269601USA8.exe

View previous topic View next topic Go down

269601USA8.exe

Post by Hank5 on Tue 8 Feb - 23:19

I performed a Malwarebytes scan on my PC and got a warning that the file 269601USA8.exe located at C:/Sound/ is unsigned.
Does this pose a problem? Apparently the makers of Regcure claim that it can fix this "problem".
My PC is very slow nowadays but a full scan by Malwarebytes indicated no problems over and above that mentioned above.
Regards
Hank

Hank5
Novice
Novice

Posts Posts : 21
Joined Joined : 2010-09-17
OS OS : Windows XP
Points Points : 22992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: 269601USA8.exe

Post by Belahzur on Wed 9 Feb - 12:32

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-04
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: 269601USA8.exe

Post by Hank5 on Wed 9 Feb - 19:53

Herewith the OTL.txt log:


OTL logfile created on: 2011/02/09 09:47:15 AM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

510.00 Mb Total Physical Memory | 95.00 Mb Available Physical Memory | 19.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 44.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 39.48 Gb Free Space | 26.49% Space Free | Partition Type: NTFS
Drive F: | 491.73 Mb Total Space | 127.43 Mb Free Space | 25.91% Space Free | Partition Type: FAT

Computer Name: CHRISTO-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/09 09:43:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/01/05 18:19:48 | 000,813,448 | ---- | M] (Plaxo, Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Plaxo\3.25.0.87\PlaxoHelper_en.exe
PRC - [2010/12/16 16:19:34 | 002,402,512 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/12/10 14:16:11 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/07/21 15:43:24 | 000,198,864 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
PRC - [2009/10/14 15:42:38 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/25 23:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/04/08 18:03:36 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/02/18 21:58:33 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2008/05/02 06:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/18 03:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2005/05/18 22:51:18 | 000,081,920 | ---- | M] (High Criteria inc.) -- C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
PRC - [2004/11/02 20:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2004/02/26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2003/05/15 01:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2002/10/23 10:15:08 | 000,086,016 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
PRC - [2002/07/15 16:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2001/12/28 20:48:34 | 000,356,352 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\2\fpdisp4.exe
PRC - [1999/10/14 19:50:46 | 000,053,248 | ---- | M] (Caere Corporation) -- C:\Program Files\Caere\OmniPagePro10.0\OPware32.exe


========== Modules (SafeList) ==========

MOD - [2011/02/09 09:43:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2011/01/05 18:19:50 | 000,055,176 | ---- | M] (Plaxo, Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Plaxo\3.25.0.87\plx_hook.dll
MOD - [2011/01/04 17:38:44 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 18:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2008/05/02 06:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [1999/10/14 19:50:08 | 000,147,456 | ---- | M] (Caere Corporation) -- C:\Program Files\Caere\OmniPagePro10.0\OPHOOK32.dll
MOD - [1999/10/08 04:30:54 | 000,037,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Caere\OmniPagePro10.0\shfolder.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ioloSystemService)
SRV - File not found [Auto | Stopped] -- -- (ioloFileInfoList)
SRV - File not found [Auto | Stopped] -- -- (IObitBarService)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/10/14 15:42:38 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/02/18 21:58:33 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2008/01/22 19:35:52 | 000,103,808 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2004/02/26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2002/09/27 11:56:20 | 000,139,264 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- c:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2002/07/15 16:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/02/11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 00:16:22 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/14 00:16:22 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/14 00:16:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2002/12/31 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2002/12/31 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 15:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {7757CBCC-0975-4b79-A519-90B142CA3A23} - C:\Program Files\IObitBar\toolbar\1.bin\i0SrcAs.dll (IObit)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.za/"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.039
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.7.2.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.011.025.001
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:4.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:4.1
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4b991a1f&v=6.011.025.001&i=23&tp=ab&iy=&ychte=us&lng=en-GB&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\i0ffxtbr@IObitBar.com: C:\Program Files\IObitBar\toolbar\1.bin [2011/01/26 12:50:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/01/05 21:55:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/01/05 22:00:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/01/13 05:51:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/11 09:49:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/26 21:15:39 | 000,000,000 | ---D | M]

[2009/04/08 18:15:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/02/09 08:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions
[2011/01/26 09:05:55 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011/01/12 07:59:37 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/07/04 10:27:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/31 12:14:58 | 000,000,000 | ---D | M] (Softonic-Eng7 Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2010/11/01 10:45:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/07/04 10:27:09 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/01/12 07:59:38 | 000,000,000 | ---D | M] ("UnPlug") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\unplug@compunach
[2011/01/26 11:26:37 | 000,001,244 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\searchplugins\winamp-search.xml
[2011/02/09 08:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/20 16:25:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/05 21:55:06 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2011/01/05 22:00:05 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.011.025.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/01/26 12:55:32 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011/01/26 12:55:45 | 000,000,000 | ---D | M] (IObit Toolbar) -- C:\PROGRAM FILES\IOBIT TOOLBAR\FF
[2011/01/26 12:50:34 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\IOBITBAR\TOOLBAR\1.BIN
[2010/09/20 16:25:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/13 05:51:55 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010/04/22 15:36:46 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar Plugin) -- C:\PROGRAM FILES\YOUTUBE DOWNLOADER TOOLBAR\FF
[2010/09/20 16:25:03 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/30 07:53:37 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/10/30 07:53:37 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/10/30 07:53:37 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/02/02 07:51:13 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
[2010/10/30 07:53:38 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/09/17 19:05:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (IObitCom Toolbar) - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof2.dll (Conduit Ltd.)
O2 - BHO: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Toolbar BHO) - {EFA17361-CDC0-4927-9AFC-BAAD1F96B2AE} - C:\Program Files\IObitBar\toolbar\1.bin\i0bar.dll (IObit)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (IObitCom Toolbar) - {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - C:\Program Files\IObitCom\tbIOb1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\tbSof2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\system32\spool\drivers\w32x86\2\fpdisp4.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro10.0\OPware32.exe (Caere Corporation)
O4 - HKLM..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe (High Criteria inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [PlaxoSysTray] C:\Documents and Settings\Administrator\Local Settings\Application Data\Plaxo\3.25.0.87\plaxosystray.exe (Plaxo, Inc.)
O4 - HKCU..\Run: [PlaxoUpdate] C:\Documents and Settings\Administrator\Local Settings\Application Data\Plaxo\3.25.0.87\PlaxoHelper_en.exe (Plaxo, Inc.)
O4 - HKCU..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108807
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} [You must be registered and logged in to see this link.] (Windows Live Safety Center Base Module)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/18 16:03:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/18 20:47:46 | 000,000,000 | ---D | M] - F:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/09 09:43:29 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/02/09 07:42:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/01/26 12:55:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/01/26 12:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2011/01/26 09:07:03 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2011/01/26 09:07:02 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2011/01/26 09:06:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011/01/26 09:04:09 | 001,858,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2011/01/26 09:04:09 | 000,551,408 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2011/01/26 09:04:09 | 000,129,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2011/01/26 09:04:09 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2011/01/26 09:04:09 | 000,066,544 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2011/01/26 09:04:09 | 000,066,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2011/01/26 09:04:09 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2011/01/26 09:04:09 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2011/01/26 09:04:08 | 000,670,192 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2011/01/26 09:04:08 | 000,436,720 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2011/01/26 09:04:08 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2011/01/26 09:04:08 | 000,096,752 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2011/01/26 09:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2011/01/20 10:50:50 | 000,000,000 | ---D | C] -- C:\Garmin
[2011/01/18 17:17:58 | 000,000,000 | ---D | C] -- C:\DVD_science
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/09 09:43:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/02/09 09:39:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/09 09:22:33 | 105,726,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/09 07:48:51 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Outlook 2003.lnk
[2011/02/09 07:42:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/09 07:41:21 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/09 07:41:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/08 17:55:10 | 000,204,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/06 22:11:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2011/02/06 21:58:11 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 8.lnk
[2011/02/06 21:17:48 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Hanafax.doc
[2011/02/06 18:10:45 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2003.lnk
[2011/02/01 08:01:09 | 000,130,048 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Viljoen eposadresse.doc
[2011/01/30 09:15:47 | 000,202,752 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\viljoen_briefhoof_afr.doc
[2011/01/27 08:21:34 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/01/25 13:09:57 | 004,245,504 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Resepte_Hana.doc
[2011/01/24 18:00:55 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/01/24 10:18:05 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Publisher 2003.lnk
[2011/01/21 16:28:39 | 000,275,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\W_terblanche_word_nagesien.doc
[2011/01/19 15:29:06 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Image Grabber II.NET.lnk
[2011/01/18 16:24:10 | 000,017,453 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\vraelys verklaring tot nasionale erfenisterrein jan 2011.pdf
[2011/01/18 08:44:24 | 000,286,720 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\gertjie.pub
[2011/01/17 22:17:37 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Tydkaart.doc
[2011/01/14 08:20:05 | 001,998,336 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\CD_COVER.pub
[2011/01/13 10:45:27 | 008,855,552 | ---- | M] () -- C:\Documents and Settings\Administrator\s-1-5-21-861567501-1935655697-839522115-500.rrr
[2011/01/12 20:08:36 | 000,492,032 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\verjaardagkaartjie.pub
[2011/01/10 15:18:25 | 001,406,976 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DVD_cover_thin_box.pub
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/20 16:42:12 | 000,275,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\W_terblanche_word_nagesien.doc
[2011/01/18 16:23:55 | 000,017,453 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\vraelys verklaring tot nasionale erfenisterrein jan 2011.pdf
[2011/01/18 08:28:59 | 000,286,720 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\gertjie.pub
[2011/01/12 20:08:36 | 000,492,032 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\verjaardagkaartjie.pub
[2011/01/12 12:09:11 | 004,245,504 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Resepte_Hana.doc
[2011/01/11 13:39:27 | 000,064,000 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Tydkaart.doc
[2011/01/10 15:17:38 | 001,406,976 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DVD_cover_thin_box.pub
[2010/11/05 10:16:43 | 000,000,032 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\{F7D92AAA-C97A-488c-BC14-C061CF39647F}.dat
[2010/08/25 16:37:43 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/08/25 16:08:50 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swf2avi.INI
[2010/08/25 16:08:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/07/29 12:12:44 | 000,000,062 | ---- | C] () -- C:\WINDOWS\pcvcdbr.INI
[2010/07/29 12:12:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcvcdvw.INI
[2010/03/15 18:15:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/02/28 08:53:30 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/10 19:32:57 | 000,000,877 | ---- | C] () -- C:\WINDOWS\_ISENV31.INI
[2010/02/01 21:51:22 | 001,208,320 | ---- | C] () -- C:\WINDOWS\System32\cygxml2-2.dll
[2010/02/01 21:51:21 | 000,980,992 | ---- | C] () -- C:\WINDOWS\System32\cygiconv-2.dll
[2010/02/01 21:51:21 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2010/01/13 18:57:44 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini
[2010/01/13 18:57:44 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini
[2010/01/13 18:57:44 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2010/01/13 18:57:43 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2010/01/13 18:22:18 | 000,001,284 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2009/11/05 13:32:58 | 000,210,944 | ---- | C] () -- C:\WINDOWS\MSVCRT10.DLL
[2009/09/24 13:54:10 | 000,000,223 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2009/08/24 15:38:41 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Settings.cfg
[2009/08/24 13:41:48 | 000,000,374 | ---- | C] () -- C:\WINDOWS\cedt.INI
[2009/06/23 22:51:23 | 000,001,028 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\WavCodec.wff
[2009/05/03 22:58:29 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/05/03 22:58:29 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2009/03/30 17:36:12 | 000,000,500 | ---- | C] () -- C:\WINDOWS\Maxlink.ini
[2009/02/24 19:29:33 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/18 21:17:59 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2009/02/18 18:23:48 | 000,000,334 | ---- | C] () -- C:\WINDOWS\FzipFT.INI
[2009/02/18 18:10:29 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/18 18:10:26 | 000,204,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/18 17:47:20 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009/02/18 16:58:08 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2009/02/18 16:29:25 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/18 15:34:16 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2007/02/18 17:47:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998/06/24 00:00:00 | 000,016,656 | ---- | C] () -- C:\WINDOWS\System32\DBMSSHRN.DLL
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/05/18 00:00:00 | 000,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/04/24 00:00:00 | 000,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Administrator\My Documents\Taalbeleid.pdf:SummaryInformation
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

Second log follows in next posting.

Hank5
Novice
Novice

Posts Posts : 21
Joined Joined : 2010-09-17
OS OS : Windows XP
Points Points : 22992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: 269601USA8.exe

Post by Hank5 on Wed 9 Feb - 20:05

Herewith the second log: Part 1 (second part follows in next posting)

OTL logfile created on: 2011/02/09 09:47:15 AM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

510.00 Mb Total Physical Memory | 95.00 Mb Available Physical Memory | 19.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 44.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 39.48 Gb Free Space | 26.49% Space Free | Partition Type: NTFS
Drive F: | 491.73 Mb Total Space | 127.43 Mb Free Space | 25.91% Space Free | Partition Type: FAT

Computer Name: CHRISTO-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/09 09:43:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/01/05 18:19:48 | 000,813,448 | ---- | M] (Plaxo, Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Plaxo\3.25.0.87\PlaxoHelper_en.exe
PRC - [2010/12/16 16:19:34 | 002,402,512 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/12/10 14:16:11 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/07/21 15:43:24 | 000,198,864 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
PRC - [2009/10/14 15:42:38 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/25 23:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/04/08 18:03:36 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/02/18 21:58:33 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2008/05/02 06:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/18 03:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2005/05/18 22:51:18 | 000,081,920 | ---- | M] (High Criteria inc.) -- C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
PRC - [2004/11/02 20:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2004/02/26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2003/05/15 01:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2002/10/23 10:15:08 | 000,086,016 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
PRC - [2002/07/15 16:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2001/12/28 20:48:34 | 000,356,352 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\2\fpdisp4.exe
PRC - [1999/10/14 19:50:46 | 000,053,248 | ---- | M] (Caere Corporation) -- C:\Program Files\Caere\OmniPagePro10.0\OPware32.exe


========== Modules (SafeList) ==========

MOD - [2011/02/09 09:43:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2011/01/05 18:19:50 | 000,055,176 | ---- | M] (Plaxo, Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Plaxo\3.25.0.87\plx_hook.dll
MOD - [2011/01/04 17:38:44 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 18:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2008/05/02 06:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [1999/10/14 19:50:08 | 000,147,456 | ---- | M] (Caere Corporation) -- C:\Program Files\Caere\OmniPagePro10.0\OPHOOK32.dll
MOD - [1999/10/08 04:30:54 | 000,037,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Caere\OmniPagePro10.0\shfolder.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ioloSystemService)
SRV - File not found [Auto | Stopped] -- -- (ioloFileInfoList)
SRV - File not found [Auto | Stopped] -- -- (IObitBarService)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/10/14 15:42:38 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/02/18 21:58:33 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2008/01/22 19:35:52 | 000,103,808 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2004/02/26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2002/09/27 11:56:20 | 000,139,264 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- c:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2002/07/15 16:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/02/11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 00:16:22 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/14 00:16:22 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/14 00:16:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2002/12/31 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2002/12/31 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 15:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {7757CBCC-0975-4b79-A519-90B142CA3A23} - C:\Program Files\IObitBar\toolbar\1.bin\i0SrcAs.dll (IObit)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.za/"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.039
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.7.2.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.011.025.001
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:4.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:4.1
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4b991a1f&v=6.011.025.001&i=23&tp=ab&iy=&ychte=us&lng=en-GB&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\i0ffxtbr@IObitBar.com: C:\Program Files\IObitBar\toolbar\1.bin [2011/01/26 12:50:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/01/05 21:55:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/01/05 22:00:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/01/13 05:51:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/11 09:49:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/26 21:15:39 | 000,000,000 | ---D | M]

[2009/04/08 18:15:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/02/09 08:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions
[2011/01/26 09:05:55 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011/01/12 07:59:37 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/07/04 10:27:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/31 12:14:58 | 000,000,000 | ---D | M] (Softonic-Eng7 Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2010/11/01 10:45:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/07/04 10:27:09 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/01/12 07:59:38 | 000,000,000 | ---D | M] ("UnPlug") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\unplug@compunach
[2011/01/26 11:26:37 | 000,001,244 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\searchplugins\winamp-search.xml
[2011/02/09 08:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/20 16:25:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/05 21:55:06 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2011/01/05 22:00:05 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.011.025.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/01/26 12:55:32 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011/01/26 12:55:45 | 000,000,000 | ---D | M] (IObit Toolbar) -- C:\PROGRAM FILES\IOBIT TOOLBAR\FF
[2011/01/26 12:50:34 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\IOBITBAR\TOOLBAR\1.BIN
[2010/09/20 16:25:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/13 05:51:55 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010/04/22 15:36:46 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar Plugin) -- C:\PROGRAM FILES\YOUTUBE DOWNLOADER TOOLBAR\FF
[2010/09/20 16:25:03 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/30 07:53:37 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/10/30 07:53:37 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/10/30 07:53:37 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/02/02 07:51:13 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
[2010/10/30 07:53:38 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/09/17 19:05:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (IObitCom Toolbar) - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof2.dll (Conduit Ltd.)
O2 - BHO: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Toolbar BHO) - {EFA17361-CDC0-4927-9AFC-BAAD1F96B2AE} - C:\Program Files\IObitBar\toolbar\1.bin\i0bar.dll (IObit)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (IObitCom Toolbar) - {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - C:\Program Files\IObitCom\tbIOb1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\tbSof2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\system32\spool\drivers\w32x86\2\fpdisp4.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro10.0\OPware32.exe (Caere Corporation)
O4 - HKLM..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe (High Criteria inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [PlaxoSysTray] C:\Documents and Settings\Administrator\Local Settings\Application Data\Plaxo\3.25.0.87\plaxosystray.exe (Plaxo, Inc.)
O4 - HKCU..\Run: [PlaxoUpdate] C:\Documents and Settings\Administrator\Local Settings\Application Data\Plaxo\3.25.0.87\PlaxoHelper_en.exe (Plaxo, Inc.)
O4 - HKCU..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108807
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} [You must be registered and logged in to see this link.] (Windows Live Safety Center Base Module)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/18 16:03:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/18 20:47:46 | 000,000,000 | ---D | M] - F:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/09 09:43:29 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/02/09 07:42:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/01/26 12:55:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/01/26 12:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2011/01/26 09:07:03 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2011/01/26 09:07:02 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2011/01/26 09:06:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011/01/26 09:04:09 | 001,858,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2011/01/26 09:04:09 | 000,551,408 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2011/01/26 09:04:09 | 000,129,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2011/01/26 09:04:09 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2011/01/26 09:04:09 | 000,066,544 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2011/01/26 09:04:09 | 000,066,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2011/01/26 09:04:09 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2011/01/26 09:04:09 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2011/01/26 09:04:08 | 000,670,192 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2011/01/26 09:04:08 | 000,436,720 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2011/01/26 09:04:08 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2011/01/26 09:04:08 | 000,096,752 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2011/01/26 09:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2011/01/20 10:50:50 | 000,000,000 | ---D | C] -- C:\Garmin
[2011/01/18 17:17:58 | 000,000,000 | ---D | C] -- C:\DVD_science
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/09 09:43:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/02/09 09:39:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/09 09:22:33 | 105,726,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/09 07:48:51 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Outlook 2003.lnk
[2011/02/09 07:42:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/09 07:41:21 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/09 07:41:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/08 17:55:10 | 000,204,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/06 22:11:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2011/02/06 21:58:11 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 8.lnk
[2011/02/06 21:17:48 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Hanafax.doc
[2011/02/06 18:10:45 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2003.lnk
[2011/02/01 08:01:09 | 000,130,048 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Viljoen eposadresse.doc
[2011/01/30 09:15:47 | 000,202,752 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\viljoen_briefhoof_afr.doc
[2011/01/27 08:21:34 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/01/25 13:09:57 | 004,245,504 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Resepte_Hana.doc
[2011/01/24 18:00:55 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/01/24 10:18:05 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Publisher 2003.lnk
[2011/01/21 16:28:39 | 000,275,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\W_terblanche_word_nagesien.doc
[2011/01/19 15:29:06 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Image Grabber II.NET.lnk
[2011/01/18 16:24:10 | 000,017,453 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\vraelys verklaring tot nasionale erfenisterrein jan 2011.pdf
[2011/01/18 08:44:24 | 000,286,720 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\gertjie.pub
[2011/01/17 22:17:37 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Tydkaart.doc
[2011/01/14 08:20:05 | 001,998,336 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\CD_COVER.pub
[2011/01/13 10:45:27 | 008,855,552 | ---- | M] () -- C:\Documents and Settings\Administrator\s-1-5-21-861567501-1935655697-839522115-500.rrr
[2011/01/12 20:08:36 | 000,492,032 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\verjaardagkaartjie.pub
[2011/01/10 15:18:25 | 001,406,976 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DVD_cover_thin_box.pub
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/20 16:42:12 | 000,275,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\W_terblanche_word_nagesien.doc
[2011/01/18 16:23:55 | 000,017,453 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\vraelys verklaring tot nasionale erfenisterrein jan 2011.pdf
[2011/01/18 08:28:59 | 000,286,720 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\gertjie.pub
[2011/01/12 20:08:36 | 000,492,032 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\verjaardagkaartjie.pub
[2011/01/12 12:09:11 | 004,245,504 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Resepte_Hana.doc
[2011/01/11 13:39:27 | 000,064,000 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Tydkaart.doc
[2011/01/10 15:17:38 | 001,406,976 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DVD_cover_thin_box.pub
[2010/11/05 10:16:43 | 000,000,032 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\{F7D92AAA-C97A-488c-BC14-C061CF39647F}.dat
[2010/08/25 16:37:43 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/08/25 16:08:50 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swf2avi.INI
[2010/08/25 16:08:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/07/29 12:12:44 | 000,000,062 | ---- | C] () -- C:\WINDOWS\pcvcdbr.INI
[2010/07/29 12:12:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcvcdvw.INI
[2010/03/15 18:15:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/02/28 08:53:30 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/10 19:32:57 | 000,000,877 | ---- | C] () -- C:\WINDOWS\_ISENV31.INI
[2010/02/01 21:51:22 | 001,208,320 | ---- | C] () -- C:\WINDOWS\System32\cygxml2-2.dll
[2010/02/01 21:51:21 | 000,980,992 | ---- | C] () -- C:\WINDOWS\System32\cygiconv-2.dll
[2010/02/01 21:51:21 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2010/01/13 18:57:44 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini
[2010/01/13 18:57:44 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini
[2010/01/13 18:57:44 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2010/01/13 18:57:43 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2010/01/13 18:22:18 | 000,001,284 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2009/11/05 13:32:58 | 000,210,944 | ---- | C] () -- C:\WINDOWS\MSVCRT10.DLL
[2009/09/24 13:54:10 | 000,000,223 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2009/08/24 15:38:41 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Settings.cfg
[2009/08/24 13:41:48 | 000,000,374 | ---- | C] () -- C:\WINDOWS\cedt.INI
[2009/06/23 22:51:23 | 000,001,028 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\WavCodec.wff
[2009/05/03 22:58:29 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/05/03 22:58:29 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2009/03/30 17:36:12 | 000,000,500 | ---- | C] () -- C:\WINDOWS\Maxlink.ini
[2009/02/24 19:29:33 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/18 21:17:59 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2009/02/18 18:23:48 | 000,000,334 | ---- | C] () -- C:\WINDOWS\FzipFT.INI
[2009/02/18 18:10:29 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/18 18:10:26 | 000,204,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/18 17:47:20 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009/02/18 16:58:08 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2009/02/18 16:29:25 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/18 15:34:16 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2007/02/18 17:47:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998/06/24 00:00:00 | 000,016,656 | ---- | C] () -- C:\WINDOWS\System32\DBMSSHRN.DLL
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/05/18 00:00:00 | 000,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/04/24 00:00:00 | 000,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Administrator\My Documents\Taalbeleid.pdf:SummaryInformation
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >
PRC - [2011/02/09 09:43:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/01/05 18:19:48 | 000,813,448 | ---- | M] (Plaxo, Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Plaxo\3.25.0.87\PlaxoHelper_en.exe
PRC - [2010/12/16 16:19:34 | 002,402,512 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/12/10 14:16:11 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/07/21 15:43:24 | 000,198,864 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
PRC - [2009/10/14 15:42:38 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/25 23:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/04/08 18:03:36 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/02/18 21:58:33 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
PRC - [2008/05/02 06:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/18 03:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2005/05/18 22:51:18 | 000,081,920 | ---- | M] (High Criteria inc.) -- C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
PRC - [2004/11/02 20:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2004/02/26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2003/05/15 01:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2002/10/23 10:15:08 | 000,086,016 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
PRC - [2002/07/15 16:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2001/12/28 20:48:34 | 000,356,352 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\2\fpdisp4.exe
PRC - [1999/10/14 19:50:46 | 000,053,248 | ---- | M] (Caere Corporation) -- C:\Program Files\Caere\OmniPagePro10.0\OPware32.exe


========== Modules (SafeList) ==========

MOD - [2011/02/09 09:43:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2011/01/05 18:19:50 | 000,055,176 | ---- | M] (Plaxo, Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Plaxo\3.25.0.87\plx_hook.dll
MOD - [2011/01/04 17:38:44 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 18:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2008/05/02 06:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [1999/10/14 19:50:08 | 000,147,456 | ---- | M] (Caere Corporation) -- C:\Program Files\Caere\OmniPagePro10.0\OPHOOK32.dll
MOD - [1999/10/08 04:30:54 | 000,037,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Caere\OmniPagePro10.0\shfolder.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ioloSystemService)
SRV - File not found [Auto | Stopped] -- -- (ioloFileInfoList)
SRV - File not found [Auto | Stopped] -- -- (IObitBarService)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/10/14 15:42:38 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/02/18 21:58:33 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2008/01/22 19:35:52 | 000,103,808 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2004/02/26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2002/09/27 11:56:20 | 000,139,264 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- c:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2002/07/15 16:36:54 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/02/11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 00:16:22 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/14 00:16:22 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/14 00:16:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2002/12/31 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2002/12/31 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 15:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)


========== Standard Registry (SafeList) ==========


End of part 1: part 2 follows in next posting




Hank5
Novice
Novice

Posts Posts : 21
Joined Joined : 2010-09-17
OS OS : Windows XP
Points Points : 22992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: 269601USA8.exe

Post by Hank5 on Wed 9 Feb - 20:06

Herewith the second log, part 2

========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {7757CBCC-0975-4b79-A519-90B142CA3A23} - C:\Program Files\IObitBar\toolbar\1.bin\i0SrcAs.dll (IObit)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.za/"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.039
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.7.2.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.011.025.001
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:4.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:4.1
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4b991a1f&v=6.011.025.001&i=23&tp=ab&iy=&ychte=us&lng=en-GB&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\i0ffxtbr@IObitBar.com: C:\Program Files\IObitBar\toolbar\1.bin [2011/01/26 12:50:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/01/05 21:55:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/01/05 22:00:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/01/13 05:51:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/11 09:49:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/26 21:15:39 | 000,000,000 | ---D | M]

[2009/04/08 18:15:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/02/09 08:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions
[2011/01/26 09:05:55 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011/01/12 07:59:37 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/07/04 10:27:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/31 12:14:58 | 000,000,000 | ---D | M] (Softonic-Eng7 Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2010/11/01 10:45:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/07/04 10:27:09 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/01/12 07:59:38 | 000,000,000 | ---D | M] ("UnPlug") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\extensions\unplug@compunach
[2011/01/26 11:26:37 | 000,001,244 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\searchplugins\winamp-search.xml
[2011/02/09 08:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/20 16:25:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/05 21:55:06 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2011/01/05 22:00:05 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.011.025.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/01/26 12:55:32 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011/01/26 12:55:45 | 000,000,000 | ---D | M] (IObit Toolbar) -- C:\PROGRAM FILES\IOBIT TOOLBAR\FF
[2011/01/26 12:50:34 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\IOBITBAR\TOOLBAR\1.BIN
[2010/09/20 16:25:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/13 05:51:55 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010/04/22 15:36:46 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar Plugin) -- C:\PROGRAM FILES\YOUTUBE DOWNLOADER TOOLBAR\FF
[2010/09/20 16:25:03 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/30 07:53:37 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/10/30 07:53:37 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/10/30 07:53:37 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/02/02 07:51:13 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
[2010/10/30 07:53:38 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/09/17 19:05:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (IObitCom Toolbar) - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof2.dll (Conduit Ltd.)
O2 - BHO: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Toolbar BHO) - {EFA17361-CDC0-4927-9AFC-BAAD1F96B2AE} - C:\Program Files\IObitBar\toolbar\1.bin\i0bar.dll (IObit)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (IObitCom Toolbar) - {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - C:\Program Files\IObitCom\tbIOb1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\tbSof2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (VMN Toolbar) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\system32\spool\drivers\w32x86\2\fpdisp4.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro10.0\OPware32.exe (Caere Corporation)
O4 - HKLM..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe (High Criteria inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [PlaxoSysTray] C:\Documents and Settings\Administrator\Local Settings\Application Data\Plaxo\3.25.0.87\plaxosystray.exe (Plaxo, Inc.)
O4 - HKCU..\Run: [PlaxoUpdate] C:\Documents and Settings\Administrator\Local Settings\Application Data\Plaxo\3.25.0.87\PlaxoHelper_en.exe (Plaxo, Inc.)
O4 - HKCU..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108807
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} [You must be registered and logged in to see this link.] (Windows Live Safety Center Base Module)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/18 16:03:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/18 20:47:46 | 000,000,000 | ---D | M] - F:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/09 09:43:29 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/02/09 07:42:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/01/26 12:55:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/01/26 12:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2011/01/26 09:07:03 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2011/01/26 09:07:02 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2011/01/26 09:06:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011/01/26 09:04:09 | 001,858,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2011/01/26 09:04:09 | 000,551,408 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2011/01/26 09:04:09 | 000,129,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2011/01/26 09:04:09 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2011/01/26 09:04:09 | 000,066,544 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2011/01/26 09:04:09 | 000,066,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2011/01/26 09:04:09 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2011/01/26 09:04:09 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2011/01/26 09:04:08 | 000,670,192 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2011/01/26 09:04:08 | 000,436,720 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2011/01/26 09:04:08 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2011/01/26 09:04:08 | 000,096,752 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2011/01/26 09:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2011/01/20 10:50:50 | 000,000,000 | ---D | C] -- C:\Garmin
[2011/01/18 17:17:58 | 000,000,000 | ---D | C] -- C:\DVD_science
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/09 09:43:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/02/09 09:39:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/09 09:22:33 | 105,726,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/09 07:48:51 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Outlook 2003.lnk
[2011/02/09 07:42:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/09 07:41:21 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/09 07:41:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/08 17:55:10 | 000,204,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/06 22:11:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2011/02/06 21:58:11 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 8.lnk
[2011/02/06 21:17:48 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Hanafax.doc
[2011/02/06 18:10:45 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2003.lnk
[2011/02/01 08:01:09 | 000,130,048 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Viljoen eposadresse.doc
[2011/01/30 09:15:47 | 000,202,752 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\viljoen_briefhoof_afr.doc
[2011/01/27 08:21:34 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/01/25 13:09:57 | 004,245,504 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Resepte_Hana.doc
[2011/01/24 18:00:55 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/01/24 10:18:05 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Publisher 2003.lnk
[2011/01/21 16:28:39 | 000,275,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\W_terblanche_word_nagesien.doc
[2011/01/19 15:29:06 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Image Grabber II.NET.lnk
[2011/01/18 16:24:10 | 000,017,453 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\vraelys verklaring tot nasionale erfenisterrein jan 2011.pdf
[2011/01/18 08:44:24 | 000,286,720 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\gertjie.pub
[2011/01/17 22:17:37 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Tydkaart.doc
[2011/01/14 08:20:05 | 001,998,336 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\CD_COVER.pub
[2011/01/13 10:45:27 | 008,855,552 | ---- | M] () -- C:\Documents and Settings\Administrator\s-1-5-21-861567501-1935655697-839522115-500.rrr
[2011/01/12 20:08:36 | 000,492,032 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\verjaardagkaartjie.pub
[2011/01/10 15:18:25 | 001,406,976 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DVD_cover_thin_box.pub
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Administrator\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/20 16:42:12 | 000,275,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\W_terblanche_word_nagesien.doc
[2011/01/18 16:23:55 | 000,017,453 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\vraelys verklaring tot nasionale erfenisterrein jan 2011.pdf
[2011/01/18 08:28:59 | 000,286,720 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\gertjie.pub
[2011/01/12 20:08:36 | 000,492,032 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\verjaardagkaartjie.pub
[2011/01/12 12:09:11 | 004,245,504 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Resepte_Hana.doc
[2011/01/11 13:39:27 | 000,064,000 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Tydkaart.doc
[2011/01/10 15:17:38 | 001,406,976 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\DVD_cover_thin_box.pub
[2010/11/05 10:16:43 | 000,000,032 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\{F7D92AAA-C97A-488c-BC14-C061CF39647F}.dat
[2010/08/25 16:37:43 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/08/25 16:08:50 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swf2avi.INI
[2010/08/25 16:08:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/07/29 12:12:44 | 000,000,062 | ---- | C] () -- C:\WINDOWS\pcvcdbr.INI
[2010/07/29 12:12:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcvcdvw.INI
[2010/03/15 18:15:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/02/28 08:53:30 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/10 19:32:57 | 000,000,877 | ---- | C] () -- C:\WINDOWS\_ISENV31.INI
[2010/02/01 21:51:22 | 001,208,320 | ---- | C] () -- C:\WINDOWS\System32\cygxml2-2.dll
[2010/02/01 21:51:21 | 000,980,992 | ---- | C] () -- C:\WINDOWS\System32\cygiconv-2.dll
[2010/02/01 21:51:21 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2010/01/13 18:57:44 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini
[2010/01/13 18:57:44 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini
[2010/01/13 18:57:44 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2010/01/13 18:57:43 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2010/01/13 18:22:18 | 000,001,284 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2009/11/05 13:32:58 | 000,210,944 | ---- | C] () -- C:\WINDOWS\MSVCRT10.DLL
[2009/09/24 13:54:10 | 000,000,223 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2009/08/24 15:38:41 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Settings.cfg
[2009/08/24 13:41:48 | 000,000,374 | ---- | C] () -- C:\WINDOWS\cedt.INI
[2009/06/23 22:51:23 | 000,001,028 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\WavCodec.wff
[2009/05/03 22:58:29 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/05/03 22:58:29 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2009/03/30 17:36:12 | 000,000,500 | ---- | C] () -- C:\WINDOWS\Maxlink.ini
[2009/02/24 19:29:33 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/18 21:17:59 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2009/02/18 18:23:48 | 000,000,334 | ---- | C] () -- C:\WINDOWS\FzipFT.INI
[2009/02/18 18:10:29 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/18 18:10:26 | 000,204,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/18 17:47:20 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009/02/18 16:58:08 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2009/02/18 16:29:25 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/18 15:34:16 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2007/02/18 17:47:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998/06/24 00:00:00 | 000,016,656 | ---- | C] () -- C:\WINDOWS\System32\DBMSSHRN.DLL
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/05/18 00:00:00 | 000,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/04/24 00:00:00 | 000,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Administrator\My Documents\Taalbeleid.pdf:SummaryInformation
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

Hank5
Novice
Novice

Posts Posts : 21
Joined Joined : 2010-09-17
OS OS : Windows XP
Points Points : 22992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: 269601USA8.exe

Post by Belahzur on Thu 10 Feb - 12:06

Hello.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-04
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: 269601USA8.exe

Post by Hank5 on Thu 10 Feb - 21:29

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 5709

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2011/02/10 11:52:23 AM
mbam-log-2011-02-10 (11-52-22).txt

Scan type: Quick scan
Objects scanned: 138595
Time elapsed: 22 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Hank5
Novice
Novice

Posts Posts : 21
Joined Joined : 2010-09-17
OS OS : Windows XP
Points Points : 22992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: 269601USA8.exe

Post by Belahzur on Fri 11 Feb - 10:54

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-04
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: 269601USA8.exe

Post by Hank5 on Sat 12 Feb - 0:36

I downloaded ComboFix and disabled the real time protection of AVG 2011.
When I tried to run ComboFix with AVG 2011 disabled I received the following error message:

"ComboFix cannot run when AVG is installed.
This is due to ANV's targeting of ComboFix's files/processes.
Pleasue uninstall AVG or use another tool".

I am reluctant to uninstall AVG. What do you recommend?

Hank5
Novice
Novice

Posts Posts : 21
Joined Joined : 2010-09-17
OS OS : Windows XP
Points Points : 22992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: 269601USA8.exe

Post by Belahzur on Sat 12 Feb - 5:37

Sorry about that - yes, AVG has to be uninstalled before running Combofix.

Nothing we can do sadly, AVG made this problem with it's bad detections.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-04
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: 269601USA8.exe

Post by Hank5 on Mon 14 Feb - 22:59

1. OK, so I uninstalled AVG and ran Combofix.
2. The Combofix filed is posted below.
3. Can I now reinstall AVG Antivirus?
Hank

ComboFix 11-02-09.05 - Administrator 2011/02/14 13:36:26.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.268 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\PriceGong
c:\documents and settings\Administrator\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\z.xml
C:\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2011-01-14 to 2011-02-14 )))))))))))))))))))))))))))))))
.

2011-01-30 12:57 . 2011-01-30 12:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 12:57 . 2011-01-30 12:57 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-01-26 10:55 . 2011-01-26 10:55 -------- d-----w- c:\program files\Common Files\Spigot
2011-01-26 10:55 . 2011-02-07 15:21 -------- d-----w- c:\program files\IObit Toolbar
2011-01-26 07:07 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-01-26 07:07 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-01-26 07:06 . 2011-01-26 07:06 -------- d-----w- c:\windows\Logs
2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll
2011-01-20 08:50 . 2011-01-20 08:50 -------- d-----w- C:\Garmin
2011-01-18 15:17 . 2011-01-19 12:45 -------- d-----w- C:\DVD_science

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2002-12-31 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2002-12-31 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 17:48 . 2011-01-05 17:48 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-12-31 13:10 . 2002-12-31 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2002-12-31 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:08 . 2002-12-31 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:08 . 2002-12-31 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08 . 2002-12-31 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08 . 2002-12-31 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-12-20 17:26 . 2002-12-31 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 16:09 . 2009-08-04 11:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 16:08 . 2009-08-04 11:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 12:55 . 2002-12-31 12:00 389120 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2002-12-31 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2002-12-31 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2002-12-31 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-18 18:12 . 2009-02-18 14:00 81920 ----a-w- c:\windows\system32\isign32.dll
2004-10-01 13:00 . 2009-02-18 14:58 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\program files\IObitCom\tbIOb1.dll" [2010-02-17 2349080]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof2.dll" [2010-10-18 3908192]
"{7757CBCC-0975-4b79-A519-90B142CA3A23}"= "c:\program files\IObitBar\toolbar\1.bin\i0SrcAs.dll" [2010-07-21 49152]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{7757cbcc-0975-4b79-a519-90b142ca3a23}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2010-02-17 16:33 2349080 ----a-w- c:\program files\IObitCom\tbIOb1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\Softonic-Eng7\tbSof2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EFA17361-CDC0-4927-9AFC-BAAD1F96B2AE}]
2010-07-21 09:46 638976 ----a-w- c:\program files\IObitBar\toolbar\1.bin\i0bar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIOb1.dll" [2010-02-17 2349080]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSof2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-08 39408]
"PlaxoUpdate"="c:\documents and settings\Administrator\Local Settings\Application Data\Plaxo\3.25.0.87\PlaxoHelper_en.exe" [2011-01-05 813448]
"PlaxoSysTray"="c:\documents and settings\Administrator\Local Settings\Application Data\Plaxo\3.25.0.87\PlaxoSysTray.exe" [2011-01-05 15752]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-16 2402512]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2010-07-21 198864]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-10-27 1861944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-10-12 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-10-12 126976]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2002-10-23 86016]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"FinePrint Dispatcher v4"="c:\windows\System32\spool\DRIVERS\W32X86\2\fpdisp4.exe" [2001-12-28 356352]
"TotalRecorderScheduler"="c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe" [2005-05-18 81920]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"OmniPage"="c:\program files\Caere\OmniPagePro10.0\opware32.exe" [1999-10-14 53248]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-25 185640]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009/09/25 11:32 PM 189736]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009/07/28 03:02 PM 88176]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010/10/11 11:42 AM 583640]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010/02/03 01:11 PM 135664]
S2 IObitBarService;IObit Toolbar Service;c:\progra~1\IObitBar\toolbar\1.bin\i0barsvc.exe --> c:\progra~1\IObitBar\toolbar\1.bin\i0barsvc.exe [?]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 11:11]

2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 11:11]

2011-02-06 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-03-08 16:08]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vvtorkky.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: UnPlug: unplug@compunach - %profile%\extensions\unplug@compunach
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: Winamp Toolbar: {0b38152b-1b20-484d-a11f-5e04a9b0661f} - %profile%\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Java Quick Starter: [You must be registered and logged in to see this link.] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-02-14 13:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3660)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\Caere\OmniPagePro10.0\ophook32.dll
c:\documents and settings\Administrator\Local Settings\Application Data\Plaxo\3.25.0.87\plx_hook.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Photodex\ProShowGold\ScsiAccess.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-02-14 13:48:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-14 11:48

Pre-Run: 43,428,536,320 bytes free
Post-Run: 43,340,873,728 bytes free

- - End Of File - - 41B170D205EC6109047229ADFAAF04A0

Hank5
Novice
Novice

Posts Posts : 21
Joined Joined : 2010-09-17
OS OS : Windows XP
Points Points : 22992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: 269601USA8.exe

Post by Belahzur on Tue 15 Feb - 12:21

Hello.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-04
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: 269601USA8.exe

Post by Hank5 on Tue 15 Feb - 21:34

I performed the ESET scan and it found four infections:

Win32/RegistryBooster
Adware.RealRegistryCleaner
Win32/RegistryBooster
Adware.RealRegistryCleaner

The infections were quarantined and subsequently I removed them.
No log file was to be found at C:\Program Files\esetonlinescanner\log.txt nor at C\ProgramFiles\ESET A search for log.txt was fruitless.

Could these be the source of my slow PC? Previously when the PC was hanging I used Smart RAM and found the CPU usage to be 100% without anything apparently happening.


Hank5
Novice
Novice

Posts Posts : 21
Joined Joined : 2010-09-17
OS OS : Windows XP
Points Points : 22992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: 269601USA8.exe

Post by Belahzur on Wed 16 Feb - 12:23

Any slowness/locking up and CPU going crazy is caused by lack of any decent hardware, for computers to be able to run smoothly with todays world of software need atleast 1gb of RAM. Yours has only 512mb so I would recommend a hardware upgrade.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-04
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: 269601USA8.exe

Post by Hank5 on Sat 19 Feb - 4:36

Thanks for your help; I will upgrade the RAM to 1 Gb.
Despite being free of viruses and malware, my PC was still very slow and would hang up for extended periods. Using Ctrl-Alt-Del and looking at the Task Manager, I found that during such periods Mozilla Firefox was keeping the CPU 100% occupied, without any programs running whatsoever. I often got the error message "Firefox is running but not responding...." and all efforts to use Mozilla's recipes to remedy this condition, the problem persisted.
I uninstalled Firefox and reinstalled it, and the problem seem to have been solved.
(I know you are not keen supporters of Firefox, but since I am not keen on MS IE, what else is recommended?)
Regards
Hank

Hank5
Novice
Novice

Posts Posts : 21
Joined Joined : 2010-09-17
OS OS : Windows XP
Points Points : 22992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: 269601USA8.exe

Post by Belahzur on Sat 19 Feb - 12:43

Actually we do support Firefox, but Mozilla have released that Chromium browsers are taking over.

Along side Firefox, I recommend SRWare Iron.
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-04
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: 269601USA8.exe

Post by Hank5 on Wed 2 Mar - 20:00

In the end I had to give up on Firefox, which I have proved beyond any doubt to be the reason my PC was slow and hanging at times. I even tried the new Firefox beta, to no avail.
Finally, I reluctantly had to say goodbye to Firefox and uninstall it, replacing it with Google Chrome. My PC is back to its formal speed; it loads quickly, does not hang, and Chrome downloads webpages with alacrity.
Sadly, Firefox has become a victim of it's own former success; with bells and whistles and all sorts of add-ons, it has become bloated and very, very slow, with all sorts of other installed programs interacting with it unfavourably.

Hank5
Novice
Novice

Posts Posts : 21
Joined Joined : 2010-09-17
OS OS : Windows XP
Points Points : 22992
# Likes # Likes : 0

View user profile

Back to top Go down

Re: 269601USA8.exe

Post by Belahzur on Thu 3 Mar - 13:08

Yeah, Firefox has some really bad memory leaks.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-04
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum