Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Two "" when typing one. [Solved]


  • This topic is locked This topic is locked

#1
Zumochi

Zumochi

    Member

  • Member
  • PipPip
  • 27 posts
Hello, two days ago I noticed when typing one ', two came out like this: '', this means when I want to type an a with ', I have to look it up in symbols or I can't get one. The same happens when typing Shift+", but then with "" ... Same for `` and ~~ and all other keys where you have to press it and then space to appear...

At first I thought it was a driver problem, so I removed the drivers from my keyboard in device management and rebooted. This didn''t ([bleep]) solve my problem so then I thought it was a problem with my keyboard so I tried it on a different computer, and there it worked just fine.
Control+Shift didn't work and neither did Alt+Shift. Of course I checked and changed the language settings in the control panel, to no avail :(

So I googled some and found it might be a keylogger o.O... That's when I decided to hop by here :) (don''t want (derp..) anyone to read my passwords now eh?)

Further info that MIGHT be of use:
Running Windows XP SP3
Pentium 4 (good old) 3.0GHz with HT
1,5GB DDR RAM
256MB AGP VGA card...:(
eh I don'' feel this will help lol.
My keyboard: Logitech G15 (first generation)
Mouse: Logitech G500 (plugged in my G15 :P)
Headset: Logitech G330 (same as G500 :P)
No I''m not a Logitech fan, they just make quality products D:


I hope this can be fixed without reinstalling Windows :P

I ran OTL as requested from the guide, the log is below here :>
Spoiler


Thanks in advance ^-^
  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Geeks to Go. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Scan With RKUnHooker:

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.
Note: You may get this warning it is ok, just ignore it:

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Scan with RSIT:

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
Make sure that RSIT.exe is on the your Desktop before running the application!
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.
Note: Both logs can also be located within this folder rsit at the root of your installed Hard-Drive. EG: C:\rsit

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • RKUnHooker Log.
  • Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#3
Zumochi

Zumochi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hello,

Thanks for your help, I honestly was starting to give up hope.
RKUnHooker is currently scanning my system, is it normal for it to take several hours? After 2,5 hours I honestly thought "this can''t take this long"" and cancelled it, rerun the scan without HDD''s selected and it was finished in a matter of minutes :P
Also, I think I found something that has got to do with it: in MSConfig''s boot tab, I found this line: 9A0D2F918B5 linking to "c:\config.Bin\9A0D2F918B5.exe /q", when I disabled this line and rebooted, it seemed to work normally. Then I went to the folder indicated and (yes I know, maybe stupid) started the 9A0D2F918B5.exe program. Then the issue of ^^ ~~ "" '' happened again and the .exe file disappeared. There was also a typeless file called 64F7C31FB2DD02D in the folder. After less than one minute the folder was removed (not by me) and it's still happening.


Here comes the log from RKUnHooker (without HDD''s selected), if you like I can rerun it without these programs open.
Spoiler

  • 0

#4
Zumochi

Zumochi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here is the log.txt from RSIT:
Spoiler

  • 0

#5
Zumochi

Zumochi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
And lastly the log from info.txt:
Spoiler

  • 0

#6
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

Thanks for your help, I honestly was starting to give up hope.

You're most welcome and I appreciate the latter, saying that please bare with me as I am unable to reply in full at this time due to personal/family commitments but will do so within the next forty-eight hours I assure you.

In the meantime it appears your machine does not have a active Anti-Virus application installed plus the use of various dubious Operating System/Registry tweak type software that has been used will have undoubtedly corrupted the the actual Operating System. Plus the use of PunkBuster is something we will need to address...

For now can you confirm for me the lack of a evident Anti-Virus software is the case and if so how long has your machine been without such, thank you.
  • 0

#7
Zumochi

Zumochi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hello and thanks for your reply.

PunkBuster is required for an online game I play: QuakeLive, without it, I am not allowed to play.
I do not have an anti virus because of several reasons:

The amount any antivirus software slows my PC down
I am quite experienced in finding and removing basic malware and virusses (e.g. trojans)
I have tweaked my system as far as possible to make it runnable with this old hardware
And yes I know some functions may not work properly due to disabled services or anything else, that is because I either don''t need them or I''m able to start them quickly manually.

Maybe you know the PING.exe virus taking 100% CPU and a lot of network, I was able to remove it COMPLETELY, leaving NO traces behind, by myself ;)
Okay it took me about 3 days but I did it.

However, if you can advice me antivirus software that is NOT doing anything in the background without me knowing (e.g. updating, scheduled scanning, telling me to do something I don''t want) AND able to run on a simple processor without eating its power AND using less than 50 megs of RAM total (all the processes and services combined), THEN I will gladly install it. Sorry for asking something like that lol.
Also I have tried various anti virus programs, such as AVG, Avira, Avast but these were demanding too much power and annoying me with useless popups. I've also tried Microsoft Security Essentials but that program isn't detecting all the malware/virusses.
Only one antivirus program has really gotten me, that one is COMODO. It''s free and not demanding a lot, but sadly still too much for this PC.

AND THAT... is why I don''t have antivirus software installed :P...

Edited by Zumochi, 28 December 2011 - 04:28 AM.

  • 0

#8
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

With regard to installing a Anti-Virus this is something that is necessary for any machine that access's the internet from a security stand point. As it stands because I do not know how long your machine has been online without such the best option may be to consider a reformat and reinstallation of the Windows Operating System. Plus it does appear the actual Operating System may be damaged...but we may be able to work around that.

I do appreciate you wish the best performance from your machine but end of the day XP is quite a dated Operating System now and if able consider a upgrade to say Windows 7 64 bit. Though this would depend on how much extra RAM your machine can support:-

Random Access Memory Advice:

Total RAM: 1535 MB (65% free)

Though Microsoft claims XP will run with a mere 128 MB installed in my opinion a minimum of 2 GB is far better.

If you wish to upgrade the installed memory, Crucial have a small scanner(CrucialScan.exe)which is perfectly safe to download and run. Which will advise if your system can support any upgraded memory modules. They cater for the US/UK and Europe.

PunkBuster Advice:

There are some Issues with infections in relation to PunkBuster:

Your computer has installed gaming tools. Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware.
They are sometimes designed to prevent orderly removal or modification, and they have only limited respect for retaining the overall security and integrity of your machine.
It is not a certainty that your computer can be cleaned without breaking or removing some of these programs, and this would result in not being able to play the associated games, or worse.
Since we are dedicated to causing No Harm, we won't normally work on machines with this type of program installed without explicit permission from the owner.
If you want to continue using the machine in this way, you should consider using imaging software like Norton Ghost or Acronis TrueImage, or Terabyte Image, which can put your entire C: drive back into an earlier state whenever the infections or malfunctions get too severe.

If you really want to clean this machine, I will help, but if you so choose, understand there is NO assurance you will be able to do games afterwards.
If the Uninstaller ever fails, it is a nightmare to remove, just as they have intended.

My advice would be to uninstall this application completely(there is a specific methodology required to do so, do not attempt yourself without my instructions).

Please let myself know your decision about Punkbuster and or how you wish to proceed in your next reply, thank you.

Next:

Please do not attach any logs in future unless I request otherwise, merely post them etc.

Peer to Peer Advice:

I see you have BitTorrent installed...If you have used this, you can be fairly confident this is a principal reason your computer is infected.

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
It's also very important to avoid any "cracks" or "Keygens" that allow unauthorized use of programs. Besides being illegal, these files also are loaded with "planted" malware.

My advice would be to uninstall the aforementioned, however if you opt not to please refrain from using it for the duration of the Malware Removal process.

CKScanner:

  • Please download CKScanner from here to your Desktop.
Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Double-click on CKScanner.exe and click Search For Files. Only run the application once.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.
Scan with WVCheck:

Please download WVCheck and save it to the desktop.

  • Double click on WVCheck.exe and follow the prompts.
  • The scan may take some time depending on the Hard-Drive size.
  • Please post the contents of the notepad file WVCheck_2143_dd-mm-yyyy that can be located on the desktop.

  • 0

#9
Zumochi

Zumochi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hello again,

Thanks for your reply^^

I did not know PunkBuster is actually a spyware program... I do not mind continuing, even if I have to remove it.
At the moment I am not in the situation to run these programs, I will get the reports hopefully tomorrow, otherwise Sunday. In any way, as soon as I can :)

As for the P2P, I am well aware of the risks, and I am fairly sure I do not download any illegal software and/or other malicious tools, the only things I download with it is movies and series from BakaBT ;)

Perhaps my OS is damaged you say? I would appreciate it if you could tell me what precisely is wrong, as I am not having any problems with it (aside from this ~~ issue).

For the upgrade to Windows 7, no thank you. I'd rather buy a new computer than buy a Windows 7 license for this old PC, but with my current budget, both of those options are out of the question.

Lastly, I will be installing COMODO internet security whenever I can, so at least I have protection instead of no protection xD


Like I said, the logs will be posted either tomorrow or on Sunday.

Thanks again :happy:

Edited by Zumochi, 30 December 2011 - 11:17 AM.

  • 0

#10
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi and you're welcome! :)

I did not know PunkBuster is actually a spyware program... I do not mind continuing, even if I have to remove it.

Use this application to remove it then when I give the all clear you can use it again to re-install if you so wish.

As for the P2P, I am well aware of the risks, and I am fairly sure I do not download any illegal software and/or other malicious tools, the only things I download with it is movies and series from BakaBT

Fair play, just do not use it as I requested prior...

Perhaps my OS is damaged you say? I would appreciate it if you could tell me what precisely is wrong, as I am not having any problems with it (aside from this ~~ issue).

I am only going from the symptoms you have described and what various operating system/registry tweaking tools you do have installed. The latter rarely do any good in my experience. We can address such in due course once I am satisfied your machine is malware free.

Plus from the logs currently posted, my experience from interrupting any logs I request provides myself with a good general idea of the health state if you will of any one machine.

I am however not infallible I will further add and the type of support I provide is not the easiest at times because I have no physical access to any one machine.

For the upgrade to Windows 7, no thank you. I'd rather buy a new computer than buy a Windows 7 license for this old PC, but with my current budget, both of those options are out of the question.

Fair play.

Lastly, I will be installing COMODO internet security whenever I can, so at least I have protection instead of no protection xD

Not a particular fan of the application myself but fair enough anything is better than nothing in my book. Do please wait before downloading/installing until I advice so is all I ask. Plus be probably prudent to limit online activity until it is installed as a precaution.

Like I said, the logs will be posted either tomorrow or on Sunday.

Not a problem, though bare in mind there may be some delays my end also per the personal/family commitments I mentioned in a prior post.
  • 0

Advertisements


#11
Zumochi

Zumochi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
CKScanner log:


CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\alwyn\mijn documenten\xilisoft corporation\video converter ultimate\crack.js
c:\program files\gimp\share\gimp\2.0\patterns\cracked.pat
c:\program files\jdownloader\jd\plugins\hoster\crackedcom.class
c:\program files\net tools\wepkeygenerator.exe
c:\program files\net tools\wepkeygenerator.exe.manifest
c:\program files\steam\steamapps\common\audiosurf\engine\crypt.dll
c:\program files\steam\steamapps\common\audiosurf\engine\channels\crypt.dll
c:\program files\xilisoft\video converter ultimate\crack.js
c:\program files\xilisoft\video converter ultimate\script\crack.js
hosts 127.0.0.1 tt11.adobe.com #[adobe.tcliveus.com]
hosts 127.0.0.1 stats.adobe.com
scanner sequence 3.EF.11.PVCPKO
----- EOF -----
  • 0

#12
Zumochi

Zumochi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Windows Validation Check
Version: 1.9.12.5
Log Created On: 1452_31-12-2011
-----------------------

Windows Information
-----------------------
Windows Version: Windows XP Service Pack 3
Windows Mode: Normal
Systemroot Path: C:\WINDOWS

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates automatically, but ask me when I want to install them.
-----------------------
Last Success Time for Update Detection: 2011-12-26 11:00:20
Last Success Time for Update Download: 2011-12-15 15:55:56
Last Success Time for Update Installation: 2011-12-15 21:52:16


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
WVCheck found no known bad files.


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's HOSTS File Check
-----------------------
Line: 127.0.0.1 analytics.microsoft.com
Matched: *microsoft.com*
-----------------------
Line: 127.0.0.1 microsoft.com.org
Matched: *microsoft.com*
-----------------------
Line: 127.0.0.1 www.www.microsoft.com.org
Matched: *microsoft.com*
-----------------------


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 4cf588d2f2363b73eb4af57967d46dff


-------- End of File, program close at 1452_31-12-2011 --------



I installed Comodo, then read the topic and uninstalled it before it was activated (aka before reboot), I hope that isn''t bad.

For internet, I will only be going on this and one other forum, browsing with Comodo Dragon (yeah that came with the Comodo package...liking it better than Chrome so far) I will be using Outlook for email and Xfire for chatting.
Is it okay for me to keep playing QuakeLive until you ask me to remove PunkBuster or should I refrain from playing it at all?


Also, thanks for helping me even when you are having personal commitments ;)

All the best wishes for the New Year!
  • 0

#13
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

All the best wishes for the New Year!

Likewise plus my apoligies for the continued delay. I am now in a position to provide you with assistance via a more timely manner.

I installed Comodo, then read the topic and uninstalled it before it was activated (aka before reboot), I hope that isn''t bad.

Fair enough, leave it uninstalled for now then.

Is it okay for me to keep playing QuakeLive until you ask me to remove PunkBuster or should I refrain from playing it at all?

The latter would be preferable and do use the uninstall tool I mentioned in post #10.

Next:

I have a fair few tasks for your good self to complete below...just take your time OK.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double-click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say No to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Reset SP3 Firewall:

Click on Start >> Run... and cut/paste in the following and click on OK

firewall.cpl
Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK

Now click on the General tab >> select On(recommended) >> OK.

FixPolicies:

Please download to your Desktop FixPolicies.exe, a self-extracting ZIP archive from here.

  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box should briefly appear and then close.
  • Leave FixPolicies on your desktop please until I otherwise advise, thank you.
Scan with RogueKiller:

Please download RogueKiller to your desktop

Alternate download is here.

  • Quit all running programs
  • Double-click on RogueKiller.exe to start the application.
  • When prompted, type 1 then depress the Enter/Return key.
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • RogueKiller Log.
  • A new OTL Log.

  • 0

#14
Zumochi

Zumochi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
The punkbuster uninstaller gave an error at the registry line.

Here is the RogueKiller log:
RogueKiller V6.2.2 [12/31/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Alwyn [Admin rights]
Mode: Scan -- Date : 01/04/2012 13:43:15

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[SUSP PATH] CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job : C:\DOCUME~1\Alwyn\LOCALS~1\Temp\cis57E.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1  localhost
::1  localhost #[IPv6]
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  abcstats.com
127.0.0.1  a.abv.bg
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  ca.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  aconti.net
127.0.0.1  secure.aconti.net
127.0.0.1  www.aconti.net #[Dialer.Aconti]
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] e54760ce47fc869db974f9dbd8118293
[BSP] c2fa8c19760418181409e92c779aa57b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 118114 Mo
1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 230693400 | Size: 41924 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 9f6d74f53e1cc5c758a87b9df844d818
[BSP] 6469c1b0cde2446c1bb826a59b7aafda : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 206848 | Size: 319964 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

  • 0

#15
Zumochi

Zumochi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
OTL:


OTL logfile created on: 4-1-2012 13:48:04 - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\FIXERS
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1,50 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 63,44% Memory free
2,36 Gb Paging File | 2,01 Gb Available in Paging File | 85,50% Paging File free
Paging file location(s): C:\pagefile.sys 1024 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 110,00 Gb Total Space | 27,16 Gb Free Space | 24,69% Space Free | Partition Type: NTFS
Drive E: | 1761,11 Gb Total Space | 1276,24 Gb Free Space | 72,47% Space Free | Partition Type: NTFS
Drive F: | 298,08 Gb Total Space | 99,45 Gb Free Space | 33,36% Space Free | Partition Type: NTFS
Drive G: | 297,99 Gb Total Space | 51,94 Gb Free Space | 17,43% Space Free | Partition Type: NTFS
Drive H: | 39,05 Gb Total Space | 38,98 Gb Free Space | 99,84% Space Free | Partition Type: NTFS

Computer Name: GHOSTY | User Name: Alwyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\FIXERS\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Comodo\Dragon\dragon.exe (Comodo)
PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Logitech\SetPointG\SetPointII.exe (Logitech, Inc.)
PRC - C:\Documents and Settings\Alwyn\Mijn documenten\LCDSirReal\LCDSirReal.exe ()
PRC - C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
PRC - C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Comodo\Dragon\avcodec-53.dll ()
MOD - C:\Program Files\Comodo\Dragon\avformat-53.dll ()
MOD - C:\Program Files\Comodo\Dragon\avutil-51.dll ()
MOD - C:\Program Files\Logitech Gaming Software\plugins\MainUI-1.00.148\MainUI.dll ()
MOD - C:\Program Files\Logitech Gaming Software\plugins\SimInput-1.00.020\SimInput.dll ()
MOD - C:\Program Files\Logitech Gaming Software\plugins\G19Device-1.00.072\G19Device.dll ()
MOD - C:\Program Files\Logitech Gaming Software\plugins\G13Device-1.00.077\G13Device.dll ()
MOD - C:\Program Files\Logitech Gaming Software\plugins\DevBusBulk-1.00.039\DevBusBulk.dll ()
MOD - C:\Program Files\Logitech Gaming Software\plugins\DevBusHid-1.00.036\DevBusHid.dll ()
MOD - C:\Program Files\Logitech Gaming Software\plugins\DevMgr-1.00.024\DevMgr.dll ()
MOD - C:\Program Files\Logitech Gaming Software\plugins\PnpGamePanelDevices-1.00.008\PnpGamePanelDevices.dll ()
MOD - C:\Program Files\Logitech Gaming Software\plugins\DevBusFake-1.00.006\DevBusFake.dll ()
MOD - C:\Documents and Settings\Alwyn\Mijn documenten\LCDSirReal\LCDSirReal.exe ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\4shared Desktop\CMenu.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\TeraCopy\TeraCopy.dll ()
MOD - C:\Program Files\TeraCopy\TeraCopyExt.dll ()
MOD - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.NLD ()


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (KMService) -- C:\WINDOWS\system32\srvany.exe ()


========== Driver Services (SafeList) ==========

DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (LGBusEnum) -- C:\WINDOWS\system32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (LGVirHid) -- C:\WINDOWS\system32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (cpuz135) -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys (CPUID)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech HD Webcam C270(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (s0017mdm) -- C:\WINDOWS\system32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\WINDOWS\system32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\WINDOWS\system32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\WINDOWS\system32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\WINDOWS\system32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\WINDOWS\system32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.6
FF - prefs.js..extensions.enabledItems: [email protected]:4.7.2
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.1
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.5.6.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.2
FF - prefs.js..extensions.enabledItems: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7}:3.8.0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..extensions.enabledItems: {29852C08-1E91-4889-A6BF-C77F91D6A8F3}:1.8.76


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony Ericsson\MediaGo\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Alwyn\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Alwyn\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-01-03 21:56:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-12-21 22:40:32 | 000,000,000 | ---D | M]

[2010-01-23 20:27:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alwyn\Application Data\Mozilla\Extensions
[2010-01-23 20:27:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alwyn\Application Data\Mozilla\Extensions\[email protected]
[2011-12-16 20:17:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alwyn\Application Data\Mozilla\Firefox\Profiles\r981ctjh.default\extensions
[2011-11-09 20:50:36 | 000,000,000 | ---D | M] (4shared.com Community Toolbar) -- C:\Documents and Settings\Alwyn\Application Data\Mozilla\Firefox\Profiles\r981ctjh.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}
[2010-04-28 17:56:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Alwyn\Application Data\Mozilla\Firefox\Profiles\r981ctjh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-10-08 22:14:15 | 000,000,000 | ---D | M] ("LittleFox") -- C:\Documents and Settings\Alwyn\Application Data\Mozilla\Firefox\Profiles\r981ctjh.default\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}
[2010-03-12 22:44:03 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Documents and Settings\Alwyn\Application Data\Mozilla\Firefox\Profiles\r981ctjh.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010-03-06 14:54:10 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Documents and Settings\Alwyn\Application Data\Mozilla\Firefox\Profiles\r981ctjh.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}(2)
[2011-11-09 20:50:45 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\Alwyn\Application Data\Mozilla\Firefox\Profiles\r981ctjh.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2011-11-09 20:50:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Alwyn\Application Data\Mozilla\Firefox\Profiles\r981ctjh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011-10-08 22:14:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Alwyn\Application Data\Mozilla\Firefox\Profiles\r981ctjh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011-10-08 22:14:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alwyn\Application Data\Mozilla\Firefox\Profiles\r981ctjh.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011-10-08 22:14:23 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Documents and Settings\Alwyn\Application Data\Mozilla\Firefox\Profiles\r981ctjh.default\extensions\[email protected]
[2011-10-08 22:13:19 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Alwyn\Application Data\Mozilla\Firefox\Profiles\r981ctjh.default\extensions\[email protected]
[2011-10-08 22:13:21 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Alwyn\Application Data\Mozilla\Firefox\Profiles\r981ctjh.default\extensions\[email protected]
[2011-11-09 20:50:52 | 000,000,000 | ---D | M] (FastestFox) -- C:\Documents and Settings\Alwyn\Application Data\Mozilla\Firefox\Profiles\r981ctjh.default\extensions\[email protected]
[2011-10-08 22:14:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alwyn\Application Data\Mozilla\Firefox\Profiles\r981ctjh.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2009-07-10 17:26:08 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\Alwyn\Application Data\Mozilla\Firefox\Profiles\r981ctjh.default\searchplugins\askcom.xml
[2012-01-03 22:42:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011-12-16 20:03:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012-01-03 22:42:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2011-12-16 20:03:01 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010-03-17 21:24:47 | 000,065,536 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2012-01-03 22:41:46 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011-10-18 19:20:15 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
[2011-10-18 19:20:15 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
[2011-10-18 19:20:15 | 000,001,111 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\vandale-nl.xml
[2011-10-18 19:20:15 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml
[2011-10-18 19:20:15 | 000,001,106 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2011-12-17 23:43:05 | 000,610,942 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16256 more lines...
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - Startup: C:\Documents and Settings\Alwyn\Menu Start\Programma's\Opstarten\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Program Files\4shared Desktop\down_all.htm ()
O8 - Extra context menu item: &Download using 4shared Desktop - C:\Program Files\4shared Desktop\down_link.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000 File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B31BA558-D42A-4491-9F6C-D3FB04F350AD}: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Alwyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Alwyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-12-12 22:57:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011-11-13 10:45:04 | 000,000,041 | -H-- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011-11-13 10:44:56 | 000,000,042 | -H-- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012-01-04 13:42:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alwyn\Bureaublad\RK_Quarantine
[2012-01-04 13:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012-01-04 13:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\ERUNT
[2012-01-03 22:51:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Alwyn\Onlangs geopend
[2012-01-03 22:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012-01-03 22:41:59 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012-01-03 22:41:59 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012-01-03 22:41:59 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2011-12-31 16:06:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alwyn\Menu Start\Programma's\Seagate
[2011-12-31 15:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2011-12-31 14:21:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2011-12-31 14:21:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2011-12-31 14:20:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenten\COMODO
[2011-12-31 13:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alwyn\Local Settings\Application Data\Comodo
[2011-12-31 12:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Comodo
[2011-12-31 12:31:48 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2011-12-29 22:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alwyn\Local Settings\Application Data\AaaaaRecklessDisregard
[2011-12-26 23:00:32 | 000,000,000 | ---D | C] -- C:\rsit
[2011-12-26 14:55:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alwyn\Mijn documenten\Saved Games
[2011-12-26 14:55:22 | 000,444,952 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2011-12-26 14:55:22 | 000,109,080 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2011-12-26 14:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2011-12-16 23:02:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alwyn\Application Data\.spoutcraft
[2011-12-16 22:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alwyn\Application Data\Mumble
[2011-12-16 22:45:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Mumble
[2011-12-16 22:45:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mumble
[2011-12-16 20:03:20 | 000,128,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2011-12-15 22:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011-12-12 19:44:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\DAEMON Tools Lite
[2011-12-12 19:43:40 | 000,239,168 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2011-12-12 19:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011-12-10 21:10:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011-12-10 21:05:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alwyn\Mijn documenten\CDRWIN 9
[2011-12-10 21:05:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CDRWIN 9
[2011-12-10 20:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alwyn\Application Data\CUE Tools
[2011-12-10 13:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alwyn\Application Data\mkvtoolnix
[2011-12-10 13:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\MKVtoolnix
[2011-12-10 13:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\MKVtoolnix
[2011-12-10 13:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\MKVcleaver
[2011-12-10 13:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\MKVcleaver
[2010-04-11 12:50:21 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Alwyn\Application Data\pcouffin.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-01-04 13:35:33 | 000,578,694 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2012-01-04 13:35:33 | 000,504,726 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-01-04 13:35:33 | 000,111,672 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2012-01-04 13:35:33 | 000,088,190 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-01-04 13:33:13 | 000,000,770 | ---- | M] () -- C:\Documents and Settings\Alwyn\Menu Start\Programma's\Opstarten\ERUNT AutoBackup.lnk
[2012-01-04 12:54:12 | 000,002,225 | ---- | M] () -- C:\Documents and Settings\Alwyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Steam.lnk
[2012-01-04 12:05:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-01-04 12:04:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-01-04 12:04:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2012-01-03 22:43:21 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012-01-03 22:41:45 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012-01-03 22:41:45 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012-01-03 22:41:45 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012-01-03 22:41:45 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012-01-03 22:41:45 | 000,128,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012-01-02 19:31:00 | 000,012,451 | ---- | M] () -- C:\Documents and Settings\Alwyn\Mijn documenten\INV4467789.pdf
[2011-12-31 15:07:29 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Comodo Dragon.lnk
[2011-12-31 14:16:34 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job
[2011-12-28 10:20:22 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\Alwyn\Bureaublad\Anime.lnk
[2011-12-27 22:23:03 | 000,000,327 | -HS- | M] () -- C:\boot.ini
[2011-12-26 14:55:22 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2011-12-26 14:55:22 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2011-12-25 15:45:27 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Alwyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-12-23 07:42:51 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2011-12-23 07:42:50 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2011-12-23 07:42:50 | 000,030,592 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2011-12-17 23:43:05 | 000,610,942 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011-12-16 22:50:31 | 000,002,378 | ---- | M] () -- C:\Documents and Settings\Alwyn\Mijn documenten\MumbleAutomaticCertificateBackup.p12
[2011-12-16 22:45:50 | 000,000,659 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Mumble.lnk
[2011-12-16 19:57:43 | 002,148,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-12-15 05:39:42 | 000,042,392 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2011-12-12 19:43:40 | 000,239,168 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-01-04 13:33:13 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\Alwyn\Menu Start\Programma's\Opstarten\ERUNT AutoBackup.lnk
[2012-01-02 19:31:00 | 000,012,451 | ---- | C] () -- C:\Documents and Settings\Alwyn\Mijn documenten\INV4467789.pdf
[2011-12-31 15:08:21 | 280,034,130 | ---- | C] () -- C:\Documents and Settings\Alwyn\Bureaublad\[Seto_Otaku]_Rosario_to_Vampire_-_08_[BD][1280x720_H264-AC3][1D9AFCEA].mkv
[2011-12-31 15:07:29 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Comodo Dragon.lnk
[2011-12-31 14:16:34 | 000,000,448 | ---- | C] () -- C:\WINDOWS\tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job
[2011-12-28 10:20:21 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\Alwyn\Bureaublad\Anime.lnk
[2011-12-16 22:50:31 | 000,002,378 | ---- | C] () -- C:\Documents and Settings\Alwyn\Mijn documenten\MumbleAutomaticCertificateBackup.p12
[2011-12-16 22:45:50 | 000,000,659 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Mumble.lnk
[2011-12-15 05:39:42 | 000,042,392 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2011-11-27 16:07:45 | 000,051,745 | ---- | C] () -- C:\WINDOWS\System32\TTACodecs-uninstall.exe
[2011-11-12 19:45:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011-11-12 19:45:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011-11-12 19:45:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011-11-12 19:45:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011-11-12 19:45:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011-10-14 22:37:29 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Alwyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-10-14 00:21:18 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011-10-12 16:57:28 | 000,112,640 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2011-10-08 19:49:45 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010-08-11 10:19:39 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010-07-07 03:38:06 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\[email protected]@@k.DLL
[2010-06-23 14:11:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\KMService.exe
[2010-06-23 14:11:34 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\srvany.exe
[2010-06-17 15:05:38 | 000,000,979 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010-05-14 22:56:06 | 010,830,680 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010-05-14 22:56:06 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010-05-14 22:55:58 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010-05-14 22:47:00 | 000,090,071 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010-04-24 20:52:08 | 000,000,103 | ---- | C] () -- C:\WINDOWS\SW_Win2000X1.DLL
[2010-04-24 20:50:32 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\XLSCX.INI
[2010-04-24 20:50:19 | 000,000,051 | ---- | C] () -- C:\WINDOWS\SW_Win3112X32.DLL
[2010-04-11 14:25:32 | 000,000,034 | ---- | C] () -- C:\WINDOWS\DVDFab.INI
[2010-04-11 12:50:21 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Alwyn\Application Data\pcouffin.cat
[2010-04-11 12:50:21 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Alwyn\Application Data\pcouffin.inf
[2010-03-20 22:48:02 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010-03-17 21:27:04 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2010-03-17 21:25:17 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2010-03-15 21:03:50 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-03-07 12:48:44 | 000,000,231 | ---- | C] () -- C:\WINDOWS\System32\3dsmax.ini
[2010-03-07 12:48:44 | 000,000,043 | ---- | C] () -- C:\WINDOWS\System32\InstallSettings.ini
[2010-03-06 18:45:12 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-02-27 16:43:45 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-02-27 16:43:41 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010-02-25 13:11:16 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010-01-11 19:45:58 | 000,000,050 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2010-01-11 19:45:45 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2010-01-10 13:28:48 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\C28A8D5B39.sys
[2010-01-10 13:28:47 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009-12-20 14:05:38 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009-12-18 21:38:13 | 000,452,096 | ---- | C] () -- C:\WINDOWS\System32\nmap.exe
[2009-12-18 21:38:13 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\nmapserv.exe
[2009-12-18 17:35:59 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009-12-16 20:42:24 | 002,373,712 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2009-12-16 19:55:18 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009-12-15 19:51:13 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Alwyn\Application Data\MyPhrases.dta
[2009-12-14 21:08:03 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009-12-14 19:49:29 | 000,000,395 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-12-14 18:40:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009-12-12 23:48:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009-12-12 23:42:27 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009-12-12 23:36:20 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009-12-12 23:28:39 | 002,148,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-12-12 23:00:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009-12-12 22:53:04 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009-11-23 17:30:51 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009-11-23 17:30:51 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009-11-23 17:30:51 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009-11-23 17:30:50 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008-10-09 15:31:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008-10-07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008-04-14 20:49:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006-12-31 05:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001-09-07 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-09-07 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001-09-07 12:00:00 | 000,578,694 | ---- | C] () -- C:\WINDOWS\System32\perfh013.dat
[2001-09-07 12:00:00 | 000,504,726 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001-09-07 12:00:00 | 000,318,670 | ---- | C] () -- C:\WINDOWS\System32\perfi013.dat
[2001-09-07 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001-09-07 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001-09-07 12:00:00 | 000,111,672 | ---- | C] () -- C:\WINDOWS\System32\perfc013.dat
[2001-09-07 12:00:00 | 000,088,190 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001-09-07 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001-09-07 12:00:00 | 000,039,178 | ---- | C] () -- C:\WINDOWS\System32\perfd013.dat
[2001-09-07 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001-09-07 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-09-07 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\TweakUI.EXE:SummaryInformation

< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP