cdrom.sys virus

View previous topic View next topic Go down

cdrom.sys virus

Post by Hank5 on 17th September 2010, 11:31 am

AVG warns me of a virus at
C:\WINDOWS\system32\drivers\cdrom.sys
which it identifies as "Object is white-listed (critical/system file that should not be removed"
I ran Malwarebytes and cleaned my PC (Windows XP). AVG repeatedly warns me of a virus at
C:\WINDOWS\system32\dll.cache\cdrom.sys which reappears after removing it to the virus vault.
I downloaded OTL and ran a scan. The results are too big to post here, but are attached as OTL.Txt and Extras.Txt

Please help urgently!
(PS I tried in paste the OTL.Txt and Extras.Txt logs directly into this e-mail, but apparently is has too many characters).



Hank5
Novice
Novice

Posts Posts : 21
Joined Joined : 2010-09-17
OS OS : Windows XP
Points Points : 23032
# Likes # Likes : 0

View user profile

Back to top Go down

Re: cdrom.sys virus

Post by Belahzur on 17th September 2010, 1:19 pm

Hello.
Can you attach the logs instead please?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Extras.Txt log file

Post by Hank5 on 17th September 2010, 1:43 pm

OTL Extras logfile created on: 2010/09/17 12:10:09 PM - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Prof Christo\Videos
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

510.00 Mb Total Physical Memory | 144.00 Mb Available Physical Memory | 28.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 25.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 27.53 Gb Free Space | 18.47% Space Free | Partition Type: NTFS
Drive D: | 51.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 970.20 Mb Total Space | 384.35 Mb Free Space | 39.62% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISTO-PC
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 4.0 -- (SmartSoft Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004098A1-0362-4C42-A1C3-CAD436CFF4A1}" = YouTube Downloader Toolbar v1.0
"{068502DA-6979-4D9A-BBE1-C3AD0FF11F19}" = Ulead DVD MovieFactory 3 SE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series" = Canon iP4600 series Printer Driver
"{13d868cf-47e9-4b3d-9366-a0c60f82e5aa}" = Striata Reader
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.4
"{1C0094B0-E0A0-11D2-8E60-000086188D94}" = OmniPage Pro 10.0
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{22019B55-FCD2-400D-BAD8-97C22332611B}" = Photo to Cartoon
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 18
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F1DA6BF-3614-48A1-9970-9E90F646789E}" = Ulead VideoStudio 8.0 SE DVD
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{81D62C32-0984-11D3-86CD-00105AD33021}" = Caere Scan Manager 5.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8B3E6604-B33C-4717-A4EB-217707E7DEEE}" = SmartFTP Client
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95264530-5A22-8E7E-FE9D-D63A927BCAEA}" = Adobe Media Player
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EF4EF65F-4D62-44D7-82C9-1AECCBA74C50}" = Intel(R) PROSet
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"AceFTP 3 Freeware" = AceFTP 3 Freeware
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adolix Split and Merge PDF_is1" = Adolix Split and Merge PDF v2.0
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Any Video Converter_is1" = Any Video Converter 2.7.3
"ArcSoft PhotoImpression 3.0" = ArcSoft PhotoImpression 3.0
"Audacity 1.3 Beta_is1" = Audacity 1.3.7
"AVG9Uninstall" = AVG Free 9.0
"Canon iP4600 series User Registration" = Canon iP4600 series User Registration
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Copy Utility" = Copy Utility
"Crimson Editor 3.72" = Crimson Editor 3.72
"Cucusoft MPEG to DVD Author_is1" = Cucusoft MPEG to DVD Author 1.09
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EPSON Smart Panel" = EPSON Smart Panel
"ffdshow_is1" = ffdshow [rev 2202] [2008-10-10]
"FinePrint 2000" = FinePrint 2000
"Free CD to MP3 Converter" = Free CD to MP3 Converter
"Free DVD Creator (by minidvdsoft)_is1" = Free DVD Creator version 2.0
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"HijackThis" = HijackThis 1.99.1
"iCopy" = iCopy
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InfraRecorder" = InfraRecorder
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"IObitBartoolbar Uninstall" = IObit Toolbar
"IObitCom Toolbar" = IObitCom Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MsJavaVM" = Microsoft VM for Java
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Netscape Communicator 4.79" = Netscape Communicator 4.79
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Personal Ancestral File Companion 5.2" = Personal Ancestral File Companion 5.2
"Photocopier_is1" = Photocopier 3.05
"Photodex Presenter" = Photodex Presenter
"Plaxo" = Plaxo Toolbar for Windows
"PROSet" = Intel(R) PRO Network Connections Drivers
"ProShow Gold" = ProShow Gold
"Registry Mechanic_is1" = Registry Mechanic 9.0
"Smart Defrag_is1" = Smart Defrag
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"Softonic-Eng7 Toolbar" = Softonic-Eng7 Toolbar
"TotalRecorder" = Total Recorder 5.2
"Unlocker" = Unlocker 1.8.7
"Virtual Painter 5 trial (Standalone)" = Virtual Painter 5 trial (Standalone)
"vmntoolbar" = VMN Toolbar
"WavePad" = WavePad Sound Editor
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinX DVD Ripper_is1" = WinX DVD Ripper 4.1.4
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2009/03/30 04:40:47 PM | Computer Name = CHRISTO-PC | Source = Application Hang | ID = 1002
Description = Hanging application proshow.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2009/03/30 04:40:53 PM | Computer Name = CHRISTO-PC | Source = Application Hang | ID = 1002
Description = Hanging application proshow.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2009/03/30 04:41:38 PM | Computer Name = CHRISTO-PC | Source = Application Hang | ID = 1002
Description = Hanging application proshow.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2009/04/02 02:35:21 PM | Computer Name = CHRISTO-PC | Source = Application Error | ID = 1000
Description = Faulting application xocr32b.exe, version 10.0.1.0, faulting module
xocr32b.exe, version 10.0.1.0, fault address 0x000d5b3d.

Error - 2009/04/02 04:34:44 PM | Computer Name = CHRISTO-PC | Source = Application Hang | ID = 1002
Description = Hanging application OmniPage.exe, version 10.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2009/04/02 04:35:58 PM | Computer Name = CHRISTO-PC | Source = Application Hang | ID = 1002
Description = Hanging application OmniPage.exe, version 10.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2009/04/02 04:36:12 PM | Computer Name = CHRISTO-PC | Source = Application Hang | ID = 1001
Description = Fault bucket 02023244.

Error - 2009/04/02 04:45:13 PM | Computer Name = CHRISTO-PC | Source = Application Hang | ID = 1002
Description = Hanging application OmniPage.exe, version 10.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2009/04/08 12:27:01 PM | Computer Name = CHRISTO-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module essisc1.dll, version 1.1.1.1, fault address 0x00002c02.

Error - 2009/04/09 02:43:51 PM | Computer Name = CHRISTO-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module essisc1.dll, version 1.1.1.1, fault address 0x00002c02.

[ System Events ]
Error - 2009/03/29 05:29:18 AM | Computer Name = CHRISTO-PC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2009/03/29 05:29:18 AM | Computer Name = CHRISTO-PC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2009/03/29 05:29:18 AM | Computer Name = CHRISTO-PC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2009/03/29 05:29:18 AM | Computer Name = CHRISTO-PC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2009/03/29 05:44:23 AM | Computer Name = CHRISTO-PC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2009/03/29 05:44:23 AM | Computer Name = CHRISTO-PC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 2009/03/29 08:21:00 AM | Computer Name = CHRISTO-PC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2009/03/29 08:21:00 AM | Computer Name = CHRISTO-PC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2009/03/29 08:21:00 AM | Computer Name = CHRISTO-PC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2009/03/29 08:21:00 AM | Computer Name = CHRISTO-PC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 4.0 -- (SmartSoft Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004098A1-0362-4C42-A1C3-CAD436CFF4A1}" = YouTube Downloader Toolbar v1.0
"{068502DA-6979-4D9A-BBE1-C3AD0FF11F19}" = Ulead DVD MovieFactory 3 SE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series" = Canon iP4600 series Printer Driver
"{13d868cf-47e9-4b3d-9366-a0c60f82e5aa}" = Striata Reader
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.4
"{1C0094B0-E0A0-11D2-8E60-000086188D94}" = OmniPage Pro 10.0
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{22019B55-FCD2-400D-BAD8-97C22332611B}" = Photo to Cartoon
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 18
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F1DA6BF-3614-48A1-9970-9E90F646789E}" = Ulead VideoStudio 8.0 SE DVD
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{81D62C32-0984-11D3-86CD-00105AD33021}" = Caere Scan Manager 5.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8B3E6604-B33C-4717-A4EB-217707E7DEEE}" = SmartFTP Client
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95264530-5A22-8E7E-FE9D-D63A927BCAEA}" = Adobe Media Player
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EF4EF65F-4D62-44D7-82C9-1AECCBA74C50}" = Intel(R) PROSet
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"AceFTP 3 Freeware" = AceFTP 3 Freeware
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adolix Split and Merge PDF_is1" = Adolix Split and Merge PDF v2.0
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Any Video Converter_is1" = Any Video Converter 2.7.3
"ArcSoft PhotoImpression 3.0" = ArcSoft PhotoImpression 3.0
"Audacity 1.3 Beta_is1" = Audacity 1.3.7
"AVG9Uninstall" = AVG Free 9.0
"Canon iP4600 series User Registration" = Canon iP4600 series User Registration
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Copy Utility" = Copy Utility
"Crimson Editor 3.72" = Crimson Editor 3.72
"Cucusoft MPEG to DVD Author_is1" = Cucusoft MPEG to DVD Author 1.09
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EPSON Smart Panel" = EPSON Smart Panel
"ffdshow_is1" = ffdshow [rev 2202] [2008-10-10]
"FinePrint 2000" = FinePrint 2000
"Free CD to MP3 Converter" = Free CD to MP3 Converter
"Free DVD Creator (by minidvdsoft)_is1" = Free DVD Creator version 2.0
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"HijackThis" = HijackThis 1.99.1
"iCopy" = iCopy
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InfraRecorder" = InfraRecorder
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"IObitBartoolbar Uninstall" = IObit Toolbar
"IObitCom Toolbar" = IObitCom Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MsJavaVM" = Microsoft VM for Java
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Netscape Communicator 4.79" = Netscape Communicator 4.79
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Personal Ancestral File Companion 5.2" = Personal Ancestral File Companion 5.2
"Photocopier_is1" = Photocopier 3.05
"Photodex Presenter" = Photodex Presenter
"Plaxo" = Plaxo Toolbar for Windows
"PROSet" = Intel(R) PRO Network Connections Drivers
"ProShow Gold" = ProShow Gold
"Registry Mechanic_is1" = Registry Mechanic 9.0
"Smart Defrag_is1" = Smart Defrag
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"Softonic-Eng7 Toolbar" = Softonic-Eng7 Toolbar
"TotalRecorder" = Total Recorder 5.2
"Unlocker" = Unlocker 1.8.7
"Virtual Painter 5 trial (Standalone)" = Virtual Painter 5 trial (Standalone)
"vmntoolbar" = VMN Toolbar
"WavePad" = WavePad Sound Editor
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinX DVD Ripper_is1" = WinX DVD Ripper 4.1.4
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2009/03/30 04:40:47 PM | Computer Name = CHRISTO-PC | Source = Application Hang | ID = 1002
Description = Hanging application proshow.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2009/03/30 04:40:53 PM | Computer Name = CHRISTO-PC | Source = Application Hang | ID = 1002
Description = Hanging application proshow.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2009/03/30 04:41:38 PM | Computer Name = CHRISTO-PC | Source = Application Hang | ID = 1002
Description = Hanging application proshow.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2009/04/02 02:35:21 PM | Computer Name = CHRISTO-PC | Source = Application Error | ID = 1000
Description = Faulting application xocr32b.exe, version 10.0.1.0, faulting module
xocr32b.exe, version 10.0.1.0, fault address 0x000d5b3d.

Error - 2009/04/02 04:34:44 PM | Computer Name = CHRISTO-PC | Source = Application Hang | ID = 1002
Description = Hanging application OmniPage.exe, version 10.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2009/04/02 04:35:58 PM | Computer Name = CHRISTO-PC | Source = Application Hang | ID = 1002
Description = Hanging application OmniPage.exe, version 10.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2009/04/02 04:36:12 PM | Computer Name = CHRISTO-PC | Source = Application Hang | ID = 1001
Description = Fault bucket 02023244.

Error - 2009/04/02 04:45:13 PM | Computer Name = CHRISTO-PC | Source = Application Hang | ID = 1002
Description = Hanging application OmniPage.exe, version 10.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2009/04/08 12:27:01 PM | Computer Name = CHRISTO-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module essisc1.dll, version 1.1.1.1, fault address 0x00002c02.

Error - 2009/04/09 02:43:51 PM | Computer Name = CHRISTO-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module essisc1.dll, version 1.1.1.1, fault address 0x00002c02.

[ System Events ]
Error - 2009/03/29 05:29:18 AM | Computer Name = CHRISTO-PC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2009/03/29 05:29:18 AM | Computer Name = CHRISTO-PC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2009/03/29 05:29:18 AM | Computer Name = CHRISTO-PC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2009/03/29 05:29:18 AM | Computer Name = CHRISTO-PC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2009/03/29 05:44:23 AM | Computer Name = CHRISTO-PC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2009/03/29 05:44:23 AM | Computer Name = CHRISTO-PC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 2009/03/29 08:21:00 AM | Computer Name = CHRISTO-PC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2009/03/29 08:21:00 AM | Computer Name = CHRISTO-PC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2009/03/29 08:21:00 AM | Computer Name = CHRISTO-PC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2009/03/29 08:21:00 AM | Computer Name = CHRISTO-PC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.


< End of report >

Hank5
Novice
Novice

Posts Posts : 21
Joined Joined : 2010-09-17
OS OS : Windows XP
Points Points : 23032
# Likes # Likes : 0

View user profile

Back to top Go down

OTL.Txt file part 1

Post by Hank5 on 17th September 2010, 1:46 pm

The OTL.Txt file is too big for a single posting and I will split it in two. Here is part 1L

OTL logfile created on: 2010/09/17 12:10:09 PM - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Prof Christo\Videos
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

510.00 Mb Total Physical Memory | 144.00 Mb Available Physical Memory | 28.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 25.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 27.53 Gb Free Space | 18.47% Space Free | Partition Type: NTFS
Drive D: | 51.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 970.20 Mb Total Space | 384.35 Mb Free Space | 39.62% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISTO-PC
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/17 07:54:49 | 000,200,704 | ---- | M] () -- C:\WINDOWS\system32\drivers\875.exe
PRC - [2010/09/16 19:44:24 | 000,068,608 | ---- | M] () -- C:\WINDOWS\system32\wuaucldt.exe
PRC - [2010/09/15 17:01:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Prof Christo\Videos\OTL.com
PRC - [2010/08/10 15:10:58 | 002,349,776 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/08/03 20:42:15 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/08/03 20:42:13 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/21 15:43:24 | 000,198,864 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
PRC - [2010/07/21 11:46:22 | 000,020,480 | ---- | M] (IObit) -- C:\Program Files\IObitBar\toolbar\1.bin\i0brmon.exe
PRC - [2010/07/16 12:34:30 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/16 12:34:23 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 12:34:18 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/16 12:34:12 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 12:31:53 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/16 12:31:49 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/15 16:19:46 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/02/19 19:43:34 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2009/10/14 15:43:06 | 003,217,368 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2009/10/01 10:53:04 | 000,403,015 | ---- | M] (Plaxo, Inc.) -- C:\Program Files\Plaxo\3.23.0.11\PlaxoHelper_en.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/25 23:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/05/05 11:41:04 | 000,261,632 | ---- | M] () -- C:\Program Files\Adobe Media Player\Adobe Media Player.exe
PRC - [2009/04/08 18:03:36 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/02/18 21:58:33 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2008/05/02 06:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/18 03:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2005/05/18 22:51:18 | 000,081,920 | ---- | M] (High Criteria inc.) -- C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
PRC - [2004/11/02 20:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2004/02/26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2003/08/06 13:24:20 | 012,037,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2003/05/15 01:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2002/10/23 10:15:08 | 000,086,016 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
PRC - [2002/07/15 16:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2001/12/28 20:48:34 | 000,356,352 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\2\fpdisp4.exe
PRC - [1999/10/14 19:50:46 | 000,053,248 | ---- | M] (Caere Corporation) -- C:\Program Files\Caere\OmniPagePro10.0\OPware32.exe


========== Modules (SafeList) ==========

MOD - [2010/09/15 17:01:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Prof Christo\Videos\OTL.com
MOD - [2010/08/20 03:23:40 | 000,503,096 | ---- | M] (SmartSoft Ltd.) -- C:\Program Files\SmartFTP Client\sfShellTools.dll
MOD - [2010/08/20 02:46:38 | 000,004,096 | ---- | M] (SmartSoft Ltd.) -- C:\Program Files\SmartFTP Client\en-US\sfShellTools.dll.mui
MOD - [2010/07/21 11:46:22 | 000,024,576 | ---- | M] (IObit) -- C:\Program Files\IObitBar\toolbar\1.bin\i0brstub.dll
MOD - [2009/10/01 10:49:26 | 000,043,585 | ---- | M] (Plaxo, Inc.) -- C:\Program Files\Plaxo\3.23.0.11\plx_hook.dll
MOD - [2008/05/02 06:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2008/04/14 05:42:02 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [1999/10/14 19:50:08 | 000,147,456 | ---- | M] (Caere Corporation) -- C:\Program Files\Caere\OmniPagePro10.0\OPHOOK32.dll
MOD - [1999/10/08 04:30:54 | 000,037,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Caere\OmniPagePro10.0\shfolder.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/07/21 11:46:22 | 000,028,766 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObitBar\toolbar\1.bin\i0barsvc.exe -- (IObitBarService)
SRV - [2010/07/16 12:34:12 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/15 16:19:46 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/02/19 19:43:34 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/02/18 21:58:33 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2008/01/22 19:35:52 | 000,103,808 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/07/27 10:41:38 | 000,026,488 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2004/02/26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2002/09/27 11:56:20 | 000,139,264 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- c:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2002/07/15 16:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - [2010/09/17 12:04:38 | 000,098,240 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2010/07/16 12:34:26 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/16 12:31:53 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 08:50:32 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/02/11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 00:16:22 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/14 00:16:22 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/14 00:16:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2002/12/31 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2002/12/31 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 15:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {7757CBCC-0975-4b79-A519-90B142CA3A23} - C:\Program Files\IObitBar\toolbar\1.bin\i0SrcAs.dll (IObit)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\YouTube Downloader Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.za/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.30
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.028
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.2.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.7.2.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/05/12 14:50:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/21 11:37:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\i0ffxtbr@IObitBar.com: C:\Program Files\IObitBar\toolbar\1.bin [2010/07/21 11:46:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/08/20 07:48:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/03 21:05:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/24 10:59:47 | 000,000,000 | ---D | M]

[2009/04/08 18:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/09/17 09:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions
[2010/08/31 12:15:06 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/07/04 10:27:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/31 12:14:58 | 000,000,000 | ---D | M] (Softonic-Eng7 Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2010/07/04 10:27:09 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/08/31 12:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\unplug@compunach
[2010/09/17 09:13:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/01 18:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 18:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 18:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/17 08:26:12 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
[2010/04/01 18:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2002/12/31 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (IObitCom Toolbar) - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof0.dll (Conduit Ltd.)
O2 - BHO: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\YouTube Downloader Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (Toolbar BHO) - {EFA17361-CDC0-4927-9AFC-BAAD1F96B2AE} - C:\Program Files\IObitBar\toolbar\1.bin\i0bar.dll (IObit)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} - C:\Program Files\IObitBar\toolbar\1.bin\i0bar.dll (IObit)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (IObitCom Toolbar) - {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - C:\Program Files\IObitCom\tbIOb1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\tbSof0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (IObit Toolbar) - {EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} - C:\Program Files\IObitBar\toolbar\1.bin\i0bar.dll (IObit)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\system32\spool\drivers\w32x86\2\fpdisp4.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [IObitBar Browser Plugin Loader] C:\Program Files\IObitBar\toolbar\1.bin\i0brmon.exe (IObit)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro10.0\OPware32.exe (Caere Corporation)
O4 - HKLM..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\YouTube Downloader Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [syncman] C:\WINDOWS\system32\wuaucldt.exe ()
O4 - HKLM..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe (High Criteria inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.23.0.11\plaxosystray.exe (Plaxo, Inc.)
O4 - HKCU..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.23.0.11\PlaxoHelper_en.exe (Plaxo, Inc.)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKCU..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [syncman] c:\Documents and Settings\Administrator\wuaucldt.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/18 16:03:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/09/15 21:15:59 | 000,000,029 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{15671e44-13f0-11df-b496-000347f75211}\Shell\verb1\command - "" = F:\desktop.exe -- File not found
O33 - MountPoints2\{2b177124-fdcd-11dd-9ea7-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{2b177124-fdcd-11dd-9ea7-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2b177124-fdcd-11dd-9ea7-806d6172696f}\Shell\AutoRun\command - "" = D:\Ierland2010.exe -- [2010/09/16 10:27:03 | 053,592,102 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/17 11:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ElevatedDiagnostics
[2010/09/17 10:17:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/09/17 10:17:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/09/17 08:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/09/17 07:48:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/09/16 19:47:41 | 000,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/09/14 09:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2010/09/12 21:27:48 | 000,000,000 | ---D | C] -- C:\Ireland_my_fotos
[2010/08/31 13:54:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SmartFTP
[2010/08/31 13:53:47 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client
[2010/08/31 13:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client 4.0 Setup Files
[2010/08/25 16:38:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IsolatedStorage
[2010/08/25 16:37:55 | 000,000,000 | ---D | C] -- C:\Program Files\Swf2Avi
[2010/08/25 16:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\flash-swf-converter
[2010/08/25 16:08:34 | 000,139,264 | ---- | C] (http://www.xvid.org) -- C:\WINDOWS\System32\xvid.ax
[2010/08/22 12:02:58 | 000,000,000 | ---D | C] -- C:\Hilda_8jaar
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/17 12:05:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/09/17 12:04:38 | 000,098,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\cdrom.sys
[2010/09/17 12:04:26 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2003.lnk
[2010/09/17 11:51:21 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\trnlpbn.sys
[2010/09/17 11:44:24 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/17 11:33:14 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/17 11:27:55 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Outlook 2003.lnk
[2010/09/17 08:35:21 | 064,716,527 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/09/17 08:33:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/17 08:18:35 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/09/17 07:54:58 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/09/17 07:54:49 | 000,200,704 | ---- | M] () -- C:\WINDOWS\System32\cooper.mine
[2010/09/17 07:54:49 | 000,200,704 | ---- | M] () -- C:\WINDOWS\System32\drivers\875.exe
[2010/09/17 07:49:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/17 07:47:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/17 07:47:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/16 23:44:45 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/09/16 23:44:24 | 044,975,690 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/09/16 23:42:51 | 000,002,622 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20100916_234219.reg
[2010/09/16 23:39:43 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2010/09/16 19:47:18 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\Administrator\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010/09/16 19:44:24 | 000,068,608 | ---- | M] () -- C:\WINDOWS\System32\wuaucldt.exe
[2010/09/16 19:44:24 | 000,068,608 | ---- | M] () -- C:\Documents and Settings\Administrator\wuaucldt.exe
[2010/09/16 19:44:06 | 000,000,010 | ---- | M] () -- C:\WINDOWS\System32\kr_done1
[2010/09/16 13:15:50 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Survey about the cultural heritage left by the Huguenots in South Africa (2).doc
[2010/09/16 11:16:54 | 008,564,736 | ---- | M] () -- C:\Documents and Settings\Administrator\s-1-5-21-861567501-1935655697-839522115-500.rrr
[2010/09/15 16:28:25 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 8.lnk
[2010/09/14 17:26:29 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Publisher 2003.lnk
[2010/09/13 20:29:06 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Viljoen eposadresse.doc
[2010/09/12 23:37:34 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/09/12 21:45:15 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Hanafax.doc
[2010/09/12 18:46:30 | 000,035,755 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/08/31 15:38:38 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/31 15:04:31 | 000,002,225 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SmartFTP Client.lnk
[2010/08/31 15:04:28 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Settings.cfg
[2010/08/31 12:06:03 | 000,007,593 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Hugen_Ver_epos.pdf
[2010/08/31 10:33:32 | 000,569,856 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Hugenote_voorligtingKS.pub
[2010/08/30 15:23:58 | 000,000,336 | ---- | M] () -- C:\WINDOWS\cedt.INI
[2010/08/30 14:35:07 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Hugen_ver_jaarverslag2009_10_Eng.doc
[2010/08/30 14:24:19 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Hugen_ver_jaarverslag2009_10_Afr.doc
[2010/08/30 10:24:22 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\5th International Huguenot Congress.doc
[2010/08/30 09:23:20 | 000,102,140 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\jngs-information.pdf
[2010/08/26 10:41:43 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Hugen_ver_jaarverslag2009_10.doc
[2010/08/25 16:37:43 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/08/25 16:22:19 | 000,000,067 | ---- | M] () -- C:\WINDOWS\swf2avi.INI
[2010/08/24 12:23:45 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag.lnk
[2010/08/24 10:59:48 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/21 13:59:13 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Genealogiese_navraagvorm_Botes.doc
[2010/08/21 13:15:05 | 000,324,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/21 09:51:06 | 000,505,784 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/21 09:51:06 | 000,444,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/21 09:51:06 | 000,072,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/20 17:24:43 | 000,099,328 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Nuclear Power.doc
[2010/08/19 20:08:27 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DieBurger_mediatribunaalL.doc
[2010/08/18 12:34:36 | 000,064,603 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\GISA-verteenwoordigerHVvSA.pdf
[2010/08/18 12:33:43 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Hugenote_briefhoof.doc
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/17 11:51:21 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\trnlpbn.sys
[2010/09/17 07:54:58 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\nmklo.dll
[2010/09/17 07:54:49 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\875.exe
[2010/09/16 23:42:26 | 000,002,622 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20100916_234219.reg
[2010/09/16 22:49:57 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\406.exe
[2010/09/16 19:47:38 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\cooper.mine
[2010/09/16 19:47:34 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\203.exe
[2010/09/16 19:47:18 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\Administrator\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010/09/16 19:44:24 | 000,068,608 | ---- | C] () -- C:\WINDOWS\System32\wuaucldt.exe
[2010/09/16 19:44:24 | 000,068,608 | ---- | C] () -- C:\Documents and Settings\Administrator\wuaucldt.exe
[2010/09/16 19:44:06 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\kr_done1
[2010/09/16 16:32:37 | 000,000,282 | ---- | C] () -- C:\Documents and Settings\Administrator\proshow-burn.log
[2010/09/16 13:15:47 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Survey about the cultural heritage left by the Huguenots in South Africa (2).doc
[2010/08/31 13:53:50 | 000,002,225 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SmartFTP Client.lnk
[2010/08/31 12:05:55 | 000,007,593 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Hugen_Ver_epos.pdf
[2010/08/30 10:21:08 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\5th International Huguenot Congress.doc
[2010/08/29 10:37:49 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Hugen_ver_jaarverslag2009_10_Eng.doc
[2010/08/29 10:19:14 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Hugen_ver_jaarverslag2009_10_Afr.doc
[2010/08/26 10:11:04 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Hugen_ver_jaarverslag2009_10.doc
[2010/08/25 16:37:43 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/08/25 16:08:50 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swf2avi.INI
[2010/08/25 16:08:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/08/24 12:23:58 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/08/21 13:59:13 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Genealogiese_navraagvorm_Botes.doc
[2010/08/20 17:24:43 | 000,099,328 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Nuclear Power.doc
[2010/08/19 17:46:17 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DieBurger_mediatribunaalL.doc
[2010/08/18 12:34:22 | 000,064,603 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\GISA-verteenwoordigerHVvSA.pdf
[2010/07/29 12:12:44 | 000,000,062 | ---- | C] () -- C:\WINDOWS\pcvcdbr.INI
[2010/07/29 12:12:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcvcdvw.INI
[2010/03/15 18:15:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/02/28 08:53:30 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/28 08:53:30 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/02/10 19:32:57 | 000,000,877 | ---- | C] () -- C:\WINDOWS\_ISENV31.INI
[2010/02/03 22:34:33 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/02/01 21:51:22 | 001,208,320 | ---- | C] () -- C:\WINDOWS\System32\cygxml2-2.dll
[2010/02/01 21:51:21 | 000,980,992 | ---- | C] () -- C:\WINDOWS\System32\cygiconv-2.dll
[2010/02/01 21:51:21 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2010/01/13 18:57:44 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini
[2010/01/13 18:57:44 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini
[2010/01/13 18:57:44 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2010/01/13 18:57:43 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2010/01/13 18:22:18 | 000,001,284 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2009/11/05 13:32:58 | 000,210,944 | ---- | C] () -- C:\WINDOWS\MSVCRT10.DLL
[2009/09/24 13:54:10 | 000,000,223 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2009/08/24 15:38:41 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Settings.cfg
[2009/08/24 13:41:48 | 000,000,336 | ---- | C] () -- C:\WINDOWS\cedt.INI
[2009/06/23 22:51:23 | 000,001,028 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\WavCodec.wff
[2009/05/03 22:58:29 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/05/03 22:58:29 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2009/03/30 17:36:12 | 000,000,500 | ---- | C] () -- C:\WINDOWS\Maxlink.ini
[2009/02/24 19:29:33 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/18 21:17:59 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2009/02/18 18:23:48 | 000,000,334 | ---- | C] () -- C:\WINDOWS\FzipFT.INI
[2009/02/18 18:10:29 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/18 18:10:26 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/18 17:47:20 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009/02/18 16:58:08 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2009/02/18 16:29:25 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/18 15:34:16 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/31 14:00:00 | 000,098,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\cdrom.sys
[1998/06/24 00:00:00 | 000,016,656 | ---- | C] () -- C:\WINDOWS\System32\DBMSSHRN.DLL
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/05/18 00:00:00 | 000,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/04/24 00:00:00 | 000,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 05:42:02 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/02/18 17:44:35 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/02/18 17:44:35 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/02/18 17:44:34 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2002/12/31 14:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2002/12/31 14:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2002/12/31 14:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2002/12/31 14:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2002/12/31 14:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2002/12/31 14:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2002/12/31 14:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2002/12/31 14:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2002/12/31 14:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2002/12/31 14:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2002/12/31 14:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2002/12/31 14:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2002/12/31 14:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2002/12/31 14:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2002/12/31 14:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/14 00:15:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/06/23 15:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/14 05:41:50 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/14 05:41:50 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/14 05:41:50 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/14 05:41:50 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/14 05:41:50 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/14 05:41:50 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/14 05:41:50 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/14 05:41:52 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/14 05:41:52 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/14 05:41:52 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/14 05:41:52 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/14 05:41:52 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/14 05:41:52 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/14 05:42:06 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/14 05:42:10 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >
[2010/09/17 07:54:49 | 000,200,704 | ---- | M] () -- C:\WINDOWS\system32\drivers\875.exe

< %SYSTEMDRIVE%\*.* >
[2003/06/19 12:05:04 | 000,150,528 | RHS- | M] () -- C:\arcldr.exe
[2003/06/19 12:05:04 | 000,163,840 | RHS- | M] () -- C:\arcsetup.exe
[2009/02/18 16:03:26 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/02/18 15:56:54 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2002/07/13 16:51:56 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2009/09/18 09:26:49 | 002,909,909 | ---- | M] () -- C:\HTAccessGuide.pdf
[2009/02/18 16:03:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/02/18 16:03:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2002/12/31 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/02/18 15:39:45 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/17 07:47:44 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2009/02/18 09:21:07 | 000,005,120 | -HS- | M] () -- C:\Thumbs.db
[2009/09/22 09:40:45 | 000,013,102 | ---- | M] () -- C:\viljoen.gif

< %PROGRAMFILES%\*. >
[2009/05/14 10:21:55 | 000,000,000 | ---D | M] -- C:\Program Files\ WMA to MP3 Converter
[2010/02/08 20:47:25 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2010/06/22 14:03:56 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/05/05 11:41:18 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2010/06/01 15:07:22 | 000,000,000 | ---D | M] -- C:\Program Files\Adolix
[2009/12/04 11:30:59 | 000,000,000 | ---D | M] -- C:\Program Files\Advanced WindowsCare V2
[2009/02/23 20:16:18 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2009/02/18 15:34:16 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2009/06/20 20:57:01 | 000,000,000 | ---D | M] -- C:\Program Files\Any Video Converter
[2010/02/14 23:05:04 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/04/22 15:36:47 | 000,000,000 | ---D | M] -- C:\Program Files\Application Updater
[2009/02/18 17:47:13 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2009/08/29 19:01:30 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2009/11/24 10:12:45 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity 1.3 Beta
[2010/03/11 18:27:28 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/03/30 17:35:39 | 000,000,000 | ---D | M] -- C:\Program Files\Caere
[2009/04/21 14:53:07 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2009/04/21 14:13:31 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2009/09/09 17:41:21 | 000,000,000 | ---D | M] -- C:\Program Files\Caricature Software
[2010/09/16 23:39:40 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/08/24 16:57:32 | 000,000,000 | ---D | M] -- C:\Program Files\CD to MP3 Freeware
[2010/03/15 16:18:36 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/02/18 15:59:16 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/01/20 20:45:26 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2010/02/01 21:51:21 | 000,000,000 | ---D | M] -- C:\Program Files\Cucusoft
[2009/02/18 16:58:23 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009/02/18 16:59:23 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink DVD Solution
[2009/10/17 16:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\Digiarty
[2009/02/18 21:00:13 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Decrypter
[2009/02/18 21:45:03 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Shrink
[2009/08/24 11:04:35 | 000,000,000 | ---D | M] -- C:\Program Files\Emerald Editor Community
[2010/01/13 18:45:33 | 000,000,000 | ---D | M] -- C:\Program Files\EPSON
[2009/02/18 18:19:07 | 000,000,000 | ---D | M] -- C:\Program Files\FamilySearch
[2010/02/28 08:53:30 | 000,000,000 | ---D | M] -- C:\Program Files\ffdshow
[2009/02/18 22:33:48 | 000,000,000 | ---D | M] -- C:\Program Files\Finereader
[2010/08/27 18:14:40 | 000,000,000 | ---D | M] -- C:\Program Files\Free DVD Creator
[2010/02/03 13:11:36 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/02/18 22:59:49 | 000,000,000 | ---D | M] -- C:\Program Files\HighCriteria
[2009/12/04 11:31:03 | 000,000,000 | ---D | M] -- C:\Program Files\HijackThis
[2010/08/10 14:17:11 | 000,000,000 | ---D | M] -- C:\Program Files\Hp
[2009/11/15 13:50:43 | 000,000,000 | ---D | M] -- C:\Program Files\iCopy
[2009/02/22 19:56:29 | 000,000,000 | ---D | M] -- C:\Program Files\InfraRecorder
[2010/08/10 12:36:06 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/02/18 14:40:43 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/08/26 10:57:12 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/11/17 11:43:15 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2010/07/21 11:46:21 | 000,000,000 | ---D | M] -- C:\Program Files\IObitBar
[2010/08/24 16:57:32 | 000,000,000 | ---D | M] -- C:\Program Files\IObitCom
[2009/01/24 12:05:14 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2010/01/20 19:24:25 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/05/31 22:12:11 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/20 07:48:57 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2010/08/27 18:14:41 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/02/18 16:28:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/02/18 16:11:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/02/18 16:03:47 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/08/01 13:07:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/03/26 13:06:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/02/18 16:27:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/02/18 16:27:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/21 09:42:41 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/09/17 09:22:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/02/18 16:07:45 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/08/01 13:06:22 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/02/18 15:58:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/02/18 15:58:51 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/06/04 10:43:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/06/20 20:54:21 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2009/02/18 21:02:00 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Swift Sound
[2009/02/18 15:42:07 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/09/24 11:30:06 | 000,000,000 | ---D | M] -- C:\Program Files\Netscape
[2009/02/18 16:01:37 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/05/21 12:20:55 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/01/27 16:53:47 | 000,000,000 | ---D | M] -- C:\Program Files\Photocopier
[2009/02/18 21:58:25 | 000,000,000 | ---D | M] -- C:\Program Files\Photodex
[2009/02/18 21:58:41 | 000,000,000 | ---D | M] -- C:\Program Files\Photodex Presenter
[2010/09/17 07:48:05 | 000,000,000 | ---D | M] -- C:\Program Files\Plaxo
[2010/02/14 23:06:34 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/08/21 13:28:24 | 000,000,000 | ---D | M] -- C:\Program Files\RadarSyncPcupz
[2009/02/18 16:07:36 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/09/17 11:33:49 | 000,000,000 | ---D | M] -- C:\Program Files\Registry Mechanic
[2009/05/28 16:37:29 | 000,000,000 | ---D | M] -- C:\Program Files\Seagate
[2009/02/18 14:36:43 | 000,000,000 | ---D | M] -- C:\Program Files\SigmaTel
[2010/01/25 08:23:09 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/08/31 13:53:50 | 000,000,000 | ---D | M] -- C:\Program Files\SmartFTP Client
[2010/08/31 13:53:22 | 000,000,000 | ---D | M] -- C:\Program Files\SmartFTP Client 4.0 Setup Files
[2010/09/06 20:17:55 | 000,000,000 | ---D | M] -- C:\Program Files\Softonic-Eng7
[2010/08/26 20:42:17 | 000,000,000 | ---D | M] -- C:\Program Files\Swf2Avi
[2009/02/18 18:34:09 | 000,000,000 | ---D | M] -- C:\Program Files\Ulead Systems
[2009/02/18 16:08:59 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/05/07 11:24:51 | 000,000,000 | ---D | M] -- C:\Program Files\Unlocker
[2009/08/24 15:38:10 | 000,000,000 | ---D | M] -- C:\Program Files\Visicom Media
[2010/08/27 18:14:42 | 000,000,000 | ---D | M] -- C:\Program Files\vmntoolbar
[2010/08/27 18:14:42 | 000,000,000 | ---D | M] -- C:\Program Files\vp5eTrial
[2010/03/26 13:07:53 | 000,000,000 | ---D | M] -- C:\Program Files\Web Publish
[2009/12/04 11:32:04 | 000,000,000 | ---D | M] -- C:\Program Files\Webexe
[2009/02/18 18:30:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Components
[2010/08/27 18:14:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/02/18 16:11:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/02/18 15:42:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/02/18 16:01:40 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/02/16 22:48:09 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/02/18 16:03:47 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/08/27 18:14:44 | 000,000,000 | ---D | M] -- C:\Program Files\YouTube Downloader
[2010/09/17 11:51:00 | 000,000,000 | ---D | M] -- C:\Program Files\YouTube Downloader Toolbar

End of part 1; to be continued

Hank5
Novice
Novice

Posts Posts : 21
Joined Joined : 2010-09-17
OS OS : Windows XP
Points Points : 23032
# Likes # Likes : 0

View user profile

Back to top Go down

OTL.Txt lof part 2 (continued from part 1)

Post by Hank5 on 17th September 2010, 1:51 pm

OTL.Txt log continued from part 1:

< %appdata%\*.* >
[2007/02/18 17:46:26 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2010/08/31 15:04:28 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Settings.cfg
[2009/09/04 14:37:19 | 000,001,028 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\WavCodec.wff


< MD5 for: AGP440.SYS >
[2003/06/19 12:05:04 | 006,553,075 | ---- | M] () .cab file -- C:\found.000\dir0080.chk\sp4.cab:AGP440.sys
[2002/12/31 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2003/06/19 12:05:04 | 000,021,008 | ---- | M] (Microsoft Corporation) MD5=CDDB71A90077C93BEA5C72507F0B1394 -- C:\found.000\dir0080.chk\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/06/19 12:05:04 | 006,553,075 | ---- | M] () .cab file -- C:\found.000\dir0080.chk\sp4.cab:atapi.sys
[2002/12/31 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2003/06/19 12:05:04 | 000,086,672 | ---- | M] () MD5=A68AA0F88A0194136134B68B5A70B6B4 -- C:\found.000\dir0080.chk\atapi.sys
[2002/12/31 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2003/06/19 12:05:04 | 006,553,075 | ---- | M] () .cab file -- C:\found.000\dir0080.chk\sp4.cab:disk.sys
[2002/12/31 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2002/12/31 14:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2003/06/19 12:05:04 | 000,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\found.000\dir0080.chk\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2002/12/31 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2005/04/08 04:54:32 | 000,049,424 | ---- | M] (Microsoft Corporation) MD5=90A39AE9E694C6181FC1160F4CAB224A -- C:\found.000\dir0001.chk\EVENTLOG.DLL
[2004/03/24 04:17:01 | 000,047,888 | ---- | M] (Microsoft Corporation) MD5=CEB85BFA135CBDDA10C89E5D31D95F9B -- C:\found.000\dir0987.chk\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2001/05/08 14:00:00 | 000,366,352 | ---- | M] (Microsoft Corporation) MD5=00DD48E937136AE9D5195441632F3CEC -- C:\found.000\dir0000.chk\$NtUninstallKB835732$\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2003/06/19 12:05:04 | 000,371,984 | ---- | M] () MD5=625B201F674AF8F9480D933384CE9FE5 -- C:\found.000\dir0080.chk\netlogon.dll
[2004/03/24 04:17:01 | 000,371,472 | ---- | M] () MD5=88D3C504C1215EDBEBED5CF4AABB580D -- C:\found.000\dir0987.chk\netlogon.dll
[2002/12/31 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2003/06/19 12:05:04 | 000,114,448 | ---- | M] () MD5=0B685D3F8F3308CA568BB93DD09BE186 -- C:\found.000\dir0080.chk\scecli.dll
[2002/12/31 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
[2005/01/12 12:39:44 | 000,114,448 | ---- | M] () MD5=DD1689BFF8E12A218F86F4573655B8C4 -- C:\found.000\dir0001.chk\scecli.dll

< MD5 for: USBSTOR.SYS >
[2003/06/19 12:05:04 | 006,553,075 | ---- | M] () .cab file -- C:\found.000\dir0080.chk\sp4.cab:usbstor.sys
[2002/12/31 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2003/06/19 12:05:04 | 000,021,552 | ---- | M] (Microsoft Corporation) MD5=13EBA8A2DA3447FE7F217E34210AC554 -- C:\found.000\dir0080.chk\usbstor.sys
[2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\USBSTOR.SYS
[2003/06/19 12:05:04 | 000,021,552 | ---- | M] () MD5=F54D792963A0CCE3CD650C1749F246E2 -- C:\found.000\dir0003.chk\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-26 08:57:27

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Administrator\My Documents\Taalbeleid.pdf:SummaryInformation
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
[2010/09/17 12:40:40 | 000,028,672 | -H-- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2010/09/17 12:33:08 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/17 12:26:54 | 000,098,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\cdrom.sys
[2010/09/17 12:05:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/09/17 12:04:26 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2003.lnk
[2010/09/17 11:51:21 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\trnlpbn.sys
[2010/09/17 11:51:00 | 000,000,000 | ---D | M] -- C:\Program Files\YouTube Downloader Toolbar
[2010/09/17 11:44:24 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/17 11:40:05 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Recent
[2010/09/17 11:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/17 11:33:49 | 000,000,000 | ---D | M] -- C:\Program Files\Registry Mechanic
[2010/09/17 11:27:55 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Outlook 2003.lnk
[2010/09/17 11:24:54 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2010/09/17 11:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ElevatedDiagnostics
[2010/09/17 09:22:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/09/17 08:35:21 | 064,716,527 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/09/17 08:33:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/17 08:18:35 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/09/17 08:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/09/17 08:13:44 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2010/09/17 07:54:58 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/09/17 07:54:49 | 000,200,704 | ---- | M] () -- C:\WINDOWS\System32\cooper.mine
[2010/09/17 07:54:49 | 000,200,704 | ---- | M] () -- C:\WINDOWS\System32\drivers\875.exe
[2010/09/17 07:49:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/17 07:48:05 | 000,000,000 | ---D | M] -- C:\Program Files\Plaxo
[2010/09/17 07:47:57 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Administrator\Cookies
[2010/09/17 07:47:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/17 07:47:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/16 23:44:45 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/09/16 23:44:24 | 044,975,690 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/09/16 23:42:51 | 000,002,622 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20100916_234219.reg
[2010/09/16 23:42:26 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Administrator\My Documents
[2010/09/16 23:39:43 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2010/09/16 23:39:40 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/09/16 19:47:18 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\Administrator\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010/09/16 19:44:24 | 000,068,608 | ---- | M] () -- C:\WINDOWS\System32\wuaucldt.exe
[2010/09/16 19:44:24 | 000,068,608 | ---- | M] () -- C:\Documents and Settings\Administrator\wuaucldt.exe
[2010/09/16 19:44:06 | 000,000,010 | ---- | M] () -- C:\WINDOWS\System32\kr_done1
[2010/09/16 16:32:37 | 000,000,282 | ---- | M] () -- C:\Documents and Settings\Administrator\proshow-burn.log
[2010/09/16 13:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Any Video Converter
[2010/09/16 13:15:50 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Survey about the cultural heritage left by the Huguenots in South Africa (2).doc
[2010/09/16 11:16:54 | 008,564,736 | ---- | M] () -- C:\Documents and Settings\Administrator\s-1-5-21-861567501-1935655697-839522115-500.rrr
[2010/09/15 16:28:25 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 8.lnk
[2010/09/14 17:26:29 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Publisher 2003.lnk
[2010/09/14 09:44:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2010/09/14 09:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2010/09/13 23:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\vmntoolbar
[2010/09/13 22:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Desktop
[2010/09/13 20:29:06 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Viljoen eposadresse.doc
[2010/09/12 23:37:34 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/09/12 21:45:15 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Hanafax.doc
[2010/09/12 18:46:30 | 000,035,755 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/09/06 20:17:55 | 000,000,000 | ---D | M] -- C:\Program Files\Softonic-Eng7
[2010/08/31 15:56:21 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Administrator\Favorites
[2010/08/31 15:38:38 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/31 15:04:31 | 000,002,225 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SmartFTP Client.lnk
[2010/08/31 15:04:28 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Settings.cfg
[2010/08/31 15:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sites
[2010/08/31 13:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SmartFTP
[2010/08/31 13:53:50 | 000,000,000 | ---D | M] -- C:\Program Files\SmartFTP Client
[2010/08/31 13:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop
[2010/08/31 13:53:22 | 000,000,000 | ---D | M] -- C:\Program Files\SmartFTP Client 4.0 Setup Files
[2010/08/31 12:06:03 | 000,007,593 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Hugen_Ver_epos.pdf
[2010/08/31 10:33:32 | 000,569,856 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Hugenote_voorligtingKS.pub
[2010/08/30 15:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SiteClasses
[2010/08/30 15:23:58 | 000,000,336 | ---- | M] () -- C:\WINDOWS\cedt.INI
[2010/08/30 14:35:07 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Hugen_ver_jaarverslag2009_10_Eng.doc
[2010/08/30 14:24:19 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Hugen_ver_jaarverslag2009_10_Afr.doc
[2010/08/30 10:24:22 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\5th International Huguenot Congress.doc
[2010/08/30 09:23:20 | 000,102,140 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\jngs-information.pdf
[2010/08/28 16:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2010/08/28 11:31:46 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Adobe AIR
[2010/08/27 18:14:44 | 000,000,000 | ---D | M] -- C:\Program Files\YouTube Downloader
[2010/08/27 18:14:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/08/27 18:14:42 | 000,000,000 | ---D | M] -- C:\Program Files\vp5eTrial
[2010/08/27 18:14:42 | 000,000,000 | ---D | M] -- C:\Program Files\vmntoolbar
[2010/08/27 18:14:41 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/08/27 18:14:40 | 000,000,000 | ---D | M] -- C:\Program Files\Free DVD Creator
[2010/08/26 20:42:17 | 000,000,000 | ---D | M] -- C:\Program Files\Swf2Avi
[2010/08/26 18:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2010/08/26 10:57:12 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/08/26 10:41:43 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Hugen_ver_jaarverslag2009_10.doc
[2010/08/25 16:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IsolatedStorage
[2010/08/25 16:37:43 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/08/25 16:22:19 | 000,000,067 | ---- | M] () -- C:\WINDOWS\swf2avi.INI
[2010/08/25 15:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HpUpdate
[2010/08/24 20:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Plaxo
[2010/08/24 16:57:32 | 000,000,000 | ---D | M] -- C:\Program Files\IObitCom
[2010/08/24 16:57:32 | 000,000,000 | ---D | M] -- C:\Program Files\CD to MP3 Freeware
[2010/08/24 16:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2010/08/24 12:23:45 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag.lnk
[2010/08/24 10:59:48 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/23 21:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Skype
[2010/08/22 22:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\.dvdcss
[2010/08/21 13:59:13 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Genealogiese_navraagvorm_Botes.doc
[2010/08/21 13:15:05 | 000,324,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/21 09:51:06 | 000,505,784 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/21 09:51:06 | 000,444,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/21 09:51:06 | 000,072,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/21 09:42:41 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/08/20 17:24:43 | 000,099,328 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Nuclear Power.doc
[2010/08/20 07:48:57 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2010/08/19 20:08:27 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DieBurger_mediatribunaalL.doc
[2010/08/18 16:34:42 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Administrator\Start Menu
[2010/04/29 14:05:49 | 000,096,504 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/04 14:37:19 | 000,001,028 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\WavCodec.wff
[2007/02/18 17:46:26 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2007/02/18 17:46:26 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2004/10/01 15:00:16 | 000,040,960 | ---- | M] () -- C:\Program Files\Uninstall_CDS.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/17 12:33:08 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/17 12:26:54 | 000,098,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\cdrom.sys
[2010/09/17 12:05:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/09/17 12:04:26 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2003.lnk
[2010/09/17 11:51:21 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\trnlpbn.sys
[2010/09/17 11:44:24 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/17 11:27:55 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Outlook 2003.lnk
[2010/09/17 08:35:21 | 064,716,527 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/09/17 08:33:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/17 08:18:35 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/09/17 07:54:58 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/09/17 07:54:49 | 000,200,704 | ---- | M] () -- C:\WINDOWS\System32\cooper.mine
[2010/09/17 07:54:49 | 000,200,704 | ---- | M] () -- C:\WINDOWS\System32\drivers\875.exe
[2010/09/17 07:49:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/17 07:47:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/17 07:47:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/16 23:44:45 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/09/16 23:44:24 | 044,975,690 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/09/16 23:42:51 | 000,002,622 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20100916_234219.reg
[2010/09/16 23:39:43 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2010/09/16 19:47:18 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\Administrator\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010/09/16 19:44:24 | 000,068,608 | ---- | M] () -- C:\WINDOWS\System32\wuaucldt.exe
[2010/09/16 19:44:24 | 000,068,608 | ---- | M] () -- C:\Documents and Settings\Administrator\wuaucldt.exe
[2010/09/16 19:44:06 | 000,000,010 | ---- | M] () -- C:\WINDOWS\System32\kr_done1
[2010/09/16 13:15:50 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Survey about the cultural heritage left by the Huguenots in South Africa (2).doc
[2010/09/16 11:16:54 | 008,564,736 | ---- | M] () -- C:\Documents and Settings\Administrator\s-1-5-21-861567501-1935655697-839522115-500.rrr
[2010/09/15 16:28:25 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 8.lnk
[2010/09/14 17:26:29 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Publisher 2003.lnk
[2010/09/13 20:29:06 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Viljoen eposadresse.doc
[2010/09/12 23:37:34 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/09/12 21:45:15 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Hanafax.doc
[2010/09/12 18:46:30 | 000,035,755 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/08/31 15:38:38 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/31 15:04:31 | 000,002,225 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SmartFTP Client.lnk
[2010/08/31 15:04:28 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Settings.cfg
[2010/08/31 12:06:03 | 000,007,593 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Hugen_Ver_epos.pdf
[2010/08/31 10:33:32 | 000,569,856 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Hugenote_voorligtingKS.pub
[2010/08/30 15:23:58 | 000,000,336 | ---- | M] () -- C:\WINDOWS\cedt.INI
[2010/08/30 14:35:07 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Hugen_ver_jaarverslag2009_10_Eng.doc
[2010/08/30 14:24:19 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Hugen_ver_jaarverslag2009_10_Afr.doc
[2010/08/30 10:24:22 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\5th International Huguenot Congress.doc
[2010/08/30 09:23:20 | 000,102,140 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\jngs-information.pdf
[2010/08/26 10:41:43 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Hugen_ver_jaarverslag2009_10.doc
[2010/08/25 16:37:43 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/08/25 16:22:19 | 000,000,067 | ---- | M] () -- C:\WINDOWS\swf2avi.INI
[2010/08/24 12:23:45 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag.lnk
[2010/08/24 10:59:48 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/21 13:59:13 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Genealogiese_navraagvorm_Botes.doc
[2010/08/21 13:15:05 | 000,324,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/21 09:51:06 | 000,505,784 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/21 09:51:06 | 000,444,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/21 09:51:06 | 000,072,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/20 17:24:43 | 000,099,328 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Nuclear Power.doc
[2010/08/19 20:08:27 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DieBurger_mediatribunaalL.doc
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 05:42:02 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/02/18 17:44:35 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/02/18 17:44:35 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/02/18 17:44:34 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2002/12/31 14:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2002/12/31 14:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2002/12/31 14:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2002/12/31 14:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2002/12/31 14:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2002/12/31 14:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2002/12/31 14:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2002/12/31 14:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2002/12/31 14:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2002/12/31 14:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2002/12/31 14:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2002/12/31 14:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2002/12/31 14:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2002/12/31 14:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2002/12/31 14:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/14 00:15:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/06/23 15:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/14 05:41:50 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/14 05:41:50 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/14 05:41:50 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/14 05:41:50 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/14 05:41:50 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/14 05:41:50 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/14 05:41:50 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/14 05:41:52 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/14 05:41:52 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/14 05:41:52 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/14 05:41:52 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/14 05:41:52 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/14 05:41:52 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/14 05:42:06 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/14 05:42:10 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >
[2010/09/17 07:54:49 | 000,200,704 | ---- | M] () -- C:\WINDOWS\system32\drivers\875.exe

< %SYSTEMDRIVE%\*.* >
[2003/06/19 12:05:04 | 000,150,528 | RHS- | M] () -- C:\arcldr.exe
[2003/06/19 12:05:04 | 000,163,840 | RHS- | M] () -- C:\arcsetup.exe
[2009/02/18 16:03:26 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/02/18 15:56:54 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2002/07/13 16:51:56 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2009/09/18 09:26:49 | 002,909,909 | ---- | M] () -- C:\HTAccessGuide.pdf
[2009/02/18 16:03:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/02/18 16:03:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2002/12/31 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/02/18 15:39:45 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/17 07:47:44 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2009/02/18 09:21:07 | 000,005,120 | -HS- | M] () -- C:\Thumbs.db
[2009/09/22 09:40:45 | 000,013,102 | ---- | M] () -- C:\viljoen.gif

< %PROGRAMFILES%\*. >
[2009/05/14 10:21:55 | 000,000,000 | ---D | M] -- C:\Program Files\ WMA to MP3 Converter
[2010/02/08 20:47:25 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2010/06/22 14:03:56 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/05/05 11:41:18 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2010/06/01 15:07:22 | 000,000,000 | ---D | M] -- C:\Program Files\Adolix
[2009/12/04 11:30:59 | 000,000,000 | ---D | M] -- C:\Program Files\Advanced WindowsCare V2
[2009/02/23 20:16:18 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2009/02/18 15:34:16 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2009/06/20 20:57:01 | 000,000,000 | ---D | M] -- C:\Program Files\Any Video Converter
[2010/02/14 23:05:04 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/04/22 15:36:47 | 000,000,000 | ---D | M] -- C:\Program Files\Application Updater
[2009/02/18 17:47:13 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2009/08/29 19:01:30 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2009/11/24 10:12:45 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity 1.3 Beta
[2010/03/11 18:27:28 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/03/30 17:35:39 | 000,000,000 | ---D | M] -- C:\Program Files\Caere
[2009/04/21 14:53:07 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2009/04/21 14:13:31 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2009/09/09 17:41:21 | 000,000,000 | ---D | M] -- C:\Program Files\Caricature Software
[2010/09/16 23:39:40 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/08/24 16:57:32 | 000,000,000 | ---D | M] -- C:\Program Files\CD to MP3 Freeware
[2010/03/15 16:18:36 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/02/18 15:59:16 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/01/20 20:45:26 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2010/02/01 21:51:21 | 000,000,000 | ---D | M] -- C:\Program Files\Cucusoft
[2009/02/18 16:58:23 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009/02/18 16:59:23 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink DVD Solution
[2009/10/17 16:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\Digiarty
[2009/02/18 21:00:13 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Decrypter
[2009/02/18 21:45:03 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Shrink
[2009/08/24 11:04:35 | 000,000,000 | ---D | M] -- C:\Program Files\Emerald Editor Community
[2010/01/13 18:45:33 | 000,000,000 | ---D | M] -- C:\Program Files\EPSON
[2009/02/18 18:19:07 | 000,000,000 | ---D | M] -- C:\Program Files\FamilySearch
[2010/02/28 08:53:30 | 000,000,000 | ---D | M] -- C:\Program Files\ffdshow
[2009/02/18 22:33:48 | 000,000,000 | ---D | M] -- C:\Program Files\Finereader
[2010/08/27 18:14:40 | 000,000,000 | ---D | M] -- C:\Program Files\Free DVD Creator
[2010/02/03 13:11:36 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/02/18 22:59:49 | 000,000,000 | ---D | M] -- C:\Program Files\HighCriteria
[2009/12/04 11:31:03 | 000,000,000 | ---D | M] -- C:\Program Files\HijackThis
[2010/08/10 14:17:11 | 000,000,000 | ---D | M] -- C:\Program Files\Hp
[2009/11/15 13:50:43 | 000,000,000 | ---D | M] -- C:\Program Files\iCopy
[2009/02/22 19:56:29 | 000,000,000 | ---D | M] -- C:\Program Files\InfraRecorder
[2010/08/10 12:36:06 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/02/18 14:40:43 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/08/26 10:57:12 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/11/17 11:43:15 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2010/07/21 11:46:21 | 000,000,000 | ---D | M] -- C:\Program Files\IObitBar
[2010/08/24 16:57:32 | 000,000,000 | ---D | M] -- C:\Program Files\IObitCom
[2009/01/24 12:05:14 | 000,000,000 | ---D | M] -- C:\Program Files\Jasc Software Inc
[2010/01/20 19:24:25 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/05/31 22:12:11 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/20 07:48:57 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2010/08/27 18:14:41 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/02/18 16:28:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/02/18 16:11:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/02/18 16:03:47 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/08/01 13:07:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/03/26 13:06:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/02/18 16:27:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/02/18 16:27:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/21 09:42:41 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/09/17 09:22:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/02/18 16:07:45 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/08/01 13:06:22 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/02/18 15:58:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/02/18 15:58:51 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/06/04 10:43:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/06/20 20:54:21 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2009/02/18 21:02:00 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Swift Sound
[2009/02/18 15:42:07 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/09/24 11:30:06 | 000,000,000 | ---D | M] -- C:\Program Files\Netscape
[2009/02/18 16:01:37 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/05/21 12:20:55 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/01/27 16:53:47 | 000,000,000 | ---D | M] -- C:\Program Files\Photocopier
[2009/02/18 21:58:25 | 000,000,000 | ---D | M] -- C:\Program Files\Photodex
[2009/02/18 21:58:41 | 000,000,000 | ---D | M] -- C:\Program Files\Photodex Presenter
[2010/09/17 07:48:05 | 000,000,000 | ---D | M] -- C:\Program Files\Plaxo
[2010/02/14 23:06:34 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/08/21 13:28:24 | 000,000,000 | ---D | M] -- C:\Program Files\RadarSyncPcupz
[2009/02/18 16:07:36 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/09/17 11:33:49 | 000,000,000 | ---D | M] -- C:\Program Files\Registry Mechanic
[2009/05/28 16:37:29 | 000,000,000 | ---D | M] -- C:\Program Files\Seagate
[2009/02/18 14:36:43 | 000,000,000 | ---D | M] -- C:\Program Files\SigmaTel
[2010/01/25 08:23:09 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/08/31 13:53:50 | 000,000,000 | ---D | M] -- C:\Program Files\SmartFTP Client
[2010/08/31 13:53:22 | 000,000,000 | ---D | M] -- C:\Program Files\SmartFTP Client 4.0 Setup Files
[2010/09/06 20:17:55 | 000,000,000 | ---D | M] -- C:\Program Files\Softonic-Eng7
[2010/08/26 20:42:17 | 000,000,000 | ---D | M] -- C:\Program Files\Swf2Avi
[2009/02/18 18:34:09 | 000,000,000 | ---D | M] -- C:\Program Files\Ulead Systems
[2009/02/18 16:08:59 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/05/07 11:24:51 | 000,000,000 | ---D | M] -- C:\Program Files\Unlocker
[2009/08/24 15:38:10 | 000,000,000 | ---D | M] -- C:\Program Files\Visicom Media
[2010/08/27 18:14:42 | 000,000,000 | ---D | M] -- C:\Program Files\vmntoolbar
[2010/08/27 18:14:42 | 000,000,000 | ---D | M] -- C:\Program Files\vp5eTrial
[2010/03/26 13:07:53 | 000,000,000 | ---D | M] -- C:\Program Files\Web Publish
[2009/12/04 11:32:04 | 000,000,000 | ---D | M] -- C:\Program Files\Webexe
[2009/02/18 18:30:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Components
[2010/08/27 18:14:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/02/18 16:11:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/02/18 15:42:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/02/18 16:01:40 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/02/16 22:48:09 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/02/18 16:03:47 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/08/27 18:14:44 | 000,000,000 | ---D | M] -- C:\Program Files\YouTube Downloader
[2010/09/17 11:51:00 | 000,000,000 | ---D | M] -- C:\Program Files\YouTube Downloader Toolbar

< %appdata%\*.* >
[2007/02/18 17:46:26 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2010/08/31 15:04:28 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Settings.cfg
[2009/09/04 14:37:19 | 000,001,028 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\WavCodec.wff


< MD5 for: AGP440.SYS >
[2003/06/19 12:05:04 | 006,553,075 | ---- | M] () .cab file -- C:\found.000\dir0080.chk\sp4.cab:AGP440.sys
[2002/12/31 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2003/06/19 12:05:04 | 000,021,008 | ---- | M] (Microsoft Corporation) MD5=CDDB71A90077C93BEA5C72507F0B1394 -- C:\found.000\dir0080.chk\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/06/19 12:05:04 | 006,553,075 | ---- | M] () .cab file -- C:\found.000\dir0080.chk\sp4.cab:atapi.sys
[2002/12/31 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2003/06/19 12:05:04 | 000,086,672 | ---- | M] () MD5=A68AA0F88A0194136134B68B5A70B6B4 -- C:\found.000\dir0080.chk\atapi.sys
[2002/12/31 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2003/06/19 12:05:04 | 006,553,075 | ---- | M] () .cab file -- C:\found.000\dir0080.chk\sp4.cab:disk.sys
[2002/12/31 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2002/12/31 14:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2003/06/19 12:05:04 | 000,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\found.000\dir0080.chk\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2002/12/31 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2005/04/08 04:54:32 | 000,049,424 | ---- | M] (Microsoft Corporation) MD5=90A39AE9E694C6181FC1160F4CAB224A -- C:\found.000\dir0001.chk\EVENTLOG.DLL
[2004/03/24 04:17:01 | 000,047,888 | ---- | M] (Microsoft Corporation) MD5=CEB85BFA135CBDDA10C89E5D31D95F9B -- C:\found.000\dir0987.chk\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2001/05/08 14:00:00 | 000,366,352 | ---- | M] (Microsoft Corporation) MD5=00DD48E937136AE9D5195441632F3CEC -- C:\found.000\dir0000.chk\$NtUninstallKB835732$\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2003/06/19 12:05:04 | 000,371,984 | ---- | M] () MD5=625B201F674AF8F9480D933384CE9FE5 -- C:\found.000\dir0080.chk\netlogon.dll
[2002/12/31 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/03/24 04:17:01 | 000,371,472 | ---- | M] () MD5=C1CA6567304DF04CFF14E5540C463BA8 -- C:\found.000\dir0987.chk\netlogon.dll

< MD5 for: SCECLI.DLL >
[2003/06/19 12:05:04 | 000,114,448 | ---- | M] () MD5=0B685D3F8F3308CA568BB93DD09BE186 -- C:\found.000\dir0080.chk\scecli.dll
[2002/12/31 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
[2005/01/12 12:39:44 | 000,114,448 | ---- | M] () MD5=DD1689BFF8E12A218F86F4573655B8C4 -- C:\found.000\dir0001.chk\scecli.dll

< MD5 for: USBSTOR.SYS >
[2003/06/19 12:05:04 | 006,553,075 | ---- | M] () .cab file -- C:\found.000\dir0080.chk\sp4.cab:usbstor.sys
[2002/12/31 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2003/06/19 12:05:04 | 000,021,552 | ---- | M] (Microsoft Corporation) MD5=13EBA8A2DA3447FE7F217E34210AC554 -- C:\found.000\dir0080.chk\usbstor.sys
[2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\USBSTOR.SYS
[2003/06/19 12:05:04 | 000,021,552 | ---- | M] () MD5=F54D792963A0CCE3CD650C1749F246E2 -- C:\found.000\dir0003.chk\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-26 08:57:27

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Administrator\My Documents\Taalbeleid.pdf:SummaryInformation
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

Hank5
Novice
Novice

Posts Posts : 21
Joined Joined : 2010-09-17
OS OS : Windows XP
Points Points : 23032
# Likes # Likes : 0

View user profile

Back to top Go down

Re: cdrom.sys virus

Post by Belahzur on 17th September 2010, 2:10 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

combofix.txt

Post by Hank5 on 17th September 2010, 5:26 pm

Herewith the Combofix.txt log:

ComboFix 10-09-16.07 - Administrator 2010/09/17 18:53:59.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.236 [GMT 2:00]
Running from: C:\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\Desktopicon
c:\documents and settings\Administrator\Application Data\Desktopicon\config.ini
c:\documents and settings\Administrator\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\Administrator\wuaucldt.exe
c:\documents and settings\All Users\Start Menu\Programs\Ulead VideoStudio 8.0
c:\documents and settings\All Users\Start Menu\Programs\Ulead VideoStudio 8.0 \More Great Ulead Products.lnk
c:\documents and settings\All Users\Start Menu\Programs\Ulead VideoStudio 8.0 \Read Me.lnk
c:\documents and settings\All Users\Start Menu\Programs\Ulead VideoStudio 8.0 \Ulead VideoStudio 8.lnk
c:\documents and settings\All Users\Start Menu\Programs\Ulead VideoStudio 8.0 \VCD DVD Disc Image Recorder.lnk
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\YouTube Downloader Toolbar\SeARchsettings.dll
C:\Thumbs.db
c:\windows\system\VI30AUT.DLL
c:\windows\system32\cooper.mine
c:\windows\system32\drivers\875.exe
c:\windows\system32\kr_done1
c:\windows\system32\wuaucldt.exe

Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\cdrom.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((((( Files Created from 2010-08-17 to 2010-09-17 )))))))))))))))))))))))))))))))
.

2010-09-17 15:26 . 2010-09-17 15:28 3846509 ----a-r- C:\Combo-Fix.exe
2010-09-17 09:24 . 2010-09-17 09:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\ElevatedDiagnostics
2010-09-17 06:13 . 2010-09-17 06:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-09-16 17:47 . 2010-09-17 05:54 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-09-14 07:44 . 2010-09-14 07:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2010-09-12 19:27 . 2010-09-16 07:26 -------- d-----w- C:\Ireland_my_fotos
2010-08-31 11:54 . 2010-08-31 11:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\SmartFTP
2010-08-31 11:53 . 2010-08-31 11:53 -------- d-----w- c:\program files\SmartFTP Client
2010-08-31 11:53 . 2010-08-31 11:53 -------- d-----w- c:\program files\SmartFTP Client 4.0 Setup Files
2010-08-25 14:38 . 2010-08-25 14:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\IsolatedStorage
2010-08-25 14:37 . 2010-08-26 18:42 -------- d-----w- c:\program files\Swf2Avi
2010-08-25 14:37 . 2010-08-25 14:37 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2010-08-25 14:08 . 2008-12-04 19:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-08-22 10:02 . 2010-08-27 16:11 -------- d-----w- C:\Hilda_8jaar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 17:07 . 2010-03-11 19:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-17 17:06 . 2009-04-09 12:50 -------- d-----w- c:\program files\Plaxo
2010-09-17 17:02 . 2010-04-22 13:36 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2010-09-17 16:05 . 2010-03-15 16:15 0 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat
2010-09-16 21:39 . 2009-04-19 15:43 -------- d-----w- c:\program files\CCleaner
2010-09-16 11:26 . 2009-06-20 18:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Any Video Converter
2010-09-13 21:01 . 2009-08-24 13:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\vmntoolbar
2010-09-12 16:46 . 2009-04-08 16:15 35755 ----a-w- c:\windows\nsreg.dat
2010-09-06 18:17 . 2010-07-03 20:39 -------- d-----w- c:\program files\Softonic-Eng7
2010-08-31 13:03 . 2009-08-24 13:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sites
2010-08-31 10:22 . 2010-01-11 05:25 188152 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\FlashGot.exe
2010-08-30 13:25 . 2009-08-24 13:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\SiteClasses
2010-08-28 14:29 . 2009-08-29 17:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Audacity
2010-08-28 09:31 . 2009-05-05 09:41 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-28 09:30 . 2010-09-17 09:41 53632 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-08-28 09:30 . 2010-01-26 05:17 53632 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-08-27 16:14 . 2010-04-22 13:35 -------- d-----w- c:\program files\YouTube Downloader
2010-08-27 16:14 . 2009-02-18 14:11 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-27 16:14 . 2009-08-24 13:38 -------- d-----w- c:\program files\vmntoolbar
2010-08-27 16:14 . 2009-06-23 12:45 -------- d-----w- c:\program files\vp5eTrial
2010-08-27 16:14 . 2010-02-28 06:52 -------- d-----w- c:\program files\Free DVD Creator
2010-08-25 13:52 . 2010-08-10 12:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\HpUpdate
2010-08-24 14:57 . 2010-01-20 18:45 -------- d-----w- c:\program files\IObitCom
2010-08-24 14:57 . 2009-05-14 07:47 -------- d-----w- c:\program files\CD to MP3 Freeware
2010-08-24 14:56 . 2009-11-10 09:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit
2010-08-23 19:22 . 2010-01-25 06:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2010-08-20 05:48 . 2009-07-28 13:01 -------- d-----w- c:\program files\McAfee
2010-08-18 15:12 . 2010-08-31 10:14 52224 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
2010-08-18 15:12 . 2010-08-31 10:14 101376 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
2010-08-10 12:17 . 2010-08-10 12:17 -------- d-----w- c:\program files\Hp
2010-08-10 10:36 . 2009-02-18 12:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-02 14:45 . 2009-02-18 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-07-26 06:35 . 2009-02-18 13:25 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-26 06:04 . 2010-07-26 05:55 15919168 ----a-w- c:\documents and settings\Administrator\Application Data\Adobe\Acrobat\6.0\Updater\Ac60PrP1.exe
2010-07-26 05:55 . 2009-02-21 15:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM
2010-07-21 09:46 . 2010-07-21 09:46 -------- d-----w- c:\program files\IObitBar
2010-07-16 10:34 . 2009-02-18 15:54 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 10:34 . 2010-07-16 10:34 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 10:31 . 2009-02-18 15:54 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:31 . 2002-12-31 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15 . 2002-12-31 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2002-12-31 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2002-12-31 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2002-12-31 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2002-12-31 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2004-10-01 13:00 . 2009-02-18 14:58 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\program files\IObitCom\tbIOb1.dll" [2010-02-17 2349080]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-09-06 2735200]
"{7757CBCC-0975-4b79-A519-90B142CA3A23}"= "c:\program files\IObitBar\toolbar\1.bin\i0SrcAs.dll" [2010-07-21 49152]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{7757cbcc-0975-4b79-a519-90b142ca3a23}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2010-02-17 16:33 2349080 ----a-w- c:\program files\IObitCom\tbIOb1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-09-06 18:21 2735200 ----a-w- c:\program files\Softonic-Eng7\tbSof0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EFA17361-CDC0-4927-9AFC-BAAD1F96B2AE}]
2010-07-21 09:46 638976 ----a-w- c:\program files\IObitBar\toolbar\1.bin\i0bar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-09-06 2735200]
"{EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE}"= "c:\program files\IObitBar\toolbar\1.bin\i0bar.dll" [2010-07-21 638976]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{efa17369-cdc0-4927-9afc-baad1f96b2ae}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIOb1.dll" [2010-02-17 2349080]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-09-06 2735200]
"{EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE}"= "c:\program files\IObitBar\toolbar\1.bin\i0bar.dll" [2010-07-21 638976]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{efa17369-cdc0-4927-9afc-baad1f96b2ae}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-08 39408]
"PlaxoUpdate"="c:\program files\Plaxo\3.23.0.11\PlaxoHelper_en.exe" [2009-10-01 403015]
"PlaxoSysTray"="c:\program files\Plaxo\3.23.0.11\PlaxoSysTray.exe" [2009-10-01 20480]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2010-07-21 198864]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-10-14 3217368]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-08-26 1779512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-10-12 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-10-12 126976]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2002-10-23 86016]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"FinePrint Dispatcher v4"="c:\windows\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe" [2001-12-28 356352]
"TotalRecorderScheduler"="c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe" [2005-05-18 81920]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"SearchSettings"="c:\program files\YouTube Downloader Toolbar\SearchSettings.exe" [2010-02-19 974848]
"OmniPage"="c:\program files\Caere\OmniPagePro10.0\opware32.exe" [1999-10-14 53248]
"IObitBar Browser Plugin Loader"="c:\progra~1\IObitBar\toolbar\1.bin\i0brmon.exe" [2010-07-21 20480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-25 185640]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 10:34 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009/02/18 05:54 PM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009/02/18 05:54 PM 243024]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010/02/19 07:43 PM 380928]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010/07/16 12:34 PM 308136]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009/09/25 11:32 PM 189736]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009/07/28 03:02 PM 88176]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010/03/15 04:18 PM 632792]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010/02/03 01:11 PM 135664]
S2 IObitBarService;IObit Toolbar Service;c:\progra~1\IObitBar\toolbar\1.bin\i0barsvc.exe [2010/07/21 11:46 AM 28766]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 11:11]

2010-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 11:11]

2010-09-12 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-03-08 16:08]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\YouTube Downloader Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\IObitBar\toolbar\1.bin\NPi0Stub.dll
FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npnul32.dll
FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\NPOFFICE.DLL
FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\NPOFFICE.DLL
FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin.dll
FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
HKCU-Run-syncman - c:\documents and settings\administrator\wuaucldt.exe
HKLM-Run-syncman - c:\windows\system32\wuaucldt.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-17 19:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2608)
c:\windows\system32\WININET.dll
c:\program files\Caere\OmniPagePro10.0\ophook32.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\program files\Plaxo\3.23.0.11\plx_hook.dll
c:\progra~1\IObitBar\toolbar\1.bin\i0brstub.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Photodex\ProShowGold\ScsiAccess.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-09-17 19:13:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-17 17:13

Pre-Run: 30,463,205,376 bytes free
Post-Run: 30,450,601,984 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - C3480A1B6F87613B1B8939DD398E2944

Hank5
Novice
Novice

Posts Posts : 21
Joined Joined : 2010-09-17
OS OS : Windows XP
Points Points : 23032
# Likes # Likes : 0

View user profile

Back to top Go down

Re: cdrom.sys virus

Post by Belahzur on 17th September 2010, 5:27 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Eset scanner log

Post by Hank5 on 17th September 2010, 9:14 pm

Herewith the results of the Eset scanner:

C:\Client.483\WINNT\i386\REDIR\axprf.ocx a variant of Win32/Kryptik.ANT trojan cleaned by deleting - quarantined
C:\found.000\dir0025.chk\dpserial.dll a variant of Win32/Kryptik.ASG trojan cleaned by deleting - quarantined
C:\found.000\dir0145.chk\REGCFG.EXE a variant of Win32/Kryptik.AAQ trojan cleaned by deleting - quarantined
C:\found.000\dir0171.chk\BD20074_.WMF a variant of Win32/Exploit.WMF.Crash trojan cleaned by deleting - quarantined
C:\found.000\dir0171.chk\PE07266_.WMF a variant of Win32/Exploit.WMF.Crash trojan cleaned by deleting - quarantined
C:\found.000\dir0172.chk\stddir4\PE02917_.WMF a variant of Win32/Exploit.WMF.Crash trojan cleaned by deleting - quarantined
C:\found.000\dir0173.chk\BD05694_.WMF a variant of Win32/Exploit.WMF.Crash trojan cleaned by deleting - quarantined
C:\found.000\dir0173.chk\BD06994_.WMF a variant of Win32/Exploit.WMF.Crash trojan cleaned by deleting - quarantined
C:\found.000\dir0173.chk\BD07187_.WMF a variant of Win32/Exploit.WMF.Crash trojan cleaned by deleting - quarantined
C:\found.000\dir0173.chk\BD07218_.WMF a variant of Win32/Exploit.WMF.Crash trojan cleaned by deleting - quarantined
C:\found.000\dir0958.chk\EbookCompiler\natcfree.exe a variant of Win32/Kryptik.CAD trojan cleaned by deleting - quarantined
C:\found.000\dir0958.chk\RegistryFix\registryfix.exe a variant of Win32/Adware.ErrorClean application deleted - quarantined
C:\found.000\dir1106.chk\spac.exe multiple threats deleted - quarantined
C:\Prof Christo\DownloadPrograms\Unlocker\unlocker1.8.7.exe a variant of Win32/Adware.ADON application deleted - quarantined
C:\Program Files\Unlocker\eBay_shortcuts_1016.exe a variant of Win32/Adware.ADON application deleted - quarantined
C:\Program Files\YouTube Downloader Toolbar\SearchSettings.exe Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\WINDOWS\system32\dllcache\user32.dll Win32/Pinit virus cleaned - quarantined

Hank5
Novice
Novice

Posts Posts : 21
Joined Joined : 2010-09-17
OS OS : Windows XP
Points Points : 23032
# Likes # Likes : 0

View user profile

Back to top Go down

Re: cdrom.sys virus

Post by Belahzur on 17th September 2010, 9:17 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    HijackThis 1.99.1
    Java(TM) 6 Update 18
    Registry Mechanic 9.0

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe that you downloaded to install the newest version.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Great thanks

Post by Hank5 on 18th September 2010, 6:14 am

The machine is running like a dream as in olden times.
Thanks guys, you are great!
Why do you suggest I uninstall Registry Mechanic 9.0? I have been using it for quite some time.
Regards
Hank

Hank5
Novice
Novice

Posts Posts : 21
Joined Joined : 2010-09-17
OS OS : Windows XP
Points Points : 23032
# Likes # Likes : 0

View user profile

Back to top Go down

Re: cdrom.sys virus

Post by Belahzur on 18th September 2010, 1:38 pm

Registry cleaners are extremely dangerous, see this thread.
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum