Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Browser hijack


  • This topic is locked This topic is locked
13 replies to this topic

#1 mzimports

mzimports

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 24 November 2009 - 05:43 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:31:43, on 11/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\PERMIS~1\bin\dm.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\tcpsvcs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Hide My IP 2008\SecureSrv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Time Clock MTS\Time Clock MTS\timeclockmts.exe
C:\Program Files\Time Clock MTS\Time Clock MTS\timeclockmts.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O16 - DPF: {08BBAF4C-4A89-471C-9552-3694A7F2D081} (LoginCtl Class) - http://www.boot-loader.com/files/SmartLogin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1212066604674
O16 - DPF: {6ABE4BC3-7253-418E-85E8-F334A73154D3} (CSmartClient Object) - http://www.gsmserver.com/smartclip/SmartClip.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212069840687
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {84A31672-371A-4CBF-8785-DCE55CDC7370} (DownLoad Control) - http://99.166.9.126:85/ocxfile/DownLoad.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{71B799FF-BA8F-42BD-A5D4-E9C853270F14}: NameServer = 77.74.48.113
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PermissionTV Download Manager Service (PermissionTVDownloadManager) - PermissionTV - C:\PROGRA~1\PERMIS~1\bin\dm.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SecureSrv - Unknown owner - C:\Program Files\Hide My IP 2008\SecureSrv.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10425 bytes

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 31,408 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:36 PM

Posted 29 November 2009 - 03:46 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti


If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!
Please don't send help request via PM, unless I am already helping you. Use the forums!


sig3.png

Follow BleepingComputer on: Facebook | Twitter | Google+

#3 mzimports

mzimports
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 01 December 2009 - 11:10 AM

Hi thanks for the reply, sorry i did not post about the issues i am having.
Currently i cannot connect to the internet (Im plugged in directly from the router via ethernet)
In addition, no matter what browser i use, search engine links get redirected

here is my hijackthis log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:02, on 8/30/2004
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\PERMIS~1\bin\dm.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\tcpsvcs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hide My IP 2008\SecureSrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O16 - DPF: {08BBAF4C-4A89-471C-9552-3694A7F2D081} (LoginCtl Class) - http://www.boot-loader.com/files/SmartLogin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1212066604674
O16 - DPF: {6ABE4BC3-7253-418E-85E8-F334A73154D3} (CSmartClient Object) - http://www.gsmserver.com/smartclip/SmartClip.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212069840687
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {84A31672-371A-4CBF-8785-DCE55CDC7370} (DownLoad Control) - http://99.166.9.126:85/ocxfile/DownLoad.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{71B799FF-BA8F-42BD-A5D4-E9C853270F14}: NameServer = 77.74.48.113
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PermissionTV Download Manager Service (PermissionTVDownloadManager) - PermissionTV - C:\PROGRA~1\PERMIS~1\bin\dm.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SecureSrv - Unknown owner - C:\Program Files\Hide My IP 2008\SecureSrv.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9924 bytes

i ran a system restore before i ran this hijackthis


thanks for the help

Edited by mzimports, 01 December 2009 - 11:11 AM.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 31,408 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:36 PM

Posted 01 December 2009 - 11:37 AM

Hi,

please provide the OTL logs I asked for in my previous post.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Please also run a scan with gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Please do not use System Restore from now on, since it may make the cleaning much more difficult.
regards myrti


If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!
Please don't send help request via PM, unless I am already helping you. Use the forums!


sig3.png

Follow BleepingComputer on: Facebook | Twitter | Google+

#5 mzimports

mzimports
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 02 December 2009 - 11:20 AM

Here are my three scans as requested


OTL logfile created on: 12/2/2009 10:25:14 AM - Run 1
OTL by OldTimer - Version 3.1.11.4 Folder = I:\AAAA VIRUS FIX STUFF
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.96 Gb Available in Paging File | 99.06% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189.92 Gb Total Space | 149.48 Gb Free Space | 78.71% Space Free | Partition Type: NTFS
Drive D: | 55.91 Gb Total Space | 26.63 Gb Free Space | 47.64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 2.00 Gb Total Space | 2.00 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
Drive I: | 109.78 Gb Total Space | 99.48 Gb Free Space | 90.61% Space Free | Partition Type: NTFS
Drive J: | 232.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARC
Current User Name: Marc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/02 10:30:57 | 00,535,552 | ---- | M] (OldTimer Tools) -- I:\AAAA VIRUS FIX STUFF\OTL.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/04/21 23:25:33 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2009/03/30 03:25:26 | 43,010,392 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/16 20:35:28 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2008/10/16 20:35:24 | 00,087,360 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2008/07/24 18:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/07/10 02:49:44 | 00,098,840 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/05/12 10:43:18 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/08 23:15:12 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/03/19 11:53:38 | 02,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2008/03/17 17:07:02 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/03/13 14:36:32 | 00,102,704 | ---- | M] () -- C:\Program Files\Hide My IP 2008\SecureSrv.exe
PRC - [2007/08/07 16:07:22 | 00,213,053 | ---- | M] (PermissionTV) -- C:\Program Files\PermissionTV\bin\dm.exe
PRC - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/03/02 06:10:00 | 00,193,592 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2003/07/16 15:47:51 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe


========== Modules (SafeList) ==========

MOD - [2009/12/02 10:30:57 | 00,535,552 | ---- | M] (OldTimer Tools) -- I:\AAAA VIRUS FIX STUFF\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (RoxLiveShare9)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/07 05:31:18 | 00,035,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\aspnet_state.exe -- (aspnet_state)
SRV - [2009/10/07 02:44:58 | 00,752,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2009/10/07 02:44:58 | 00,129,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe -- (clr_optimization_v4.0.21006_32)
SRV - [2009/10/07 02:44:58 | 00,124,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/08/05 22:09:34 | 00,658,432 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/22 22:08:48 | 00,047,128 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/30 03:25:26 | 43,010,392 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/03/30 03:23:32 | 00,254,808 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2009/03/30 03:23:24 | 00,366,936 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/16 20:35:28 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2008/07/24 18:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/07/10 02:49:44 | 00,098,840 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/06/03 16:13:14 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/05/12 10:43:18 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2008/05/12 09:49:00 | 00,655,360 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2008/04/18 04:30:42 | 00,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/04/13 19:12:02 | 00,105,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/08 23:15:12 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/03/19 11:53:38 | 02,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2008/03/17 17:07:02 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/03/13 14:36:32 | 00,102,704 | ---- | M] () -- C:\Program Files\Hide My IP 2008\SecureSrv.exe -- (SecureSrv)
SRV - [2007/08/07 16:07:22 | 00,213,053 | ---- | M] (PermissionTV) -- C:\Program Files\PermissionTV\bin\dm.exe -- (PermissionTVDownloadManager)
SRV - [2007/06/01 09:21:30 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/04/13 20:09:56 | 00,792,112 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/03/02 06:10:00 | 00,193,592 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/16 15:47:51 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2003/07/16 15:47:51 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)


========== Driver Services (SafeList) ==========

DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/07/09 07:46:23 | 00,058,368 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\slabbus.sys -- (slabbus) Kyocera USB Composite Device driver (WDM)
DRV - [2009/06/04 15:46:24 | 00,052,224 | ---- | M] (Aladdin Knowledge Systems.) -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/03/30 03:09:28 | 00,239,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/02/24 17:42:14 | 00,116,736 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/10 16:23:02 | 00,082,320 | ---- | M] (EZB Systems, Inc.) -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009/01/12 07:47:19 | 00,034,528 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\Pcouffin.sys -- (Pcouffin)
DRV - [2008/10/16 20:35:58 | 00,083,288 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/08/21 18:49:56 | 00,008,320 | ---- | M] (Motorola) -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 18:49:22 | 00,018,688 | ---- | M] (Motorola) -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/07/24 18:46:12 | 00,012,856 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/24 18:46:10 | 00,047,640 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/07/24 18:45:20 | 00,010,144 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\lmimirr.sys -- (lmimirr)
DRV - [2008/07/08 13:34:44 | 00,049,720 | ---- | M] (Data Encryption Systems Limited) -- C:\WINDOWS\system32\drivers\dk2drv.sys -- (dk2drv)
DRV - [2008/07/05 22:06:27 | 00,021,672 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2008/07/05 22:06:27 | 00,013,352 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2008/06/22 21:42:26 | 00,016,694 | ---- | M] (PalmSource, Inc.) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2008/06/20 06:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/06/03 10:41:30 | 00,025,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wnsdrvr.sys -- (WnsDrvr)
DRV - [2008/05/31 00:07:48 | 00,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) -- C:\WINDOWS\system32\drivers\PortTalk.sys -- (PortTalk)
DRV - [2008/05/20 18:33:50 | 00,022,784 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2008/05/12 11:30:02 | 03,007,488 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 13:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2008/04/13 11:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/08 23:14:04 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/04/08 23:14:00 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/03/18 14:45:34 | 00,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2007/10/10 16:41:50 | 00,042,112 | ---- | M] (Motorola Inc) -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2007/09/11 13:40:30 | 00,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\drivers\akshhl.sys -- (akshhl)
DRV - [2007/06/18 14:18:26 | 00,023,680 | ---- | M] (Motorola) -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 14:18:26 | 00,023,680 | ---- | M] (Motorola) -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/03 12:59:42 | 00,099,080 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
DRV - [2007/04/03 12:59:42 | 00,098,568 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616obex.sys -- (s616obex)
DRV - [2007/04/03 12:59:42 | 00,023,176 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616nd5.sys -- (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS)
DRV - [2007/04/03 12:59:40 | 00,100,360 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 12:59:38 | 00,108,680 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616mdm.sys -- (s616mdm)
DRV - [2007/04/03 12:59:36 | 00,015,112 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616mdfl.sys -- (s616mdfl)
DRV - [2007/04/03 12:59:30 | 00,083,208 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV - [2007/03/19 15:30:16 | 00,075,776 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\slabser.sys -- (slabser)
DRV - [2007/01/18 09:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2007/01/15 22:44:46 | 00,011,986 | R--- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2006/11/06 17:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2006/09/28 01:32:40 | 00,051,584 | R--- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\maa950u.sys -- (maa950u)
DRV - [2006/07/05 07:46:06 | 00,063,352 | ---- | M] (Protection Technology (StarForce)) -- C:\WINDOWS\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a)
DRV - [2006/06/14 09:56:56 | 00,013,680 | ---- | M] (Protection Technology (StarForce)) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2006/05/19 09:23:00 | 00,018,880 | ---- | M] (Axalto) -- C:\WINDOWS\system32\drivers\egate.sys -- (Egatecard)
DRV - [2006/05/19 09:23:00 | 00,015,328 | ---- | M] (Axalto) -- C:\WINDOWS\system32\drivers\egatebus.sys -- (Egatebus)
DRV - [2006/05/19 09:23:00 | 00,013,440 | ---- | M] (Axalto) -- C:\WINDOWS\system32\drivers\egaterdr.sys -- (Egaterdr)
DRV - [2006/05/18 08:48:50 | 00,047,249 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\system32\drivers\ufs2xx.sys -- (UFS2XX)
DRV - [2006/02/03 19:05:04 | 00,022,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.SYS -- (usbser)
DRV - [2005/08/17 22:44:50 | 00,049,867 | R--- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\mardp2k.sys -- (MaRdPnp)
DRV - [2005/07/28 07:18:40 | 00,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2005/07/20 17:08:28 | 00,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2005/07/20 17:08:26 | 00,327,808 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2005/06/16 05:13:12 | 00,025,044 | R--- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\maa950m.sys -- (maa950m)
DRV - [2005/06/16 05:11:58 | 00,024,784 | R--- | M] (Mobile Action Technology Inc.) -- C:\WINDOWS\system32\drivers\maa950c.sys -- (maa950c)
DRV - [2005/06/13 11:58:04 | 00,162,816 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2005/03/02 06:10:00 | 00,090,168 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2005/01/27 14:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2004/11/29 15:53:18 | 00,258,560 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (WLAN(WLAN)) 802.11b+g USB Wireless LAN Adapter Driver(WLAN)
DRV - [2004/11/07 21:36:46 | 00,137,884 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2004/11/07 21:36:38 | 00,010,864 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2004/11/07 21:33:50 | 00,080,272 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2004/09/17 08:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/30 09:39:14 | 00,041,888 | ---- | M] () -- C:\WINDOWS\system32\drivers\Oreans.sys -- (XPROTECTOR)
DRV - [2004/08/27 08:20:48 | 00,002,368 | ---- | M] (AntiCracking) -- C:\WINDOWS\system32\SVKP.sys -- (SVKP)
DRV - [2004/05/03 09:48:30 | 00,041,664 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2004/05/03 09:47:48 | 00,039,136 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgUsbDiag.sys -- (UsbDiag)
DRV - [2004/05/03 09:47:12 | 00,020,092 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2004/04/20 19:35:00 | 00,057,404 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2004/04/20 19:34:00 | 00,024,209 | ---- | M] (FTDI Ltd.) -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2004/03/05 21:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 21:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 21:13:52 | 00,060,949 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 21:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2004/01/14 10:30:00 | 00,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\ZDPNDIS5.sys -- (ZDPNDIS5)
DRV - [2003/12/11 01:06:40 | 00,082,640 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\cur_mdm.sys -- (cur_mdm)
DRV - [2003/12/11 01:06:36 | 00,006,064 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\cur_mdfl.sys -- (cur_mdfl)
DRV - [2003/12/11 01:05:24 | 00,051,040 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\cur_bus.sys -- (cur_bus) Curitel USB Composite Device driver (WDM)
DRV - [2003/10/28 15:17:52 | 00,005,273 | ---- | M] (Arrowkey) -- C:\Program Files\321Studios\Shared\CDRPDACC.SYS -- (CDRPDACC)
DRV - [2003/07/16 15:43:20 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2003/07/16 15:42:18 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/12/30 10:33:52 | 00,099,360 | ---- | M] (BlueWater Systems, Inc.) -- C:\WINDOWS\system32\drivers\WINRT.SYS -- (WinRT)
DRV - [2001/12/27 10:59:34 | 00,067,072 | ---- | M] (WIBU-SYSTEMS AG) -- C:\WINDOWS\system32\drivers\Wibukey.sys -- (WIBUKEY)
DRV - [2001/08/17 12:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1935655697-287218729-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1935655697-287218729-682003330-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1935655697-287218729-682003330-1004\S-1-5-21-1935655697-287218729-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: paypalfirefoxplugin@orbiscom:2.2.26.0
FF - prefs.js..extensions.enabledItems: [email protected]:7

FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2009/06/04 09:45:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/09 10:48:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/10 09:08:24 | 00,000,000 | ---D | M]

[2009/11/03 07:43:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Mozilla\Extensions
[2009/11/27 12:48:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\dhb78q8p.default\extensions
[2009/11/03 07:43:40 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-1935655697-287218729-682003330-1004\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-287218729-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-287218729-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1935655697-287218729-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1935655697-287218729-682003330-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\securenet.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\securenet.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\securenet.dll ()
O16 - DPF: {08BBAF4C-4A89-471C-9552-3694A7F2D081} http://www.boot-loader.com/files/SmartLogin.cab (LoginCtl Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/Facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1212066604674 (WUWebControl Class)
O16 - DPF: {6ABE4BC3-7253-418E-85E8-F334A73154D3} http://www.gsmserver.com/smartclip/SmartClip.cab (CSmartClient Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1212069840687 (MUWebControl Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
O16 - DPF: {84A31672-371A-4CBF-8785-DCE55CDC7370} http://99.166.9.126:85/ocxfile/DownLoad.ocx (DownLoad Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_17)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/29 07:13:47 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/05/05 23:12:36 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/11/06 18:54:00 | 00,005,345 | R--- | M] () - J:\autorun.apm -- [ CDFS ]
O32 - AutoRun File - [2002/12/10 07:00:30 | 01,089,536 | R--- | M] (Indigo Rose Corporation) - J:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2004/08/30 19:24:44 | 00,019,790 | R--- | M] () - J:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2003/11/06 18:54:10 | 00,000,047 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/01 12:48:24 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/01 12:47:30 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/11/23 14:30:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Desktop\New Folder
[2009/11/18 09:20:05 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/11/18 09:20:02 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/11/10 10:44:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/11/09 15:36:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Application Data\Move Networks
[2009/11/09 10:37:57 | 00,000,000 | ---D | C] -- C:\AAAA
[2009/11/08 10:45:33 | 00,000,000 | ---D | C] -- C:\RECYCLER
[2009/11/07 15:22:45 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2009/11/07 14:48:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Local Settings\Application Data\jxdfwb
[2009/11/04 13:23:13 | 00,050,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
[2009/11/04 13:22:55 | 00,079,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
[2009/11/04 13:21:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\RsFx
[2009/11/04 13:16:36 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2009/11/04 13:15:57 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2009/11/04 13:15:42 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2009/11/04 13:15:41 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/11/04 13:12:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/11/04 13:08:16 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/11/04 13:04:29 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ASP.NET
[2009/11/04 13:04:19 | 00,000,000 | ---D | C] -- C:\Program Files\IIS
[2009/11/04 13:02:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\My Documents\Visual Studio 2008
[2009/11/04 13:01:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\My Documents\Visual Studio 2010
[2009/11/04 12:56:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\symbols
[2009/11/04 12:53:17 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft F#
[2009/11/04 12:53:16 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2009/11/04 12:53:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2009/11/04 12:53:16 | 00,000,000 | ---D | C] -- C:\Program Files\HTML Help Workshop
[2009/11/04 12:53:15 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2009/11/04 12:53:15 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Help
[2009/11/04 12:50:41 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009/11/04 12:29:35 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/11/03 07:43:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Local Settings\Application Data\Mozilla
[2009/11/03 07:43:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Application Data\Mozilla
[2009/11/03 07:43:39 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2004/08/25 23:10:35 | 01,570,816 | ---- | C] (Toshiba Samsung Storage Technology Coporation) -- C:\Documents and Settings\Marc\Application Data\tsdnwin.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/02 10:15:00 | 00,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-287218729-682003330-1004UA.job
[2009/12/02 10:02:33 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Marc\My Documents\~$eek Of.doc
[2009/12/02 08:58:06 | 00,695,990 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/02 08:58:06 | 00,568,476 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/02 08:58:06 | 00,112,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/02 08:56:35 | 00,535,552 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\OTL.exe
[2009/12/02 08:56:25 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/12/02 08:53:38 | 00,000,000 | ---- | M] () -- C:\WINDOWS\TempFile
[2009/12/02 08:53:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/02 08:53:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/01 15:12:58 | 09,699,328 | ---- | M] () -- C:\Documents and Settings\Marc\ntuser.dat
[2009/12/01 15:12:58 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Marc\ntuser.ini
[2009/12/01 14:15:00 | 00,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-287218729-682003330-1004Core.job
[2009/12/01 12:55:07 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/01 12:50:24 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/25 11:06:52 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Marc\My Documents\Week Of.doc
[2009/11/24 23:19:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/24 17:23:37 | 00,018,672 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/19 20:30:45 | 03,568,341 | R--- | M] () -- C:\Documents and Settings\Marc\Desktop\ComboFix.exe
[2009/11/19 15:26:02 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2009/11/18 09:20:57 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/16 18:15:42 | 00,002,321 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\Google Chrome.lnk
[2009/11/16 13:38:51 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/12 03:23:36 | 00,118,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/09 13:05:24 | 00,031,723 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\data.csv
[2009/11/08 10:55:13 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\wafayaje
[2009/11/07 14:47:10 | 00,000,000 | -HS- | M] () -- C:\609506493
[2009/11/07 14:18:05 | 01,276,960 | ---- | M] () -- C:\WINDOWS\System32\vadotali.exe
[2009/11/04 12:39:30 | 00,000,165 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/11/03 09:43:37 | 00,000,129 | ---- | M] () -- C:\Documents and Settings\Marc\default.pls
[2009/11/03 09:43:11 | 00,017,920 | ---- | M] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/03 07:43:50 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/11/03 07:43:43 | 00,001,643 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/02 10:09:01 | 00,535,552 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\OTL.exe
[2009/12/02 10:02:33 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Marc\My Documents\~$eek Of.doc
[2009/11/24 01:58:14 | 09,699,328 | ---- | C] () -- C:\Documents and Settings\Marc\ntuser.dat
[2009/11/18 09:20:57 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/09 13:05:08 | 00,031,723 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\data.csv
[2009/11/09 10:52:58 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/11/08 10:45:15 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/07 14:47:10 | 00,000,000 | -HS- | C] () -- C:\609506493
[2009/11/07 14:18:05 | 01,276,960 | ---- | C] () -- C:\WINDOWS\System32\vadotali.exe
[2009/11/05 12:42:03 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Marc\My Documents\Week Of.doc
[2009/11/04 12:39:30 | 00,000,165 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/11/03 07:43:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/03 07:43:43 | 00,001,643 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/11/03 07:39:56 | 00,002,321 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\Google Chrome.lnk
[2009/08/07 14:53:01 | 00,000,003 | -HS- | C] () -- C:\WINDOWS\System32\bukujuri.dll
[2009/06/04 15:46:24 | 00,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2009/06/04 15:46:18 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\prtdll32.dll
[2009/06/04 15:46:18 | 00,034,880 | ---- | C] () -- C:\WINDOWS\System32\Portadd.dll
[2009/06/04 15:46:18 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ntgetport.dll
[2009/06/04 15:46:18 | 00,003,264 | ---- | C] () -- C:\WINDOWS\System32\PRTDLL16.DLL
[2009/06/02 16:01:58 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/04/26 09:17:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\AlbumExe.INI
[2009/04/22 07:34:00 | 02,067,140 | R--- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2009/01/28 09:19:13 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/01/28 09:19:04 | 00,000,127 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2008/12/18 17:03:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2008/11/04 16:42:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2008/09/07 14:55:42 | 00,000,091 | ---- | C] () -- C:\WINDOWS\System32\FTDIUNIN.INI
[2008/09/02 20:03:27 | 00,038,463 | ---- | C] () -- C:\Documents and Settings\Marc\Application Data\Tab Separated Values (Windows).ADR
[2008/09/02 19:48:56 | 00,038,450 | ---- | C] () -- C:\Documents and Settings\Marc\Application Data\Microsoft Excel.ADR
[2008/08/24 13:18:11 | 00,888,832 | ---- | C] () -- C:\WINDOWS\System32\securenet.dll
[2008/07/26 08:41:42 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\EFSComm.dll
[2008/07/24 21:57:09 | 00,000,222 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2008/07/08 13:34:42 | 02,325,304 | ---- | C] () -- C:\WINDOWS\System32\DK2INST.DLL
[2008/06/26 06:07:57 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Marc\Application Data\$_hpcst$.hpc
[2008/06/23 19:06:24 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/06/22 22:06:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/06/10 23:20:07 | 00,077,895 | ---- | C] () -- C:\WINDOWS\System32\unibus_tcutil.dll
[2008/06/10 15:19:18 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\TMPXCORE.DLL
[2008/06/10 15:19:18 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\TMPXVFW.DLL
[2008/06/08 07:35:05 | 00,000,391 | ---- | C] () -- C:\WINDOWS\COVERE~1.INI
[2008/06/08 07:27:26 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/08 07:27:26 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/06/08 06:46:09 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/03 14:12:31 | 00,041,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\Oreans.sys
[2008/06/03 10:41:29 | 00,319,488 | ---- | C] () -- C:\WINDOWS\System32\ROBOEX32.DLL
[2008/05/31 16:22:53 | 00,017,920 | ---- | C] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/31 12:43:51 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\XVIDVFW.DLL
[2008/05/31 12:43:51 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\AMD422CODEC.DLL
[2008/05/31 12:43:50 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\XVIDCORE.DLL
[2008/05/29 08:53:49 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/29 08:33:30 | 00,020,594 | ---- | C] () -- C:\WINDOWS\System32\DELS1LMK.DLL
[2008/05/29 08:07:40 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/05/29 07:51:38 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2007/08/06 12:07:30 | 00,008,520 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/06/05 16:18:16 | 00,000,086 | ---- | C] () -- C:\WINDOWS\System32\ufs2xxun.ini
[2006/11/11 21:52:52 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\mmSQL.dll
[2005/10/25 05:24:22 | 00,020,594 | ---- | C] () -- C:\WINDOWS\System32\DELS1L3.DLL
[2005/01/10 10:54:22 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\slbmgpg.dll
[2004/11/05 11:22:57 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\GTSComm.dll
[2004/08/27 08:20:48 | 00,000,037 | ---- | C] () -- C:\WINDOWS\System32\svkp2.dll
[2004/08/27 08:20:48 | 00,000,037 | ---- | C] () -- C:\WINDOWS\System32\ispn2.dll
[2004/08/25 23:08:01 | 00,000,437 | ---- | C] () -- C:\Documents and Settings\Marc\Application Data\SamsungLiveUpdateConfig.ini
[2003/10/17 17:42:54 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\tn30CSTK.dll
[2002/01/09 13:52:04 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\YS6016Pdll.dll

========== Files - Unicode (All) ==========
[2009/05/05 15:33:22 | 00,000,008 | RHS- | M] ()(C:\?™?) -- C:\ℤ™☠
[2009/05/05 15:33:22 | 00,000,008 | RHS- | C] ()(C:\?™?) -- C:\ℤ™☠

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FEBE414
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A24E5131
< End of report >


OTL Extras logfile created on: 12/2/2009 10:25:14 AM - Run 1
OTL by OldTimer - Version 3.1.11.4 Folder = I:\AAAA VIRUS FIX STUFF
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.96 Gb Available in Paging File | 99.06% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189.92 Gb Total Space | 149.48 Gb Free Space | 78.71% Space Free | Partition Type: NTFS
Drive D: | 55.91 Gb Total Space | 26.63 Gb Free Space | 47.64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 2.00 Gb Total Space | 2.00 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
Drive I: | 109.78 Gb Total Space | 99.48 Gb Free Space | 90.61% Space Free | Partition Type: NTFS
Drive J: | 232.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARC
Current User Name: Marc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1935655697-287218729-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00060000-0000-1004-8002-0000C06B5161}" = WIBU-KEY Setup (WIBU-KEY Remove)
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{02D29CDE-779D-3082-85C9-4086A49A9390}" = Microsoft Visual C++ 2010 Beta 2 x86 Runtime - 10.0.21006
"{02FF1963-C0C2-45FF-80BF-C913DEFDE276}" = Kyocera Wireless PST
"{05B173C8-F1F0-43FC-85E1-F5394D0E2BF7}" = BlackBerry v4.1.0 for the 7250 Wireless Handheld
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0940CCDF-5BAB-3101-9077-EDD34A25D711}" = Microsoft SharePoint Development Tools
"{0CD3CFF0-9A22-4CDA-BF1B-FA73C1D8B95B}" = Palm
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0DC48D87-CB1F-453D-BAB6-CCE877384E1C}" = Microsoft Sync Framework Services v1.0 SP1 Beta (x86)
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{1684A7CA-EF86-455B-B52A-B54F3FEDB78A}" = Nokia Service Tool Drivers
"{16A507EB-D298-4B6D-A5D1-CF642E6761A1}" = LG Download VX4500 DLL
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{199D9558-6C22-4BEF-AA83-AA7B18EE99B2}" = RadioComm v11.6.2
"{1A6A6531-08FC-47AD-BAC4-C41497E71033}" = Nero 7 Essentials
"{1DB2FBA5-D57A-42A7-8E87-5B3EEBED8283}" = Wal-Mart Music Downloads Store
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2567B22D-4CAC-44ED-8B31-FB92636E2E0F}" = WebCam
"{2A7153F7-38EC-3398-BDB4-2A237E717EE9}" = Microsoft Visual Studio 2010 Professional Beta 2 - ENU
"{2AC6A6D9-4A24-4687-B89D-71C7E4B42900}" = LG Download VX4600 DLL
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 3.209.00
"{3038CC3B-F786-4371-8594-6F0FE87A5230}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{31228E31-2BFF-11D2-8866-00805F0D9D40}" = QPST
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35A3A4F4-B792-11D6-A78A-00B0D0142170}" = Java 2 SDK, SE v1.4.2_17
"{3A814C48-C081-4894-9956-71C489C6762F}" = Samsung PC Studio
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40653574-F426-36BB-A1DC-3AD075E1EB3C}" = Microsoft Help 3.0 Beta 2
"{476B875F-7809-49B6-A6EC-1B1BB14D7D9E}" = PC Sync
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4B4A5A79-0492-4D72-B78D-E244D13D1512}" = BlackBerry v4.2.1 for the 8703e Series Wireless Device
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{51D7494B-6C54-468F-98E1-1A9997C89329}" = BlackBerry Desktop Software 4.7
"{53FA14B9-A754-4568-819E-BE4270FDEE13}" = SQL Server 2008 R2 Management Objects
"{551B0FDE-A7F9-4117-9690-2FEE317A5089}" = LG Download LG-TM520 DLL
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57EC5BFE-7CB7-3057-8385-C9D72918511C}" = Microsoft .NET Framework 4 Client Profile Beta 2
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5C948326-6E97-4AE4-A9D7-F1339EA1CFFF}" = BlackBerry v4.1.0 for the 7100 Series Wireless Device
"{5EFFD8C8-BE42-3A47-A5A6-1B3985FD1EC0}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{61DE738B-CA77-4B59-B9D3-67226BB7DCE3}" = Motorola Software Update
"{62749A4B-FDF0-4094-99FF-F5A6684479B6}" = LG Download LG-TM510 DLL
"{65D5C359-43D6-4EB7-B2BC-91673E261E79}" = LG Download VX4700 DLL
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A7CD56A-A266-40E5-9286-B5DD6FD4BC5D}" = Sentinel Protection Installer 7.1.0
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6E405B40-3879-3C9B-9286-8D5E71258C35}" = Microsoft .NET Framework 4 Extended Beta 2
"{70242DAF-E876-4632-8F51-7982FA54F0B3}" = SCH A850 DLL
"{7148F0A8-6813-11D6-A77B-00B0D0142170}" = Java 2 Runtime Environment, SE v1.4.2_17
"{72087AD0-C7DB-4737-8376-9C1D4C92DE65}" = BlackBerry v4.0.2 for the 7510 Wireless Handheld
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{73965B81-270B-4FB6-9B85-F0A7F68F91C6}" = LG Download LG-TM525 DLL
"{76160D81-5EA1-11D5-B31A-0010A49A498F}" = UniPst
"{76160D81-5EA1-11D5-B31A-0010A49A7994}" = UniPst-Sprint
"{76161281-5EA1-11D5-B31A-0010A49A4990}" = PSTLite
"{764ABA3A-4472-479C-9705-F982F9A88421}" = BlackBerry v4.2.1 for the 8703e Series Wireless Device
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79C20089-9EF7-405B-B0D5-5999DAE2B163}" = BlackBerry v4.1.0 for the 7290 Wireless Handheld
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"{82B16730-AE4F-4CB1-B49C-623870F43AD0}" = BlackBerry v4.1.0 for the 7100 Series Wireless Device
"{84E00510-8474-3214-BEE8-67B9F344E4FC}" = Microsoft Visual F# Runtime 1.0
"{85BF107C-9E34-402A-9112-D26D7D136760}" = SamsungPST
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B916626-D225-496A-83ED-EDBE9E907432}" = Dotfuscator Software Services - Community Edition
"{8CC5BF82-4DD4-11D4-A39F-00C04F05E3F0}" = Motorola PST
"{8D7E28D0-A43C-41B6-9B07-FCD8A2138F42}" = BlackBerry v4.1.0 for the 7250 Wireless Handheld
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90D46024-410B-4644-A129-182BAB6EE8BE}" = LGDownload TM910DLL
"{935C0E2B-CCC7-4424-ADB3-5A27D527F1D6}" = SmartMoto
"{93AE099E-1500-42C2-8174-7AED23D33A73}" = Motorola Phone Tools
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97097F2D-CFBF-4DC9-A8AF-1C8EAC322275}" = Vocal Remover
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9C1EED58-1790-45C4-ADBC-5D45FCA7292E}" = Pure Networks Platform
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A4342E37-6D5A-4A8A-8187-9760AB6DD0F2}" = RSD CDMA General 5.1.8
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A4E0CA0F-1903-440A-9B98-FEA6CB049999}" = Nokia Flashing Cable Driver
"{A737E831-9ECF-456F-81EA-EEEB5B9922A7}" = Microsoft ASP.NET MVC 2
"{A88FCFCE-056F-43DE-8527-F999EFB1AA7A}" = BlackBerry v4.1.0 for the 7250 Wireless Handheld
"{A8CABDE1-CED1-434F-929C-8144E045AB5A}" = LG Download VX8000 DLL
"{A918DE8A-98C8-0920-0000-000000220040}" = Samsung A840 USB - Handset Manager V9.2
"{A918DE8A-98C8-0920-0000-000000220043}" = Samsung SCH-A850 USB - Handset Manager V9.2
"{A918DE8A-98C8-0920-0001-000000000000}" = Multimedia Samples
"{A97A257F-1E88-4F31-B2AF-79C4F96C8CE9}" = LG Download VX7000 DLL
"{AA1E2D5F-56CA-4F07-AA4C-F2973244B946}" = MobileMaster
"{AA74ED37-681C-4AE8-8D1D-5485EBB3ED3D}" = SQL Server System CLR Types
"{AABFA82A-5138-413C-A2C2-E2218DA4B23D}" = SCH U740 DLL
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AE36858F-AF4E-4E93-AE3B-52011E5B981D}" = LG Download VX6000 DLL
"{AE386AEA-F4BC-4457-BF6B-495992437C82}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{AF247107-116D-4E0A-9D35-A1DF5FF6D7A9}" = BlackBerry v4.2.1 for the 7130 Series Wireless Device
"{AFF3DA8C-6E6B-4845-830C-1847F0421ABA}" = Microsoft Sync Framework Runtime v1.0 SP1 Beta (x86)
"{B3EE8039-0729-4AED-A287-00EC072714C4}" = LG Download LG-TM540C DLL
"{B40F3302-1632-435B-B582-3E49BBD5587B}" = BlackBerry v4.1.0 for the 7520 Wireless Handheld
"{B48DCEC2-BE3F-49C5-96F3-AB05E65C4EB4}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}" = Motorola Driver Installation 3.7.0
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0F2BCDB-CB6B-42DB-B763-DC1F109C3C28}" = Nokia Connectivity Cable Driver
"{C242CC6C-AB27-4F14-AD9D-C1F77A2E6602}" = BlackBerry v4.2.1 for the 7130 Series Wireless Device
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C461FA1F-AEC4-451B-B6DF-59F75543B80A}" = RSDLite
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6F0EE21-48DD-43E3-8115-E1D3EACED610}" = LG Download VX8300 DLL
"{C894366E-51C4-4162-BA82-ECBEFC1C2C61}" = PayPal Plug-In
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE3B2257-BAAD-4EAF-BC4D-259582353A1B}" = Microsoft Sync Framework SDK v1.0 SP1 Beta
"{CE65493C-EA18-3458-AA58-EEDB9D671528}" = Visual Studio 2010 Tools for Office Runtime Beta 2 (x86)
"{D0041D4F-8175-4071-B524-7FD8FFF69DF8}" = BlackBerry v4.2.1 for the 7130e Series Wireless Device
"{D089B38D-E58E-4D03-BA0E-86D9353436E0}" = BlackBerry v4.0 for the 6750 Wireless Handheld
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D1B7B5F9-4FB7-48BE-9425-1C6930D67DD1}" = Visual Studio 2010 Beta 2 Tools for SQL Server Compact ENU
"{D3673BC9-53E8-4C0F-98E0-ED59D6A0559E}" = CDM-8910 Audiovox PST
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D691C608-B6A6-3E9F-9457-4F0B8EE9DE25}" = Microsoft Office Development Tools for Visual Studio 2010 (x86)
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D73CBB43-E7F9-48A1-9F68-690F05392537}" = Crystal Reports for Visual Studio
"{D8EA4774-1EB0-45EB-A4F5-E5F2776D328D}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{DAFAACF1-41F8-4547-90DD-6F15DDDFF374}" = BlackBerry v4.0.2 for the 7200 Series Wireless Handheld
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E0864FA6-53AC-4A33-8B52-2BC873D02CF7}" = LG Download LG-TM240 DLL
"{E46B2F8A-6CCD-4949-871D-F9664F2113AB}" = PayPal Plug-In
"{E69974C9-ECDC-4B02-97EB-FB1CE638CECB}" = Web Deployment Tool
"{E8DF0C63-3669-4A71-9000-03775FF51D2C}" = RemotePlayback
"{E9A6F23E-F603-4C73-A41B-5C6996DB3713}" = Microsoft Sync Services for ADO.NET v2.0 SP1 Beta (x86)
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE9B8644-1D6B-4DE2-9E54-F8B9B048C15A}" = LGUsbConverterDriver
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools
"{F849775B-F39D-4EDD-A266-1A3E258F0498}" = Microsoft SQL Server Compact 3.5 SP2 Beta English
"{F91819EA-B57E-11D4-8BA4-00105A75EEEB}" = LGDownload
"{FA3DB67E-1FBE-4F1A-B8E6-B2B447CAEE14}" = SamsungPSTLite
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7.20090303
"{FC2C89A7-76E2-32F1-A2C2-428B480F570E}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Beta 2
"{FF22F9D1-2249-44A7-A203-46702845163A}" = MFI MultiLoader
"6610_428" = 6610_428
"Active@ ISO Burner v 1.1" = Active@ ISO Burner v 1.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop v4.0" = Adobe Photoshop v4.0
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"ATI Display Driver" = ATI Display Driver
"BlackBerry_{51D7494B-6C54-468F-98E1-1A9997C89329}" = BlackBerry Desktop Software 4.7
"Dell Laser Printer 1100" = Dell Laser Printer 1100 Software Uninstall
"DESkey DK2 Uninstall" = DK2 DESkey Drivers v7.14.0.25
"DVD X Rescue" = DVD X Rescue
"DVDXCopyPlatinum" = DVD X Copy Platinum 4.0.3
"FastStone Image Viewer" = FastStone Image Viewer 3.5
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"Free Videos To DVD_is1" = Free Videos To DVD V2.1
"FTDICOMM" = UST Pro II Device Drivers
"HASP Emulator Professiaonal Edition V2.33 for Windows NT/W2K/XP" = HASP Emulator Professiaonal Edition V2.33 for Windows NT/W2K/XP
"HASP HL Device Driver" = HASP HL Device Driver
"Hide My IP 2008_is1" = Hide My IP 2008
"HijackThis" = HijackThis 2.0.2
"iDEN Lab RSS" = iDEN Lab RSS
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{02FF1963-C0C2-45FF-80BF-C913DEFDE276}" = Kyocera Wireless PST
"InstallShield_{476B875F-7809-49B6-A6EC-1B1BB14D7D9E}" = LG PC Sync
"InstallShield_{70242DAF-E876-4632-8F51-7982FA54F0B3}" = SamsungPST_SCHA850 DLL for Verizon
"InstallShield_{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"InstallShield_{AABFA82A-5138-413C-A2C2-E2218DA4B23D}" = SamsungPST_SCHU740 DLL for Verizon
"InstallShield_{FA3DB67E-1FBE-4F1A-B8E6-B2B447CAEE14}" = SamsungPSTLite
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Java Platform, Enterprise Edition 5 SDK" = Java Platform, Enterprise Edition 5 SDK
"KaraFun_is1" = KaraFun 1.18
"KWCXCOMM&0C88&FE43" = Kyocera High-Speed Wireless Modem (Driver Removal)
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile Beta 2" = Microsoft .NET Framework 4 Client Profile Beta 2
"Microsoft .NET Framework 4 Extended Beta 2" = Microsoft .NET Framework 4 Extended Beta 2
"Microsoft Help 3.0 Beta 2" = Microsoft Help 3.0 Beta 2
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Studio 2010 Professional Beta 2 - ENU" = Microsoft Visual Studio 2010 Professional Beta 2 - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Multi UnlockerJUNE 2007 V1.18 beta" = Multi Unlocker
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia DCTX_UFS" = Nokia DCTX_UFS
"Novi Public Library Player_is1" = PermissionTV Novi Public Library Player 3.15
"PermissionTV Download Manager_is1" = PermissionTV Download Manager
"PROSet" = Intel® PRO Network Connections Drivers
"Sams_Ufs" = Sams_Ufs
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"Samsung Mobile USB Modem" = Samsung Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Snood 4_is1" = Snood 4
"TEst Box-II" = TEst Box-II
"Time Clock MTS_is1" = Time Clock MTS V1.7.3
"Treo Unlocker1.01" = Treo Unlocker
"UFS2XX" = UFSx Device USB Drivers
"UFSxtoolsv2 by spongevhong17" = UFSxtoolsv2 by spongevhong17
"UltraISO_is1" = UltraISO Premium V9.33
"Update Service" = Update Service
"USTPro2 Setup v7.40 for Windows2000/XP_is1" = USTPro2 Setup v7.40 for Windows2000/XP
"USTPro2 Setup v8.5.11 for Windows2000/XP_is1" = USTPro2 Setup v8.5.11 for Windows2000/XP
"USTPro2 Setup v8.6.00 for Windows2000/XP_is1" = USTPro2 Setup v8.6.00 for Windows2000/XP
"USTPro2 Setup v9.9.60 for Windows2000/XP_is1" = USTPro2 Setup v9.9.60 for Windows2000/XP
"Visual Studio 2010 Tools for Office Runtime Beta 2 (x86)" = Visual Studio 2010 Tools for Office Runtime Beta 2 (x86)
"Vocal Remover" = Vocal Remover
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1935655697-287218729-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/9/2009 11:26:54 AM | Computer Name = G | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in qkitsysguard.exe [3448].
Just-In-Time debugging this exception failed with the following error: The remote
procedure call failed. Check the documentation index for 'Just-in-time debugging,
errors' for more information.

Error - 11/9/2009 11:33:47 AM | Computer Name = G | Source = MsiInstaller | ID = 11316
Description = Product: Windows Defender -- Error 1316. A network error occurred
while attempting to read from the file: C:\Documents and Settings\Marc\Local Settings\Temporary
Internet Files\Content.IE5\IBCXR5LA\WindowsDefender.msi

Error - 11/9/2009 11:48:12 AM | Computer Name = G | Source = MsiInstaller | ID = 11920
Description = Product: Windows Defender -- Error 1920. Service 'Windows Defender'
(WinDefend) failed to start. Verify that you have sufficient privileges to start
system services.

Error - 11/9/2009 11:49:59 AM | Computer Name = G | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: G\Marc Checkpoint ID: 1 Error Code: 0x80070005 Error description:
Access is denied.

Error - 11/9/2009 11:49:59 AM | Computer Name = G | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: G\Marc Checkpoint ID: 1 Error Code: 0x8000ffff Error description:
Catastrophic failure

Error - 11/10/2009 10:08:41 AM | Computer Name = G | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: G\Marc Checkpoint ID: 1 Error Code: 0x80070005 Error description:
Access is denied.

Error - 11/10/2009 10:08:41 AM | Computer Name = G | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: G\Marc Checkpoint ID: 1 Error Code: 0x8000ffff Error description:
Catastrophic failure

[ System Events ]
Error - 12/2/2009 9:56:42 AM | Computer Name = MARC | Source = Service Control Manager | ID = 7034
Description = The Linksys Updater service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/2/2009 9:56:45 AM | Computer Name = MARC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 12/2/2009 9:56:45 AM | Computer Name = MARC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 12 minutes. NtpClient has no source of accurate
time.

Error - 12/2/2009 9:57:02 AM | Computer Name = MARC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 12/2/2009 9:57:02 AM | Computer Name = MARC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 12/2/2009 10:12:02 AM | Computer Name = MARC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 12/2/2009 10:12:02 AM | Computer Name = MARC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 12/2/2009 10:42:02 AM | Computer Name = MARC | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 60 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 12/2/2009 10:42:02 AM | Computer Name = MARC | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 12/2/2009 10:51:18 AM | Computer Name = MARC | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {EF3311EB-539B-4254-B669-6532457D7060}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.


< End of report >



GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-02 11:08:30
Windows 5.1.2600 Service Pack 3
Running: 6ti43b15.exe; Driver: C:\DOCUME~1\Marc\LOCALS~1\Temp\ugtdypoc.sys


---- System - GMER 1.0.15 ----

SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x804D7571]
SSDT \WINDOWS\system32\ntoskrnl.exe[unknown section] [804D7571] ZwCreateKey [0x804D7571]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x804D7576]
SSDT \WINDOWS\system32\ntoskrnl.exe[unknown section] [804D7576] ZwOpenKey [0x804D7576]

INT 0x03 \WINDOWS\system32\ntoskrnl.exe[unknown section] 804D757B
INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP kernel Device Driver for Windows NT./Aladdin Knowledge Systems.) A62C733D

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + F0 804E274C 3 Bytes [71, 75, 4D] {JNO 0x77; DEC EBP}
.text ntoskrnl.exe!_abnormal_termination + 228 804E2884 3 Bytes [76, 75, 4D] {JBE 0x77; DEC EBP}
.text C:\WINDOWS\System32\DRIVERS\ati2mtag.sys section is writeable [0xB9A16000, 0x18FFBC, 0xE8000020]
init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF77D2760]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB8C34F80]
init C:\WINDOWS\system32\drivers\egatebus.sys entry point in "init" section [0xF7923320]
.text C:\WINDOWS\system32\drivers\Oreans.sys section is writeable [0xF76972A0, 0x9A88, 0xE8000020]
.text C:\WINDOWS\system32\drivers\Haspnt.sys section is writeable [0xA62BD400, 0xAE36, 0x80000020]
.text C:\WINDOWS\system32\DRIVERS\aksfridge.sys section is writeable [0xA5E80000, 0x48011, 0xE0000020]
.init C:\WINDOWS\system32\DRIVERS\aksfridge.sys entry point in ".init" section [0xA5ED5224]
.init C:\WINDOWS\system32\DRIVERS\aksfridge.sys unknown last code section [0xA5ED5000, 0x4000, 0xE20000E0]
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xA5D0F400, 0x7960C, 0xE8000020]
.protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xA5DB1420] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xA5DB1420]
.protect˙˙˙˙hardlockunknown last code section [0xA5DB1200, 0x5049, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xA5DB1200, 0x5049, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\explorer.exe[252] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E1BEC8
.text C:\WINDOWS\explorer.exe[252] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E1BEB3
.text C:\WINDOWS\explorer.exe[252] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E1BEAC
.text C:\WINDOWS\explorer.exe[252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E1BCC8
.text C:\WINDOWS\explorer.exe[252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E1BCC1
.text C:\WINDOWS\explorer.exe[252] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 00E1BEC1
.text C:\WINDOWS\explorer.exe[252] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E1BECF
.text C:\WINDOWS\explorer.exe[252] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00E1BB2C
.text C:\WINDOWS\explorer.exe[252] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 00E1BEBA
.text C:\WINDOWS\System32\alg.exe[728] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F3BEC8
.text C:\WINDOWS\System32\alg.exe[728] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F3BEB3
.text C:\WINDOWS\System32\alg.exe[728] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F3BEAC
.text C:\WINDOWS\System32\alg.exe[728] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F3BCC8
.text C:\WINDOWS\System32\alg.exe[728] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F3BCC1
.text C:\WINDOWS\System32\alg.exe[728] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 00F3BEC1
.text C:\WINDOWS\System32\alg.exe[728] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F3BECF
.text C:\WINDOWS\System32\alg.exe[728] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00F3BB2C
.text C:\WINDOWS\System32\alg.exe[728] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 00F3BEBA
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FEBEC8
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FEBEB3
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FEBEAC
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FEBCC8
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FEBCC1
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 00FEBEC1
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FEBECF
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00FEBB2C
.text C:\WINDOWS\system32\winlogon.exe[764] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 00FEBEBA
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F4BEC8
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F4BEB3
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F4BEAC
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F4BCC8
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F4BCC1
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 00F4BEC1
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F4BECF
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00F4BB2C
.text C:\WINDOWS\system32\services.exe[808] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 00F4BEBA
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B3BEC8
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B3BEB3
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B3BEAC
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B3BCC8
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B3BCC1
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 00B3BEC1
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B3BECF
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00B3BB2C
.text C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 00B3BEBA
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C7BEC8
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C7BEB3
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C7BEAC
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C7BCC8
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C7BCC1
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 00C7BEC1
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C7BECF
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00C7BB2C
.text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 00C7BEBA
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FCBEC8
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FCBEB3
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FCBEAC
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FCBCC8
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FCBCC1
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 00FCBEC1
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FCBECF
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00FCBB2C
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 00FCBEBA
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02AABEC8
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02AABEB3
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02AABEAC
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02AABCC8
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02AABCC1
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 02AABEC1
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02AABECF
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 02AABB2C
.text C:\WINDOWS\System32\svchost.exe[1260] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 02AABEBA
.text C:\WINDOWS\system32\Ati2evxx.exe[1308] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A8BEC8
.text C:\WINDOWS\system32\Ati2evxx.exe[1308] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A8BEB3
.text C:\WINDOWS\system32\Ati2evxx.exe[1308] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A8BEAC
.text C:\WINDOWS\system32\Ati2evxx.exe[1308] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A8BCC8
.text C:\WINDOWS\system32\Ati2evxx.exe[1308] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A8BCC1
.text C:\WINDOWS\system32\Ati2evxx.exe[1308] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 00A8BEC1
.text C:\WINDOWS\system32\Ati2evxx.exe[1308] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A8BECF
.text C:\WINDOWS\system32\Ati2evxx.exe[1308] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00A8BB2C
.text C:\WINDOWS\system32\Ati2evxx.exe[1308] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 00A8BEBA
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DFBEC8
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DFBEB3
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DFBEAC
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DFBCC8
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DFBCC1
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 00DFBEC1
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DFBECF
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00DFBB2C
.text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 00DFBEBA
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1432] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0080BEC8
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1432] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0080BEB3
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1432] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0080BEAC
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0080BCC8
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0080BCC1
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1432] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 0080BEC1
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1432] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0080BECF
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1432] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0080BB2C
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[1432] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 0080BEBA
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0120BEC8
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0120BEB3
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0120BEAC
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0120BCC8
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 0120BCC1
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 0120BEC1
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0120BECF
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 0120BB2C
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 0120BEBA
.text C:\WINDOWS\System32\SCardSvr.exe[1724] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B7BEC8
.text C:\WINDOWS\System32\SCardSvr.exe[1724] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B7BEB3
.text C:\WINDOWS\System32\SCardSvr.exe[1724] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B7BEAC
.text C:\WINDOWS\System32\SCardSvr.exe[1724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B7BCC8
.text C:\WINDOWS\System32\SCardSvr.exe[1724] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B7BCC1
.text C:\WINDOWS\System32\SCardSvr.exe[1724] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 00B7BEC1
.text C:\WINDOWS\System32\SCardSvr.exe[1724] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B7BECF
.text C:\WINDOWS\System32\SCardSvr.exe[1724] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00B7BB2C
.text C:\WINDOWS\System32\SCardSvr.exe[1724] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 00B7BEBA
.text C:\WINDOWS\System32\svchost.exe[1980] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CFBEC8
.text C:\WINDOWS\System32\svchost.exe[1980] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CFBEB3
.text C:\WINDOWS\System32\svchost.exe[1980] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CFBEAC
.text C:\WINDOWS\System32\svchost.exe[1980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CFBCC8
.text C:\WINDOWS\System32\svchost.exe[1980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CFBCC1
.text C:\WINDOWS\System32\svchost.exe[1980] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 00CFBEC1
.text C:\WINDOWS\System32\svchost.exe[1980] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CFBECF
.text C:\WINDOWS\System32\svchost.exe[1980] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 00CFBB2C
.text C:\WINDOWS\System32\svchost.exe[1980] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 00CFBEBA
.text I:\AAAA VIRUS FIX STUFF\6ti43b15.exe[3796] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010FBEC8
.text I:\AAAA VIRUS FIX STUFF\6ti43b15.exe[3796] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 010FBEB3
.text I:\AAAA VIRUS FIX STUFF\6ti43b15.exe[3796] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 010FBEAC
.text I:\AAAA VIRUS FIX STUFF\6ti43b15.exe[3796] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010FBCC8
.text I:\AAAA VIRUS FIX STUFF\6ti43b15.exe[3796] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010FBCC1
.text I:\AAAA VIRUS FIX STUFF\6ti43b15.exe[3796] kernel32.dll!SearchPathW 7C80E77C 5 Bytes JMP 010FBEC1
.text I:\AAAA VIRUS FIX STUFF\6ti43b15.exe[3796] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 010FBECF
.text I:\AAAA VIRUS FIX STUFF\6ti43b15.exe[3796] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 010FBB2C
.text I:\AAAA VIRUS FIX STUFF\6ti43b15.exe[3796] kernel32.dll!SearchPathA 7C8217EA 5 Bytes JMP 010FBEBA

---- Devices - GMER 1.0.15 ----

Device \Driver\Disk \Device\Harddisk0\DR0 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device \Driver\Disk \Device\Harddisk1\DR1 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device \Driver\Disk \Device\Harddisk2\DR10 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device \Driver\aksusb \Device\0000007f AKSCLASS.SYS (Aladdin Class Driver/Aladdin Knowledge Systems Ltd.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000



That was my three scans pleasde let me know what to do.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 31,408 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:36 PM

Posted 02 December 2009 - 06:00 PM

Hi,

the good news is that the gmer log seems clean. :(

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    
    [2009/11/08 10:55:13 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\wafayaje
    [2009/11/07 14:47:10 | 00,000,000 | -HS- | C] () -- C:\609506493
    [2009/11/07 14:18:05 | 01,276,960 | ---- | C] () -- C:\WINDOWS\System32\vadotali.exe
    [2009/08/07 14:53:01 | 00,000,003 | -HS- | C] () -- C:\WINDOWS\System32\bukujuri.dll
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
Are you familiar with that file: C:\ℤ™☠?

regards myrti


If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!
Please don't send help request via PM, unless I am already helping you. Use the forums!


sig3.png

Follow BleepingComputer on: Facebook | Twitter | Google+

#7 mzimports

mzimports
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 02 December 2009 - 06:52 PM

Thanks so much, No I am not familiar with that file: C:\ℤ™☠?


I will get you the log, it takes time because I can't get on the web with the infected computer.

#8 mzimports

mzimports
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 03 December 2009 - 10:31 AM

Thanks here are the two logs and not famililar with the file on C drive


All processes killed
========== OTL ==========
File C:\WINDOWS\System32\wafayaje not found.
File C:\609506493 not found.
File C:\WINDOWS\System32\vadotali.exe not found.
File C:\WINDOWS\System32\bukujuri.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 232 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Marc
->Temp folder emptied: 35359 bytes
->Temporary Internet Files folder emptied: 541378 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 240 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 381440 bytes
Windows Temp folder emptied: 55338 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.03 mb


OTL by OldTimer - Version 3.1.11.4 log created on 12032009_100056

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


OTL logfile created on: 12/3/2009 10:16:18 AM - Run 4
OTL by OldTimer - Version 3.1.11.4 Folder = C:\Documents and Settings\Marc\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.92 Gb Available in Paging File | 97.90% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189.92 Gb Total Space | 149.91 Gb Free Space | 78.93% Space Free | Partition Type: NTFS
Drive D: | 55.91 Gb Total Space | 26.63 Gb Free Space | 47.64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 232.83 Gb Total Space | 9.69 Gb Free Space | 4.16% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
Drive I: | 6.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 232.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 7.47 Gb Total Space | 3.65 Gb Free Space | 48.83% Space Free | Partition Type: FAT32

Computer Name: MARC
Current User Name: Marc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Marc\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
PRC - C:\WINDOWS\system32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hide My IP 2008\SecureSrv.exe ()
PRC - C:\Program Files\PermissionTV\bin\dm.exe (PermissionTV)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
PRC - C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Marc\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\sfc_os.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\sfc.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (RoxLiveShare9) -- File not found
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.21006_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (MSSQLServerADHelper100) -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (LinksysUpdater) -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (hasplms) -- C:\WINDOWS\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (SecureSrv) -- C:\Program Files\Hide My IP 2008\SecureSrv.exe ()
SRV - (PermissionTVDownloadManager) -- C:\Program Files\PermissionTV\bin\dm.exe (PermissionTV)
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (NBService) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (SentinelProtectionServer) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (SimpTcp) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (LPDSVC) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (slabbus) Kyocera USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\slabbus.sys (MCCI Corporation)
DRV - (Haspnt) -- C:\WINDOWS\system32\drivers\Haspnt.sys (Aladdin Knowledge Systems.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (RsFx0103) -- C:\WINDOWS\system32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (Pcouffin) -- C:\WINDOWS\system32\drivers\Pcouffin.sys (VSO Software)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (motccgpfl) -- C:\WINDOWS\system32\drivers\motccgpfl.sys (Motorola)
DRV - (motccgp) -- C:\WINDOWS\system32\drivers\motccgp.sys (Motorola)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (lmimirr) -- C:\WINDOWS\system32\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV - (dk2drv) -- C:\WINDOWS\system32\drivers\dk2drv.sys (Data Encryption Systems Limited)
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (WnsDrvr) -- C:\WINDOWS\system32\drivers\wnsdrvr.sys (Microsoft Corporation)
DRV - (PortTalk) -- C:\WINDOWS\system32\drivers\PortTalk.sys (Beyond Logic http://www.beyondlogic.org)
DRV - (RimUsb) -- C:\WINDOWS\system32\drivers\RimUsb.sys (Research In Motion Limited)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (usb_rndisx) -- C:\WINDOWS\system32\drivers\usb8023x.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Pure Networks, Inc.)
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Pure Networks, Inc.)
DRV - (aksfridge) -- C:\WINDOWS\system32\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)
DRV - (MotDev) -- C:\WINDOWS\system32\drivers\motodrv.sys (Motorola Inc)
DRV - (akshhl) -- C:\WINDOWS\system32\drivers\akshhl.sys (Aladdin Knowledge Systems Ltd.)
DRV - (motport) -- C:\WINDOWS\system32\drivers\motport.sys (Motorola)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM) -- C:\WINDOWS\system32\drivers\s616unic.sys (MCCI Corporation)
DRV - (s616obex) -- C:\WINDOWS\system32\drivers\s616obex.sys (MCCI Corporation)
DRV - (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS) -- C:\WINDOWS\system32\drivers\s616nd5.sys (MCCI Corporation)
DRV - (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s616mgmt.sys (MCCI Corporation)
DRV - (s616mdm) -- C:\WINDOWS\system32\drivers\s616mdm.sys (MCCI Corporation)
DRV - (s616mdfl) -- C:\WINDOWS\system32\drivers\s616mdfl.sys (MCCI Corporation)
DRV - (s616bus) Sony Ericsson Device 616 driver (WDM) -- C:\WINDOWS\system32\drivers\s616bus.sys (MCCI Corporation)
DRV - (slabser) -- C:\WINDOWS\system32\drivers\slabser.sys (MCCI Corporation)
DRV - (RimVSerPort) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd)
DRV - (MaVctrl) -- C:\WINDOWS\system32\drivers\MaVc2K.sys (Mobile Action Technology Inc.)
DRV - (wceusbsh) -- C:\WINDOWS\system32\drivers\wceusbsh.sys (Microsoft Corporation)
DRV - (maa950u) -- C:\WINDOWS\system32\drivers\maa950u.sys (Mobile Action Technology Inc.)
DRV - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\WINDOWS\System32\drivers\sfdrv01a.sys (Protection Technology (StarForce))
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (Egatecard) -- C:\WINDOWS\system32\drivers\egate.sys (Axalto)
DRV - (Egatebus) -- C:\WINDOWS\system32\drivers\egatebus.sys (Axalto)
DRV - (Egaterdr) -- C:\WINDOWS\system32\drivers\egaterdr.sys (Axalto)
DRV - (UFS2XX) -- C:\WINDOWS\system32\drivers\ufs2xx.sys (FTDI Ltd.)
DRV - (usbser) -- C:\WINDOWS\system32\drivers\usbser.SYS (Microsoft Corporation)
DRV - (MaRdPnp) -- C:\WINDOWS\system32\drivers\mardp2k.sys (Mobile Action Technology Inc.)
DRV - (hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (aksusb) -- C:\WINDOWS\system32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.)
DRV - (akshasp) -- C:\WINDOWS\system32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.)
DRV - (maa950m) -- C:\WINDOWS\system32\drivers\maa950m.sys (Mobile Action Technology Inc.)
DRV - (maa950c) -- C:\WINDOWS\system32\drivers\maa950c.sys (Mobile Action Technology Inc.)
DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (SafeNet, Inc.)
DRV - (smwdm) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (WLAN(WLAN)) 802.11b+g USB Wireless LAN Adapter Driver(WLAN) -- C:\WINDOWS\system32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (XPROTECTOR) -- C:\WINDOWS\system32\drivers\Oreans.sys ()
DRV - (SVKP) -- C:\WINDOWS\system32\SVKP.sys (AntiCracking)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgUsbDiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
DRV - (ZDPNDIS5) -- C:\WINDOWS\system32\ZDPNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (cur_mdm) -- C:\WINDOWS\system32\drivers\cur_mdm.sys (MCCI)
DRV - (cur_mdfl) -- C:\WINDOWS\system32\drivers\cur_mdfl.sys (MCCI)
DRV - (cur_bus) Curitel USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\cur_bus.sys (MCCI)
DRV - (CDRPDACC) -- C:\Program Files\321Studios\Shared\CDRPDACC.SYS (Arrowkey)
DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (WinRT) -- C:\WINDOWS\system32\drivers\WINRT.SYS (BlueWater Systems, Inc.)
DRV - (WIBUKEY) -- C:\WINDOWS\system32\drivers\Wibukey.sys (WIBU-SYSTEMS AG)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: paypalfirefoxplugin@orbiscom:2.2.26.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2009/06/04 09:45:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/22 02:00:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/09 10:48:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/10 09:08:24 | 00,000,000 | ---D | M]

[2009/11/03 07:43:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Mozilla\Extensions
[2009/11/03 07:43:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/27 12:48:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\dhb78q8p.default\extensions
[2009/11/03 07:48:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\dhb78q8p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/03 07:43:40 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/09 10:48:38 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/09 10:48:22 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/09 10:48:22 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/11/09 10:48:26 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/10/16 12:58:44 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/10/16 12:58:44 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/16 12:58:44 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/10/16 12:58:44 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/10/16 12:58:44 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/10/16 12:58:44 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/10/16 12:58:44 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\securenet.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\securenet.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\securenet.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000056 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000057 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000058 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000059 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000060 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000061 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000062 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000063 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000064 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000065 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000066 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000067 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000068 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000069 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {08BBAF4C-4A89-471C-9552-3694A7F2D081} http://www.boot-loader.com/files/SmartLogin.cab (LoginCtl Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/Facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1212066604674 (WUWebControl Class)
O16 - DPF: {6ABE4BC3-7253-418E-85E8-F334A73154D3} http://www.gsmserver.com/smartclip/SmartClip.cab (CSmartClient Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1212069840687 (MUWebControl Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
O16 - DPF: {84A31672-371A-4CBF-8785-DCE55CDC7370} http://99.166.9.126:85/ocxfile/DownLoad.ocx (DownLoad Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_17)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/29 07:13:47 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/05/05 23:12:36 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/01/07 23:51:18 | 00,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2005/11/15 11:08:04 | 00,000,036 | -H-- | M] () - G:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/05/06 07:20:58 | 00,000,301 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003/11/06 18:54:00 | 00,005,345 | R--- | M] () - J:\autorun.apm -- [ CDFS ]
O32 - AutoRun File - [2002/12/10 07:00:30 | 01,089,536 | R--- | M] (Indigo Rose Corporation) - J:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2004/08/30 19:24:44 | 00,019,790 | R--- | M] () - J:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2003/11/06 18:54:10 | 00,000,047 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/12/02 16:51:40 | 00,000,053 | -H-- | M] () - K:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{bbb81490-df54-11de-978d-000cf1f93e57}\Shell - "" = AutoRun
O33 - MountPoints2\{bbb81490-df54-11de-978d-000cf1f93e57}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bbb81490-df54-11de-978d-000cf1f93e57}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2008/06/17 14:02:19 | 08,461,312 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- [2007/10/23 02:45:39 | 01,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/03 10:00:56 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/02 10:09:01 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marc\Desktop\OTL.exe
[2009/12/01 12:48:24 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/01 12:47:30 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/11/23 14:30:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Desktop\New Folder
[2009/11/18 09:20:05 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/11/18 09:20:02 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/11/10 10:44:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/11/09 15:36:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Application Data\Move Networks
[2009/11/09 10:37:57 | 00,000,000 | ---D | C] -- C:\AAAA
[2009/11/08 10:45:33 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/11/07 15:22:45 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2009/11/07 14:48:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Local Settings\Application Data\jxdfwb
[2009/11/04 13:23:13 | 00,050,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
[2009/11/04 13:22:55 | 00,079,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
[2009/11/04 13:21:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\RsFx
[2009/11/04 13:16:36 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2009/11/04 13:15:57 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2009/11/04 13:15:42 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2009/11/04 13:15:41 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/11/04 13:12:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/11/04 13:08:16 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/11/04 13:04:29 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ASP.NET
[2009/11/04 13:04:19 | 00,000,000 | ---D | C] -- C:\Program Files\IIS
[2009/11/04 13:02:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\My Documents\Visual Studio 2008
[2009/11/04 13:01:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\My Documents\Visual Studio 2010
[2009/11/04 12:56:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\symbols
[2009/11/04 12:53:17 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft F#
[2009/11/04 12:53:16 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2009/11/04 12:53:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2009/11/04 12:53:16 | 00,000,000 | ---D | C] -- C:\Program Files\HTML Help Workshop
[2009/11/04 12:53:15 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2009/11/04 12:53:15 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Help
[2009/11/04 12:50:41 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009/11/04 12:29:35 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2004/08/25 23:10:35 | 01,570,816 | ---- | C] (Toshiba Samsung Storage Technology Coporation) -- C:\Documents and Settings\Marc\Application Data\tsdnwin.dll

========== Files - Modified Within 30 Days ==========

[2009/12/03 10:15:00 | 00,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-287218729-682003330-1004UA.job
[2009/12/03 10:07:26 | 00,695,990 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/03 10:07:26 | 00,568,476 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/03 10:07:26 | 00,112,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/03 10:05:54 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/12/03 10:03:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\TempFile
[2009/12/03 10:02:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/03 10:02:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/03 10:01:13 | 09,699,328 | ---- | M] () -- C:\Documents and Settings\Marc\ntuser.dat
[2009/12/03 10:01:13 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Marc\ntuser.ini
[2009/12/03 09:40:50 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marc\Desktop\OTL.exe
[2009/12/02 14:15:00 | 00,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-287218729-682003330-1004Core.job
[2009/12/02 10:29:47 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Marc\My Documents\Week Of.doc
[2009/12/01 12:55:07 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/01 12:50:24 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/24 23:19:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/24 17:23:37 | 00,018,672 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/11/19 20:30:45 | 03,568,341 | R--- | M] () -- C:\Documents and Settings\Marc\Desktop\ComboFix.exe
[2009/11/19 15:26:02 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2009/11/18 09:20:57 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/16 18:15:42 | 00,002,321 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\Google Chrome.lnk
[2009/11/16 13:38:51 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/12 03:23:36 | 00,118,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/09 13:05:24 | 00,031,723 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\data.csv
[2009/11/04 12:39:30 | 00,000,165 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf

========== Files Created - No Company Name ==========

[2009/11/24 01:58:14 | 09,699,328 | ---- | C] () -- C:\Documents and Settings\Marc\ntuser.dat
[2009/11/18 09:20:57 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/11/09 13:05:08 | 00,031,723 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\data.csv
[2009/11/09 10:52:58 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/11/08 10:45:15 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/05 12:42:03 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Marc\My Documents\Week Of.doc
[2009/11/04 12:39:30 | 00,000,165 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/06/04 15:46:24 | 00,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2009/06/04 15:46:18 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\prtdll32.dll
[2009/06/04 15:46:18 | 00,034,880 | ---- | C] () -- C:\WINDOWS\System32\Portadd.dll
[2009/06/04 15:46:18 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ntgetport.dll
[2009/06/04 15:46:18 | 00,003,264 | ---- | C] () -- C:\WINDOWS\System32\PRTDLL16.DLL
[2009/06/02 16:01:58 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/04/26 09:17:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\AlbumExe.INI
[2009/04/22 07:34:00 | 02,067,140 | R--- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2009/01/28 09:19:13 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/01/28 09:19:04 | 00,000,127 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2008/12/18 17:03:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2008/11/04 16:42:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2008/09/07 14:55:42 | 00,000,091 | ---- | C] () -- C:\WINDOWS\System32\FTDIUNIN.INI
[2008/09/02 20:03:27 | 00,038,463 | ---- | C] () -- C:\Documents and Settings\Marc\Application Data\Tab Separated Values (Windows).ADR
[2008/09/02 19:48:56 | 00,038,450 | ---- | C] () -- C:\Documents and Settings\Marc\Application Data\Microsoft Excel.ADR
[2008/08/24 13:18:11 | 00,888,832 | ---- | C] () -- C:\WINDOWS\System32\securenet.dll
[2008/07/26 08:41:42 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\EFSComm.dll
[2008/07/24 21:57:09 | 00,000,222 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2008/07/08 13:34:42 | 02,325,304 | ---- | C] () -- C:\WINDOWS\System32\DK2INST.DLL
[2008/06/26 06:07:57 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Marc\Application Data\$_hpcst$.hpc
[2008/06/23 19:06:24 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/06/22 22:06:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/06/10 23:20:07 | 00,077,895 | ---- | C] () -- C:\WINDOWS\System32\unibus_tcutil.dll
[2008/06/10 15:19:18 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\TMPXCORE.DLL
[2008/06/10 15:19:18 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\TMPXVFW.DLL
[2008/06/08 07:35:05 | 00,000,391 | ---- | C] () -- C:\WINDOWS\COVERE~1.INI
[2008/06/08 07:27:26 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/08 07:27:26 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/06/08 06:46:09 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/03 14:12:31 | 00,041,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\Oreans.sys
[2008/06/03 10:41:29 | 00,319,488 | ---- | C] () -- C:\WINDOWS\System32\ROBOEX32.DLL
[2008/05/31 16:22:53 | 00,017,920 | ---- | C] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/31 12:43:51 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\XVIDVFW.DLL
[2008/05/31 12:43:51 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\AMD422CODEC.DLL
[2008/05/31 12:43:50 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\XVIDCORE.DLL
[2008/05/29 08:53:49 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/29 08:33:30 | 00,020,594 | ---- | C] () -- C:\WINDOWS\System32\DELS1LMK.DLL
[2008/05/29 08:07:40 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/05/29 07:51:38 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2007/08/06 12:07:30 | 00,008,520 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/06/05 16:18:16 | 00,000,086 | ---- | C] () -- C:\WINDOWS\System32\ufs2xxun.ini
[2006/11/11 21:52:52 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\mmSQL.dll
[2005/10/25 05:24:22 | 00,020,594 | ---- | C] () -- C:\WINDOWS\System32\DELS1L3.DLL
[2005/01/10 10:54:22 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\slbmgpg.dll
[2004/11/05 11:22:57 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\GTSComm.dll
[2004/08/27 08:20:48 | 00,000,037 | ---- | C] () -- C:\WINDOWS\System32\svkp2.dll
[2004/08/27 08:20:48 | 00,000,037 | ---- | C] () -- C:\WINDOWS\System32\ispn2.dll
[2004/08/25 23:08:01 | 00,000,437 | ---- | C] () -- C:\Documents and Settings\Marc\Application Data\SamsungLiveUpdateConfig.ini
[2003/10/17 17:42:54 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\tn30CSTK.dll
[2002/01/09 13:52:04 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\YS6016Pdll.dll

========== Files - Unicode (All) ==========
[2009/05/05 15:33:22 | 00,000,008 | RHS- | M] ()(C:\?™?) -- C:\ℤ™☠
[2009/05/05 15:33:22 | 00,000,008 | RHS- | C] ()(C:\?™?) -- C:\ℤ™☠

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FEBE414
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A24E5131
< End of report >

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 31,408 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:36 PM

Posted 03 December 2009 - 12:42 PM

Hi,

did you run the OTL script twice? The files are gone, but it seems they weren't deleted in the last run from OTL.

Since you do not know the files, I would like to remove them as well:
Run OTL[list]
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:otl
[2009/05/05 15:33:22 | 00,000,008 | RHS- | M] ()(C:\?™?) -- C:\ℤ™☠
[2009/05/05 15:33:22 | 00,000,008 | RHS- | C] ()(C:\?™?) -- C:\ℤ™☠
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
[*]Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Otherwise your logs are looking fine. Are you still getting redirected? Can you get onto the internet?

regards myrti


If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!
Please don't send help request via PM, unless I am already helping you. Use the forums!


sig3.png

Follow BleepingComputer on: Facebook | Twitter | Google+

#10 mzimports

mzimports
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 03 December 2009 - 03:40 PM

Thank you for your consistant timely responses. It is really appreciated.

here is my log from the run fix

========== OTL ==========
C:\ℤ™☠ moved successfully.
File C:\ℤ™☠ not found.

OTL by OldTimer - Version 3.1.11.4 log created on 12032009_151822

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 31,408 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:36 PM

Posted 03 December 2009 - 06:40 PM

Hi,

OTL seems to have done it's job. :( How is your PC doing? Are you still getting redirected? Can you get onto the internet?


regards myrti


If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!
Please don't send help request via PM, unless I am already helping you. Use the forums!


sig3.png

Follow BleepingComputer on: Facebook | Twitter | Google+

#12 mzimports

mzimports
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 04 December 2009 - 11:12 AM

Still can't get online? Anything else we can do?

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 31,408 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:36 PM

Posted 11 December 2009 - 08:49 AM

Hi,

I'm terribly sorry for the delay. :( I had unexpected family issues to deal with, which left me without internet access for most of the week, but I'm back in the internet connected world now and I hope there won't be any more delays.
  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:
    netsh winsock reset
  • Please copy the displayed text and post the content in your next reply.
  • reboot your PC and let me know if you get your internet access back.
If you do not have the run-command in your Start menu:
Please right click on your taskbar, select Properties, select the Start Menu tab, click on Customize and tick the Display Run checkbox and click OK.


Sorry once more,
regards myrti


If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!
Please don't send help request via PM, unless I am already helping you. Use the forums!


sig3.png

Follow BleepingComputer on: Facebook | Twitter | Google+

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 31,408 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:36 PM

Posted 21 December 2009 - 08:34 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti


If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!
Please don't send help request via PM, unless I am already helping you. Use the forums!


sig3.png

Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users