OTViewIt logfile created on: 11/20/2008 8:47:08 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Johnny\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.98 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.52% Memory free
3.83 Gb Paging File | 3.03 Gb Available in Paging File | 79.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.58 Gb Total Space | 3.83 Gb Free Space | 14.98% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
Drive E: | 232.70 Gb Total Space | 63.55 Gb Free Space | 27.31% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JCMV
Current User Name: Johnny
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
========== Processes ==========
[2007/10/08 20:56:32 | 00,147,456 | ---- | M] (Apple Inc.) -- C:\WINDOWS\system32\IRW.exe
[2007/10/08 22:06:08 | 00,419,120 | ---- | M] (Apple Inc.) -- C:\Program Files\Boot Camp\KbdMgr.exe
[2007/10/08 20:59:16 | 16,384,512 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
[2004/08/04 12:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\RUNDLL32.EXE
[2005/04/04 18:58:30 | 00,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
[2008/08/08 05:11:12 | 00,490,952 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
[2005/04/04 18:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
[2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/10/08 22:04:54 | 00,140,592 | ---- | M] () -- C:\WINDOWS\system32\AppleOSSMgr.exe
[2007/10/08 22:05:36 | 00,099,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\system32\AppleTimeSrv.exe
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2007/10/08 20:58:58 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/01/30 04:52:22 | 00,106,496 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
[2005/04/04 18:58:30 | 03,502,080 | ---- | M] () -- C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
[2007/10/07 07:27:54 | 00,053,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- E:\aawservice.exe
[2008/11/20 13:58:30 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
[2008/11/20 13:58:34 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
[2008/11/20 13:58:32 | 01,234,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2008/11/20 13:58:40 | 00,540,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
[2003/08/06 13:24:20 | 12,037,688 | ---- | M] (Microsoft Corporation) -- C:\PROGRA~1\MICROS~3\OFFICE11\WINWORD.EXE
[2007/10/07 07:34:18 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/11/20 17:39:28 | 00,171,448 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[2007/10/07 07:27:54 | 00,053,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/11/20 20:46:52 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Johnny\Desktop\OTViewIt.exe
========== (O23) Win32 Services ==========
[2007/12/30 19:52:20 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2005/04/04 18:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2 [Auto | Running])
[2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/08 22:04:54 | 00,140,592 | ---- | M] () -- C:\WINDOWS\system32\AppleOSSMgr.exe -- (AppleOSSMgr [Auto | Running])
[2007/10/08 22:05:36 | 00,099,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\system32\AppleTimeSrv.exe -- (AppleTimeSrv [Auto | Running])
[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/06/02 11:13:16 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2007/10/08 20:58:58 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/08/02 14:18:50 | 00,086,016 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
[2008/01/30 04:52:22 | 00,106,496 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- E:\aawservice.exe -- (aawservice [Auto | Running])
[2008/11/20 13:58:30 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2008/11/20 17:39:26 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
========== Driver Services ==========
[2007/10/08 20:56:44 | 00,004,224 | ---- | M] (Apple Inc.) -- C:\WINDOWS\system32\DRIVERS\aapltctp.sys -- (aapltctp [On_Demand | Running])
[2007/10/08 20:56:44 | 00,035,072 | ---- | M] (Apple Inc.) -- C:\WINDOWS\system32\DRIVERS\aapltp.sys -- (aapltp [On_Demand | Running])
[2007/10/08 20:56:14 | 00,008,064 | ---- | M] (Apple Inc.) -- C:\WINDOWS\system32\DRIVERS\applebt.sys -- (applebt [On_Demand | Running])
[2007/10/08 20:56:54 | 01,296,800 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\DRIVERS\ar5416.sys -- (AR5416 [On_Demand | Stopped])
[2004/08/03 23:10:40 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\BthEnum.sys -- (BthEnum [On_Demand | Running])
[2007/10/08 20:56:10 | 00,007,424 | ---- | M] (Apple Inc.) -- C:\WINDOWS\system32\DRIVERS\BthKicker.sys -- (BthKicker [On_Demand | Stopped])
[2004/08/03 22:58:40 | 00,100,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\bthpan.sys -- (BthPan [On_Demand | Running])
[2004/08/03 23:10:38 | 00,274,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\BTHport.sys -- (BTHPORT [On_Demand | Stopped])
[2004/08/03 23:10:36 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\BTHUSB.sys -- (BTHUSB [On_Demand | Running])
[2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2007/10/07 14:11:40 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
[2007/03/08 12:20:48 | 00,049,920 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2007/03/08 12:20:50 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2007/03/08 12:20:50 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2007/10/08 20:59:18 | 04,607,488 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2007/10/08 20:56:32 | 00,016,512 | ---- | M] (Apple Inc.) -- C:\WINDOWS\system32\DRIVERS\IRFilter.sys -- (IRRemoteFlt [On_Demand | Running])
[2004/08/04 12:00:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\kbdhid.sys -- (kbdhid [System | Running])
[2007/10/08 20:56:38 | 00,004,864 | ---- | M] (Apple Inc.) -- C:\WINDOWS\system32\drivers\KeyAgent.sys -- (KeyAgent [Auto | Running])
[2007/10/08 20:56:24 | 00,017,920 | ---- | M] (Apple Inc.) -- C:\WINDOWS\system32\DRIVERS\KeyMagic.sys -- (KeyMagic [On_Demand | Running])
[2007/10/08 20:56:22 | 00,006,528 | ---- | M] (Apple Inc.) -- C:\WINDOWS\system32\drivers\MacHALDriver.sys -- (MacHALDriver [Auto | Running])
[2004/08/04 12:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
[2005/08/02 14:10:14 | 00,032,512 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
[2007/10/08 20:58:46 | 06,346,688 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
[2005/09/18 18:02:52 | 00,005,632 | ---- | M] () -- E:\PeerGuardian2\pgfilter.sys -- (pgfilter [On_Demand | Stopped])
[2004/08/04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
[2004/08/03 23:10:40 | 00,059,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\rfcomm.sys -- (RFCOMM [On_Demand | Running])
[2007/10/07 14:12:50 | 00,062,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\rspndr.sys -- (rspndr [Auto | Running])
[2006/02/16 03:07:34 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\sbp2port.sys -- (sbp2port [Boot | Running])
[2007/10/07 14:12:52 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
[2008/10/05 11:59:04 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
[2005/07/30 02:01:14 | 00,121,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\usbvideo.sys -- (usbvideo [On_Demand | Running])
[2007/10/01 15:17:34 | 00,011,520 | ---- | M] (Western Digital Technologies) -- C:\WINDOWS\system32\DRIVERS\wdcsam.sys -- (WDC_SAM [On_Demand | Running])
[2006/11/02 07:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\Wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2007/10/08 20:58:04 | 00,255,232 | ---- | M] (Marvell) -- C:\WINDOWS\system32\DRIVERS\yk51x86.sys -- (yukonwxp [On_Demand | Running])
[2008/11/20 13:58:44 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/11/20 13:58:46 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
File not found -- -- (IKFileSec [Unknown | Running])
File not found -- -- (IKSysFlt [Unknown | Running])
File not found -- -- (IKSysSec [Unknown | Running])
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.uk.msn.com/
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local
========== (O1) Hosts File ==========
HOSTS File = (288033 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1
www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1
www.008k.com
127.0.0.1 008k.com
127.0.0.1
www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1
www.032439.com
127.0.0.1 032439.com
127.0.0.1
www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1
www.1000gratisproben.com
127.0.0.1
www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1
www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1
www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1
www.10sek.com
127.0.0.1
www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
9926 more lines...
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{A057A204-BACC-4D26-9990-79A187E2698E} (HKLM) -- C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (AVG, Technologies CZ, s.r.o )
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\program files\google\googletoolbar1.dll (Google Inc.)
========== (O3) Toolbars ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\program files\google\googletoolbar1.dll (Google Inc.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (AVG, Technologies CZ, s.r.o )
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\program files\google\googletoolbar1.dll (Google Inc.)
"{32099AAC-C132-4136-9E9A-4E364A424E17}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (AVG, Technologies CZ, s.r.o )
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Version Cue CS2"=C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
"Apple_KbdMgr"=C:\Program Files\Boot Camp\KbdMgr.exe (Apple Inc.)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"IRW"=C:\WINDOWS\system32\IRW.exe (Apple Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
========== (O4) Startup Folders ==========
========== (O6 & O7) Current Version Policies ==========
[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
========== (O8) IE Context Menu Extensions ==========
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.5.0\bin\npjpi150.dll [2008/02/11 20:55:48 | 00,069,740 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %SystemDrive%\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\Network Diagnostic\xpnetdiag.exe [2007/10/07 14:13:28 | 00,557,568 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2007/10/07 16:28:04 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2007/10/07 16:28:04 | 01,694,208 | ---- | M] (Microsoft Corporation)
========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" =
http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O15) Trusted Sites ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}:
http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab -- GMNRev Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}:
http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab -- Java Plug-in 1.5.0
{8FEFF364-6A5F-4966-A917-A3AC28411659}:
http://download.sopcast.com/download/SOPCORE.CAB -- SopCore Control
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}:
http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab -- Java Plug-in 1.5.0
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}:
http://www.adobe.com/products/acrobat/nos/gp.cab -- get_atlcom Class
========== (O17) DNS Name Servers ==========
{0B77EF44-5B33-47F5-AFEA-AD9ED2D0C539} (Servers: | Description: Marvell Yukon 88E8058 PCI-E Gigabit Ethernet Controller)
{4DCB0599-D56F-4F8B-BF1B-D67EFCFBD69C} (Servers: | Description: Atheros AR5008 Wireless Network Adapter)
{65A76E54-76C6-494A-89F1-3E8AB65A7F4A} (Servers: | Description: )
{6BE0DB7F-33F5-481D-9B49-29CA6AD54090} (Servers: | Description: 1394 Net Adapter)
{766FD98A-E384-4B8D-9A46-C9C52B82B92A} (Servers: | Description: 1394 Net Adapter)
{B0B50CA2-4877-46A2-ADB7-070967F37978} (Servers: | Description: 1394 Net Adapter)
{C275D7EC-5E75-4D9E-8E74-D419D2D52866} (Servers: | Description: )
========== (O20) AppInit_DLLs ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll
>[2008/11/20 13:58:52 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll
========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
Antiwpa: "DllName" = antiwpa.dll -- C:\WINDOWS\system32\antiwpa.dll ()
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ==========
AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[2008/06/04 15:27:08 | 00,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ FAT32 ]
========== MountPoints2 ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca7a562e-3031-11dd-bb96-001b6361161b}\Shell\AutoRun\command]
""=E:\wd_windows_tools\WDEULA.exe -- File not found
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd50552e-3284-11dd-a2c7-001b6361161b}\Shell\AutoRun\command]
""=F:\system\viewer\FlipVideoforPC.exe -- File not found
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd50552e-3284-11dd-a2c7-001b6361161b}\Shell\Flip Video for PC\command]
""=F:\system\viewer\FlipVideoforPC.exe -- File not found
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd505530-3284-11dd-a2c7-001b6361161b}\Shell\AutoRun\command]
""=F:\system\viewer\FlipVideoforPC.exe -- File not found
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd505530-3284-11dd-a2c7-001b6361161b}\Shell\Flip Video for PC\command]
""=F:\system\viewer\FlipVideoforPC.exe -- File not found
========== Files/Folders - Created Within 30 Days ==========
[2008/11/20 20:47:22 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Johnny\Desktop\gmer.zip
[2008/11/20 20:46:49 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Johnny\Desktop\OTViewIt.exe
[2008/11/20 20:43:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Johnny\Desktop\WowScreen
[2008/11/20 18:03:10 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Johnny\Desktop\~$Cup of Tea Mansfield.docx
[2008/11/20 18:02:34 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Johnny\Desktop\~$cture on beauty Montagu, Plath, Mansfield.docx
[2008/11/20 17:51:01 | 00,093,239 | ---- | C] () -- C:\Documents and Settings\Johnny\Desktop\lecture on beauty Montagu, Plath, Mansfield.docx
[2008/11/20 17:50:57 | 00,019,287 | ---- | C] () -- C:\Documents and Settings\Johnny\Desktop\A Cup of Tea Mansfield.docx
[2008/11/20 17:39:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/11/20 17:38:34 | 13,596,592 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Johnny\Desktop\sdsetup.exe
[2008/11/20 17:03:59 | 00,001,638 | ---- | C] () -- C:\Documents and Settings\Johnny\Desktop\HijackThis.lnk
[2008/11/20 17:03:58 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/11/20 17:03:49 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Johnny\Desktop\HJTInstall.exe
[2008/11/20 16:22:13 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\Johnny\Desktop\Spybot - Search & Destroy.lnk
[2008/11/20 16:22:07 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/11/20 16:22:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/11/20 16:21:00 | 15,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Johnny\Desktop\spybotsd160.exe
[2008/11/20 16:16:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Johnny\Desktop\Screenshots
[2008/11/20 16:06:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2008/11/20 16:06:05 | 33,138,928 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Johnny\Desktop\kav8.0.0.454en.exe
[2008/11/20 16:04:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Johnny\Desktop\Virus
[2008/11/20 15:45:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Johnny\Desktop\Week 12
[2008/11/20 13:58:50 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/11/20 13:58:50 | 00,001,411 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/11/20 13:58:45 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/11/20 13:58:42 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/11/20 13:58:40 | 30,240,653 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/11/20 13:58:40 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/11/20 13:58:40 | 00,334,743 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/11/20 13:58:40 | 00,042,274 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/11/20 13:58:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2008/11/20 13:58:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Johnny\Application Data\AVGTOOLBAR
[2008/11/20 13:58:28 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2008/11/20 13:58:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2008/11/20 13:44:16 | 00,000,282 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/11/20 13:44:16 | 00,000,282 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/11/20 12:58:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/11/19 18:55:34 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Johnny\My Documents\~$L394AndroidsDiscussion.doc
[2008/11/18 23:51:34 | 00,000,000 | -HSD | C] -- C:\FOUND.005
[2008/11/18 18:25:23 | 00,793,220 | ---- | C] () -- C:\Documents and Settings\Johnny\My Documents\21932477[1].pdf
[2008/11/17 23:31:46 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Johnny\My Documents\PHL394AndroidsDiscussion.doc
[2008/11/17 23:28:22 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\Johnny\My Documents\Marion, #11.doc
[2008/11/17 20:04:54 | 00,004,096 | -H-- | C] () -- C:\Documents and Settings\Johnny\Desktop\._Women and Madness and general bibliography.docx
[2008/11/17 20:04:54 | 00,004,096 | -H-- | C] () -- C:\Documents and Settings\Johnny\Desktop\._Syllabus English 364 Revised 2.docx
[2008/11/17 20:04:54 | 00,004,096 | -H-- | C] () -- C:\Documents and Settings\Johnny\Desktop\._Schedule for final research paper.docx
[2008/11/15 07:03:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Johnny\Desktop\QuestHelper-0.67
[2008/11/15 07:02:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Johnny\Desktop\Advanced
[2008/11/15 07:01:41 | 00,000,274 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2008/11/15 07:01:33 | 00,000,239 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/11/15 07:01:18 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/10/30 17:04:20 | 00,001,523 | ---- | C] () -- C:\Documents and Settings\Johnny\Desktop\Frozen Throne.lnk
[2008/10/30 16:54:46 | 00,001,516 | ---- | C] () -- C:\Documents and Settings\Johnny\Desktop\Warcraft III.lnk
[2008/10/30 16:54:43 | 00,076,935 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2008/10/30 16:54:42 | 00,139,264 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\War3Unin.exe
[2008/10/30 16:54:42 | 00,002,829 | ---- | C] () -- C:\WINDOWS\War3Unin.pif
[2008/10/30 16:50:18 | 00,000,000 | ---D | C] -- C:\Program Files\Warcraft III
[2008/10/30 16:20:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard
========== Files - Modified Within 30 Days ==========
[2008/11/20 20:47:24 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Johnny\Desktop\gmer.zip
[2008/11/20 20:46:52 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Johnny\Desktop\OTViewIt.exe
[2008/11/20 18:03:12 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Johnny\Desktop\~$Cup of Tea Mansfield.docx
[2008/11/20 18:02:36 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Johnny\Desktop\~$cture on beauty Montagu, Plath, Mansfield.docx
[2008/11/20 17:51:02 | 00,093,239 | ---- | M] () -- C:\Documents and Settings\Johnny\Desktop\lecture on beauty Montagu, Plath, Mansfield.docx
[2008/11/20 17:50:58 | 00,019,287 | ---- | M] () -- C:\Documents and Settings\Johnny\Desktop\A Cup of Tea Mansfield.docx
[2008/11/20 17:45:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/11/20 17:41:22 | 00,458,340 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/11/20 17:41:22 | 00,392,864 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/20 17:41:22 | 00,058,998 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/11/20 17:38:36 | 13,596,592 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Johnny\Desktop\sdsetup.exe
[2008/11/20 17:04:00 | 00,001,638 | ---- | M] () -- C:\Documents and Settings\Johnny\Desktop\HijackThis.lnk
[2008/11/20 17:03:52 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Johnny\Desktop\HJTInstall.exe
[2008/11/20 17:01:04 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\Johnny\Desktop\Spybot - Search & Destroy.lnk
[2008/11/20 16:40:38 | 30,240,653 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/11/20 16:40:22 | 00,334,743 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/11/20 16:40:22 | 00,042,274 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/11/20 16:21:02 | 15,083,520 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Johnny\Desktop\spybotsd160.exe
[2008/11/20 16:06:04 | 33,138,928 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Johnny\Desktop\kav8.0.0.454en.exe
[2008/11/20 13:58:52 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/11/20 13:58:52 | 00,001,411 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/11/20 13:58:46 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/11/20 13:58:44 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/11/20 13:58:42 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/11/20 13:56:58 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Johnny\My Documents\PHL394AndroidsDiscussion.doc
[2008/11/20 13:44:18 | 00,000,282 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/11/20 13:44:18 | 00,000,282 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/11/19 19:59:20 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/11/19 19:59:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/11/19 19:59:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/11/19 18:55:36 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Johnny\My Documents\~$L394AndroidsDiscussion.doc
[2008/11/19 12:39:06 | 00,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2008/11/18 18:54:14 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Johnny\My Documents\Marion, #11.doc
[2008/11/18 18:25:24 | 00,793,220 | ---- | M] () -- C:\Documents and Settings\Johnny\My Documents\21932477[1].pdf
[2008/11/17 20:04:54 | 00,004,096 | -H-- | M] () -- C:\Documents and Settings\Johnny\Desktop\._Women and Madness and general bibliography.docx
[2008/11/17 20:04:54 | 00,004,096 | -H-- | M] () -- C:\Documents and Settings\Johnny\Desktop\._Syllabus English 364 Revised 2.docx
[2008/11/17 20:04:54 | 00,004,096 | -H-- | M] () -- C:\Documents and Settings\Johnny\Desktop\._Schedule for final research paper.docx
[2008/11/16 20:52:42 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Johnny\Desktop\Microsoft Office Word 2003.lnk
[2008/11/15 19:36:36 | 00,000,008 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2008/11/15 07:01:44 | 00,000,239 | ---- | M] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/11/15 07:01:42 | 00,000,274 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2008/10/30 17:07:30 | 00,076,935 | ---- | M] () -- C:\WINDOWS\War3Unin.dat
[2008/10/30 17:04:22 | 00,001,523 | ---- | M] () -- C:\Documents and Settings\Johnny\Desktop\Frozen Throne.lnk
[2008/10/30 17:04:06 | 00,139,264 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\War3Unin.exe
[2008/10/30 17:04:06 | 00,002,829 | ---- | M] () -- C:\WINDOWS\War3Unin.pif
[2008/10/30 16:54:48 | 00,001,516 | ---- | M] () -- C:\Documents and Settings\Johnny\Desktop\Warcraft III.lnk
< End of report >
========================================================================================================================================================================
OTViewIt Extras logfile created on: 11/20/2008 8:47:08 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Johnny\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.98 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.52% Memory free
3.83 Gb Paging File | 3.03 Gb Available in Paging File | 79.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.58 Gb Total Space | 3.83 Gb Free Space | 14.98% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
Drive E: | 232.70 Gb Total Space | 63.55 Gb Free Space | 27.31% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JCMV
Current User Name: Johnny
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2007/10/07 14:13:28 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled
xpsp3res.dll,-20000
[2004/08/04 05:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled
xpsp2res.dll,-22019
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2007/10/07 14:13:28 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled
xpsp3res.dll,-20000
[2004/08/04 05:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled
xpsp2res.dll,-22019
[2008/06/19 17:24:48 | 02,330,624 | ---- | M] () -- C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad
[2005/04/04 18:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2
[2007/10/07 07:34:18 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
File not found -- E:\Azureus\Azureus.exe:*:Enabled:Azureus
File not found -- E:\Warcraft III\War3.exe:*:Enabled:Warcraft III
[2008/01/08 16:45:36 | 01,220,608 | ---- | M] (Blizzard Entertainment) -- E:\Starcraft\StarCraft.exe:*:Enabled:Starcraft
File not found -- E:\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III
[2007/12/13 00:33:12 | 00,567,384 | ---- | M] (
www.sopcast.com) -- C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/06/02 11:13:18 | 20,638,504 | ---- | M] (Apple Inc.) -- E:\iTunes\iTunes.exe:*:Enabled:iTunes
[2007/12/03 19:28:42 | 00,254,976 | ---- | M] (Azureus Inc) -- C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus
File not found -- C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord
File not found -- E:\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility
[2008/05/19 00:00:00 | 01,873,280 | ---- | M] (Cerulean Studios) -- C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian
File not found -- E:\Wrath of the Lich King Beta\Repair\Repair.exe:*:Enabled:Blizzard Repair Utility
[2008/06/26 17:01:36 | 00,471,040 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\Warcraft III\War3.exe:*:Enabled:Warcraft III
File not found -- E:\Ventrilo.exe:*:Enabled:Ventrilo.exe
[2008/11/20 13:58:32 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
========== (O10) Winsock2 Catalogs ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [Bluetooth Namespace] -- C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/11/20 13:58:38 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])
msdaipp: [HKLM - No CLSID value]
[2004/09/17 14:44:16 | 00,843,472 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2004/09/17 14:44:16 | 00,843,472 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2003/08/04 13:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation) C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[2003/08/01 15:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])
========== (O18) Protocol Filters ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 22:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}"=Adobe Creative Suite 2
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}"=Apple Software Update
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}"=WD Diagnostics
"{1C88E637-5944-463F-BA1F-BC607A76F923}"=EverQuest: Secrets of Faydwer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"{3248F0A8-6813-11D6-A77B-00B0D0150000}"=J2SE Runtime Environment 5.0
"{44734179-8A79-4DEE-BB08-73037F065543}"=Apple Mobile Device Support
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}"=Bonjour
"{51B833D8-66B0-4E72-92B9-4E4977EF37F2}"=WD Drive Manager (x86)
"{5F414D60-8F32-4CA0-8366-8D7DF65076CA}"=AirPort Extreme Admin Utility
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}"=Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}"=Software Update for Web Folders
"{7F4C8163-F259-49A0-A018-2857A90578BC}"=Adobe InDesign CS2
"{82CA0A0C-A3EC-4167-B694-909205B2EDEC}"=muvee Plugin 1.0
"{8777AC6D-89F9-4793-8266-DE406F343E89}"=QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{9F70BF98-003C-491D-81FC-FF9792206AF0}"=iTunes
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{ADBE46EE-54E0-4610-B436-D7E93D829100}"=Adobe Version Cue CS2
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}"=AIO_Scan
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}"=Adobe Illustrator CS2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B74D4E10-1033-0000-0000-000000000001}"=Adobe Bridge 1.0
"{B9A81070-616D-4E93-BE02-CEE651343204}"=WD Anywhere Backup
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}"=Suite Specific
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}"=HP Product Detection
"{DADCF758-378B-4EF8-BB3F-AF60B5B6FCDD}"=AirPort
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E9787678-1033-0000-8E67-000000000001}"=Adobe Help Center 1.0
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}"=Toolbox
"{F0E45628-1218-4865-A516-8E8A54272ADC}"=Boot Camp Services
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}"=32 Bit HP CIO Components Installer
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}"=ViewSonic Windows XP Signed Files
"059BF941BA77F24DED9444B45BB0DAA5353F86EB"=Windows Driver Package - Apple Inc. System (06/21/2007 2.0.0.0)
"0936416DB5978E29D553FACF9DD6F3EFBA1929DA"=Windows Driver Package - Apple Inc. Apple Trackpad (08/28/2007 2.0.1.4)
"0EEF0136F93FA6C5AB723AADEA61FF550D8C60FB"=Windows Driver Package - Broadcom (BCM43XX) Net (01/08/2007 4.80.75.0)
"181B29655BDD6EA3FC483A7E4D1C2ED7735873F0"=Windows Driver Package - Apple Inc. Apple Keyboard (08/30/2007 2.0.1.4)
"18BB9B0552BA675902E31409A34F929D9C9AD56C"=Windows Driver Package - Intel (e1express) Net (04/03/2006 9.3.39.0)
"3ivx MPEG-4 5.0.1 Decoder"=3ivx MPEG-4 5.0.1 Decoder (remove only)
"5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB"=Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"6784A318842714811EC3F8409C3C0F7983B90972"=Windows Driver Package - Apple Inc. Apple Built-in iSight (04/09/2007 1.3.0.0)
"6AB59209597E0F6B986EC8E976521FDF0A696C9D"=Windows Driver Package - Marvell (yukonwxp) Net (03/23/2007 10.12.7.3)
"6AEF368351694A266BAB82596EEA968C73E8FC87"=Windows Driver Package - Apple Inc. Apple Trackpad Enabler (08/28/2007 2.0.1.4)
"80087CDF19A4CE2FBB535E7DC99A0E50FFA25589"=Windows Driver Package - Intel (E1000) Net (01/06/2006 8.6.17.0)
"850625E38080EAF5C2644C07A2510A394019973D"=Windows Driver Package - Apple Inc. (applebt) Bluetooth (06/27/2007 2.0.0.1)
"9B19F92D5E3730EA8D0788B248741F6CC2633DBE"=Windows Driver Package - Apple Inc. Apple IR Receiver (07/16/2007 2.0.0.1)
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe SVG Viewer"=Adobe SVG Viewer 3.0
"Age of Conan_is1"=Age of Conan - Hyborian Adventures
"AVG8Uninstall"=AVG Free 8.0
"CE031DF97C704035E8B6E570362ABD337ACA4BA5"=Windows Driver Package - Atheros (AR5211) Net (04/05/2007 5.3.0.35)
"D66D0ACEFE4E32CCDF30362ACBB3EAEFB97E9FDE"=Windows Driver Package - Atheros (AR5416) Net (06/26/2007 6.0.3.94)
"DarkstoneDeinstKey"=Darkstone
"getPlus(R)_ocx"=getPlus(R)_ocx
"HijackThis"=HijackThis 2.0.2
"InstallShield_{DADCF758-378B-4EF8-BB3F-AF60B5B6FCDD}"=AirPort
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"NVIDIA Drivers"=NVIDIA Drivers
"PeerGuardian_is1"=PeerGuardian 2.0
"SopCast"=SopCast 2.0.4
"Starcraft"=Starcraft
"Trillian"=Trillian
"Vuze"=Vuze
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WinPcapInst"=WinPcap 3.1
"WinRAR archiver"=WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{B9A81070-616D-4E93-BE02-CEE651343204}"=WD Anywhere Backup
"Warcraft III"=Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/11/2008 1:02:38 AM | Computer Name = JCMV | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.20583, faulting
module flash9d.ocx, version 9.0.47.0, fault address 0x00099a25.
Error - 3/12/2008 12:32:06 AM | Computer Name = JCMV | Source = Application Error | ID = 1000
Description = Faulting application eqgame.exe, version 0.0.0.0, faulting module
, version 0.0.0.0, fault address 0x00000000.
Error - 3/20/2008 12:52:13 AM | Computer Name = JCMV | Source = Application Hang | ID = 1002
Description = Hanging application EverQuest2.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 3/21/2008 2:32:35 PM | Computer Name = JCMV | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 7.0.6000.20583, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/12/2008 12:19:11 AM | Computer Name = JCMV | Source = Application Error | ID = 1000
Description = Faulting application ageofconan.exe, version 1.0.0.0, faulting module
ageofconan.exe, version 1.0.0.0, fault address 0x008266d9.
Error - 6/28/2008 6:11:07 PM | Computer Name = JCMV | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 7.0.6000.20583, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/28/2008 6:11:09 PM | Computer Name = JCMV | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 7.0.6000.20583, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 8/28/2008 5:20:12 PM | Computer Name = JCMV | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.20583, faulting
module jscript.dll, version 5.7.0.16535, fault address 0x0001b2bd.
Error - 8/31/2008 1:11:03 AM | Computer Name = JCMV | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 7.0.6000.20583, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/9/2008 9:41:29 PM | Computer Name = JCMV | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 10/30/2008 6:43:45 PM | Computer Name = JCMV | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 001B6391B5AC has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 11/1/2008 9:36:21 AM | Computer Name = JCMV | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.
Error - 11/17/2008 12:17:46 PM | Computer Name = JCMV | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address 001B6391B5AC has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 11/17/2008 12:17:46 PM | Computer Name = JCMV | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.
Error - 11/18/2008 6:07:31 AM | Computer Name = JCMV | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.
Error - 11/19/2008 2:47:52 AM | Computer Name = JCMV | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.105 for the Network Card with network
address 001B6391B5AC has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 11/19/2008 2:48:03 AM | Computer Name = JCMV | Source = Workstation | ID = 5728
Description = Could not load any transport.
Error - 11/19/2008 2:48:03 AM | Computer Name = | Source = DCOM | ID = 10005
Description = DCOM got error "%3" attempting to start the service netman with arguments
"" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 11/20/2008 4:50:05 AM | Computer Name = JCMV | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.
Error - 11/20/2008 4:50:11 AM | Computer Name = JCMV | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 80629ff3, parameter3
b5558b2c, parameter4 00000000.
< End of report >
========================================================================================================================================================================
GMER 1.0.14.14536 -
http://www.gmer.net
Rootkit scan 2008-11-20 21:00:10
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT spmk.sys ZwCreateKey [0xBA6A80E0]
SSDT spmk.sys ZwEnumerateKey [0xBA6C6CA2]
SSDT spmk.sys ZwEnumerateValueKey [0xBA6C7030]
SSDT spmk.sys ZwOpenKey [0xBA6A80C0]
SSDT spmk.sys ZwQueryKey [0xBA6C7108]
SSDT spmk.sys ZwQueryValueKey [0xBA6C6F88]
SSDT spmk.sys ZwSetValueKey [0xBA6C719A]
INT 0x62 ? 89E36BF8
INT 0x63 ? 89E36BF8
INT 0x63 ? 89E36BF8
INT 0x63 ? 8992FBF8
INT 0x63 ? 89E36BF8
INT 0x82 ? 89E36BF8
INT 0x83 ? 8992FBF8
INT 0x83 ? 8992FBF8
INT 0x94 ? 8992FBF8
INT 0xA4 ? 8992FBF8
INT 0xA4 ? 8992FBF8
INT 0xA4 ? 8992FBF8
---- Kernel code sections - GMER 1.0.14 ----
? spmk.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B9D838AC 5 Bytes JMP 8992F1D8
.text aasvzvyn.SYS B9CAD386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ]
.text aasvzvyn.SYS B9CAD3AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text aasvzvyn.SYS B9CAD3C4 3 Bytes [ 00, 70, 02 ]
.text aasvzvyn.SYS B9CAD3C9 1 Byte [ 2E ]
.text aasvzvyn.SYS B9CAD3CB 9 Bytes [ 00, 00, 5A, 02, 00, 00, 00, ... ]
.text ...
---- User code sections - GMER 1.0.14 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!DialogBoxParamW 7E425F8F 5 Bytes JMP 42F0F2A1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!DialogBoxIndirectParamW 7E432062 5 Bytes JMP 430A03AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!MessageBoxIndirectA 7E43A06A 5 Bytes JMP 430A0330 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!DialogBoxParamA 7E43B12C 5 Bytes JMP 430A0374 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!MessageBoxExW 7E450750 5 Bytes JMP 430A02BC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!MessageBoxExA 7E450774 5 Bytes JMP 430A02F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!DialogBoxIndirectParamA 7E456CD0 5 Bytes JMP 430A03EA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!MessageBoxIndirectW 7E466425 5 Bytes JMP 42F31646 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A9040] spmk.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A913C] spmk.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A90BE] spmk.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A97FC] spmk.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A96D2] spmk.sys
IAT \SystemRoot\System32\Drivers\aasvzvyn.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\aasvzvyn.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\aasvzvyn.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\aasvzvyn.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\aasvzvyn.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\aasvzvyn.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\aasvzvyn.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\aasvzvyn.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\aasvzvyn.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\aasvzvyn.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\aasvzvyn.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\aasvzvyn.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\aasvzvyn.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\aasvzvyn.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\aasvzvyn.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\WINDOWS\system32\winlogon.exe[888] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtLockProductActivationKeys] [0500073E] C:\WINDOWS\system32\antiwpa.dll
IAT C:\WINDOWS\system32\winlogon.exe[888] @ C:\WINDOWS\system32\winlogon.exe [USER32.dll!GetSystemMetrics] [05000756] C:\WINDOWS\system32\antiwpa.dll
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Fastfat \FatCdrom 89E351F8
Device \Driver\PCI_PNP9318 \Device\00000050 spmk.sys
Device \Driver\usbuhci \Device\USBPDO-0 8992E1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89DC81F8
Device \Driver\dmio \Device\DmControl\DmConfig 89DC81F8
Device \Driver\dmio \Device\DmControl\DmPnP 89DC81F8
Device \Driver\dmio \Device\DmControl\DmInfo 89DC81F8
Device \Driver\usbehci \Device\USBPDO-1 899171F8
Device \Driver\usbuhci \Device\USBPDO-2 8992E1F8
Device \Driver\usbuhci \Device\USBPDO-3 8992E1F8
Device \Driver\usbehci \Device\USBPDO-4 899171F8
Device \Driver\usbuhci \Device\USBPDO-5 8992E1F8
Device \Driver\usbuhci \Device\USBPDO-6 8992E1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 89E371F8
Device \Driver\Cdrom \Device\CdRom0 898DE1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89E371F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 89E371F8
Device \Driver\Cdrom \Device\CdRom1 898DE1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 89E361F8
Device \Driver\atapi \Device\Ide\IdePort0 89E361F8
Device \Driver\atapi \Device\Ide\IdePort1 89E361F8
Device \Driver\atapi \Device\Ide\IdePort2 89E361F8
Device \Driver\atapi \Device\Ide\IdePort3 89E361F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e 89E361F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{C275D7EC-5E75-4D9E-8E74-D419D2D52866} 89943500
Device \Driver\Ftdisk \Device\HarddiskVolume4 89E371F8
Device \Driver\Ftdisk \Device\HarddiskVolume5 89E371F8
Device \Driver\BTHUSB \Device\000000a8 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBt_Wins_Export 89943500
Device \Driver\sbp2port \Device\Sbp2Port0 89DC61F8
Device \Driver\NetBT \Device\NetbiosSmb 89943500
Device \Driver\sbp2port \Device\Sbp2Port1 89DC61F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{0B77EF44-5B33-47F5-AFEA-AD9ED2D0C539} 89943500
Device \Driver\BTHUSB \Device\000000aa bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 8992E1F8
Device \Driver\sbp2port \Device\Sbp2\WD&My Book&0&0090a9a0_a4929d05_Instance00 89DC61F8
Device \Driver\sbp2port \Device\Sbp2\WD&My Book Device&1&0090a9a0_a4929d05_Instance00 89DC61F8
Device \Driver\usbuhci \Device\USBFDO-1 8992E1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 899BE500
Device \Driver\usbehci \Device\USBFDO-2 899171F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 899BE500
Device \Driver\usbuhci \Device\USBFDO-3 8992E1F8
Device \Driver\sptd \Device\2310725568 spmk.sys
Device \Driver\usbuhci \Device\USBFDO-4 8992E1F8
Device \Driver\Ftdisk \Device\FtControl 89E371F8
Device \Driver\usbuhci \Device\USBFDO-5 8992E1F8
Device \Driver\usbehci \Device\USBFDO-6 899171F8
Device \Driver\aasvzvyn \Device\Scsi\aasvzvyn1Port4Path0Target0Lun0 898D71F8
Device \Driver\aasvzvyn \Device\Scsi\aasvzvyn1 898D71F8
Device \FileSystem\Fastfat \Fat 89E351F8
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 89A182E8
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001b6361161b
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\
[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\
[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\
[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\
[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\
[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\
[email protected] 0xA0 0xCE 0x51 0x9E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\
[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\
[email protected] 0x9B 0x9D 0x4F 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\
[email protected] 0x41 0x12 0x78 0x40 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001b6361161b
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\
[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\
[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\
[email protected] 0xA0 0xCE 0x51 0x9E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\
[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\
[email protected] 0x9B 0x9D 0x4F 0x2D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\
[email protected] 0x41 0x12 0x78 0x40 ...
---- EOF - GMER 1.0.14 ----
