this virus is really slowing down my pc a
i had a ahrd time getting a gmer log
and the dds file shows as an autocad script
please try to get back to me very soon i see its getting worse
thanks
here is the gmer
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-28 00:52:58
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\Windows\Temp\pxtdapow.sys
---- Kernel code sections - GMER 1.0.15 ----
? nsdkjfmk.sys The system cannot find the file specified. !
.text C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6D253A0, 0x592C35, 0xE8000020]
pnidata C:\WINDOWS.0\system32\DRIVERS\secdrv.sys unknown last section [0xB3621F00, 0x24000, 0x48000000]
---- Modules - GMER 1.0.15 ----
Module \WINDOWS.0\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804D7000-8071F000 (2392064 bytes)
Module \WINDOWS.0\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8071F000-8073FC80 (134272 bytes)
Module \WINDOWS.0\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation) F7987000-F7989000 (8192 bytes)
Module \WINDOWS.0\system32\BOOTVID.dll (VGA Boot Driver/Microsoft Corporation) F7897000-F789A000 (12288 bytes)
Module nsdkjfmk.sys F75F7000-F7605000 (57344 bytes)
Module ACPI.sys (ACPI Driver for NT/Microsoft Corporation) F7508000-F7536000 (188416 bytes)
Module \WINDOWS.0\system32\DRIVERS\WMILIB.SYS (WMILIB WMI support library Dll/Microsoft Corporation) F7989000-F798B000 (8192 bytes)
Module pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) F74F7000-F7508000 (69632 bytes)
Module ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) F7607000-F7616000 (61440 bytes)
Module \WINDOWS.0\system32\DRIVERS\1394BUS.SYS (1394 Bus Device Driver/Microsoft Corporation) F7617000-F7624000 (53248 bytes)
Module isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) F7627000-F7630000 (36864 bytes)
Module \WINDOWS.0\System32\Drivers\PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation) F7707000-F770E000 (28672 bytes)
Module intelide.sys (Intel PCI IDE Driver/Microsoft Corporation) F798B000-F798D000 (8192 bytes)
Module MountMgr.sys (Mount Manager/Microsoft Corporation) F7637000-F7642000 (45056 bytes)
Module ftdisk.sys (FT Disk Driver/Microsoft Corporation) F74D8000-F74F7000 (126976 bytes)
Module dmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.) F798D000-F798F000 (8192 bytes)
Module dmio.sys (NT Disk Manager I/O Driver/Microsoft Corp., Veritas Software) F74B2000-F74D8000 (155648 bytes)
Module PartMgr.sys (Partition Manager/Microsoft Corporation) F770F000-F7714000 (20480 bytes)
Module VolSnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) F7647000-F7654000 (53248 bytes)
Module atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F749A000-F74B2000 (98304 bytes)
Module disk.sys (PnP Disk Driver/Microsoft Corporation) F7657000-F7660000 (36864 bytes)
Module \WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation) F7667000-F7674000 (53248 bytes)
Module fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) F7867000-F7887000 (131072 bytes)
Module sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation) F7855000-F7867000 (73728 bytes)
Module Lbd.sys (Boot Driver/Lavasoft AB) F7677000-F7686000 (61440 bytes)
Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) F7687000-F7691000 (40960 bytes)
Module KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation) F783E000-F7855000 (94208 bytes)
Module Ntfs.sys (NT File System Driver/Microsoft Corporation) F7B52000-F7BDF000 (577536 bytes)
Module NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) F795A000-F7987000 (184320 bytes)
Module Mup.sys (Multiple UNC Provider driver/Microsoft Corporation) F7A35000-F7A4F000 (106496 bytes)
Module \SystemRoot\system32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation) F76E7000-F76F0000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 257.21 /NVIDIA Corporation) B6D25000-B7731000 (10534912 bytes)
Module \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) B6D11000-B6D25000 (81920 bytes)
Module \SystemRoot\system32\DRIVERS\b57xp32.sys (Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver./Broadcom Corporation) B6CE6000-B6D11000 (176128 bytes)
Module \SystemRoot\system32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) F780F000-F7815000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B6CC2000-B6CE6000 (147456 bytes)
Module \SystemRoot\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) F7817000-F781F000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\LTSMT.sys (SoftModem Device Driver/LT) B6BFF000-B6CC2000 (798720 bytes)
Module \SystemRoot\System32\Drivers\Modem.SYS (Modem Device Driver/Microsoft Corporation) F781F000-F7827000 (32768 bytes)
Module \SystemRoot\system32\drivers\ctaud2k.sys (Creative WDM Audio Device Driver/Creative Technology Ltd) B6B85000-B6BFF000 (499712 bytes)
Module \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) B6B61000-B6B85000 (147456 bytes)
Module \SystemRoot\system32\drivers\drmk.sys (Microsoft Kernel DRM Descrambler Filter/Microsoft Corporation) F76F7000-F7706000 (61440 bytes)
Module \SystemRoot\system32\drivers\ks.sys (Kernel CSA Library/Microsoft Corporation) B6B3E000-B6B61000 (143360 bytes)
Module \SystemRoot\system32\drivers\ctoss2k.sys (Creative OS Services Driver (WDM)/Creative Technology Ltd.) B6B0B000-B6B3E000 (208896 bytes)
Module \SystemRoot\system32\drivers\ctprxy2k.sys (Creative Proxy Device Driver (WDM)/Creative Technology Ltd) F7737000-F773F000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\nic1394.sys (IEEE1394 Ndis Miniport and Call Manager/Microsoft Corporation) F75C6000-F75D6000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) F75B6000-F75C3000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) B7FA0000-B7FA6000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\parport.sys (Parallel Port Driver/Microsoft Corporation) B6AF7000-B6B0B000 (81920 bytes)
Module \SystemRoot\system32\DRIVERS\serial.sys (Serial Device Driver/Microsoft Corporation) F75A6000-F75B6000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation) B87BC000-B87C0000 (16384 bytes)
Module \SystemRoot\system32\DRIVERS\imapi.sys (IMAPI Kernel Driver/Microsoft Corporation) F7596000-F75A1000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) F7586000-F7596000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\redbook.sys (Redbook Audio Filter Driver/Microsoft Corporation) F7576000-F7585000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) B7F98000-B7F9E000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\audstub.sys (AudStub Driver/Microsoft Corporation) F7A7B000-F7A7C000 (4096 bytes)
Module \SystemRoot\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) F7566000-F7573000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) B87B0000-B87B3000 (12288 bytes)
Module \SystemRoot\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) B6AE0000-B6AF7000 (94208 bytes)
Module \SystemRoot\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) F7556000-F7561000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) F7546000-F7552000 (49152 bytes)
Module \SystemRoot\system32\DRIVERS\TDI.SYS (TDI Wrapper/Microsoft Corporation) B7F90000-B7F95000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\psched.sys (MS QoS Packet Scheduler/Microsoft Corporation) B6ACF000-B6AE0000 (69632 bytes)
Module \SystemRoot\system32\DRIVERS\msgpc.sys (MS General Packet Classifier/Microsoft Corporation) F7536000-F753F000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) B7F88000-B7F8D000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\raspti.sys (PTI DirectParallel® mini-port/call-manager driver/Microsoft Corporation) B7F80000-B7F85000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) B6A9E000-B6ACF000 (200704 bytes)
Module \SystemRoot\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) F748A000-F7494000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) B7F78000-B7F7E000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) F79B5000-F79B7000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\update.sys (Update Driver/Microsoft Corporation) B68D2000-B6906000 (212992 bytes)
Module \SystemRoot\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) B81DE000-B81E2000 (16384 bytes)
Module \SystemRoot\system32\DRIVERS\MarvinBus.sys (Pinnacle Marvin Discrete Bus Enumerator/Pinnacle Systems GmbH) B68A4000-B68D2000 (188416 bytes)
Module \SystemRoot\System32\Drivers\NDProxy.SYS (NDIS Proxy/Microsoft Corporation) F746A000-F7474000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) F744A000-F7459000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\USBD.SYS (Universal Serial Bus Driver/Microsoft Corporation) F79B7000-F79B9000 (8192 bytes)
Module \SystemRoot\system32\drivers\hap16v2k.sys (Creative EMU10KX-P16v HAL (WDM)/Creative Technology Ltd) B46B2000-B46DC000 (172032 bytes)
Module \SystemRoot\system32\drivers\ha10kx2k.sys (Creative EMU10KX HAL (WDM)/Creative Technology Ltd) B45AE000-B46B2000 (1064960 bytes)
Module \SystemRoot\system32\drivers\emupia2k.sys (E-mu Plug-in Architecture Driver (WDM)/Creative Technology Ltd) B4581000-B45AE000 (184320 bytes)
Module \SystemRoot\system32\drivers\ctsfm2k.sys (SoundFont® Manager (WDM)/Creative Technology Ltd) B455A000-B4581000 (159744 bytes)
Module \SystemRoot\system32\drivers\ctac32k.sys (Creative AC3 SW Decoder Device Driver (WDM)/Creative Technology Ltd) B44BE000-B455A000 (638976 bytes)
Module \SystemRoot\System32\Drivers\Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation) F79B9000-F79BB000 (8192 bytes)
Module \SystemRoot\System32\Drivers\Null.SYS (NULL Driver/Microsoft Corporation) F7A9F000-F7AA0000 (4096 bytes)
Module \SystemRoot\System32\Drivers\Beep.SYS (BEEP Driver/Microsoft Corporation) F79BB000-F79BD000 (8192 bytes)
Module \SystemRoot\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) F773F000-F7745000 (24576 bytes)
Module \SystemRoot\System32\Drivers\mnmdd.SYS (Frame buffer simulator/Microsoft Corporation) F79BD000-F79BF000 (8192 bytes)
Module \SystemRoot\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) F79BF000-F79C1000 (8192 bytes)
Module \SystemRoot\System32\Drivers\Msfs.SYS (Mailslot driver/Microsoft Corporation) F7747000-F774C000 (20480 bytes)
Module \SystemRoot\System32\Drivers\Npfs.SYS (NPFS Driver/Microsoft Corporation) F774F000-F7757000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) B87E8000-B87EB000 (12288 bytes)
Module \SystemRoot\system32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation) B4459000-B446C000 (77824 bytes)
Module \SystemRoot\system32\DRIVERS\tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation) B4400000-B4459000 (364544 bytes)
Module \SystemRoot\system32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) B43D8000-B4400000 (163840 bytes)
Module \SystemRoot\system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) B43B6000-B43D8000 (139264 bytes)
Module \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) B4335000-B43B6000 (528384 bytes)
Module \SystemRoot\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) F742A000-F7433000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\arp1394.sys (IP/1394 Arp Client/Microsoft Corporation) F741A000-F7429000 (61440 bytes)
Module \SystemRoot\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) B4313000-B4335000 (139264 bytes)
Module \SystemRoot\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) F740A000-F7413000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) F7757000-F775D000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) B42E8000-B4313000 (176128 bytes)
Module \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) B4279000-B42E8000 (454656 bytes)
Module \SystemRoot\System32\Drivers\Fips.SYS (FIPS Crypto Driver/Microsoft Corporation) F7887000-F7890000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) B6A96000-B6A99000 (12288 bytes)
Module \SystemRoot\system32\DRIVERS\HIDCLASS.SYS (Hid Class Library/Microsoft Corporation) F76A7000-F76B0000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\HIDPARSE.SYS (Hid Parsing Library/Microsoft Corporation) F775F000-F7766000 (28672 bytes)
Module \SystemRoot\system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) F7767000-F776F000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH) B4235000-B4251000 (114688 bytes)
Module \??\C:\Program_Files\Avira\AntiVir_Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) F79D3000-F79D5000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\usbprint.sys (USB Printer driver/Microsoft Corporation) F7777000-F777E000 (28672 bytes)
Module \SystemRoot\system32\DRIVERS\mouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) B6A8A000-B6A8D000 (12288 bytes)
Module \SystemRoot\System32\Drivers\Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation) B82E8000-B82F8000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\emFilter.sys (USB 28xx WDM Lower filter/eMPIA Technology, Inc.) F79F1000-F79F3000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\emDevice.sys (USB 28xx WDM Driver/eMPIA Technology, Inc.) B421E000-B4235000 (94208 bytes)
Module \SystemRoot\system32\DRIVERS\STREAM.SYS (WDM CODEC Class Device Driver 2.0/Microsoft Corporation) B82D8000-B82E4000 (49152 bytes)
Module \SystemRoot\system32\DRIVERS\emStream.sys (USB 28xx WDM Driver Library/eMPIA Technology, Inc.) F777F000-F7785000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\emScan.sys (USB 28xx WDM Upper Filter/eMPIA Technology, Inc.) B8082000-B8083000 (4096 bytes)
Module \SystemRoot\system32\drivers\emAudio.sys (Dazzle DVC90/DVC100 Audio Driver/Pinnacle Systems GmbH) F7787000-F778D000 (24576 bytes)
Module \SystemRoot\System32\Drivers\dump_atapi.sys B4206000-B421E000 (98304 bytes)
Module \SystemRoot\System32\Drivers\dump_WMILIB.SYS F7A05000-F7A07000 (8192 bytes)
Module \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation) BF800000-BF9C2000 (1843200 bytes)
Module \SystemRoot\System32\drivers\Dxapi.sys (DirectX API Driver/Microsoft Corporation) B47A0000-B47A3000 (12288 bytes)
Module \SystemRoot\System32\watchdog.sys (Watchdog Driver/Microsoft Corporation) F778F000-F7794000 (20480 bytes)
Module \SystemRoot\System32\drivers\dxg.sys (DirectX Graphics Driver/Microsoft Corporation) BD000000-BD012000 (73728 bytes)
Module \SystemRoot\System32\drivers\dxgthk.sys (DirectX Graphics Driver Thunk/Microsoft Corporation) B879B000-B879C000 (4096 bytes)
Module \SystemRoot\System32\nv4_disp.dll (NVIDIA Compatible Windows 2000 Display driver, Version 257.21 /NVIDIA Corporation) BD012000-BD615000 (6303744 bytes)
Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BFFA0000-BFFE6000 (286720 bytes)
Module \SystemRoot\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH) B3BFE000-B3C12000 (81920 bytes)
Module \SystemRoot\system32\DRIVERS\ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation) B3C32000-B3C36000 (16384 bytes)
Module \SystemRoot\system32\DRIVERS\rspndr.sys (Link-Layer Topology Responder Driver for NDIS 6/Microsoft Corporation) B3CA6000-B3CB6000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) B3811000-B383E000 (184320 bytes)
Module \SystemRoot\System32\Drivers\ParVdm.SYS (VDM Parallel Driver/Microsoft Corporation) F7A09000-F7A0B000 (8192 bytes)
Module \SystemRoot\System32\Drivers\adfs.SYS (Adobe Drive File System Driver/Adobe Systems, Inc.) B37B0000-B37C1000 (69632 bytes)
Module \SystemRoot\system32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) B366E000-B36C0000 (335872 bytes)
Module \SystemRoot\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) B361E000-B3646000 (163840 bytes)
Module \SystemRoot\system32\drivers\wdmaud.sys (MMSYSTEM Wave/Midi API mapper/Microsoft Corporation) B31D1000-B31E6000 (86016 bytes)
Module \SystemRoot\system32\drivers\sysaudio.sys (System Audio WDM Filter/Microsoft Corporation) B3236000-B3245000 (61440 bytes)
Module \SystemRoot\System32\Drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) B3002000-B3043000 (266240 bytes)
Module \SystemRoot\system32\drivers\kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation) B1F18000-B1F43000 (176128 bytes)
Module \??\C:\Windows\Temp\pxtdapow.sys (GMER) B052C000-B0543000 (94208 bytes)
Module \WINDOWS.0\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 7C900000-7C9B0000 (720896 bytes)
---- Processes - GMER 1.0.15 ----
Process System Idle 0
Process System 4
Process spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 164
Process sched.exe 208
Process avgnt.exe 284
Process smss.exe (Windows NT Session Manager/Microsoft Corporation) 692
Process csrss.exe (Client Server Runtime Process/Microsoft Corporation) 760
Process winlogon.exe (Windows NT Logon Application/Microsoft Corporation) 792
Process services.exe (Services and Controller app/Microsoft Corporation) 836
Process lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) 848
Process MobileMeServices.exe 1004
Process nvsvc32.exe (NVIDIA Driver Helper Service, Version 257.21/NVIDIA Corporation) 1040
Process svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1116
Process svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1184
Process avguard.exe 1228
Process AppleMobileDeviceService.exe 1240
Process mDNSResponder.exe 1252
Process svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1280
Process svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1352
Process IntuitUpdateService.exe 1360
Process svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1524
Process explorer.exe (Windows Explorer/Microsoft Corporation) 1580
Process vsmon.exe 1608
Process jqs.exe 1632
Process NBService.exe 1660
Process IoctlSvc.exe (PLFlash DeviceIoControl Service/Prolific Technology Inc.) 1872
Process unsecapp.exe (WMI/Microsoft Corporation) 1888
Process alg.exe (Application Layer Gateway Service/Microsoft Corporation) 1904
Process HPZipm12.exe (PML Driver/HP) 1908
Process svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1952
Process AAWService.exe 1996
Process wmiprvse.exe (WMI/Microsoft Corporation) 2192
Process avwsc.exe 2308
Process ctfmon.exe (CTF Loader/Microsoft Corporation) 2568
Process AAWTray.exe 2836
Process zlclient.exe 2864
Process iPodService.exe 2888
Process STARTR~1.SCR (Made With Axialis Screen Saver Producer 3.5 (www.axialis.com)/Axialis Software) 2964
Process OUTLOOK.EXE 3016
Process wscntfy.exe (Windows Security Center Notification App/Microsoft Corporation) 3192
Process realsched.exe 3340
Process gmer.exe 3520
Process iTunesHelper.exe 3916
Process STARTR~1.SCR (Made With Axialis Screen Saver Producer 3.5 (www.axialis.com)/Axialis Software) 3988
---- Services - GMER 1.0.15 ----
Service .NET CLR Data
Service .NET CLR Networking
Service .NET Data Provider for Oracle
Service .NET Data Provider for SqlServer
Service .NETFramework
Service [DISABLED] Abiosdsk
Service [DISABLED] abp480n5
Service C:\WINDOWS.0\system32\DRIVERS\ACPI.sys (ACPI Driver for NT/Microsoft Corporation) [BOOT] ACPI
Service (ACPI Embedded Controller Driver/Microsoft Corporation) [DISABLED] ACPIEC
Service (Adobe Drive File System Driver/Adobe Systems, Inc.) [AUTO] adfs
Service C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Version Cue CS4/Adobe Systems Incorporated) [MANUAL] Adobe Version Cue CS4
Service AdobeDriveCS4_NP
Service [DISABLED] adpu160m
Service C:\WINDOWS.0\system32\drivers\aec.sys (Microsoft Acoustic Echo Canceller/Microsoft Corporation) [MANUAL] aec
Service C:\WINDOWS.0\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD
Service [DISABLED] Aha154x
Service [DISABLED] aic78u2
Service [DISABLED] aic78xx
Service C:\WINDOWS.0\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG
Service [DISABLED] AliIde
Service [DISABLED] amsint
Service C:\Program Files\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH) [AUTO] AntiVirSchedulerService
Service C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH) [AUTO] AntiVirService
Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) [AUTO] Apple Mobile Device
Service C:\WINDOWS.0\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] AppMgmt
Service C:\WINDOWS.0\system32\DRIVERS\arp1394.sys (IP/1394 Arp Client/Microsoft Corporation) [MANUAL] Arp1394
Service [DISABLED] asc
Service [DISABLED] asc3350p
Service [DISABLED] asc3550
Service ASP.NET
Service ASP.NET_2.0.50727
Service C:\WINDOWS.0\System32\drivers\aspi32.sys (ASPI for WIN32 Kernel Driver/Adaptec) [AUTO] Aspi32
Service C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft ASP.NET State Server/Microsoft Corporation) [MANUAL] aspnet_state
Service C:\WINDOWS.0\system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac
Service C:\WINDOWS.0\system32\DRIVERS\atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) [BOOT] atapi
Service [DISABLED] Atdisk
Service C:\WINDOWS.0\system32\DRIVERS\atmarpc.sys (IP/ATM Arp Client/Microsoft Corporation) [MANUAL] Atmarpc
Service C:\WINDOWS.0\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] AudioSrv
Service C:\WINDOWS.0\system32\DRIVERS\audstub.sys (AudStub Driver/Microsoft Corporation) [MANUAL] audstub
Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (System Level Service Utility/Autodesk) [MANUAL] Autodesk Licensing Service
Service C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH) [SYSTEM] avgio
Service C:\WINDOWS.0\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH) [AUTO] avgntflt
Service C:\WINDOWS.0\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH) [SYSTEM] avipbb
Service C:\WINDOWS.0\system32\DRIVERS\b57xp32.sys (Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver./Broadcom Corporation) [MANUAL] b57w2k
Service BattC
Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep
Service C:\WINDOWS.0\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] BITS
Service C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service
Service C:\WINDOWS.0\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Browser
Service C:\Windows\Temp\catchme.sys [MANUAL] catchme
Service (CardBus/PCMCIA IDE Miniport Driver/Microsoft Corporation) [DISABLED] cbidf2k
Service C:\WINDOWS.0\system32\DRIVERS\CCDECODE.sys (WDM Closed Caption VBI Codec/Microsoft Corporation) [MANUAL] CCDECODE
Service [DISABLED] cd20xrnt
Service (CD-ROM Audio Filter Driver/Microsoft Corporation) [SYSTEM] Cdaudio
Service (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] Cdfs
Service C:\WINDOWS.0\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] Cdrom
Service [SYSTEM] Changer
Service C:\WINDOWS.0\system32\cisvc.exe [MANUAL] CiSvc
Service C:\WINDOWS.0\system32\clipsrv.exe (Windows NT DDE Server/Microsoft Corporation) [MANUAL] ClipSrv
Service C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [MANUAL] clr_optimization_v2.0.50727_32
Service [DISABLED] CmdIde
Service C:\WINDOWS.0\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp
Service [DISABLED] Cpqarray
Service C:\WINDOWS.0\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] CryptSvc
Service C:\WINDOWS.0\system32\drivers\ctac32k.sys (Creative AC3 SW Decoder Device Driver (WDM)/Creative Technology Ltd) [MANUAL] ctac32k
Service C:\WINDOWS.0\system32\drivers\ctaud2k.sys (Creative WDM Audio Device Driver/Creative Technology Ltd) [MANUAL] ctaud2k
Service C:\WINDOWS.0\system32\drivers\ctdvda2k.sys (Creative DVD-Audio Device Driver (WDM)/Creative Technology Ltd) [MANUAL] ctdvda2k
Service C:\WINDOWS.0\system32\drivers\ctprxy2k.sys (Creative Proxy Device Driver (WDM)/Creative Technology Ltd) [MANUAL] ctprxy2k
Service C:\WINDOWS.0\system32\drivers\ctsfm2k.sys (SoundFont® Manager (WDM)/Creative Technology Ltd) [MANUAL] ctsfm2k
Service [DISABLED] dac2w2k
Service [DISABLED] dac960nt
Service C:\WINDOWS.0\system32\DRIVERS\emDevice.sys (USB 28xx WDM Driver/eMPIA Technology, Inc.) [MANUAL] DCamUSBEMPIA
Service C:\WINDOWS.0\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] DcomLaunch
Service C:\WINDOWS.0\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dhcp
Service C:\WINDOWS.0\system32\DRIVERS\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] Disk
Service C:\WINDOWS.0\System32\dmadmin.exe (Logical Disk Manager service process/Microsoft Corp., Veritas Software) [MANUAL] dmadmin
Service C:\WINDOWS.0\System32\drivers\dmboot.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software) [DISABLED] dmboot
Service C:\WINDOWS.0\System32\drivers\dmio.sys (NT Disk Manager I/O Driver/Microsoft Corp., Veritas Software) [BOOT] dmio
Service C:\WINDOWS.0\System32\drivers\dmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.) [BOOT] dmload
Service C:\WINDOWS.0\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] dmserver
Service C:\WINDOWS.0\system32\drivers\DMusic.sys (Microsoft Kernel DLS Synthesizer/Microsoft Corporation) [MANUAL] DMusic
Service C:\WINDOWS.0\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dnscache
Service [DISABLED] dpti2o
Service C:\WINDOWS.0\system32\drivers\drmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud
Service C:\WINDOWS.0\system32\drivers\emAudio.sys (Dazzle DVC90/DVC100 Audio Driver/Pinnacle Systems GmbH) [MANUAL] emAudio
Service C:\WINDOWS.0\system32\drivers\emupia2k.sys (E-mu Plug-in Architecture Driver (WDM)/Creative Technology Ltd) [MANUAL] emupia
Service C:\WINDOWS.0\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ERSvc
Service C:\WINDOWS.0\system32\services.exe (Services and Controller app/Microsoft Corporation) [AUTO] Eventlog
Service C:\WINDOWS.0\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EventSystem
Service (Fast FAT File System Driver/Microsoft Corporation) [DISABLED] Fastfat
Service C:\WINDOWS.0\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] FastUserSwitchingCompatibility
Service (Floppy Disk Controller Driver/Microsoft Corporation) [SYSTEM] Fdc
Service C:\WINDOWS.0\system32\DRIVERS\emFilter.sys (USB 28xx WDM Lower filter/eMPIA Technology, Inc.) [MANUAL] FiltUSBEMPIA
Service (FIPS Crypto Driver/Microsoft Corporation) [SYSTEM] Fips
Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Activation Licensing Service/Acresso Software Inc.) [MANUAL] FLEXnet Licensing Service
Service (Floppy Driver/Microsoft Corporation) [SYSTEM] Flpydisk
Service C:\WINDOWS.0\system32\DRIVERS\fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [BOOT] FltMgr
Service c:\WINDOWS.0\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Windows Presentation Foundation Font Cache Service/Microsoft Corporation) [MANUAL] FontCache3.0.0.0
Service (File System Recognizer Driver/Microsoft Corporation) [SYSTEM] Fs_Rec
Service C:\WINDOWS.0\system32\DRIVERS\ftdisk.sys (FT Disk Driver/Microsoft Corporation) [BOOT] Ftdisk
Service C:\WINDOWS.0\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM
Service C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (getPlus® Helper/NOS Microsystems Ltd.) [MANUAL] getPlus® Helper
Service C:\WINDOWS.0\system32\DRIVERS\msgpc.sys (MS General Packet Classifier/Microsoft Corporation) [MANUAL] Gpc
Service C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc/Google) [MANUAL] gusvc
Service C:\WINDOWS.0\system32\drivers\ha10kx2k.sys (Creative EMU10KX HAL (WDM)/Creative Technology Ltd) [MANUAL] ha10kx2k
Service C:\WINDOWS.0\system32\drivers\hap16v2k.sys (Creative EMU10KX-P16v HAL (WDM)/Creative Technology Ltd) [MANUAL] hap16v2k
Service C:\WINDOWS.0\system32\drivers\hap17v2k.sys (Creative EMU10KX-P17v HAL (WDM)/Creative Technology Ltd) [MANUAL] hap17v2k
Service C:\WINDOWS.0\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] helpsvc
Service C:\WINDOWS.0\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] HidServ
Service C:\WINDOWS.0\system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidUsb
Service [DISABLED] hpn
Service C:\WINDOWS.0\system32\DRIVERS\HPZid412.sys (IEEE-1284.4-1999 Driver (Windows 2000)/HP) [MANUAL] HPZid412
Service C:\WINDOWS.0\system32\DRIVERS\HPZipr12.sys (IEEE-1284.4-1999 Print Class Driver/HP) [MANUAL] HPZipr12
Service C:\WINDOWS.0\system32\DRIVERS\HPZius12.sys (1284.4<->Usb Datalink Driver (Windows 2000)/HP) [MANUAL] HPZius12
Service C:\WINDOWS.0\System32\Drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP
Service C:\WINDOWS.0\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] HTTPFilter
Service [SYSTEM] i2omgmt
Service [DISABLED] i2omp
Service C:\WINDOWS.0\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) [SYSTEM] i8042prt
Service C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Windows CardSpace/Microsoft Corporation) [MANUAL] idsvc
Service C:\WINDOWS.0\system32\DRIVERS\imapi.sys (IMAPI Kernel Driver/Microsoft Corporation) [SYSTEM] Imapi
Service C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (IMAPI Helper component/Alex Feinman) [MANUAL] Imapi Helper
Service ImapiHelper
Service C:\WINDOWS.0\system32\imapi.exe (Image Mastering API/Microsoft Corporation) [MANUAL] ImapiService
Service inetaccs
Service [DISABLED] ini910u
Service Inport
Service C:\WINDOWS.0\system32\DRIVERS\intelide.sys (Intel PCI IDE Driver/Microsoft Corporation) [BOOT] IntelIde
Service C:\WINDOWS.0\system32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation) [SYSTEM] intelppm
Service C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Update Service/Intuit Inc.) [AUTO] IntuitUpdateService
Service C:\WINDOWS.0\system32\DRIVERS\Ip6Fw.sys (IPv6 Windows Firewall Driver/Microsoft Corporation) [MANUAL] Ip6Fw
Service C:\WINDOWS.0\system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver
Service C:\WINDOWS.0\system32\DRIVERS\ipinip.sys (IP in IP Encapsulation Driver/Microsoft Corporation) [MANUAL] IpInIp
Service C:\WINDOWS.0\system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IpNat
Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) [MANUAL] iPod Service
Service C:\WINDOWS.0\system32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation) [SYSTEM] IPSec
Service C:\WINDOWS.0\system32\DRIVERS\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM
Service C:\WINDOWS.0\system32\DRIVERS\isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) [BOOT] isapnp
Service C:\Program Files\Java\jre6\bin\jqs.exe (Java™ Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService
Service C:\WINDOWS.0\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) [SYSTEM] Kbdclass
Service C:\WINDOWS.0\system32\drivers\kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation) [MANUAL] kmixer
Service (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD
Service C:\WINDOWS.0\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanserver
Service C:\WINDOWS.0\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanworkstation
Service C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Ad-Aware Service Application/Lavasoft) [AUTO] Lavasoft Ad-Aware Service
Service C:\WINDOWS.0\system32\DRIVERS\Lbd.sys (Boot Driver/Lavasoft AB) [BOOT] Lbd
Service [SYSTEM] lbrtfdc
Service ldap
Service LicenseService
Service C:\WINDOWS.0\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] LmHosts
Service C:\WINDOWS.0\system32\DRIVERS\MarvinBus.sys (Pinnacle Marvin Discrete Bus Enumerator/Pinnacle Systems GmbH) [MANUAL] MarvinBus
Service system32\DRIVERS\mcdbus.sys [MANUAL] mcdbus
Service C:\WINDOWS.0\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) Messenger
Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Groove Audit Service/Microsoft Corporation) [MANUAL] Microsoft Office Groove Audit Service
Service (Frame buffer simulator/Microsoft Corporation) [SYSTEM] mnmdd
Service C:\WINDOWS.0\system32\mnmsrvc.exe (NetMeeting Remote Desktop Sharing/Microsoft Corporation) [MANUAL] mnmsrvc
Service (Modem Device Driver/Microsoft Corporation) [MANUAL] Modem
Service C:\WINDOWS.0\system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) [SYSTEM] Mouclass
Service C:\WINDOWS.0\system32\DRIVERS\mouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) [MANUAL] mouhid
Service (Mount Manager/Microsoft Corporation) [BOOT] MountMgr
Service C:\WINDOWS.0\system32\DRIVERS\MPE.sys (Microsoft MPE to IP Filter/Microsoft Corporation) [MANUAL] MPE
Service [DISABLED] mraid35x
Service C:\WINDOWS.0\system32\DRIVERS\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV
Service C:\WINDOWS.0\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [SYSTEM] MRxSmb
Service C:\WINDOWS.0\system32\msdtc.exe (MS DTC console program/Microsoft Corporation) [MANUAL] MSDTC
Service MSDTC Bridge 3.0.0.0
Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs
Service C:\WINDOWS.0\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] MSIServer
Service C:\WINDOWS.0\system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV
Service C:\WINDOWS.0\system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK
Service C:\WINDOWS.0\system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM
Service C:\WINDOWS.0\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios
Service C:\WINDOWS.0\system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE
Service (Multiple UNC Provider driver/Microsoft Corporation) [BOOT] Mup
Service C:\WINDOWS.0\system32\DRIVERS\NABTSFEC.sys (WDM NABTS/FEC VBI Codec/Microsoft Corporation) [MANUAL] NABTSFEC
Service (NDIS 5.1 wrapper driver/Microsoft Corporation) [BOOT] NDIS
Service C:\WINDOWS.0\system32\DRIVERS\NdisIP.sys (Microsoft IP Driver/Microsoft Corporation) [MANUAL] NdisIP
Service C:\WINDOWS.0\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi
Service C:\WINDOWS.0\system32\DRIVERS\ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation) [MANUAL] Ndisuio
Service C:\WINDOWS.0\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan
Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy
Service C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero BackItUp/Nero AG) [AUTO] Nero BackItUp Scheduler 3
Service C:\WINDOWS.0\system32\DRIVERS\netaapl.sys (Apple Mobile Device Ethernet/Apple Inc.) [MANUAL] Netaapl
Service C:\WINDOWS.0\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS
Service C:\WINDOWS.0\system32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] NetBT
Service C:\WINDOWS.0\system32\netdde.exe (Network DDE - DDE Communication/Microsoft Corporation) [DISABLED] NetDDE
Service C:\WINDOWS.0\system32\netdde.exe (Network DDE - DDE Communication/Microsoft Corporation) [DISABLED] NetDDEdsdm
Service C:\WINDOWS.0\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] Netlogon
Service C:\WINDOWS.0\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Netman
Service C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetTcpPortSharing
Service C:\WINDOWS.0\system32\DRIVERS\nic1394.sys (IEEE1394 Ndis Miniport and Call Manager/Microsoft Corporation) [MANUAL] NIC1394
Service C:\WINDOWS.0\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Nla
Service C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero Home/Nero AG) [MANUAL] NMIndexingService
Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs
Service (NT File System Driver/Microsoft Corporation) [DISABLED] Ntfs
Service C:\WINDOWS.0\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] NtLmSsp
Service C:\WINDOWS.0\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] NtmsSvc
Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null
Service C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 257.21 /NVIDIA Corporation) [MANUAL] nv
Service C:\WINDOWS.0\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 257.21/NVIDIA Corporation) [AUTO] NVSvc
Service C:\WINDOWS.0\system32\DRIVERS\nwlnkflt.sys (NWLINK2 Traffic Filter Driver/Microsoft Corporation) [MANUAL] NwlnkFlt
Service C:\WINDOWS.0\system32\DRIVERS\nwlnkfwd.sys (NWLINK2 Forwarder Driver/Microsoft Corporation) [MANUAL] NwlnkFwd
Service C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Office Diagnostics/Microsoft Corporation) [MANUAL] odserv
Service C:\WINDOWS.0\system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [BOOT] ohci1394
Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose
Service C:\WINDOWS.0\system32\drivers\ctoss2k.sys (Creative OS Services Driver (WDM)/Creative Technology Ltd.) [MANUAL] ossrv
Service Outlook
Service C:\WINDOWS.0\system32\DRIVERS\parport.sys (Parallel Port Driver/Microsoft Corporation) [MANUAL] Parport
Service (Partition Manager/Microsoft Corporation) [BOOT] PartMgr
Service (VDM Parallel Driver/Microsoft Corporation) [AUTO] ParVdm
Service C:\WINDOWS.0\system32\DRIVERS\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) [BOOT] PCI
Service [SYSTEM] PCIDump
Service (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] PCIIde
Service (PCMCIA Bus Driver/Microsoft Corporation) [DISABLED] Pcmcia
Service [MANUAL] PDCOMP
Service [MANUAL] PDFRAME
Service [MANUAL] PDRELI
Service [MANUAL] PDRFRAME
Service [DISABLED] perc2
Service [DISABLED] perc2hib
Service PerfDisk
Service PerfNet
Service PerfOS
Service PerfProc
Service C:\WINDOWS.0\system32\IoctlSvc.exe (PLFlash DeviceIoControl Service/Prolific Technology Inc.) [AUTO] PLFlash DeviceIoControl Service
Service C:\WINDOWS.0\system32\services.exe (Services and Controller app/Microsoft Corporation) [AUTO] PlugPlay
Service C:\WINDOWS.0\system32\HPZipm12.exe (PML Driver/HP) [AUTO] Pml Driver HPZ12
Service C:\WINDOWS.0\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] PolicyAgent
Service C:\WINDOWS.0\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport
Service C:\WINDOWS.0\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] ProtectedStorage
Service C:\WINDOWS.0\system32\DRIVERS\psched.sys (MS QoS Packet Scheduler/Microsoft Corporation) [MANUAL] PSched
Service C:\WINDOWS.0\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service C:\WINDOWS.0\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
Service C:\WINDOWS.0\system32\DRIVERS\OVCD.sys (Video Minidriver/Microsoft Corporation) [MANUAL] QCDonner
Service [DISABLED] ql1080
Service [DISABLED] Ql10wnt
Service [DISABLED] ql12160
Service [DISABLED] ql1240
Service [DISABLED] ql1280
Service C:\WINDOWS.0\system32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [SYSTEM] RasAcd
Service C:\WINDOWS.0\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasAuto
Service C:\WINDOWS.0\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp
Service C:\WINDOWS.0\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasMan
Service C:\WINDOWS.0\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe
Service C:\WINDOWS.0\system32\DRIVERS\raspti.sys (PTI DirectParallel® mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Raspti
Service C:\WINDOWS.0\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [SYSTEM] Rdbss
Service C:\WINDOWS.0\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD
Service RDPDD
Service C:\WINDOWS.0\system32\DRIVERS\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) [MANUAL] rdpdr
Service RDPNP
Service (RDP Terminal Stack Driver (US/Canada Only, Not for Export)/Microsoft Corporation) [MANUAL] RDPWD
Service C:\WINDOWS.0\system32\sessmgr.exe (Microsoft® Remote Desktop Help Session Manager/Microsoft Corporation) [MANUAL] RDSessMgr
Service C:\WINDOWS.0\system32\DRIVERS\redbook.sys (Redbook Audio Filter Driver/Microsoft Corporation) [SYSTEM] redbook
Service C:\WINDOWS.0\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] RemoteAccess
Service C:\WINDOWS.0\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RemoteRegistry
Service C:\WINDOWS.0\system32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator
Service C:\WINDOWS.0\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RpcSs
Service C:\WINDOWS.0\system32\DRIVERS\rspndr.sys (Link-Layer Topology Responder Driver for NDIS 6/Microsoft Corporation) [AUTO] rspndr
Service C:\WINDOWS.0\system32\rsvp.exe (Microsoft RSVP/Microsoft Corporation) [MANUAL] RSVP
Service C:\WINDOWS.0\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] SamSs
Service C:\WINDOWS.0\system32\DRIVERS\emScan.sys (USB 28xx WDM Upper Filter/eMPIA Technology, Inc.) [MANUAL] ScanUSBEMPIA
Service C:\WINDOWS.0\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Schedule
Service C:\WINDOWS.0\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] Secdrv
Service C:\WINDOWS.0\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] seclogon
Service C:\WINDOWS.0\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SENS
Service C:\WINDOWS.0\system32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] serenum
Service C:\WINDOWS.0\system32\DRIVERS\serial.sys (Serial Device Driver/Microsoft Corporation) [SYSTEM] Serial
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service (SCSI Floppy Driver/Microsoft Corporation) [SYSTEM] Sfloppy
Service C:\WINDOWS.0\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SharedAccess
Service C:\WINDOWS.0\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ShellHWDetection
Service [DISABLED] Simbad
Service C:\WINDOWS.0\system32\DRIVERS\SLIP.sys (Microsoft Slip Deframing Filter Minidriver/Microsoft Corporation) [MANUAL] SLIP
Service SMSvcHost 3.0.0.0
Service [DISABLED] Sparrow
Service C:\WINDOWS.0\system32\drivers\splitter.sys (Microsoft Kernel Audio Splitter/Microsoft Corporation) [MANUAL] splitter
Service C:\WINDOWS.0\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler
Service C:\WINDOWS.0\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) [DISABLED] sptd
Service C:\WINDOWS.0\system32\DRIVERS\sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation) [BOOT] Sr
Service system32\ZoneLabs\srescan.sys [BOOT] srescan
Service C:\WINDOWS.0\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] srservice
Service C:\WINDOWS.0\system32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] Srv
Service C:\WINDOWS.0\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] SSDPSRV
Service C:\WINDOWS.0\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH) [SYSTEM] ssmdrv
Service C:\WINDOWS.0\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] stisvc
Service C:\WINDOWS.0\system32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip
Service C:\WINDOWS.0\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum
Service C:\WINDOWS.0\system32\drivers\swmidi.sys (Microsoft GS Wavetable Synthesizer/Microsoft Corporation) [MANUAL] swmidi
Service C:\WINDOWS.0\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] SwPrv
Service [DISABLED] symc810
Service [DISABLED] symc8xx
Service [DISABLED] sym_hi
Service [DISABLED] sym_u3
Service C:\WINDOWS.0\system32\drivers\sysaudio.sys (System Audio WDM Filter/Microsoft Corporation) [MANUAL] sysaudio
Service C:\WINDOWS.0\system32\smlogsvc.exe (Performance Logs and Alerts Service/Microsoft Corporation) [MANUAL] SysmonLog
Service C:\WINDOWS.0\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TapiSrv
Service C:\WINDOWS.0\system32\DRIVERS\tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation) [SYSTEM] Tcpip
Service (IPv6 driver/Microsoft Corporation) Tcpip6
Service (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE
Service (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP
Service C:\WINDOWS.0\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) [SYSTEM] TermDD
Service C:\WINDOWS.0\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TermService
Service C:\WINDOWS.0\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Themes
Service C:\WINDOWS.0\system32\DRIVERS\LTSMT.sys (SoftModem Device Driver/LT) [MANUAL] TOSHIBASoftModem
Service [DISABLED] TosIde
Service C:\WINDOWS.0\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] TrkWks
Service TSDDD
Service (UDF File System Driver/Microsoft Corporation) [DISABLED] Udfs
Service [DISABLED] ultra
Service C:\WINDOWS.0\system32\DRIVERS\update.sys (Update Driver/Microsoft Corporation) [MANUAL] Update
Service C:\WINDOWS.0\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] upnphost
Service C:\WINDOWS.0\System32\ups.exe (UPS Service/Microsoft Corporation) [MANUAL] UPS
Service usb
Service C:\WINDOWS.0\System32\Drivers\usbaapl.sys (Apple Mobile Device USB Driver/Apple, Inc.) [MANUAL] USBAAPL
Service C:\WINDOWS.0\system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp
Service C:\WINDOWS.0\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci
Service C:\WINDOWS.0\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub
Service C:\WINDOWS.0\system32\DRIVERS\usbprint.sys (USB Printer driver/Microsoft Corporation) [MANUAL] usbprint
Service C:\WINDOWS.0\system32\DRIVERS\usbscan.sys (USB Scanner Driver/Microsoft Corporation) [MANUAL] usbscan
Service C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR
Service C:\WINDOWS.0\system32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbuhci
Service C:\WINDOWS.0\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave
Service [DISABLED] ViaIde
Service system32\DRIVERS\vmnetadapter.sys [MANUAL] VMnetAdapter
Service (Volume Shadow Copy Driver/Microsoft Corporation) [BOOT] VolSnap
Service C:\WINDOWS.0\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) [SYSTEM] vsdatant
Service C:\WINDOWS.0\system32\ZoneLabs\vsmon.exe (TrueVector Service/Check Point Software Technologies LTD) [AUTO] vsmon
Service C:\WINDOWS.0\System32\vssvc.exe (Microsoft® Volume Shadow Copy Service/Microsoft Corporation) [MANUAL] VSS
Service C:\WINDOWS.0\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] W32Time
Service W3SVC
Service C:\WINDOWS.0\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] Wanarp
Service C:\WINDOWS.0\system32\DRIVERS\Wdf01000.sys (WDF Dynamic/Microsoft Corporation) [MANUAL] Wdf01000
Service [MANUAL] WDICA
Service C:\WINDOWS.0\system32\drivers\wdmaud.sys (MMSYSTEM Wave/Midi API mapper/Microsoft Corporation) [MANUAL] wdmaud
Service C:\WINDOWS.0\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WebClient
Service Windows Workflow Foundation 3.0.0.0
Service C:\WINDOWS.0\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] winmgmt
Service [MANUAL] Winsock
Service WinSock2
Service WinTrust
Service C:\WINDOWS.0\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WmdmPmSN
Service C:\WINDOWS.0\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Wmi
Service WmiApRpl
Service C:\WINDOWS.0\system32\wbem\wmiapsrv.exe (WMI Performance Adapter Service/Microsoft Corporation) [MANUAL] WmiApSrv
Service C:\Program Files\Windows Media Player\WMPNetwk.exe (Windows Media Player Network Sharing Service/Microsoft Corporation) [MANUAL] WMPNetworkSvc
Service C:\WINDOWS.0\System32\drivers\ws2ifsl.sys (Winsock2 IFS Layer/Microsoft Corporation) [DISABLED] WS2IFSL
Service C:\WINDOWS.0\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wscsvc
Service C:\WINDOWS.0\system32\DRIVERS\WSTCODEC.SYS (WDM WST Codec Driver/Microsoft Corporation) [MANUAL] WSTCODEC
Service C:\WINDOWS.0\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wuauserv
Service C:\WINDOWS.0\system32\DRIVERS\WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation) [MANUAL] WudfPf
Service C:\WINDOWS.0\system32\DRIVERS\wudfrd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WudfRd
Service C:\WINDOWS.0\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WudfSvc
Service C:\WINDOWS.0\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WZCSVC
Service C:\WINDOWS.0\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] xmlprov
Service {00A43C87-0CA5-4D33-826E-241E0FC06D23}
Service {0E62F403-35FD-4226-930D-A70BEA5B55AD}
Service {62FD08EE-D8E7-4F5D-BB54-F517004C9AEE}
Service {9CD8C9C1-914C-42A0-8CD2-0F049279EF42}
Service {B716CE5F-9D07-4634-83D4-0340260DDCF0}
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4327
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11
7/27/2010 4:39:17 PM
mbam-log-2010-07-27 (16-39-17).txt
Scan type: Quick scan
Objects scanned: 155632
Time elapsed: 7 minute(s), 17 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 12
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS.0\system32\clhordei.dll (Trojan.Agent) -> No action taken.
Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{6b5631b8-788d-4496-96ea-c634a44e39b4} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4fa06538-d0e3-4000-980a-15d8150ae347} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5be3f183-96a8-4785-9276-cb7ebd0d93f9} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8d516d7c-9195-407d-bb91-ada0638b04d1} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ac0b7d84-95e4-4c4b-b7b2-9717a0faaafc} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cc3d3489-a97b-4b3b-bd44-27b9c460cead} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{dd1368a3-ca1c-4d43-9ce8-300b0c55967a} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{24c138ac-50a2-4f96-b3fd-bb76caa25ab7} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5f94fd38-1f4e-465f-92ba-ad15d8b066a3} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7c69256f-8bec-480d-8256-009cf3899d78} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{90f3685a-dd5e-4648-a035-b31bd8ddb005} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d855c87c-a4ed-4776-ade3-f2468cd50c0f} (Trojan.Agent) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{5f94fd38-1f4e-465f-92ba-ad15d8b066a3} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5f94fd38-1f4e-465f-92ba-ad15d8b066a3} (Trojan.Agent) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS.0\system32\clhordei.dll (Trojan.Agent) -> No action taken.
OTL Extras logfile created on: 7/29/2010 12:24:39 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Administrator\Desktop\APPS I DONT USE
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 3.86 Gb Free Space | 1.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 372.60 Gb Total Space | 220.69 Gb Free Space | 59.23% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 3.80 Gb Total Space | 2.75 Gb Free Space | 72.33% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Computer Name: DDP
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.ini [@ = inifile] -- C:\WINDOWS.0\System32\NOTEPAD2.EXE ()
.txt [@ = txtfile] -- C:\WINDOWS.0\System32\NOTEPAD2.EXE ()
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- C:\WINDOWS.0\system32\NOTEPAD2.EXE %1 ()
batfile [open] -- "%1" %*
batfile [print] -- Reg Error: Key error.
cmdfile [edit] -- C:\WINDOWS.0\system32\NOTEPAD2.EXE %1 ()
cmdfile [open] -- "%1" %*
cmdfile [print] -- Reg Error: Key error.
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\PROGRA~1\MICROS~2\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\PROGRA~1\MICROS~2\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [print] -- Reg Error: Key error.
inifile [open] -- C:\WINDOWS.0\system32\NOTEPAD2.EXE %1 ()
inifile [print] -- Reg Error: Key error.
InternetShortcut [print] -- Reg Error: Key error.
jsfile [edit] -- C:\WINDOWS.0\system32\Notepad2.exe %1 ()
jsefile [edit] -- C:\WINDOWS.0\system32\Notepad2.exe %1 ()
piffile [open] -- "%1" %*
regfile [edit] -- C:\WINDOWS.0\system32\NOTEPAD2.EXE %1 ()
regfile [merge] -- Reg Error: Key error.
regfile [print] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- C:\WINDOWS.0\system32\NOTEPAD2.EXE %1 ()
txtfile [print] -- Reg Error: Key error.
vbefile [edit] -- C:\WINDOWS.0\system32\Notepad2.exe %1 ()
vbsfile [edit] -- C:\WINDOWS.0\system32\Notepad2.exe %1 ()
wsffile [edit] -- C:\WINDOWS.0\system32\Notepad2.exe %1 ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [CmdHere] -- C:\WINDOWS.0\system32\cmd.exe /k cd "%1" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [myclean] -- MyCleaner.exe %1
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [openNew] -- explorer.exe /e, %1 (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English\setup.exe" = C:\Users\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English\setup.exe:*:Enabled:Kaspersky Internet Security 2009 Setup -- (Kaspersky Lab)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe" = C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS4 -- (Adobe Systems, Inc.)
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\PFPortChecker\PFPortChecker.exe" = C:\Program Files\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded. -- (portforward.com)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\WINDOWS.0\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS.0\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00798ADE-95E9-462D-838C-ECACA2B5E9B1}" = Quicken 2006
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F8C8B5A-B076-4400-8262-41D6131099ED}" = ImpôtRapide 2009
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{167ABF69-A947-4839-856D-3BA2274FCBE9}" = ImpôtRapide 2008
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1E187923-04E5-4E1F-9BF2-40E32D93A1C4}" = HP Color LaserJet CP1210 Series Toolbox
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}" = QuickTax 2007
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{262BF2CD-601D-4F43-919C-4B00B1D1F338}" = Boris Graffiti
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 17
"{26DDB12A-CB5E-4C0B-89AF-817CA0E59CC9}" = HP LaserJet Toolbox
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4196D960-68B0-4BEB-B312-3C1B4654068D}" = Handy Recovery 4.0
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{52E819E9-C69A-4AF6-B2B3-BC01F8B0ECA3}" = Toon Boom Storyboard Pro Trial
"{54360A73-B080-4A69-BFD4-53C190DD3AB0}" = HP Color LaserJet CP1210 Series
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-7001-0409-0002-0060B0CE6BBA}" = AutoCAD 2009 - English
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Driver
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67330878-0617-41A9-A3B0-B5298E89E7BC}" = Pinnacle Winter Pack
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6B0DC474-A5F0-4091-8913-25E9DA2E7F53}" = Asoftech Photo Recovery
"{6c651250-2eb2-11d5-8e33-0050dad72ac2}" = NetZero Internet
"{6D45EF03-E8EE-4355-81C3-F918CBCF1033}" = Nero 8
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{893FC88E-70C1-409D-AF31-9E8D9441B0D8}" = MSN Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BF58D21-7A60-457B-8FCB-3BDC23155B7D}" = DavkaWriter Platinum Demo
"{9C09E3A4-850A-40B2-B94F-EBFB5349C238}" = hppusgCP1215
"{9cf13d50-c793-4fd2-b902-afafe4aa12b8}" = Nero 9 Trial
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_933" = Adobe Acrobat 9.3.3 - CPSID_83708
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0 SE
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{BF26E713-43CD-43AD-AF28-A905C1E26D8C}" = DVDneXtCOPY3
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D1860E6E-520E-4380-8433-E58E8F88B473}" = Pinnacle Studio 12 Ultimate Plugins
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F3A52623-4890-415D-A43A-F71A3A39C273}" = HPCarePackProducts
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9A1E23D-E104-11D6-B557-00C04F4351FF}" = Caillou Les Quatre Saisons
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"3D-Album-CS" = 3D-Album-CS
"Ad-Aware" = Ad-Aware
"Adibou et l'Ombre Verte V.1.00 on C" = Adibou et l'Ombre Verte V.1.00 on C
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
"Adobe_aafbab2a1213860f65effefc066f49d" = Adobe Premiere Pro CS4
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Any Video Converter Professional_is1" = Any Video Converter Professional 2.7.8
"Attribute Changer" = Attribute Changer 5.23
"AutoCAD 2009 - English" = AutoCAD 2009 - English
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Burn4Free" = Burn4Free CD and DVD
"CCleaner" = CCleaner (remove only)
"CobBackup10" = Cobian Backup 10
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"CPLBonus" = CPL All-in-One
"Data Doctor Recovery - Memory Card (Demo)" = Data Doctor Recovery - Memory Card (Demo)
"DVDneXtCOPY" = DVDneXtCOPY
"EndItAll_is1" = EndItAll 2.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Fashion Solitaire" = Fashion Solitaire
"Free Create-Burn ISO Image_is1" = Free Create-Burn ISO Image v2.0
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.34
"Games_Bar_1 Toolbar" = Games_Bar_1 Toolbar
"HijackThis" = HijackThis 2.0.2
"HP Color LaserJet CP1210 Series" = HP Color LaserJet CP1210 Series
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"iCare Data Recovery_is1" = iCare Data Recovery 3.8.1
"ie7" = Windows Internet Explorer 7
"Jane's Zoo" = Jane's Zoo
"La chasse au trésor" = La chasse au trésor
"L'anniversaire" = L'anniversaire
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"Mp3 Codec" = Mpeg Layer3 Codec FHG-Radium v1.263
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PFPortChecker" = PFPortChecker 1.0.28
"Picasa 3" = Picasa 3
"PQ_DVD_to_iPod_Video_Converter" = PQ DVD to iPod Video Converter (remove only)
"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
"RealPlayer 12.0" = RealPlayer
"RegShot" = RegShot 1.7.2.5
"Remote PC Suite" = Remote PC Suite 1.3
"Sierra Utilities" = Utilitaires Sierra
"TaskSwitchXP" = TaskSwitchXP
"The 80 Classic Games" = Atari: The 80 Classic Games
"Toshiba Soft Modem" = Toshiba Soft Modem AMR
"TurboTax 2008" = TurboTax 2008
"Unlocker" = Unlocker 1.8.5
"USSF" = Universal Silent Switch Finder
"Visviva Animation Player" = Visviva Animation Player
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2b
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3c
"Windows Registry Repair Pro_is1" = Windows Registry Repair Pro
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinUndelete" = WinUndelete
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
"ZoneAlarm" = ZoneAlarm
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 6/27/2010 4:51:00 PM | Computer Name = DDP | Source = Avira AntiVir | ID = 4118
Description = EXCEPTION calling function <Scan> for the file D:\DSC_0922.JPG [ACCESS_VIOLATION
Exception!! EIP = 0x1abc328] Please inform Avira and submit the appropriate file!
Error - 6/28/2010 12:28:06 AM | Computer Name = DDP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved
Error - 6/29/2010 1:36:36 PM | Computer Name = DDP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved
Error - 6/29/2010 2:01:49 PM | Computer Name = DDP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved
Error - 6/30/2010 5:10:42 PM | Computer Name = DDP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.
Error - 6/30/2010 5:13:29 PM | Computer Name = DDP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.
Error - 6/30/2010 5:13:36 PM | Computer Name = DDP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.
Error - 6/30/2010 5:13:38 PM | Computer Name = DDP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.
Error - 7/1/2010 9:43:23 PM | Computer Name = DDP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid.
Error - 7/4/2010 6:09:10 PM | Computer Name = DDP | Source = Windows Live Messenger | ID = 1000
Description =
[ OSession Events ]
Error - 1/13/2010 8:01:30 AM | Computer Name = DDP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 934
seconds with 600 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 7/27/2010 3:57:03 PM | Computer Name = DDP | Source = Service Control Manager | ID = 7000
Description = The Aspi32 service failed to start due to the following error: %%1058
Error - 7/27/2010 3:57:03 PM | Computer Name = DDP | Source = Service Control Manager | ID = 7000
Description = The helpsvc service failed to start due to the following error: %%2
Error - 7/27/2010 3:57:03 PM | Computer Name = DDP | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126
Error - 7/27/2010 4:40:55 PM | Computer Name = DDP | Source = Service Control Manager | ID = 7000
Description = The Aspi32 service failed to start due to the following error: %%1058
Error - 7/27/2010 4:40:55 PM | Computer Name = DDP | Source = Service Control Manager | ID = 7000
Description = The helpsvc service failed to start due to the following error: %%2
Error - 7/27/2010 4:40:55 PM | Computer Name = DDP | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126
Error - 7/27/2010 4:41:00 PM | Computer Name = DDP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde
Error - 7/28/2010 12:55:04 AM | Computer Name = DDP | Source = Service Control Manager | ID = 7000
Description = The Aspi32 service failed to start due to the following error: %%1058
Error - 7/28/2010 12:55:04 AM | Computer Name = DDP | Source = Service Control Manager | ID = 7000
Description = The helpsvc service failed to start due to the following error: %%2
Error - 7/28/2010 12:55:04 AM | Computer Name = DDP | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126
< End of report >
OTL logfile created on: 7/29/2010 12:24:39 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Administrator\Desktop\APPS I DONT USE
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 3.86 Gb Free Space | 1.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 372.60 Gb Total Space | 220.69 Gb Free Space | 59.23% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 3.80 Gb Total Space | 2.75 Gb Free Space | 72.33% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Computer Name: DDP
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/07/13 14:36:44 | 000,066,848 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\MobileMeServices.exe
PRC - [2010/07/13 10:53:20 | 003,152,384 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Program Files\Cobian Backup 10\cbInterface.exe
PRC - [2010/07/13 10:53:18 | 000,421,376 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Program Files\Cobian Backup 10\Cobian.exe
PRC - [2010/07/12 04:55:38 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/07/12 04:55:38 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS.0\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/11 20:27:44 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\APPS I DONT USE\OTL.exe
PRC - [2009/08/26 19:17:37 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/08/05 16:07:38 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/03/10 22:03:58 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/01 23:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/10/09 15:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS.0\system32\HPZipm12.exe
PRC - [2006/12/02 05:00:00 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\explorer.exe
PRC - [2006/12/02 05:00:00 | 000,417,792 | ---- | M] () -- C:\WINDOWS.0\system32\Notepad2.EXE
PRC - [2006/10/27 01:23:04 | 000,347,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
PRC - [2006/10/27 01:16:48 | 012,813,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
========== Modules (SafeList) ==========
MOD - [2010/05/11 20:27:44 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\APPS I DONT USE\OTL.exe
MOD - [2006/12/02 05:00:00 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS.0\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/12/02 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (CiSvc)
SRV - [2010/07/12 04:55:38 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS.0\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/05 16:07:38 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/22 00:36:41 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/28 21:48:51 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/03/10 22:03:58 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/03 00:53:08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/10/09 15:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/08/14 15:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS.0\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/01/04 10:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
========== Driver Services (SafeList) ==========
DRV - [2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS.0\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/07 19:57:00 | 010,531,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS.0\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/12/06 15:07:25 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS.0\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/28 23:36:06 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/04/23 03:50:09 | 000,646,392 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS.0\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/03/29 20:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/10 22:03:58 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/12 22:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/08/13 17:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\adfs.sys -- (adfs)
DRV - [2006/12/11 21:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/12/02 05:00:00 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS.0\system32\drivers\aspi32.sys -- (Aspi32)
DRV - [2006/10/03 07:15:22 | 000,158,208 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/08/11 09:45:40 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/08/11 09:45:38 | 000,499,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006/08/11 09:45:28 | 000,180,224 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2006/08/11 09:45:26 | 000,766,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2006/08/11 09:45:26 | 000,154,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2006/08/11 09:45:24 | 000,116,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/08/11 09:45:18 | 000,143,872 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/08/11 09:45:18 | 000,078,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/08/11 09:45:14 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/12/20 19:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/20 19:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/20 19:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/11/10 12:06:04 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2005/09/23 09:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004/08/03 09:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\MPE.sys -- (MPE)
DRV - [2001/08/17 00:05:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\OVCD.sys -- (QCDonner)
DRV - [2001/08/16 22:28:12 | 000,797,500 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\LTSMT.sys -- (TOSHIBASoftModem)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2452474
IE - HKCU\..\URLSearchHook: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "http://ca.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/23 16:50:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/23 16:50:20 | 000,000,000 | ---D | M]
[2009/07/21 23:35:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\Mozilla\Extensions
[2010/07/27 00:37:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\hgj397wo.default\extensions
[2010/01/17 18:49:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\hgj397wo.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/16 17:27:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
O1 HOSTS File: ([2009/04/28 08:05:31 | 000,000,722 | ---- | M]) - C:\WINDOWS.0\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Pop-up Blocker) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (NetZero, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1303.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (NetZero Toolbar Helper) - {FE3098B0-04A3-41fd-8CA9-BEA39CB14C87} - C:\Program Files\NetZero\UCReg.dll (NetZero, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS.0\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Users\Administrator\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108855
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 359
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = E7 FF FF 03 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS.0\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Display All Images with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll (NetZero, Inc.)
O8 - Extra context menu item: Display Image with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll (NetZero, Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1240731040781 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-ir2008 {729D3592-92E7-4cbc-8E44-3C22B3F457B3} - C:\Program Files\ImpotRapide 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-ir2009 {E4616804-F2F8-4839-B728-5305004DA6A7} - C:\Program Files\ImpotRapide 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS.0\system32\acaptuser32.dll) - C:\WINDOWS.0\system32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.0\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Users\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/23 03:49:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS.0\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS.0\system32\ias [2009/04/23 03:48:50 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS.0\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3codec - C:\WINDOWS.0\System32\L3CODECP.ACM (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS.0\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS.0\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS.0\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS.0\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS.0\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS.0\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS.0\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS.0\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS.0\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS.0\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mjpg - C:\WINDOWS.0\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: vidc.XVID - C:\WINDOWS.0\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS.0\System32\DivX.dll (DivX, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 30 Days ==========
[2010/07/28 19:31:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Local Settings\Application Data\Safe mirror
[2010/07/28 19:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2010/07/28 19:29:58 | 015,427,584 | ---- | C] (Luis Cobian, CobianSoft) -- C:\Users\Administrator\Desktop\cbSetup.exe
[2010/07/25 11:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\Games_Bar_1
[2010/07/23 16:55:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/23 16:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/23 16:55:51 | 000,000,000 | ---D | C] -- C:\Users\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/23 16:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/07/23 16:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/22 23:06:42 | 000,519,952 | ---- | C] (Microsoft Corporation) -- C:\Users\Administrator\Desktop\Mats_Run.dvd.exe
[2010/07/22 11:58:07 | 000,568,900 | ---- | C] ( ) -- C:\Users\Administrator\Desktop\DVD43_4-6-0.exe
[2010/07/22 11:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Machinist 2
[2010/07/21 14:29:04 | 000,112,056 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS.0\System32\acaptuser32.dll
[2010/07/21 13:27:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Local Settings\Application Data\Sunbelt Software
[2010/07/21 13:27:07 | 000,000,000 | -H-D | C] -- C:\Users\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/07/21 12:09:42 | 128,750,008 | ---- | C] (Lavasoft ) -- C:\Users\Administrator\Desktop\Ad-AwareInstall.exe
[2010/07/18 20:07:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\My Documents\DivXToDvd
[2010/07/18 19:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\vso
[2010/07/18 19:22:28 | 002,496,707 | ---- | C] (VSO-Software SARL ) -- C:\Users\Administrator\Desktop\vsoDivxToDVD_setup_v0.5.2b.exe
[2010/07/13 01:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\3D-Album-CS
[2010/07/13 01:31:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\3D_Album_329_ENG_By_Gerti_id
[2010/07/12 23:25:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\planes
[2010/07/12 23:23:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\thomas
[2010/07/08 19:35:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\My Documents\7-8-2010
[2010/07/04 18:10:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\New Folder (4)
[2010/07/02 15:28:03 | 000,000,000 | ---D | C] -- C:\Users\NetworkService\Local Settings\Application Data\ZoneAlarm
[2010/07/02 15:09:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\My Documents\ForceField Shared Files
[2010/07/02 15:09:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Application Data\CheckPoint
[2010/07/02 15:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/07/02 15:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/06/30 00:12:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\My Documents\NeroVision
[2009/04/23 13:34:54 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS.0\System32\a3d.dll
[1 C:\Users\Administrator\My Documents\*.tmp files -> C:\Users\Administrator\My Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/07/28 22:58:03 | 000,000,332 | ---- | M] () -- C:\WINDOWS.0\tasks\HP WEP.job
[2010/07/28 19:29:58 | 015,427,584 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Users\Administrator\Desktop\cbSetup.exe
[2010/07/28 19:25:43 | 000,000,284 | ---- | M] () -- C:\WINDOWS.0\tasks\PropertyTaskUserS-1-5-21-1343024091-606747145-725345543-500.job
[2010/07/28 17:44:01 | 009,676,738 | -H-- | M] () -- C:\Users\Administrator\Local Settings\Application Data\IconCache.db
[2010/07/28 13:02:56 | 000,002,191 | ---- | M] () -- C:\Users\All Users\Desktop\Safari.lnk
[2010/07/28 11:15:06 | 000,092,160 | ---- | M] () -- C:\Users\Administrator\My Documents\Steven Kaminsky 2010.doc
[2010/07/28 11:14:24 | 000,000,162 | -H-- | M] () -- C:\Users\Administrator\My Documents\~$even Kaminsky 2010.doc
[2010/07/28 07:34:04 | 000,011,705 | ---- | M] () -- C:\Users\Administrator\My Documents\ILOVE YOU ARE YSHIRA FOR YOSSEF.docx
[2010/07/28 03:42:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS.0\tasks\Ad-Aware Update (Weekly).job
[2010/07/28 00:59:04 | 000,502,746 | ---- | M] () -- C:\WINDOWS.0\System32\PerfStringBackup.INI
[2010/07/28 00:59:04 | 000,427,986 | ---- | M] () -- C:\WINDOWS.0\System32\perfh009.dat
[2010/07/28 00:59:04 | 000,065,950 | ---- | M] () -- C:\WINDOWS.0\System32\perfc009.dat
[2010/07/28 00:54:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS.0\tasks\SA.DAT
[2010/07/28 00:54:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS.0\bootstat.dat
[2010/07/27 19:00:24 | 008,912,896 | ---- | M] () -- C:\Users\Administrator\NTUSER.DAT
[2010/07/27 19:00:24 | 000,000,178 | -HS- | M] () -- C:\Users\Administrator\ntuser.ini
[2010/07/27 16:40:00 | 000,030,912 | ---- | M] () -- C:\WINDOWS.0\System32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000004-10031102}.rfx
[2010/07/27 16:40:00 | 000,030,912 | ---- | M] () -- C:\WINDOWS.0\System32\BMXState-{00000004-00000000-00000001-00001102-00000004-10031102}.rfx
[2010/07/27 16:40:00 | 000,030,120 | ---- | M] () -- C:\WINDOWS.0\System32\BMXCtrlState-{00000004-00000000-00000001-00001102-00000004-10031102}.rfx
[2010/07/27 16:40:00 | 000,030,120 | ---- | M] () -- C:\WINDOWS.0\System32\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000004-10031102}.rfx
[2010/07/27 16:40:00 | 000,011,564 | ---- | M] () -- C:\WINDOWS.0\System32\DVCState-{00000004-00000000-00000001-00001102-00000004-10031102}.rfx
[2010/07/27 16:40:00 | 000,001,080 | ---- | M] () -- C:\WINDOWS.0\System32\settingsbkup.sfm
[2010/07/27 16:40:00 | 000,001,080 | ---- | M] () -- C:\WINDOWS.0\System32\settings.sfm
[2010/07/26 23:21:16 | 000,000,069 | ---- | M] () -- C:\WINDOWS.0\NeroDigital.ini
[2010/07/26 19:51:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS.0\MEMORY.DMP
[2010/07/26 16:53:56 | 000,525,824 | ---- | M] () -- C:\Users\Administrator\Desktop\dds.scr
[2010/07/26 13:58:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS.0\System32\wpa.dbl
[2010/07/26 12:02:51 | 000,002,141 | ---- | M] () -- C:\Users\All Users\Desktop\iTunes.lnk
[2010/07/23 16:50:11 | 000,001,608 | ---- | M] () -- C:\Users\All Users\Desktop\QuickTime Player.lnk
[2010/07/23 15:28:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS.0\tasks\AppleSoftwareUpdate.job
[2010/07/22 23:06:42 | 000,519,952 | ---- | M] (Microsoft Corporation) -- C:\Users\Administrator\Desktop\Mats_Run.dvd.exe
[2010/07/22 22:10:45 | 000,000,349 | ---- | M] () -- C:\Users\All Users\Documents\PCLECHAL.INI
[2010/07/22 15:58:33 | 002,272,512 | ---- | M] () -- C:\Users\Administrator\Desktop\4120W117.ZIP
[2010/07/22 13:47:04 | 000,000,686 | ---- | M] () -- C:\Users\All Users\Desktop\DVDneXtCOPY 3.lnk
[2010/07/22 11:58:09 | 000,568,900 | ---- | M] ( ) -- C:\Users\Administrator\Desktop\DVD43_4-6-0.exe
[2010/07/22 11:56:45 | 000,152,570 | ---- | M] () -- C:\Users\Administrator\Desktop\Machinist2.1.setup.exe
[2010/07/21 13:42:49 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS.0\System32\drivers\SBREDrv.sys
[2010/07/21 13:27:03 | 000,000,867 | ---- | M] () -- C:\Users\All Users\Desktop\Ad-Aware.lnk
[2010/07/21 12:09:42 | 128,750,008 | ---- | M] (Lavasoft ) -- C:\Users\Administrator\Desktop\Ad-AwareInstall.exe
[2010/07/20 15:42:28 | 000,217,180 | ---- | M] () -- C:\WINDOWS.0\System32\nvdrsdb0.bin
[2010/07/20 15:42:28 | 000,000,001 | ---- | M] () -- C:\WINDOWS.0\System32\nvdrssel.bin
[2010/07/19 19:08:13 | 000,001,055 | ---- | M] () -- C:\Users\Administrator\Desktop\mbam-log-2010-07-19 (18-11-43).rar
[2010/07/18 19:50:42 | 000,000,700 | ---- | M] () -- C:\Users\Administrator\Desktop\VSO DivxToDVD.lnk
[2010/07/18 19:22:31 | 002,496,707 | ---- | M] (VSO-Software SARL ) -- C:\Users\Administrator\Desktop\vsoDivxToDVD_setup_v0.5.2b.exe
[2010/07/18 19:09:50 | 000,095,744 | ---- | M] () -- C:\Users\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/13 13:01:04 | 000,000,236 | ---- | M] () -- C:\Users\Administrator\Application Data\default.pls
[2010/07/12 21:56:13 | 000,038,878 | ---- | M] () -- C:\Users\Administrator\Desktop\planebdayparty1.jpg
[2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS.0\System32\drivers\Lbd.sys
[2010/07/12 04:55:38 | 000,015,880 | ---- | M] () -- C:\WINDOWS.0\System32\lsdelete.exe
[2010/07/08 19:32:52 | 000,217,180 | ---- | M] () -- C:\WINDOWS.0\System32\nvdrsdb1.bin
[2010/07/08 19:20:21 | 000,000,022 | ---- | M] () -- C:\WINDOWS.0\System32\nvModes.dat
[2010/07/05 12:08:53 | 000,009,970 | ---- | M] () -- C:\Users\Administrator\My Documents\Doc3.docx
[2010/07/04 17:48:52 | 000,014,663 | ---- | M] () -- C:\Users\Administrator\My Documents\info for gan shira.docx
[2010/07/02 15:09:12 | 000,421,530 | ---- | M] () -- C:\WINDOWS.0\System32\vsconfig.xml
[2010/07/02 15:08:26 | 000,004,212 | -H-- | M] () -- C:\WINDOWS.0\System32\zllictbl.dat
[2010/07/02 15:08:25 | 000,000,731 | ---- | M] () -- C:\Users\Administrator\Desktop\ZoneAlarm Security.lnk
[2010/06/30 00:40:57 | 000,000,075 | ---- | M] () -- C:\WINDOWS.0\System32\ssprs.dll
[2010/06/30 00:40:57 | 000,000,021 | ---- | M] () -- C:\WINDOWS.0\SurCode.INI
[2010/06/30 00:40:57 | 000,000,014 | ---- | M] () -- C:\WINDOWS.0\System32\tmpPrst.tgz
[2010/06/30 00:40:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS.0\System32\tmpPrst.dll
[2010/06/30 00:40:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS.0\System32\lsprst7.dll
[2010/06/29 23:48:18 | 000,010,231 | ---- | M] () -- C:\Users\Administrator\My Documents\LEIB YOSSEF KAMINSKY.docx
[2010/06/29 13:08:38 | 002,861,056 | ---- | M] () -- C:\Users\Administrator\My Documents\M
[1 C:\Users\Administrator\My Documents\*.tmp files -> C:\Users\Administrator\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/07/28 19:57:07 | 000,000,332 | ---- | C] () -- C:\WINDOWS.0\tasks\HP WEP.job
[2010/07/28 11:14:24 | 000,000,162 | -H-- | C] () -- C:\Users\Administrator\My Documents\~$even Kaminsky 2010.doc
[2010/07/26 16:53:56 | 000,525,824 | ---- | C] () -- C:\Users\Administrator\Desktop\dds.scr
[2010/07/23 16:57:23 | 000,002,141 | ---- | C] () -- C:\Users\All Users\Desktop\iTunes.lnk
[2010/07/23 16:50:11 | 000,001,608 | ---- | C] () -- C:\Users\All Users\Desktop\QuickTime Player.lnk
[2010/07/23 16:37:56 | 000,002,191 | ---- | C] () -- C:\Users\All Users\Desktop\Safari.lnk
[2010/07/22 15:58:30 | 002,272,512 | ---- | C] () -- C:\Users\Administrator\Desktop\4120W117.ZIP
[2010/07/22 11:56:44 | 000,152,570 | ---- | C] () -- C:\Users\Administrator\Desktop\Machinist2.1.setup.exe
[2010/07/21 13:27:03 | 000,000,867 | ---- | C] () -- C:\Users\All Users\Desktop\Ad-Aware.lnk
[2010/07/21 08:35:54 | 000,011,705 | ---- | C] () -- C:\Users\Administrator\My Documents\ILOVE YOU ARE YSHIRA FOR YOSSEF.docx
[2010/07/19 19:08:13 | 000,001,055 | ---- | C] () -- C:\Users\Administrator\Desktop\mbam-log-2010-07-19 (18-11-43).rar
[2010/07/18 19:50:42 | 000,000,700 | ---- | C] () -- C:\Users\Administrator\Desktop\VSO DivxToDVD.lnk
[2010/07/16 16:05:36 | 009,361,717 | ---- | C] () -- C:\Users\Administrator\Desktop\DVDneXtCOPY_Ultimate_V3_0_4_1.exe
[2010/07/16 16:05:31 | 002,227,712 | ---- | C] () -- C:\Users\Administrator\Desktop\DVDneXtCOPY_3.0_Ult_FIX.msi
[2010/07/14 10:19:31 | 000,000,472 | ---- | C] () -- C:\WINDOWS.0\tasks\Ad-Aware Update (Weekly).job
[2010/07/12 21:47:20 | 000,038,878 | ---- | C] () -- C:\Users\Administrator\Desktop\planebdayparty1.jpg
[2010/07/05 12:08:53 | 000,009,970 | ---- | C] () -- C:\Users\Administrator\My Documents\Doc3.docx
[2010/07/04 17:48:52 | 000,014,663 | ---- | C] () -- C:\Users\Administrator\My Documents\info for gan shira.docx
[2010/07/02 15:08:25 | 000,000,731 | ---- | C] () -- C:\Users\Administrator\Desktop\ZoneAlarm Security.lnk
[2010/06/30 00:40:57 | 000,000,075 | ---- | C] () -- C:\WINDOWS.0\System32\ssprs.dll
[2010/06/30 00:40:57 | 000,000,014 | ---- | C] () -- C:\WINDOWS.0\System32\tmpPrst.tgz
[2010/06/30 00:40:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS.0\System32\tmpPrst.dll
[2010/06/30 00:40:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS.0\System32\lsprst7.dll
[2010/06/29 23:48:17 | 000,010,231 | ---- | C] () -- C:\Users\Administrator\My Documents\LEIB YOSSEF KAMINSKY.docx
[2010/06/29 13:08:38 | 002,861,056 | ---- | C] () -- C:\Users\Administrator\My Documents\M
[2010/06/07 17:31:33 | 000,001,029 | ---- | C] () -- C:\WINDOWS.0\maxlink.ini
[2010/01/19 15:40:52 | 008,330,560 | ---- | C] () -- C:\WINDOWS.0\System32\vaengine.dll
[2009/11/05 00:44:32 | 000,000,129 | ---- | C] () -- C:\WINDOWS.0\Quicken.ini
[2009/11/05 00:44:32 | 000,000,052 | ---- | C] () -- C:\WINDOWS.0\intuprof.ini
[2009/10/20 11:31:20 | 000,000,069 | ---- | C] () -- C:\WINDOWS.0\NeroDigital.ini
[2009/10/20 10:06:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS.0\SETUP32.INI
[2009/07/20 18:24:31 | 000,000,633 | ---- | C] () -- C:\WINDOWS.0\E-REGTLC.INI
[2009/07/16 19:32:48 | 000,000,051 | ---- | C] () -- C:\WINDOWS.0\TLCAPPS.INI
[2009/06/03 08:26:33 | 000,363,520 | ---- | C] () -- C:\WINDOWS.0\System32\PsisDecd.dll
[2009/06/03 08:02:27 | 000,237,568 | R--- | C] () -- C:\WINDOWS.0\System32\qtmlClient.dll
[2009/06/03 08:02:27 | 000,002,371 | ---- | C] () -- C:\WINDOWS.0\Graffiti5.2Pin.ini
[2009/05/07 18:24:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS.0\AUTORUN.INI
[2009/05/07 18:24:09 | 000,000,328 | ---- | C] () -- C:\WINDOWS.0\SIERRA.INI
[2009/05/06 20:14:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS.0\System32\xvidvfw.dll
[2009/05/02 23:23:35 | 000,000,033 | ---- | C] () -- C:\WINDOWS.0\avitoipod.ini
[2009/04/26 08:49:18 | 000,077,824 | R--- | C] () -- C:\WINDOWS.0\System32\HPZIDS01.dll
[2009/04/23 19:06:51 | 000,286,720 | ---- | C] () -- C:\WINDOWS.0\System32\nvnt4cpl.dll
[2009/04/23 13:34:56 | 000,031,745 | ---- | C] () -- C:\WINDOWS.0\System32\nkreg32.dll
[2009/04/23 13:34:56 | 000,030,721 | ---- | C] () -- C:\WINDOWS.0\System32\asindis.dll
[2009/04/23 13:34:56 | 000,023,552 | ---- | C] () -- C:\WINDOWS.0\System32\2itwwun.dll
[2009/04/23 13:34:55 | 000,071,680 | ---- | C] () -- C:\WINDOWS.0\System32\CTMMACTL.DLL
[2009/04/23 13:34:54 | 000,037,888 | ---- | C] () -- C:\WINDOWS.0\System32\CTBURST.DLL
[2009/04/23 13:34:41 | 000,086,446 | ---- | C] () -- C:\WINDOWS.0\System32\instwdm.ini
[2009/04/23 13:34:41 | 000,000,307 | ---- | C] () -- C:\WINDOWS.0\System32\KILL.INI
[2009/04/23 13:34:41 | 000,000,054 | ---- | C] () -- C:\WINDOWS.0\System32\ctzapxx.ini
[2009/04/23 04:06:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS.0\CTXFIRES.DLL
[2009/04/23 03:45:51 | 000,271,264 | ---- | C] () -- C:\WINDOWS.0\System32\vbrun100.dll
[2009/04/23 03:45:26 | 000,175,616 | ---- | C] () -- C:\WINDOWS.0\System32\mmm.dll
[2009/04/23 03:45:22 | 000,000,133 | ---- | C] () -- C:\WINDOWS.0\System32\cpuz.ini
[2009/03/10 23:34:23 | 000,002,048 | ---- | C] () -- C:\WINDOWS.0\System32\sysprs7.dll
[2009/03/10 23:34:23 | 000,001,025 | ---- | C] () -- C:\WINDOWS.0\System32\clauth2.dll
[2009/03/10 23:34:23 | 000,001,025 | ---- | C] () -- C:\WINDOWS.0\System32\clauth1.dll
[2009/03/10 23:34:23 | 000,000,021 | ---- | C] () -- C:\WINDOWS.0\SurCode.INI
[2008/02/08 03:13:44 | 000,319,488 | ---- | C] () -- C:\WINDOWS.0\System32\LS3Renderer.dll
[2008/02/06 20:05:18 | 000,163,840 | ---- | C] () -- C:\WINDOWS.0\System32\hppatusg01.dll
[2007/03/31 10:00:06 | 000,032,768 | ---- | C] () -- C:\WINDOWS.0\System32\perielloui.dll
[2007/01/25 12:04:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS.0\System32\mase32.dll
[2007/01/25 12:04:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS.0\System32\ma32.dll
[2006/12/02 05:00:00 | 000,394,240 | ---- | C] () -- C:\WINDOWS.0\System32\HMTCD.dll
[2006/12/02 05:00:00 | 000,000,125 | ---- | C] () -- C:\WINDOWS.0\System32\oeminfo.ini
[2005/10/20 19:32:02 | 000,647,168 | ---- | C] () -- C:\WINDOWS.0\System32\pqdvdb.dll
[2005/10/14 06:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS.0\System32\qt-dx331.dll
[2005/10/14 06:56:50 | 000,765,952 | ---- | C] () -- C:\WINDOWS.0\System32\xvidcore.dll
[2005/10/14 06:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS.0\System32\xvid.dll
[2003/10/17 13:59:12 | 008,330,560 | ---- | C] () -- C:\WINDOWS.0\System32\vaesaver.dll
[2002/08/09 13:15:16 | 000,101,376 | ---- | C] () -- C:\WINDOWS.0\System32\Welsof32.dll
[2002/01/08 16:57:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS.0\System32\Jpeg32.dll
[2001/07/06 13:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS.0\System32\hptcpmon.ini
========== Custom Scans ==========
< Under the Custom Scan box paste this in >
< >
< %SYSTEMDRIVE%\*.* >
[2009/04/25 21:51:45 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/07/28 00:54:39 | 000,036,366 | ---- | M] () -- C:\aaw7boot.log
[2009/04/23 03:49:27 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/06/01 23:46:14 | 000,000,366 | ---- | M] () -- C:\Boot.bak
[2009/10/12 07:40:46 | 000,000,437 | RHS- | M] () -- C:\boot.ini
[2004/08/03 08:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2009/04/23 03:49:27 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/10/19 06:05:52 | 000,000,116 | ---- | M] () -- C:\DeQuarantine.txt
[2010/07/22 14:31:13 | 000,000,026 | ---- | M] () -- C:\DVDPlayer.log
[2010/07/22 14:27:09 | 030,353,255 | ---- | M] () -- C:\HighLogging.log
[2009/04/23 03:49:27 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/01/10 12:54:15 | 1053,532,666 | ---- | M] () -- C:\lieb.avi
[2010/01/10 12:54:36 | 003,390,168 | ---- | M] () -- C:\lieb.avi.A.index
[2010/01/10 12:54:34 | 003,335,824 | ---- | M] () -- C:\lieb.avi.index
[2010/01/10 12:54:36 | 000,003,637 | ---- | M] () -- C:\lieb.scn
[2009/05/21 23:20:32 | 000,004,929 | ---- | M] () -- C:\mcdbp.log
[2009/04/23 03:49:27 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
[2006/12/02 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2006/12/02 05:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/07/28 00:54:39 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/05/05 04:32:06 | 000,000,510 | ---- | M] () -- C:\updatedatfix.log
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006/04/19 06:21:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS.0\Fonts\GlobalMonospace.CompositeFont
[2006/07/02 08:37:10 | 000,026,489 | ---- | M] () -- C:\WINDOWS.0\Fonts\GlobalSansSerif.CompositeFont
[2006/04/19 06:21:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS.0\Fonts\GlobalSerif.CompositeFont
[2006/07/02 08:37:12 | 000,030,808 | ---- | M] () -- C:\WINDOWS.0\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/04/23 03:48:52 | 000,000,067 | -HS- | M] () -- C:\WINDOWS.0\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/10/14 02:43:18 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/04/10 00:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS.0\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2006/10/26 05:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\system32\spool\prtprocs\w32x86\msonpppr.dll
[2002/01/08 15:51:00 | 000,047,616 | ---- | M] (Black Ice Software) -- C:\WINDOWS.0\system32\spool\prtprocs\w32x86\ppbiPr.dll
[2006/10/14 02:44:44 | 000,671,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
[2007/08/29 02:06:10 | 000,057,344 | ---- | M] (Zenographics, Inc.) -- C:\WINDOWS.0\system32\spool\prtprocs\w32x86\ZIMFPRNT.DLL
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
[2009/05/24 02:56:37 | 000,001,666 | -H-- | M] () -- C:\Users\Administrator\Application Data\Microsoft\LastFlashConfig.WFC
< %PROGRAMFILES%\*.* >
[2008/10/20 07:47:54 | 000,923,547 | ---- | M] () -- C:\Program Files\7z460.exe
[2008/11/16 13:06:48 | 000,069,815 | ---- | M] () -- C:\Program Files\QtimeKeys.JPG
[2008/08/20 00:05:00 | 023,766,320 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2010/05/31 20:49:41 | 000,005,120 | -HS- | M] () -- C:\Program Files\Thumbs.db
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2006/10/16 22:58:06 | 000,346,624 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS.0\system32\dxtmsft.dll
[2006/10/16 22:57:50 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS.0\system32\dxtrans.dll
[2006/10/16 23:33:40 | 000,191,488 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS.0\system32\iepeers.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009/04/23 13:30:50 | 000,073,728 | ---- | M] () -- C:\WINDOWS.0\system32\config\default.sav
[2009/04/23 13:30:50 | 000,651,264 | ---- | M] () -- C:\WINDOWS.0\system32\config\software.sav
[2009/04/23 13:30:50 | 000,860,160 | ---- | M] () -- C:\WINDOWS.0\system32\config\system.sav
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
========== Alternate Data Streams ==========
@Alternate Data Stream - 140 bytes -> C:\Users\All Users\Application Data\TEMP:04A2BA27
@Alternate Data Stream - 115 bytes -> C:\Users\All Users\Application Data\TEMP:A988B257
@Alternate Data Stream - 110 bytes -> C:\Users\All Users\Application Data\TEMP:417EFB56
< End of report >
Edited by supercool1, 28 July 2010 - 10:48 PM.
Sign In
Create Account
