 000,000,000 | -H-D | M] (NASA Night Launch) -- C:\Documents and Settings\Spektro\Application Data\Mozilla\Firefox\Profiles\jc770icc.default\extensions\[email protected]
[2010/11/10 00:04:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Spektro\Application Data\Mozilla\Firefox\Profiles\jc770icc.default\extensions\[email protected]\chrome
[2010/11/10 00:04:46 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Spektro\Application Data\Mozilla\Firefox\Profiles\jc770icc.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2011/05/12 22:26:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/04/16 04:27:47 | 000,000,000 | -H-D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\SPEKTRO\LOCAL SETTINGS\APPLICATION DATA\{BDE82193-7B50-4AE7-8B19-5E82BD1198AE}
[2010/04/05 00:18:01 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/13 09:25:30 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/09/04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2007/11/17 05:21:55 | 000,053,248 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Mozilla Firefox\plugins\NPPGWrap.dll
[2011/05/13 09:25:33 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/05/13 09:25:33 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/05/13 09:25:33 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/05/13 09:25:33 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/05/13 09:25:33 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/01/08 02:59:05 | 000,001,240 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 applian.securesites.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amBX Daemon] C:\Program Files\amBX\Control Panel\amBXDaemon.exe (Koninklijke Philips N.V.)
O4 - HKLM..\Run: [amBX System Tray Application] C:\Program Files\amBX\Gaming FXGen\amBXAppMgr.exe (Koninklijke Philips N.V.)
O4 - HKLM..\Run: [AsioReg] C:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [Iomega ImIconXP] C:\Program Files\Iomega\REV System Software\ImIconXp.exe (Iomega Corporation)
O4 - HKLM..\Run: [Motorola PcSync] C:\Program Files\Motorola\Motorola PcSync\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKCU..\Run: [Iomega Automatic Backup Pro] C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe (Iomega Corporation)
O4 - HKCU..\Run: [kjEenXNPEgLSP] C:\Documents and Settings\All Users\Application Data\kjEenXNPEgLSP.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SB Audigy 2 Startup Menu] File not found
O4 - Startup: C:\Documents and Settings\Spektro\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://fdl.msn.com/p...t/msnchat45.cab (MSN Chat Control 4.5)
O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} http://downloads.vir...er1/xp_mail.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Spektro\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Spektro\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\BSAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/30 00:51:34 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Spektro\Desktop\OTL.exe
[2011/05/30 00:44:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Spektro\Recent
[2011/05/30 00:41:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Spektro\Start Menu\Programs\Windows XP Recovery
[2011/05/30 00:41:11 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\14147364.exe
[2011/05/30 00:28:05 | 000,431,616 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\kjEenXNPEgLSP.exe
[2011/05/26 22:11:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Spektro\Desktop\source
[2011/05/25 21:41:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Spektro\Desktop\banners
[2011/05/25 21:33:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Spektro\Desktop\may_location
[2011/05/23 00:46:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Spektro\Desktop\splashbanners
[2011/05/22 22:37:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Spektro\Desktop\sp
[2007/08/24 01:47:13 | 000,047,360 | -H-- | C] (VSO Software) -- C:\Documents and Settings\Spektro\Application Data\pcouffin.sys
[2007/08/06 18:17:51 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2011/05/30 00:51:43 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Spektro\Desktop\OTL.exe
[2011/05/30 00:41:29 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~14147364
[2011/05/30 00:41:28 | 000,000,819 | -H-- | M] () -- C:\Documents and Settings\Spektro\Desktop\Windows XP Recovery.lnk
[2011/05/30 00:41:28 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~14147364r
[2011/05/30 00:41:16 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\14147364
[2011/05/30 00:40:53 | 000,067,213 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2011/05/30 00:34:43 | 000,042,327 | ---- | M] () -- C:\WINDOWS\System32\wacom.dat
[2011/05/30 00:34:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/29 20:55:50 | 000,031,560 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-0000000D-00001102-00000004-10031102}.rfx
[2011/05/29 20:55:50 | 000,031,560 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-0000000D-00001102-00000004-10031102}.rfx
[2011/05/29 20:55:50 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-0000000D-00001102-00000004-10031102}.rfx
[2011/05/29 20:55:50 | 000,031,440 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-0000000D-00001102-00000004-10031102}.rfx
[2011/05/29 20:55:50 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/05/29 20:55:50 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/05/29 20:55:50 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-0000000D-00001102-00000004-10031102}.dat
[2011/05/29 20:55:50 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-0000000D-00001102-00000004-10031102}.dat
[2011/05/29 14:07:27 | 001,659,914 | -H-- | M] () -- C:\Documents and Settings\Spektro\Desktop\nagelseries20.zip
[2011/05/29 02:06:31 | 000,000,167 | -H-- | M] () -- C:\Documents and Settings\Spektro\Desktop\ZARA FASHION Mens Stylish Jacket Designer Hoodie DENIM eBay UK.URL
[2011/05/29 00:28:38 | 000,000,088 | -H-- | M] () -- C:\Documents and Settings\Spektro\Desktop\Chemical Ltd Buy Famous Stars And Straps (FSAS) - Famous Stars And Straps (FSAS) T-Shirt - Mens Black `Gasman` T-Shirt By Fa.URL
[2011/05/28 20:31:59 | 000,132,320 | -H-- | M] () -- C:\Documents and Settings\Spektro\Desktop\spa3.jpg
[2011/05/28 15:43:26 | 002,950,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/28 15:41:08 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-0000000D-00001102-00000004-10031102}.CDF
[2011/05/28 15:41:08 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-0000000D-00001102-00000004-10031102}.BAK
[2011/05/28 13:23:46 | 000,002,250 | -HS- | M] () -- C:\Documents and Settings\Spektro\Local Settings\Application Data\7c5376v2708801j145le6486u04v0gq8pv6
[2011/05/28 13:23:46 | 000,002,250 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\7c5376v2708801j145le6486u04v0gq8pv6
[2011/05/28 12:17:55 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Nraqoboxeboda.dat
[2011/05/28 12:17:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Psejuqolezi.bin
[2011/05/27 21:13:48 | 000,403,298 | -H-- | M] () -- C:\Documents and Settings\Spektro\Desktop\page_1.jpg
[2011/05/27 21:13:38 | 000,589,223 | -H-- | M] () -- C:\Documents and Settings\Spektro\Desktop\insite_1.jpg
[2011/05/27 16:31:18 | 013,708,042 | -H-- | M] () -- C:\Documents and Settings\Spektro\Desktop\Tron Disc Full Retrofit Kit Instructions.eml
[2011/05/26 23:50:17 | 000,234,944 | -H-- | M] () -- C:\Documents and Settings\Spektro\Desktop\source.zip
[2011/05/26 21:43:47 | 000,838,329 | -H-- | M] () -- C:\Documents and Settings\Spektro\Desktop\phix_mailshotsummer.jpg
[2011/05/25 09:58:22 | 004,502,334 | -H-- | M] () -- C:\Documents and Settings\Spektro\Desktop\cmyk_con.psd
[2011/05/25 09:57:21 | 004,425,514 | -H-- | M] () -- C:\Documents and Settings\Spektro\Desktop\cmyk.psd
[2011/05/24 20:58:24 | 000,040,284 | -H-- | M] () -- C:\Documents and Settings\Spektro\Desktop\bnr_1.jpg
[2011/05/24 20:38:09 | 000,050,041 | -H-- | M] () -- C:\Documents and Settings\Spektro\Desktop\150816_141552125896594_129765707075236_230745_5556313_n.jpg
[2011/05/24 20:35:13 | 000,115,928 | -H-- | M] () -- C:\Documents and Settings\Spektro\Desktop\normal_032.jpg
[2011/05/24 20:34:16 | 000,121,578 | -H-- | M] () -- C:\Documents and Settings\Spektro\Desktop\normal_007.jpg
[2011/05/24 20:08:30 | 000,000,127 | -H-- | M] () -- C:\Documents and Settings\Spektro\Desktop\Who The [bleep] Is Rebecca Black - Popwatch - NME.COM - The world's fastest music news service, music videos, interviews, photo.URL
[2011/05/24 19:35:43 | 000,000,101 | -H-- | M] () -- C:\Documents and Settings\Spektro\Desktop\Men's White & Black Adidas Adi Freemont Mid at Schuh.URL
[2011/05/24 09:01:16 | 000,105,440 | -H-- | M] () -- C:\Documents and Settings\Spektro\Desktop\cole2.jpg
[2011/05/23 01:01:11 | 000,000,084 | -H-- | M] () -- C:\Documents and Settings\Spektro\Desktop\YouTube - Speech About Reality Part 1.URL
[2011/05/23 00:45:35 | 001,324,919 | -H-- | M] () -- C:\Documents and Settings\Spektro\Desktop\marlow.ai
[2011/05/23 00:17:56 | 000,411,482 | -H-- | M] () -- C:\Documents and Settings\Spektro\Desktop\marlow4.jpg
[2011/05/22 20:53:29 | 000,180,102 | -H-- | M] () -- C:\Documents and Settings\Spektro\Desktop\coach_teamchyna.pdf
[2011/05/22 09:09:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/18 23:27:12 | 000,000,023 | ---- | M] () -- C:\WINDOWS\MixBUda.INI
[2011/05/15 23:49:08 | 000,169,472 | -H-- | M] () -- C:\Documents and Settings\Spektro\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/11 22:03:11 | 010,012,351 | -H-- | M] () -- C:\Documents and Settings\Spektro\Desktop\Full_Retrofit_Disc_Kit_Instructions.pdf

========== Files Created - No Company Name ==========

[2011/05/30 00:41:28 | 000,000,819 | -H-- | C] () -- C:\Documents and Settings\Spektro\Desktop\Windows XP Recovery.lnk
[2011/05/30 00:41:28 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~14147364r
[2011/05/30 00:41:28 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~14147364
[2011/05/30 00:41:16 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\14147364
[2011/05/29 14:07:23 | 001,659,914 | -H-- | C] () -- C:\Documents and Settings\Spektro\Desktop\nagelseries20.zip
[2011/05/29 02:06:31 | 000,000,167 | -H-- | C] () -- C:\Documents and Settings\Spektro\Desktop\ZARA FASHION Mens Stylish Jacket Designer Hoodie DENIM eBay UK.URL
[2011/05/29 00:28:38 | 000,000,088 | -H-- | C] () -- C:\Documents and Settings\Spektro\Desktop\Chemical Ltd Buy Famous Stars And Straps (FSAS) - Famous Stars And Straps (FSAS) T-Shirt - Mens Black `Gasman` T-Shirt By Fa.URL
[2011/05/28 20:31:59 | 000,132,320 | -H-- | C] () -- C:\Documents and Settings\Spektro\Desktop\spa3.jpg
[2011/05/28 15:41:08 | 004,481,358 | ---- | C] () -- C:\WINDOWS\{00000003-00000000-0000000D-00001102-00000004-10031102}.BAK
[2011/05/28 13:02:07 | 000,002,250 | -HS- | C] () -- C:\Documents and Settings\Spektro\Local Settings\Application Data\7c5376v2708801j145le6486u04v0gq8pv6
[2011/05/28 13:02:07 | 000,002,250 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\7c5376v2708801j145le6486u04v0gq8pv6
[2011/05/27 21:13:48 | 000,403,298 | -H-- | C] () -- C:\Documents and Settings\Spektro\Desktop\page_1.jpg
[2011/05/27 21:13:38 | 000,589,223 | -H-- | C] () -- C:\Documents and Settings\Spektro\Desktop\insite_1.jpg
[2011/05/27 16:31:17 | 013,708,042 | -H-- | C] () -- C:\Documents and Settings\Spektro\Desktop\Tron Disc Full Retrofit Kit Instructions.eml
[2011/05/26 23:50:17 | 000,234,944 | -H-- | C] () -- C:\Documents and Settings\Spektro\Desktop\source.zip
[2011/05/26 21:43:47 | 000,838,329 | -H-- | C] () -- C:\Documents and Settings\Spektro\Desktop\phix_mailshotsummer.jpg
[2011/05/25 09:58:21 | 004,502,334 | -H-- | C] () -- C:\Documents and Settings\Spektro\Desktop\cmyk_con.psd
[2011/05/25 09:57:19 | 004,425,514 | -H-- | C] () -- C:\Documents and Settings\Spektro\Desktop\cmyk.psd
[2011/05/24 20:58:23 | 000,040,284 | -H-- | C] () -- C:\Documents and Settings\Spektro\Desktop\bnr_1.jpg
[2011/05/24 20:38:09 | 000,050,041 | -H-- | C] () -- C:\Documents and Settings\Spektro\Desktop\150816_141552125896594_129765707075236_230745_5556313_n.jpg
[2011/05/24 20:35:13 | 000,115,928 | -H-- | C] () -- C:\Documents and Settings\Spektro\Desktop\normal_032.jpg
[2011/05/24 20:34:16 | 000,121,578 | -H-- | C] () -- C:\Documents and Settings\Spektro\Desktop\normal_007.jpg
[2011/05/24 20:08:30 | 000,000,127 | -H-- | C] () -- C:\Documents and Settings\Spektro\Desktop\Who The [bleep] Is Rebecca Black - Popwatch - NME.COM - The world's fastest music news service, music videos, interviews, photo.URL
[2011/05/24 19:35:43 | 000,000,101 | -H-- | C] () -- C:\Documents and Settings\Spektro\Desktop\Men's White & Black Adidas Adi Freemont Mid at Schuh.URL
[2011/05/24 09:01:16 | 000,105,440 | -H-- | C] () -- C:\Documents and Settings\Spektro\Desktop\cole2.jpg
[2011/05/23 01:01:11 | 000,000,084 | -H-- | C] () -- C:\Documents and Settings\Spektro\Desktop\YouTube - Speech About Reality Part 1.URL
[2011/05/23 00:28:01 | 001,324,919 | -H-- | C] () -- C:\Documents and Settings\Spektro\Desktop\marlow.ai
[2011/05/23 00:17:54 | 000,411,482 | -H-- | C] () -- C:\Documents and Settings\Spektro\Desktop\marlow4.jpg
[2011/05/22 20:53:18 | 000,180,102 | -H-- | C] () -- C:\Documents and Settings\Spektro\Desktop\coach_teamchyna.pdf
[2011/05/11 22:03:08 | 010,012,351 | -H-- | C] () -- C:\Documents and Settings\Spektro\Desktop\Full_Retrofit_Disc_Kit_Instructions.pdf
[2011/03/10 01:22:10 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\IlmImf.dll
[2011/03/10 01:22:10 | 000,446,464 | ---- | C] () -- C:\WINDOWS\System32\Photomatix_jpg.dll
[2011/03/10 01:22:10 | 000,353,280 | ---- | C] () -- C:\WINDOWS\System32\pmtf2.dll
[2011/03/10 01:22:10 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\Photomatix25Lib.dll
[2011/03/10 01:22:10 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\Photomatix25Lib2.dll
[2011/03/10 01:22:10 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\pmtf1.dll
[2011/03/10 01:22:10 | 000,204,288 | ---- | C] () -- C:\WINDOWS\System32\pmtf3.dll
[2011/03/10 01:22:10 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\Photomatix25Lib3.dll
[2011/03/10 01:22:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pmexr.dll
[2011/03/10 01:22:10 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmbm.dll
[2011/01/22 02:41:37 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/01/22 02:41:36 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/01/22 02:41:33 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/12/04 19:10:30 | 002,950,416 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/24 16:10:27 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll
[2010/04/19 22:43:51 | 002,185,518 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/02/28 03:32:52 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/02/22 00:26:04 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Nraqoboxeboda.dat
[2010/02/22 00:26:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Psejuqolezi.bin
[2010/02/03 04:17:03 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/01/06 22:20:57 | 000,000,635 | ---- | C] () -- C:\WINDOWS\ef.INI
[2009/12/22 17:02:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/12/19 06:50:43 | 000,001,182 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jaksta.smr.lic
[2009/12/19 06:05:59 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2009/11/13 20:36:01 | 000,066,048 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/04/10 04:03:27 | 000,000,566 | -H-- | C] () -- C:\Documents and Settings\Spektro\Application Data\AutoGK.ini
[2009/03/02 18:24:36 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/03/02 18:24:36 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\31CDF4A8DA.sys
[2009/02/16 05:41:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2009/01/22 01:53:01 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2008/10/08 23:31:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/10/08 23:31:00 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/09/14 23:28:05 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2008/08/06 02:20:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\OctaneARM.dll
[2008/05/29 00:20:17 | 000,003,400 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2008/01/15 03:50:30 | 000,000,059 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2008/01/15 03:50:30 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2008/01/15 03:50:30 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2008/01/11 06:12:08 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PAStiSvc.exe
[2007/12/17 15:06:19 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/11/09 20:54:14 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2007/11/02 03:56:05 | 000,001,287 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/11/02 03:30:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/10/17 18:19:49 | 000,000,279 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/10/05 04:32:59 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2007/09/12 18:11:18 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/09/12 18:10:49 | 000,000,009 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2007/08/31 22:28:23 | 000,169,472 | -H-- | C] () -- C:\Documents and Settings\Spektro\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/29 01:22:04 | 000,000,023 | ---- | C] () -- C:\WINDOWS\MixBUda.INI
[2007/08/24 01:47:13 | 000,087,608 | -H-- | C] () -- C:\Documents and Settings\Spektro\Application Data\inst.exe
[2007/08/24 01:47:13 | 000,007,887 | -H-- | C] () -- C:\Documents and Settings\Spektro\Application Data\pcouffin.cat
[2007/08/24 01:47:13 | 000,001,144 | -H-- | C] () -- C:\Documents and Settings\Spektro\Application Data\pcouffin.inf
[2007/08/19 02:35:11 | 000,002,976 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp WavPack Codec.dat
[2007/08/19 02:35:02 | 000,002,999 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2007/08/19 02:34:52 | 000,003,087 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
[2007/08/19 02:34:43 | 000,003,076 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
[2007/08/19 02:34:34 | 000,002,920 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2007/08/19 02:34:23 | 000,003,494 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
[2007/08/19 02:34:19 | 000,002,814 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
[2007/08/19 02:34:16 | 010,886,008 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2007/08/19 02:34:16 | 000,014,189 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2007/08/19 00:03:51 | 000,042,327 | ---- | C] () -- C:\WINDOWS\System32\wacom.dat
[2007/08/19 00:03:48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\TabUnst.dll
[2007/08/19 00:03:48 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\wintab.dll
[2007/08/19 00:03:18 | 000,013,408 | ---- | C] () -- C:\WINDOWS\System32\tabinst.dll
[2007/08/19 00:03:18 | 000,004,032 | ---- | C] () -- C:\WINDOWS\System32\tabins16.dll
[2007/08/09 15:43:37 | 000,000,186 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/08/06 23:52:51 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2007/08/06 23:48:10 | 000,000,517 | ---- | C] () -- C:\WINDOWS\VTruck1.ini
[2007/08/06 18:44:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/08/06 18:36:39 | 031,015,968 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2007/08/06 18:36:39 | 001,053,728 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2007/08/06 18:35:38 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000003-00000000-0000000D-00001102-00000004-10031102}.dat
[2007/08/06 18:35:38 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-0000000D-00001102-00000004-10031102}.dat
[2007/08/06 18:32:57 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2007/08/06 18:19:10 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2007/08/06 18:19:10 | 000,000,075 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007/08/06 18:19:07 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2007/08/06 18:18:29 | 000,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2007/08/06 18:18:29 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/08/06 18:18:18 | 000,232,723 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2007/08/06 18:18:16 | 000,190,842 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2007/08/06 18:18:16 | 000,138,716 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2007/08/06 18:18:16 | 000,110,720 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2007/08/06 18:18:16 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2007/08/06 18:18:08 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2007/08/06 18:18:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2007/08/06 18:18:07 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2007/08/06 18:18:07 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2007/08/06 18:18:07 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2007/08/06 18:17:49 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2007/08/06 18:17:37 | 001,746,360 | ---- | C] () -- C:\WINDOWS\System32\CTAA1.DAT
[2007/08/06 18:04:36 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2007/08/06 18:04:36 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/08/06 17:58:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/08/06 17:53:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/07/26 03:53:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/07/26 03:49:28 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/06/28 11:54:10 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/06/28 11:52:18 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/11/02 21:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2005/04/18 21:09:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/22 02:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 02:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/02/24 13:29:14 | 000,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PFC027.sys
[2005/01/25 16:15:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL
[2004/11/22 14:48:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\98Setup.exe
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,473,472 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 13:00:00 | 000,077,212 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/10/10 22:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
[2007/08/29 00:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
[2010/01/13 01:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\amBX_Events
[2008/08/07 06:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/09/04 19:15:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/02/23 15:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DonationCoder(2)
[2008/07/22 23:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/02/03 04:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/02/11 19:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola
[2008/05/29 00:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2011/01/10 02:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2008/08/06 02:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanDBX
[2009/02/11 19:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2008/12/31 06:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/19 06:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thinstall
[2007/10/08 04:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/10/31 20:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/13 01:08:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\amBX_Events
[2010/08/12 00:34:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\AMPSoft
[2010/12/22 03:58:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\Artisteer
[2011/04/15 00:32:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\BitTorrent
[2009/12/19 06:22:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\Broad Intelligence
[2010/12/02 18:32:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\Chiu Software Systems
[2009/01/13 15:42:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\Datel
[2007/08/19 02:47:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\dBpoweramp
[2009/12/19 06:05:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\DonationCoder
[2007/11/27 21:49:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\EPSON
[2007/11/02 03:24:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\ESET
[2007/12/10 06:55:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\GeoVid
[2009/12/19 06:38:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\GetRightToGo
[2007/08/11 01:37:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\GlobalSCAPE
[2009/12/19 06:24:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\Hensense.com
[2011/04/22 14:08:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\Iomega Automatic Backup Pro
[2009/12/24 16:58:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\JakstaBackup
[2007/08/07 13:42:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\Leadertech
[2009/12/26 15:56:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\MAXON
[2009/02/11 19:18:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\Motorola
[2009/12/19 07:08:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\Moyea
[2008/05/17 03:41:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\NetMedia Providers
[2008/03/19 06:03:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\Publish Providers
[2008/10/08 23:32:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\Samsung
[2011/03/05 05:58:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\SecondLife
[2010/01/06 21:49:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\SEGA
[2008/03/19 06:03:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\Sony
[2010/07/11 16:31:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\SystemRequirementsLab
[2009/02/11 19:45:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\Teleca
[2010/11/06 00:34:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\Thunderbird
[2010/08/24 15:57:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\TSRWorkshop
[2008/05/29 00:04:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\Tunebite
[2011/02/04 04:13:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\Unity
[2011/04/24 04:06:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Spektro\Application Data\Vso

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CFE8F97
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C39E55C5

< End of report >
  • 0

Advertisements

#2
maliprog
Posted 30 May 2011 - 12:53 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello n9ne and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

We need to disable malware processes on your system first
  • Download TheKiller to your Desktop
  • Note that TheKiller is renamed as explorer.exe
  • Run it by double click
  • Press OK button after program finish
  • Do not restart your system after this step
NOTE: If malware blocks TheKiller from running please try to run it several more times

Step 2

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKCU..\Run: [kjEenXNPEgLSP] C:\Documents and Settings\All Users\Application Data\kjEenXNPEgLSP.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    [2011/05/30 00:41:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Spektro\Start Menu\Programs\Windows XP Recovery
    [2011/05/30 00:41:11 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\14147364.exe
    [2011/05/30 00:28:05 | 000,431,616 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\kjEenXNPEgLSP.exe
    [2011/05/30 00:41:29 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~14147364
    [2011/05/30 00:41:28 | 000,000,819 | -H-- | M] () -- C:\Documents and Settings\Spektro\Desktop\Windows XP Recovery.lnk
    [2011/05/30 00:41:28 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~14147364r
    [2011/05/30 00:41:16 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\14147364
    [2011/05/28 13:23:46 | 000,002,250 | -HS- | M] () -- C:\Documents and Settings\Spektro\Local Settings\Application Data\7c5376v2708801j145le6486u04v0gq8pv6
    [2011/05/28 13:23:46 | 000,002,250 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\7c5376v2708801j145le6486u04v0gq8pv6
    [2011/05/28 12:17:55 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Nraqoboxeboda.dat
    [2011/05/28 12:17:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Psejuqolezi.bin

    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\All Users\Application Data\7c5376v2708801j145le6486u04v0gq8pv6
    C:\Documents and Settings\Spektro\Local Settings\Application Data\7c5376v2708801j145le6486u04v0gq8pv6

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Run OTL again

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
%temp%\smtmp\*.* /s
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 3

Please don't forget to include these items in your reply:

  • OTL Fix log
  • New OTL scan log
It would be helpful if you could post each log in separate post
  • 0

#3
maliprog
Posted 05 June 2011 - 12:36 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP