Here are my three scans as requested
OTL logfile created on: 12/2/2009 10:25:14 AM - Run 1
OTL by OldTimer - Version 3.1.11.4 Folder = I:\AAAA VIRUS FIX STUFF
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.96 Gb Available in Paging File | 99.06% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189.92 Gb Total Space | 149.48 Gb Free Space | 78.71% Space Free | Partition Type: NTFS
Drive D: | 55.91 Gb Total Space | 26.63 Gb Free Space | 47.64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 2.00 Gb Total Space | 2.00 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
Drive I: | 109.78 Gb Total Space | 99.48 Gb Free Space | 90.61% Space Free | Partition Type: NTFS
Drive J: | 232.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: MARC
Current User Name: Marc
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ========== PRC - [2009/12/02 10:30:57 | 00,535,552 | ---- | M] (OldTimer Tools) -- I:\AAAA VIRUS FIX STUFF\OTL.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/04/21 23:25:33 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2009/03/30 03:25:26 | 43,010,392 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/16 20:35:28 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2008/10/16 20:35:24 | 00,087,360 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2008/07/24 18:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/07/10 02:49:44 | 00,098,840 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/05/12 10:43:18 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/08 23:15:12 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/03/19 11:53:38 | 02,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2008/03/17 17:07:02 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/03/13 14:36:32 | 00,102,704 | ---- | M] () -- C:\Program Files\Hide My IP 2008\SecureSrv.exe
PRC - [2007/08/07 16:07:22 | 00,213,053 | ---- | M] (PermissionTV) -- C:\Program Files\PermissionTV\bin\dm.exe
PRC - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/03/02 06:10:00 | 00,193,592 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2003/07/16 15:47:51 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
========== Modules (SafeList) ========== MOD - [2009/12/02 10:30:57 | 00,535,552 | ---- | M] (OldTimer Tools) -- I:\AAAA VIRUS FIX STUFF\OTL.exe
========== Win32 Services (SafeList) ========== SRV - File not found -- -- (RoxLiveShare9)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/07 05:31:18 | 00,035,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\aspnet_state.exe -- (aspnet_state)
SRV - [2009/10/07 02:44:58 | 00,752,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2009/10/07 02:44:58 | 00,129,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe -- (clr_optimization_v4.0.21006_32)
SRV - [2009/10/07 02:44:58 | 00,124,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/08/05 22:09:34 | 00,658,432 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/22 22:08:48 | 00,047,128 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/30 03:25:26 | 43,010,392 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/03/30 03:23:32 | 00,254,808 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2009/03/30 03:23:24 | 00,366,936 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/16 20:35:28 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2008/07/24 18:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/07/10 02:49:44 | 00,098,840 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/06/03 16:13:14 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/05/12 10:43:18 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2008/05/12 09:49:00 | 00,655,360 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2008/04/18 04:30:42 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/04/13 19:12:02 | 00,105,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/08 23:15:12 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/03/19 11:53:38 | 02,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2008/03/17 17:07:02 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/03/13 14:36:32 | 00,102,704 | ---- | M] () -- C:\Program Files\Hide My IP 2008\SecureSrv.exe -- (SecureSrv)
SRV - [2007/08/07 16:07:22 | 00,213,053 | ---- | M] (PermissionTV) -- C:\Program Files\PermissionTV\bin\dm.exe -- (PermissionTVDownloadManager)
SRV - [2007/06/01 09:21:30 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/04/13 20:09:56 | 00,792,112 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/03/02 06:10:00 | 00,193,592 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/16 15:47:51 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2003/07/16 15:47:51 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)
========== Driver Services (SafeList) ========== DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/07/09 07:46:23 | 00,058,368 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\slabbus.sys -- (slabbus) Kyocera USB Composite Device driver (WDM)
DRV - [2009/06/04 15:46:24 | 00,052,224 | ---- | M] (Aladdin Knowledge Systems.) -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/03/30 03:09:28 | 00,239,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/02/24 17:42:14 | 00,116,736 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/10 16:23:02 | 00,082,320 | ---- | M] (EZB Systems, Inc.) -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009/01/12 07:47:19 | 00,034,528 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\Pcouffin.sys -- (Pcouffin)
DRV - [2008/10/16 20:35:58 | 00,083,288 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/08/21 18:49:56 | 00,008,320 | ---- | M] (Motorola) -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 18:49:22 | 00,018,688 | ---- | M] (Motorola) -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/07/24 18:46:12 | 00,012,856 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/24 18:46:10 | 00,047,640 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/07/24 18:45:20 | 00,010,144 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\lmimirr.sys -- (lmimirr)
DRV - [2008/07/08 13:34:44 | 00,049,720 | ---- | M] (Data Encryption Systems Limited) -- C:\WINDOWS\system32\drivers\dk2drv.sys -- (dk2drv)
DRV - [2008/07/05 22:06:27 | 00,021,672 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2008/07/05 22:06:27 | 00,013,352 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2008/06/22 21:42:26 | 00,016,694 | ---- | M] (PalmSource, Inc.) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2008/06/20 06:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/06/03 10:41:30 | 00,025,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wnsdrvr.sys -- (WnsDrvr)
DRV - [2008/05/31 00:07:48 | 00,003,567 | ---- | M] (Beyond Logic
http://www.beyondlogic.org) -- C:\WINDOWS\system32\drivers\PortTalk.sys -- (PortTalk)
DRV - [2008/05/20 18:33:50 | 00,022,784 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2008/05/12 11:30:02 | 03,007,488 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 13:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2008/04/13 11:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/08 23:14:04 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/04/08 23:14:00 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/03/18 14:45:34 | 00,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2007/10/10 16:41:50 | 00,042,112 | ---- | M] (Motorola Inc) -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2007/09/11 13:40:30 | 00,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\drivers\akshhl.sys -- (akshhl)
DRV - [2007/06/18 14:18:26 | 00,023,680 | ---- | M] (Motorola) -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 14:18:26 | 00,023,680 | ---- | M] (Motorola) -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/03 12:59:42 | 00,099,080 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
DRV - [2007/04/03 12:59:42 | 00,098,568 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616obex.sys -- (s616obex)
DRV - [2007/04/03 12:59:42 | 00,023,176 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616nd5.sys -- (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS)
DRV - [2007/04/03 12:59:40 | 00,100,360 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 12:59:38 | 00,108,680 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616mdm.sys -- (s616mdm)
DRV - [2007/04/03 12:59:36 | 00,015,112 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616mdfl.sys -- (s616mdfl)
DRV - [2007/04/03 12:59:30 | 00,083,208 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV - [2007/03/19 15:30:16 | 00,075,776 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\slabser.sys -- (slabser)
DRV - [2007/01/18 09:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2007/01/15 22:44:46 | 00,011,986 | R--- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2006/11/06 17:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2006/09/28 01:32:40 | 00,051,584 | R--- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\maa950u.sys -- (maa950u)
DRV - [2006/07/05 07:46:06 | 00,063,352 | ---- | M] (Protection Technology (StarForce)) -- C:\WINDOWS\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a)
DRV - [2006/06/14 09:56:56 | 00,013,680 | ---- | M] (Protection Technology (StarForce)) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2006/05/19 09:23:00 | 00,018,880 | ---- | M] (Axalto) -- C:\WINDOWS\system32\drivers\egate.sys -- (Egatecard)
DRV - [2006/05/19 09:23:00 | 00,015,328 | ---- | M] (Axalto) -- C:\WINDOWS\system32\drivers\egatebus.sys -- (Egatebus)
DRV - [2006/05/19 09:23:00 | 00,013,440 | ---- | M] (Axalto) -- C:\WINDOWS\system32\drivers\egaterdr.sys -- (Egaterdr)
DRV - [2006/05/18 08:48:50 | 00,047,249 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\system32\drivers\ufs2xx.sys -- (UFS2XX)
DRV - [2006/02/03 19:05:04 | 00,022,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.SYS -- (usbser)
DRV - [2005/08/17 22:44:50 | 00,049,867 | R--- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\mardp2k.sys -- (MaRdPnp)
DRV - [2005/07/28 07:18:40 | 00,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2005/07/20 17:08:28 | 00,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2005/07/20 17:08:26 | 00,327,808 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2005/06/16 05:13:12 | 00,025,044 | R--- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\maa950m.sys -- (maa950m)
DRV - [2005/06/16 05:11:58 | 00,024,784 | R--- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\maa950c.sys -- (maa950c)
DRV - [2005/06/13 11:58:04 | 00,162,816 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2005/03/02 06:10:00 | 00,090,168 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2005/01/27 14:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2004/11/29 15:53:18 | 00,258,560 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (WLAN(WLAN)) 802.11b+g USB Wireless LAN Adapter Driver(WLAN)
DRV - [2004/11/07 21:36:46 | 00,137,884 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2004/11/07 21:36:38 | 00,010,864 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2004/11/07 21:33:50 | 00,080,272 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2004/09/17 08:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/30 09:39:14 | 00,041,888 | ---- | M] () -- C:\WINDOWS\system32\drivers\Oreans.sys -- (XPROTECTOR)
DRV - [2004/08/27 08:20:48 | 00,002,368 | ---- | M] (AntiCracking) -- C:\WINDOWS\system32\SVKP.sys -- (SVKP)
DRV - [2004/05/03 09:48:30 | 00,041,664 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2004/05/03 09:47:48 | 00,039,136 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgUsbDiag.sys -- (UsbDiag)
DRV - [2004/05/03 09:47:12 | 00,020,092 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2004/04/20 19:35:00 | 00,057,404 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2004/04/20 19:34:00 | 00,024,209 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2004/03/05 21:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 21:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 21:13:52 | 00,060,949 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 21:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2004/01/14 10:30:00 | 00,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\ZDPNDIS5.sys -- (ZDPNDIS5)
DRV - [2003/12/11 01:06:40 | 00,082,640 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\cur_mdm.sys -- (cur_mdm)
DRV - [2003/12/11 01:06:36 | 00,006,064 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\cur_mdfl.sys -- (cur_mdfl)
DRV - [2003/12/11 01:05:24 | 00,051,040 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\cur_bus.sys -- (cur_bus) Curitel USB Composite Device driver (WDM)
DRV - [2003/10/28 15:17:52 | 00,005,273 | ---- | M] (Arrowkey) -- C:\Program Files\321Studios\Shared\CDRPDACC.SYS -- (CDRPDACC)
DRV - [2003/07/16 15:43:20 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2003/07/16 15:42:18 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/12/30 10:33:52 | 00,099,360 | ---- | M] (BlueWater Systems, Inc.) -- C:\WINDOWS\system32\drivers\WINRT.SYS -- (WinRT)
DRV - [2001/12/27 10:59:34 | 00,067,072 | ---- | M] (WIBU-SYSTEMS AG) -- C:\WINDOWS\system32\drivers\Wibukey.sys -- (WIBUKEY)
DRV - [2001/08/17 12:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1935655697-287218729-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1935655697-287218729-682003330-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1935655697-287218729-682003330-1004\S-1-5-21-1935655697-287218729-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..extensions.enabledItems: paypalfirefoxplugin@orbiscom:2.2.26.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2009/06/04 09:45:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/09 10:48:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/10 09:08:24 | 00,000,000 | ---D | M]
[2009/11/03 07:43:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Mozilla\Extensions
[2009/11/27 12:48:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\dhb78q8p.default\extensions
[2009/11/03 07:43:40 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-1935655697-287218729-682003330-1004\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-287218729-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-287218729-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1935655697-287218729-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1935655697-287218729-682003330-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\securenet.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\securenet.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\securenet.dll ()
O16 - DPF: {08BBAF4C-4A89-471C-9552-3694A7F2D081}
http://www.boot-loader.com/files/SmartLogin.cab (LoginCtl Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83}
http://upload.facebook.com/controls/Facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77}
http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://www.update.microsoft.com/windowsupd...b?1212066604674 (WUWebControl Class)
O16 - DPF: {6ABE4BC3-7253-418E-85E8-F334A73154D3}
http://www.gsmserver.com/smartclip/SmartClip.cab (CSmartClient Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://www.update.microsoft.com/microsoftu...b?1212069840687 (MUWebControl Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C}
http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
O16 - DPF: {84A31672-371A-4CBF-8785-DCE55CDC7370}
http://99.166.9.126:85/ocxfile/DownLoad.ocx (DownLoad Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}
http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_17)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9}
https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/29 07:13:47 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/05/05 23:12:36 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/11/06 18:54:00 | 00,005,345 | R--- | M] () - J:\autorun.apm -- [ CDFS ]
O32 - AutoRun File - [2002/12/10 07:00:30 | 01,089,536 | R--- | M] (Indigo Rose Corporation) - J:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2004/08/30 19:24:44 | 00,019,790 | R--- | M] () - J:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2003/11/06 18:54:10 | 00,000,047 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2009/12/01 12:48:24 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/01 12:47:30 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/11/23 14:30:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Desktop\New Folder
[2009/11/18 09:20:05 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/11/18 09:20:02 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/11/10 10:44:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/11/09 15:36:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Application Data\Move Networks
[2009/11/09 10:37:57 | 00,000,000 | ---D | C] -- C:\AAAA
[2009/11/08 10:45:33 | 00,000,000 | ---D | C] -- C:\RECYCLER
[2009/11/07 15:22:45 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2009/11/07 14:48:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Local Settings\Application Data\jxdfwb
[2009/11/04 13:23:13 | 00,050,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
[2009/11/04 13:22:55 | 00,079,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
[2009/11/04 13:21:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\RsFx
[2009/11/04 13:16:36 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2009/11/04 13:15:57 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2009/11/04 13:15:42 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2009/11/04 13:15:41 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/11/04 13:12:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/11/04 13:08:16 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/11/04 13:04:29 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ASP.NET
[2009/11/04 13:04:19 | 00,000,000 | ---D | C] -- C:\Program Files\IIS
[2009/11/04 13:02:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\My Documents\Visual Studio 2008
[2009/11/04 13:01:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\My Documents\Visual Studio 2010
[2009/11/04 12:56:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\symbols
[2009/11/04 12:53:17 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft F#
[2009/11/04 12:53:16 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2009/11/04 12:53:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2009/11/04 12:53:16 | 00,000,000 | ---D | C] -- C:\Program Files\HTML Help Workshop
[2009/11/04 12:53:15 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2009/11/04 12:53:15 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Help
[2009/11/04 12:50:41 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009/11/04 12:29:35 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/11/03 07:43:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Local Settings\Application Data\Mozilla
[2009/11/03 07:43:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Application Data\Mozilla
[2009/11/03 07:43:39 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2004/08/25 23:10:35 | 01,570,816 | ---- | C] (Toshiba Samsung Storage Technology Coporation) -- C:\Documents and Settings\Marc\Application Data\tsdnwin.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2009/12/02 10:15:00 | 00,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-287218729-682003330-1004UA.job
[2009/12/02 10:02:33 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Marc\My Documents\~$eek Of.doc
[2009/12/02 08:58:06 | 00,695,990 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/02 08:58:06 | 00,568,476 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/02 08:58:06 | 00,112,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/02 08:56:35 | 00,535,552 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\OTL.exe
[2009/12/02 08:56:25 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/12/02 08:53:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\TempFile
[2009/12/02 08:53:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/02 08:53:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/01 15:12:58 | 09,699,328 | ---- | M] () -- C:\Documents and Settings\Marc\ntuser.dat
[2009/12/01 15:12:58 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Marc\ntuser.ini
[2009/12/01 14:15:00 | 00,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-287218729-682003330-1004Core.job
[2009/12/01 12:55:07 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/01 12:50:24 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/25 11:06:52 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Marc\My Documents\Week Of.doc
[2009/11/24 23:19:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/24 17:23:37 | 00,018,672 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/19 20:30:45 | 03,568,341 | R--- | M] () -- C:\Documents and Settings\Marc\Desktop\ComboFix.exe
[2009/11/19 15:26:02 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2009/11/18 09:20:57 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/16 18:15:42 | 00,002,321 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\Google Chrome.lnk
[2009/11/16 13:38:51 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/12 03:23:36 | 00,118,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/09 13:05:24 | 00,031,723 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\data.csv
[2009/11/08 10:55:13 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\wafayaje
[2009/11/07 14:47:10 | 00,000,000 | -HS- | M] () -- C:\609506493
[2009/11/07 14:18:05 | 01,276,960 | ---- | M] () -- C:\WINDOWS\System32\vadotali.exe
[2009/11/04 12:39:30 | 00,000,165 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/11/03 09:43:37 | 00,000,129 | ---- | M] () -- C:\Documents and Settings\Marc\default.pls
[2009/11/03 09:43:11 | 00,017,920 | ---- | M] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/03 07:43:50 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/11/03 07:43:43 | 00,001,643 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2009/12/02 10:09:01 | 00,535,552 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\OTL.exe
[2009/12/02 10:02:33 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Marc\My Documents\~$eek Of.doc
[2009/11/24 01:58:14 | 09,699,328 | ---- | C] () -- C:\Documents and Settings\Marc\ntuser.dat
[2009/11/18 09:20:57 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/09 13:05:08 | 00,031,723 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\data.csv
[2009/11/09 10:52:58 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/11/08 10:45:15 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/07 14:47:10 | 00,000,000 | -HS- | C] () -- C:\609506493
[2009/11/07 14:18:05 | 01,276,960 | ---- | C] () -- C:\WINDOWS\System32\vadotali.exe
[2009/11/05 12:42:03 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Marc\My Documents\Week Of.doc
[2009/11/04 12:39:30 | 00,000,165 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/11/03 07:43:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/03 07:43:43 | 00,001,643 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/11/03 07:39:56 | 00,002,321 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\Google Chrome.lnk
[2009/08/07 14:53:01 | 00,000,003 | -HS- | C] () -- C:\WINDOWS\System32\bukujuri.dll
[2009/06/04 15:46:24 | 00,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2009/06/04 15:46:18 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\prtdll32.dll
[2009/06/04 15:46:18 | 00,034,880 | ---- | C] () -- C:\WINDOWS\System32\Portadd.dll
[2009/06/04 15:46:18 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ntgetport.dll
[2009/06/04 15:46:18 | 00,003,264 | ---- | C] () -- C:\WINDOWS\System32\PRTDLL16.DLL
[2009/06/02 16:01:58 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/04/26 09:17:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\AlbumExe.INI
[2009/04/22 07:34:00 | 02,067,140 | R--- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2009/01/28 09:19:13 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/01/28 09:19:04 | 00,000,127 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2008/12/18 17:03:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2008/11/04 16:42:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2008/09/07 14:55:42 | 00,000,091 | ---- | C] () -- C:\WINDOWS\System32\FTDIUNIN.INI
[2008/09/02 20:03:27 | 00,038,463 | ---- | C] () -- C:\Documents and Settings\Marc\Application Data\Tab Separated Values (Windows).ADR
[2008/09/02 19:48:56 | 00,038,450 | ---- | C] () -- C:\Documents and Settings\Marc\Application Data\Microsoft Excel.ADR
[2008/08/24 13:18:11 | 00,888,832 | ---- | C] () -- C:\WINDOWS\System32\securenet.dll
[2008/07/26 08:41:42 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\EFSComm.dll
[2008/07/24 21:57:09 | 00,000,222 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2008/07/08 13:34:42 | 02,325,304 | ---- | C] () -- C:\WINDOWS\System32\DK2INST.DLL
[2008/06/26 06:07:57 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Marc\Application Data\$_hpcst$.hpc
[2008/06/23 19:06:24 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/06/22 22:06:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/06/10 23:20:07 | 00,077,895 | ---- | C] () -- C:\WINDOWS\System32\unibus_tcutil.dll
[2008/06/10 15:19:18 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\TMPXCORE.DLL
[2008/06/10 15:19:18 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\TMPXVFW.DLL
[2008/06/08 07:35:05 | 00,000,391 | ---- | C] () -- C:\WINDOWS\COVERE~1.INI
[2008/06/08 07:27:26 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/08 07:27:26 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/06/08 06:46:09 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/03 14:12:31 | 00,041,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\Oreans.sys
[2008/06/03 10:41:29 | 00,319,488 | ---- | C] () -- C:\WINDOWS\System32\ROBOEX32.DLL
[2008/05/31 16:22:53 | 00,017,920 | ---- | C] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/31 12:43:51 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\XVIDVFW.DLL
[2008/05/31 12:43:51 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\AMD422CODEC.DLL
[2008/05/31 12:43:50 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\XVIDCORE.DLL
[2008/05/29 08:53:49 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/29 08:33:30 | 00,020,594 | ---- | C] () -- C:\WINDOWS\System32\DELS1LMK.DLL
[2008/05/29 08:07:40 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/05/29 07:51:38 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2007/08/06 12:07:30 | 00,008,520 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/06/05 16:18:16 | 00,000,086 | ---- | C] () -- C:\WINDOWS\System32\ufs2xxun.ini
[2006/11/11 21:52:52 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\mmSQL.dll
[2005/10/25 05:24:22 | 00,020,594 | ---- | C] () -- C:\WINDOWS\System32\DELS1L3.DLL
[2005/01/10 10:54:22 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\slbmgpg.dll
[2004/11/05 11:22:57 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\GTSComm.dll
[2004/08/27 08:20:48 | 00,000,037 | ---- | C] () -- C:\WINDOWS\System32\svkp2.dll
[2004/08/27 08:20:48 | 00,000,037 | ---- | C] () -- C:\WINDOWS\System32\ispn2.dll
[2004/08/25 23:08:01 | 00,000,437 | ---- | C] () -- C:\Documents and Settings\Marc\Application Data\SamsungLiveUpdateConfig.ini
[2003/10/17 17:42:54 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\tn30CSTK.dll
[2002/01/09 13:52:04 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\YS6016Pdll.dll
========== Files - Unicode (All) ==========[2009/05/05 15:33:22 | 00,000,008 | RHS- | M] ()(C:\?™?) -- C:\ℤ™☠
[2009/05/05 15:33:22 | 00,000,008 | RHS- | C] ()(C:\?™?) -- C:\ℤ™☠
========== Alternate Data Streams ========== @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FEBE414
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A24E5131
< End of report >
OTL Extras logfile created on: 12/2/2009 10:25:14 AM - Run 1
OTL by OldTimer - Version 3.1.11.4 Folder = I:\AAAA VIRUS FIX STUFF
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.96 Gb Available in Paging File | 99.06% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189.92 Gb Total Space | 149.48 Gb Free Space | 78.71% Space Free | Partition Type: NTFS
Drive D: | 55.91 Gb Total Space | 26.63 Gb Free Space | 47.64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 2.00 Gb Total Space | 2.00 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
Drive I: | 109.78 Gb Total Space | 99.48 Gb Free Space | 90.61% Space Free | Partition Type: NTFS
Drive J: | 232.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: MARC
Current User Name: Marc
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1935655697-287218729-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00060000-0000-1004-8002-0000C06B5161}" = WIBU-KEY Setup (WIBU-KEY Remove)
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{02D29CDE-779D-3082-85C9-4086A49A9390}" = Microsoft Visual C++ 2010 Beta 2 x86 Runtime - 10.0.21006
"{02FF1963-C0C2-45FF-80BF-C913DEFDE276}" = Kyocera Wireless PST
"{05B173C8-F1F0-43FC-85E1-F5394D0E2BF7}" = BlackBerry v4.1.0 for the 7250 Wireless Handheld
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0940CCDF-5BAB-3101-9077-EDD34A25D711}" = Microsoft SharePoint Development Tools
"{0CD3CFF0-9A22-4CDA-BF1B-FA73C1D8B95B}" = Palm
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0DC48D87-CB1F-453D-BAB6-CCE877384E1C}" = Microsoft Sync Framework Services v1.0 SP1 Beta (x86)
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{1684A7CA-EF86-455B-B52A-B54F3FEDB78A}" = Nokia Service Tool Drivers
"{16A507EB-D298-4B6D-A5D1-CF642E6761A1}" = LG Download VX4500 DLL
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{199D9558-6C22-4BEF-AA83-AA7B18EE99B2}" = RadioComm v11.6.2
"{1A6A6531-08FC-47AD-BAC4-C41497E71033}" = Nero 7 Essentials
"{1DB2FBA5-D57A-42A7-8E87-5B3EEBED8283}" = Wal-Mart Music Downloads Store
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2567B22D-4CAC-44ED-8B31-FB92636E2E0F}" = WebCam
"{2A7153F7-38EC-3398-BDB4-2A237E717EE9}" = Microsoft Visual Studio 2010 Professional Beta 2 - ENU
"{2AC6A6D9-4A24-4687-B89D-71C7E4B42900}" = LG Download VX4600 DLL
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 3.209.00
"{3038CC3B-F786-4371-8594-6F0FE87A5230}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{31228E31-2BFF-11D2-8866-00805F0D9D40}" = QPST
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35A3A4F4-B792-11D6-A78A-00B0D0142170}" = Java 2 SDK, SE v1.4.2_17
"{3A814C48-C081-4894-9956-71C489C6762F}" = Samsung PC Studio
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40653574-F426-36BB-A1DC-3AD075E1EB3C}" = Microsoft Help 3.0 Beta 2
"{476B875F-7809-49B6-A6EC-1B1BB14D7D9E}" = PC Sync
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4B4A5A79-0492-4D72-B78D-E244D13D1512}" = BlackBerry v4.2.1 for the 8703e Series Wireless Device
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{51D7494B-6C54-468F-98E1-1A9997C89329}" = BlackBerry Desktop Software 4.7
"{53FA14B9-A754-4568-819E-BE4270FDEE13}" = SQL Server 2008 R2 Management Objects
"{551B0FDE-A7F9-4117-9690-2FEE317A5089}" = LG Download LG-TM520 DLL
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57EC5BFE-7CB7-3057-8385-C9D72918511C}" = Microsoft .NET Framework 4 Client Profile Beta 2
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5C948326-6E97-4AE4-A9D7-F1339EA1CFFF}" = BlackBerry v4.1.0 for the 7100 Series Wireless Device
"{5EFFD8C8-BE42-3A47-A5A6-1B3985FD1EC0}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{61DE738B-CA77-4B59-B9D3-67226BB7DCE3}" = Motorola Software Update
"{62749A4B-FDF0-4094-99FF-F5A6684479B6}" = LG Download LG-TM510 DLL
"{65D5C359-43D6-4EB7-B2BC-91673E261E79}" = LG Download VX4700 DLL
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A7CD56A-A266-40E5-9286-B5DD6FD4BC5D}" = Sentinel Protection Installer 7.1.0
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6E405B40-3879-3C9B-9286-8D5E71258C35}" = Microsoft .NET Framework 4 Extended Beta 2
"{70242DAF-E876-4632-8F51-7982FA54F0B3}" = SCH A850 DLL
"{7148F0A8-6813-11D6-A77B-00B0D0142170}" = Java 2 Runtime Environment, SE v1.4.2_17
"{72087AD0-C7DB-4737-8376-9C1D4C92DE65}" = BlackBerry v4.0.2 for the 7510 Wireless Handheld
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{73965B81-270B-4FB6-9B85-F0A7F68F91C6}" = LG Download LG-TM525 DLL
"{76160D81-5EA1-11D5-B31A-0010A49A498F}" = UniPst
"{76160D81-5EA1-11D5-B31A-0010A49A7994}" = UniPst-Sprint
"{76161281-5EA1-11D5-B31A-0010A49A4990}" = PSTLite
"{764ABA3A-4472-479C-9705-F982F9A88421}" = BlackBerry v4.2.1 for the 8703e Series Wireless Device
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79C20089-9EF7-405B-B0D5-5999DAE2B163}" = BlackBerry v4.1.0 for the 7290 Wireless Handheld
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"{82B16730-AE4F-4CB1-B49C-623870F43AD0}" = BlackBerry v4.1.0 for the 7100 Series Wireless Device
"{84E00510-8474-3214-BEE8-67B9F344E4FC}" = Microsoft Visual F# Runtime 1.0
"{85BF107C-9E34-402A-9112-D26D7D136760}" = SamsungPST
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B916626-D225-496A-83ED-EDBE9E907432}" = Dotfuscator Software Services - Community Edition
"{8CC5BF82-4DD4-11D4-A39F-00C04F05E3F0}" = Motorola PST
"{8D7E28D0-A43C-41B6-9B07-FCD8A2138F42}" = BlackBerry v4.1.0 for the 7250 Wireless Handheld
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90D46024-410B-4644-A129-182BAB6EE8BE}" = LGDownload TM910DLL
"{935C0E2B-CCC7-4424-ADB3-5A27D527F1D6}" = SmartMoto
"{93AE099E-1500-42C2-8174-7AED23D33A73}" = Motorola Phone Tools
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97097F2D-CFBF-4DC9-A8AF-1C8EAC322275}" = Vocal Remover
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9C1EED58-1790-45C4-ADBC-5D45FCA7292E}" = Pure Networks Platform
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A4342E37-6D5A-4A8A-8187-9760AB6DD0F2}" = RSD CDMA General 5.1.8
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A4E0CA0F-1903-440A-9B98-FEA6CB049999}" = Nokia Flashing Cable Driver
"{A737E831-9ECF-456F-81EA-EEEB5B9922A7}" = Microsoft ASP.NET MVC 2
"{A88FCFCE-056F-43DE-8527-F999EFB1AA7A}" = BlackBerry v4.1.0 for the 7250 Wireless Handheld
"{A8CABDE1-CED1-434F-929C-8144E045AB5A}" = LG Download VX8000 DLL
"{A918DE8A-98C8-0920-0000-000000220040}" = Samsung A840 USB - Handset Manager V9.2
"{A918DE8A-98C8-0920-0000-000000220043}" = Samsung SCH-A850 USB - Handset Manager V9.2
"{A918DE8A-98C8-0920-0001-000000000000}" = Multimedia Samples
"{A97A257F-1E88-4F31-B2AF-79C4F96C8CE9}" = LG Download VX7000 DLL
"{AA1E2D5F-56CA-4F07-AA4C-F2973244B946}" = MobileMaster
"{AA74ED37-681C-4AE8-8D1D-5485EBB3ED3D}" = SQL Server System CLR Types
"{AABFA82A-5138-413C-A2C2-E2218DA4B23D}" = SCH U740 DLL
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AE36858F-AF4E-4E93-AE3B-52011E5B981D}" = LG Download VX6000 DLL
"{AE386AEA-F4BC-4457-BF6B-495992437C82}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{AF247107-116D-4E0A-9D35-A1DF5FF6D7A9}" = BlackBerry v4.2.1 for the 7130 Series Wireless Device
"{AFF3DA8C-6E6B-4845-830C-1847F0421ABA}" = Microsoft Sync Framework Runtime v1.0 SP1 Beta (x86)
"{B3EE8039-0729-4AED-A287-00EC072714C4}" = LG Download LG-TM540C DLL
"{B40F3302-1632-435B-B582-3E49BBD5587B}" = BlackBerry v4.1.0 for the 7520 Wireless Handheld
"{B48DCEC2-BE3F-49C5-96F3-AB05E65C4EB4}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}" = Motorola Driver Installation 3.7.0
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0F2BCDB-CB6B-42DB-B763-DC1F109C3C28}" = Nokia Connectivity Cable Driver
"{C242CC6C-AB27-4F14-AD9D-C1F77A2E6602}" = BlackBerry v4.2.1 for the 7130 Series Wireless Device
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C461FA1F-AEC4-451B-B6DF-59F75543B80A}" = RSDLite
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6F0EE21-48DD-43E3-8115-E1D3EACED610}" = LG Download VX8300 DLL
"{C894366E-51C4-4162-BA82-ECBEFC1C2C61}" = PayPal Plug-In
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE3B2257-BAAD-4EAF-BC4D-259582353A1B}" = Microsoft Sync Framework SDK v1.0 SP1 Beta
"{CE65493C-EA18-3458-AA58-EEDB9D671528}" = Visual Studio 2010 Tools for Office Runtime Beta 2 (x86)
"{D0041D4F-8175-4071-B524-7FD8FFF69DF8}" = BlackBerry v4.2.1 for the 7130e Series Wireless Device
"{D089B38D-E58E-4D03-BA0E-86D9353436E0}" = BlackBerry v4.0 for the 6750 Wireless Handheld
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D1B7B5F9-4FB7-48BE-9425-1C6930D67DD1}" = Visual Studio 2010 Beta 2 Tools for SQL Server Compact ENU
"{D3673BC9-53E8-4C0F-98E0-ED59D6A0559E}" = CDM-8910 Audiovox PST
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D691C608-B6A6-3E9F-9457-4F0B8EE9DE25}" = Microsoft Office Development Tools for Visual Studio 2010 (x86)
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D73CBB43-E7F9-48A1-9F68-690F05392537}" = Crystal Reports for Visual Studio
"{D8EA4774-1EB0-45EB-A4F5-E5F2776D328D}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{DAFAACF1-41F8-4547-90DD-6F15DDDFF374}" = BlackBerry v4.0.2 for the 7200 Series Wireless Handheld
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E0864FA6-53AC-4A33-8B52-2BC873D02CF7}" = LG Download LG-TM240 DLL
"{E46B2F8A-6CCD-4949-871D-F9664F2113AB}" = PayPal Plug-In
"{E69974C9-ECDC-4B02-97EB-FB1CE638CECB}" = Web Deployment Tool
"{E8DF0C63-3669-4A71-9000-03775FF51D2C}" = RemotePlayback
"{E9A6F23E-F603-4C73-A41B-5C6996DB3713}" = Microsoft Sync Services for ADO.NET v2.0 SP1 Beta (x86)
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE9B8644-1D6B-4DE2-9E54-F8B9B048C15A}" = LGUsbConverterDriver
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools
"{F849775B-F39D-4EDD-A266-1A3E258F0498}" = Microsoft SQL Server Compact 3.5 SP2 Beta English
"{F91819EA-B57E-11D4-8BA4-00105A75EEEB}" = LGDownload
"{FA3DB67E-1FBE-4F1A-B8E6-B2B447CAEE14}" = SamsungPSTLite
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7.20090303
"{FC2C89A7-76E2-32F1-A2C2-428B480F570E}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Beta 2
"{FF22F9D1-2249-44A7-A203-46702845163A}" = MFI MultiLoader
"6610_428" = 6610_428
"Active@ ISO Burner v 1.1" = Active@ ISO Burner v 1.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop v4.0" = Adobe Photoshop v4.0
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"ATI Display Driver" = ATI Display Driver
"BlackBerry_{51D7494B-6C54-468F-98E1-1A9997C89329}" = BlackBerry Desktop Software 4.7
"Dell Laser Printer 1100" = Dell Laser Printer 1100 Software Uninstall
"DESkey DK2 Uninstall" = DK2 DESkey Drivers v7.14.0.25
"DVD X Rescue" = DVD X Rescue
"DVDXCopyPlatinum" = DVD X Copy Platinum 4.0.3
"FastStone Image Viewer" = FastStone Image Viewer 3.5
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"Free Videos To DVD_is1" = Free Videos To DVD V2.1
"FTDICOMM" = UST Pro II Device Drivers
"HASP Emulator Professiaonal Edition V2.33 for Windows NT/W2K/XP" = HASP Emulator Professiaonal Edition V2.33 for Windows NT/W2K/XP
"HASP HL Device Driver" = HASP HL Device Driver
"Hide My IP 2008_is1" = Hide My IP 2008
"HijackThis" = HijackThis 2.0.2
"iDEN Lab RSS" = iDEN Lab RSS
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{02FF1963-C0C2-45FF-80BF-C913DEFDE276}" = Kyocera Wireless PST
"InstallShield_{476B875F-7809-49B6-A6EC-1B1BB14D7D9E}" = LG PC Sync
"InstallShield_{70242DAF-E876-4632-8F51-7982FA54F0B3}" = SamsungPST_SCHA850 DLL for Verizon
"InstallShield_{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"InstallShield_{AABFA82A-5138-413C-A2C2-E2218DA4B23D}" = SamsungPST_SCHU740 DLL for Verizon
"InstallShield_{FA3DB67E-1FBE-4F1A-B8E6-B2B447CAEE14}" = SamsungPSTLite
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Java Platform, Enterprise Edition 5 SDK" = Java Platform, Enterprise Edition 5 SDK
"KaraFun_is1" = KaraFun 1.18
"KWCXCOMM&0C88&FE43" = Kyocera High-Speed Wireless Modem (Driver Removal)
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile Beta 2" = Microsoft .NET Framework 4 Client Profile Beta 2
"Microsoft .NET Framework 4 Extended Beta 2" = Microsoft .NET Framework 4 Extended Beta 2
"Microsoft Help 3.0 Beta 2" = Microsoft Help 3.0 Beta 2
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Studio 2010 Professional Beta 2 - ENU" = Microsoft Visual Studio 2010 Professional Beta 2 - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Multi UnlockerJUNE 2007 V1.18 beta" = Multi Unlocker
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia DCTX_UFS" = Nokia DCTX_UFS
"Novi Public Library Player_is1" = PermissionTV Novi Public Library Player 3.15
"PermissionTV Download Manager_is1" = PermissionTV Download Manager
"PROSet" = Intel® PRO Network Connections Drivers
"Sams_Ufs" = Sams_Ufs
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"Samsung Mobile USB Modem" = Samsung Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Snood 4_is1" = Snood 4
"TEst Box-II" = TEst Box-II
"Time Clock MTS_is1" = Time Clock MTS V1.7.3
"Treo Unlocker1.01" = Treo Unlocker
"UFS2XX" = UFSx Device USB Drivers
"UFSxtoolsv2 by spongevhong17" = UFSxtoolsv2 by spongevhong17
"UltraISO_is1" = UltraISO Premium V9.33
"Update Service" = Update Service
"USTPro2 Setup v7.40 for Windows2000/XP_is1" = USTPro2 Setup v7.40 for Windows2000/XP
"USTPro2 Setup v8.5.11 for Windows2000/XP_is1" = USTPro2 Setup v8.5.11 for Windows2000/XP
"USTPro2 Setup v8.6.00 for Windows2000/XP_is1" = USTPro2 Setup v8.6.00 for Windows2000/XP
"USTPro2 Setup v9.9.60 for Windows2000/XP_is1" = USTPro2 Setup v9.9.60 for Windows2000/XP
"Visual Studio 2010 Tools for Office Runtime Beta 2 (x86)" = Visual Studio 2010 Tools for Office Runtime Beta 2 (x86)
"Vocal Remover" = Vocal Remover
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1935655697-287218729-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 11/9/2009 11:26:54 AM | Computer Name = G | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in qkitsysguard.exe [3448].
Just-In-Time debugging this exception failed with the following error: The remote
procedure call failed. Check the documentation index for 'Just-in-time debugging,
errors' for more information.
Error - 11/9/2009 11:33:47 AM | Computer Name = G | Source = MsiInstaller | ID = 11316
Description = Product: Windows Defender -- Error 1316. A network error occurred
while attempting to read from the file: C:\Documents and Settings\Marc\Local Settings\Temporary
Internet Files\Content.IE5\IBCXR5LA\WindowsDefender.msi
Error - 11/9/2009 11:48:12 AM | Computer Name = G | Source = MsiInstaller | ID = 11920
Description = Product: Windows Defender -- Error 1920. Service 'Windows Defender'
(WinDefend) failed to start. Verify that you have sufficient privileges to start
system services.
Error - 11/9/2009 11:49:59 AM | Computer Name = G | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: G\Marc Checkpoint ID: 1 Error Code: 0x80070005 Error description:
Access is denied.
Error - 11/9/2009 11:49:59 AM | Computer Name = G | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: G\Marc Checkpoint ID: 1 Error Code: 0x8000ffff Error description:
Catastrophic failure
Error - 11/10/2009 10:08:41 AM | Computer Name = G | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: G\Marc Checkpoint ID: 1 Error Code: 0x80070005 Error description:
Access is denied.
Error - 11/10/2009 10:08:41 AM | Computer Name = G | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: G\Marc Checkpoint ID: 1 Error Code: 0x8000ffff Error description:
Catastrophic failure
[ System Events ]
Error - 12/2/2009 9:56:42 AM | Computer Name = MARC | Source = Service Control Manager | ID = 7034
Description = The Linksys Updater service terminated unexpectedly. It has done
this 1 time(s).
Error - 12/2/2009 9:56:45 AM | Computer Name = MARC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 12/2/2009 9:56:45 AM | Computer Name = MARC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 12 minutes. NtpClient has no source of accurate
time.
Error - 12/2/2009 9:57:02 AM | Computer Name = MARC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 12/2/2009 9:57:02 AM | Computer Name = MARC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 12/2/2009 10:12:02 AM | Computer Name = MARC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 12/2/2009 10:12:02 AM | Computer Name = MARC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.
Error - 12/2/2009 10:42:02 AM | Computer Name = MARC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 60 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 12/2/2009 10:42:02 AM | Computer Name = MARC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.
Error - 12/2/2009 10:51:18 AM | Computer Name = MARC | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {EF3311EB-539B-4254-B669-6532457D7060}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.
< End of report >
GMER 1.0.15.15252 -
http://www.gmer.netRootkit scan 2009-12-02 11:08:30
Windows 5.1.2600 Service Pack 3
Running: 6ti43b15.exe; Driver: C:\DOCUME~1\Marc\LOCALS~1\Temp\ugtdypoc.sys
---- System - GMER 1.0.15 ----
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x804D7571]
SSDT \WINDOWS\system32\ntoskrnl.exe[unknown section] [804D7571] ZwCreateKey [0x804D7571]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x804D7576]
SSDT \WINDOWS\system32\ntoskrnl.exe[unknown section] [804D7576] ZwOpenKey [0x804D7576]
INT 0x03 \WINDOWS\system32\ntoskrnl.exe[unknown section] 804D757B
INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP kernel Device Driver for Windows NT./Aladdin Knowledge Systems.) A62C733D
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + F0 804E274C 3 Bytes [71, 75, 4D] {JNO 0x77; DEC EBP}
.text ntoskrnl.exe!_abnormal_termination + 228 804E2884 3 Bytes [76, 75, 4D] {JBE 0x77; DEC EBP}
.text C:\WINDOWS\System32\DRIVERS\ati2mtag.sys section is writeable [0xB9A16000, 0x18FFBC, 0xE8000020]
init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF77D2760]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB8C34F80]
init C:\WINDOWS\system32\drivers\egatebus.sys entry point in "init" section [0xF7923320]
.text C:\WINDOWS\system32\drivers\Oreans.sys section is writeable [0xF76972A0, 0x9A88, 0xE8000020]
.text C:\WINDOWS\system32\drivers\Haspnt.sys section is writeable [0xA62BD400, 0xAE36, 0x80000020]
.text C:\WINDOWS\system32\DRIVERS\aksfridge.sys section is writeable [0xA5E80000, 0x48011, 0xE0000020]
.init C:\WINDOWS\system32\DRIVERS\aksfridge.sys entry point in ".init" section [0xA5ED5224]
.init C:\WINDOWS\system32\DRIVERS\aksfridge.sys unknown last code section [0xA5ED5000, 0x4000, 0xE20000E0]
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xA5D0F400, 0x7960C, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA5DB1420] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA5DB1420]
.protectÿÿÿÿhardlockunknown last code section [0xA5DB1200, 0x5049, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xA5DB1200, 0x5049, 0xE0000020]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\explorer.exe[252] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E1BEC8
.text C:\WINDOWS\explorer.exe[252] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E1BEB3
.text C:\WINDOWS\explorer.exe[252] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E1BEAC
.text C:\WINDOWS\explorer.exe[252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E1BCC8
.text C:\WINDOWS\explorer.exe[252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E1BCC1
.text C:\WINDOWS\explorer.exe[252] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 00E1BEC1
.text C:\WINDOWS\explorer.exe[252] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E1BECF
.text C:\WINDOWS\explorer.exe[252] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00E1BB2C
.text C:\WINDOWS\explorer.exe[252] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 00E1BEBA
.text C:\WINDOWS\System32\alg.exe[728] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F3BEC8
.text C:\WINDOWS\System32\alg.exe[728] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F3BEB3
.text C:\WINDOWS\System32\alg.exe[728] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F3BEAC
.text C:\WINDOWS\System32\alg.exe[728] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F3BCC8
.text C:\WINDOWS\System32\alg.exe[728] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F3BCC1
.text C:\WINDOWS\System32\alg.exe[728] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 00F3BEC1
.text C:\WINDOWS\System32\alg.exe[728] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F3BECF
.text C:\WINDOWS\System32\alg.exe[728] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00F3BB2C
.text C:\WINDOWS\System32\alg.exe[728] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 00F3BEBA
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FEBEC8
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FEBEB3
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FEBEAC
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FEBCC8
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FEBCC1
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 00FEBEC1
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FEBECF
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00FEBB2C
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 00FEBEBA
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F4BEC8
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F4BEB3
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F4BEAC
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F4BCC8
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F4BCC1
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 00F4BEC1
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F4BECF
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00F4BB2C
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 00F4BEBA
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B3BEC8
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B3BEB3
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B3BEAC
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B3BCC8
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B3BCC1
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 00B3BEC1
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B3BECF
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00B3BB2C
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 00B3BEBA
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C7BEC8
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C7BEB3
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C7BEAC
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C7BCC8
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C7BCC1
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 00C7BEC1
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C7BECF
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00C7BB2C
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 00C7BEBA
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FCBEC8
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FCBEB3
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FCBEAC
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FCBCC8
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FCBCC1
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 00FCBEC1
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FCBECF
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00FCBB2C
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 00FCBEBA
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02AABEC8
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02AABEB3
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02AABEAC
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02AABCC8
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02AABCC1
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 02AABEC1
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02AABECF
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 02AABB2C
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 02AABEBA
.text C:\WINDOWS\system32\Ati2evxx.exe[1308] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A8BEC8
.text C:\WINDOWS\system32\Ati2evxx.exe[1308] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A8BEB3
.text C:\WINDOWS\system32\Ati2evxx.exe[1308] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A8BEAC
.text C:\WINDOWS\system32\Ati2evxx.exe[1308] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A8BCC8
.text C:\WINDOWS\system32\Ati2evxx.exe[1308] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A8BCC1
.text C:\WINDOWS\system32\Ati2evxx.exe[1308] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 00A8BEC1
.text C:\WINDOWS\system32\Ati2evxx.exe[1308] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A8BECF
.text C:\WINDOWS\system32\Ati2evxx.exe[1308] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00A8BB2C
.text C:\WINDOWS\system32\Ati2evxx.exe[1308] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 00A8BEBA
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DFBEC8
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DFBEB3
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DFBEAC
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DFBCC8
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DFBCC1
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 00DFBEC1
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DFBECF
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00DFBB2C
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 00DFBEBA
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1432] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0080BEC8
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1432] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0080BEB3
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1432] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0080BEAC
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0080BCC8
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0080BCC1
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1432] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 0080BEC1
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1432] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0080BECF
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1432] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0080BB2C
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1432] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 0080BEBA
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0120BEC8
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0120BEB3
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0120BEAC
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0120BCC8
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0120BCC1
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 0120BEC1
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0120BECF
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0120BB2C
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 0120BEBA
.text C:\WINDOWS\System32\SCardSvr.exe[1724] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B7BEC8
.text C:\WINDOWS\System32\SCardSvr.exe[1724] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B7BEB3
.text C:\WINDOWS\System32\SCardSvr.exe[1724] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B7BEAC
.text C:\WINDOWS\System32\SCardSvr.exe[1724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B7BCC8
.text C:\WINDOWS\System32\SCardSvr.exe[1724] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B7BCC1
.text C:\WINDOWS\System32\SCardSvr.exe[1724] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 00B7BEC1
.text C:\WINDOWS\System32\SCardSvr.exe[1724] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B7BECF
.text C:\WINDOWS\System32\SCardSvr.exe[1724] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00B7BB2C
.text C:\WINDOWS\System32\SCardSvr.exe[1724] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 00B7BEBA
.text C:\WINDOWS\System32\svchost.exe[1980] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CFBEC8
.text C:\WINDOWS\System32\svchost.exe[1980] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CFBEB3
.text C:\WINDOWS\System32\svchost.exe[1980] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CFBEAC
.text C:\WINDOWS\System32\svchost.exe[1980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CFBCC8
.text C:\WINDOWS\System32\svchost.exe[1980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CFBCC1
.text C:\WINDOWS\System32\svchost.exe[1980] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 00CFBEC1
.text C:\WINDOWS\System32\svchost.exe[1980] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CFBECF
.text C:\WINDOWS\System32\svchost.exe[1980] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00CFBB2C
.text C:\WINDOWS\System32\svchost.exe[1980] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 00CFBEBA
.text I:\AAAA VIRUS FIX STUFF\6ti43b15.exe[3796] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010FBEC8
.text I:\AAAA VIRUS FIX STUFF\6ti43b15.exe[3796] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 010FBEB3
.text I:\AAAA VIRUS FIX STUFF\6ti43b15.exe[3796] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 010FBEAC
.text I:\AAAA VIRUS FIX STUFF\6ti43b15.exe[3796] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010FBCC8
.text I:\AAAA VIRUS FIX STUFF\6ti43b15.exe[3796] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010FBCC1
.text I:\AAAA VIRUS FIX STUFF\6ti43b15.exe[3796] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 010FBEC1
.text I:\AAAA VIRUS FIX STUFF\6ti43b15.exe[3796] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 010FBECF
.text I:\AAAA VIRUS FIX STUFF\6ti43b15.exe[3796] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 010FBB2C
.text I:\AAAA VIRUS FIX STUFF\6ti43b15.exe[3796] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 010FBEBA
---- Devices - GMER 1.0.15 ----
Device \Driver\Disk \Device\Harddisk0\DR0 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device \Driver\Disk \Device\Harddisk1\DR1 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device \Driver\Disk \Device\Harddisk2\DR10 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device \Driver\aksusb \Device\0000007f AKSCLASS.SYS (Aladdin Class Driver/Aladdin Knowledge Systems Ltd.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
That was my three scans pleasde let me know what to do.
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
This topic is locked
Back to top
