Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

OLTIlist file > when opening yahoo.com, I keep seeing "l/yimg.

Started by karthik204 , May 02 2009 07:55 AM

  • Please log in to reply

#1
karthik204
Posted 02 May 2009 - 07:55 AM

karthik204

    New Member

  • Member
  • Pip
  • 1 posts
My Internet explorer and firefox are very slow! I use Yahoo! as my home page and when I open yahoo.com, I keep seeing "l/yimg.com" on the status bar. My screen flickers once in a while too. please help.



Microsoft Windows XP Professional (5.1.2600) Service Pack 2

C:\ [Fixed] - NTFS - (Total:76316 Mo/Free:661 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Sat 05/02/2009| 8:02

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\ibmpmsvc.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
---------- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
---------- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
---------- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\Drivers\trcboot.exe
---------- C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
---------- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
---------- C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
---------- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
---------- C:\Program Files\C4ebreg\c4ebreg.exe
---------- C:\Program Files\LogMeIn\x86\RaMaint.exe
---------- C:\Program Files\LogMeIn\x86\LogMeIn.exe
---------- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
---------- C:\notes\ntmulti.exe
---------- C:\Program Files\AT&T Network Client\NetCfgSv.EXE
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\WINDOWS\system32\PnkBstrA.exe
---------- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
---------- C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe
---------- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
---------- C:\WINDOWS\System32\TPHDEXLG.EXE
---------- C:\WINDOWS\system32\TpKmpSVC.exe
---------- C:\WINDOWS\system32\Drivers\ldlcserv.exe
---------- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\acs.exe
---------- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\IBM\Personal Communications\tpam.exe
---------- C:\WINDOWS\system32\rundll32.exe
---------- C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
---------- C:\WINDOWS\system32\RunDll32.exe
---------- C:\WINDOWS\system32\rundll32.exe
---------- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
---------- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\WINDOWS\system32\TpShocks.exe
---------- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
---------- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
---------- C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
---------- C:\Program Files\Lexmark 7100 Series\ezprint.exe
---------- C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.3.14\pmonmh.exe
---------- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
---------- C:\Program Files\C4ebreg\isamtray.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
---------- C:\WINDOWS\system32\lxbxcoms.exe
---------- C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
---------- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
---------- C:\Program Files\MSN Messenger\MsnMsgr.Exe
---------- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
---------- C:\Program Files\Desksware\Desktop iCal\Calendar.exe
---------- C:\PROGRA~1\MICROS~3\rapimgr.exe
---------- C:\Program Files\IBM\Bluetooth Software\BTTray.exe
---------- C:\Program Files\IBM\Infoprint Select\ipnotify.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\Program Files\3M\PSNLite\PsnLite.exe
---------- C:\PROGRA~1\3M\PSNLite\PSNGive.exe
---------- C:\Program Files\MSN Messenger\usnsvc.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\Program Files\IBM\My Help\MyHelp.exe
---------- C:\Program Files\IBM\My Help\jre\bin\myhelpw.exe
---------- C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
---------- C:\Program Files\IBM\Sametime Connect\sametime.exe
---------- C:\Program Files\IBM\Sametime Connect\jre\bin\sametime75.exe
---------- c:\sdwork\issimsvc.exe
---------- C:\Program Files\Internet Explorer\IEXPLORE.EXE
---------- C:\Program Files\Internet Explorer\IEXPLORE.EXE
---------- C:\Program Files\Internet Explorer\IEXPLORE.EXE
---------- C:\Program Files\Internet Explorer\IEXPLORE.EXE
---------- C:\Documents and Settings\Administrator\Desktop\TomNJerry2\ATF_Cleaner.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\ADMINI~1\Local Settings\Temporary Internet Files\Content.IE5\AC5UB4QE\crackle-mothra_blogspot_com[1].htm
C:\DOCUME~1\ADMINI~1\Local Settings\Temporary Internet Files\Content.IE5\ELQ988VP\crackle[1].js
C:\DOCUME~1\ADMINI~1\Local Settings\Temporary Internet Files\Content.IE5\PD86J7MM\crackle-spiderman2_blogspot_com[1].htm


1 - "C:\Rooter$\Rooter_1.txt" - Sat 05/02/2009| 8:06

























OTListIt logfile created on: 5/2/2009 8:56:52 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.2 Folder = C:\Documents and Settings\Administrator\Desktop\TomNJerry2
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.29% Memory free
3.85 Gb Paging File | 3.13 Gb Available in Paging File | 81.28% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 12.57 Gb Free Space | 16.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IBM-23E3AEB6420
Current User Name: karthikr
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\ibmpmsvc.exe ()
PRC - C:\WINDOWS\system32\Ati2evxx.exe ()
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\Drivers\trcboot.exe (IBM Corporation)
PRC - C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE (IBM Corporation)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe (WIDCOMM, Inc.)
PRC - C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe ()
PRC - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\C4ebreg\c4ebreg.exe (IBM Corp.)
PRC - C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\notes\ntmulti.exe (IBM Corp)
PRC - C:\Program Files\AT&T Network Client\NetCfgSv.EXE (AT&T)
PRC - C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\PnkBstrA.exe ()
PRC - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe (symantec)
PRC - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe (IBM)
PRC - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe (Symantec Corporation)
PRC - C:\WINDOWS\System32\TPHDEXLG.EXE (Lenovo.)
PRC - C:\WINDOWS\system32\TpKmpSVC.exe ()
PRC - C:\WINDOWS\system32\Drivers\ldlcserv.exe (IBM Corporation)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
PRC - C:\WINDOWS\system32\acs.exe ()
PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\Ati2evxx.exe ()
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\IBM\Personal Communications\tpam.exe ()
PRC - C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
PRC - C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\TpShocks.exe (Lenovo, Ltd. and IBM Corporation.)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
PRC - C:\Program Files\Lexmark 7100 Series\lxbxmon.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark 7100 Series\ezprint.exe ()
PRC - C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.3.14\pmonmh.exe ()
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\C4ebreg\isamtray.exe (IBM Corp.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\lxbxcoms.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Desksware\Desktop iCal\Calendar.exe (Desksware Inc.)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Program Files\IBM\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.)
PRC - C:\Program Files\IBM\Infoprint Select\ipnotify.exe ()
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\3M\PSNLite\PsnLite.exe (3M)
PRC - C:\Program Files\3M\PSNLite\PSNGive.exe (3M)
PRC - C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\IBM\My Help\MyHelp.exe ()
PRC - C:\Program Files\IBM\My Help\jre\bin\myhelpw.exe (IBM)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - c:\sdwork\issimsvc.exe (IBM Corp.)
PRC - C:\WINDOWS\system32\taskmgr.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Administrator\Desktop\TomNJerry2\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AcPrfMgrSvc [Auto | Running]) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe ()
SRV - (ACS [On_Demand | Running]) -- C:\WINDOWS\system32\acs.exe ()
SRV - (AcSvc [Auto | Running]) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AppnNode [On_Demand | Stopped]) -- C:\WINDOWS\system32\Drivers\appnnode.exe (IBM Corporation)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe ()
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (btwdins [Auto | Running]) -- C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe (WIDCOMM, Inc.)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccProxy [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DCDClient-ISSI [Auto | Running]) -- C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe ()
SRV - (DefWatch [Auto | Running]) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IBMPMSVC [Auto | Running]) -- C:\WINDOWS\system32\ibmpmsvc.exe ()
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Irmon [Auto | Running]) -- C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
SRV - (ISAMSvc [Auto | Running]) -- C:\Program Files\C4ebreg\c4ebreg.exe (IBM Corp.)
SRV - (ISSIMon [Auto | Running]) -- c:\sdwork\issimsvc.exe (IBM Corp.)
SRV - (ISSVC [Auto | Running]) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe (Symantec Corporation)
SRV - (ldlcserv [Auto | Running]) -- C:\WINDOWS\system32\Drivers\ldlcserv.exe (IBM Corporation)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (LMIMaint [Auto | Running]) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LogMeIn [Auto | Running]) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (lxbx_device [On_Demand | Running]) -- C:\WINDOWS\system32\lxbxcoms.exe (Lexmark International, Inc.)
SRV - (Multi-user Cleanup Service [Auto | Running]) -- C:\notes\ntmulti.exe (IBM Corp)
SRV - (MyHelp [Auto | Stopped]) -- File not found
SRV - (NetCfgSvr [Auto | Running]) -- C:\Program Files\AT&T Network Client\NetCfgSv.EXE (AT&T)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PnkBstrA [Auto | Running]) -- C:\WINDOWS\system32\PnkBstrA.exe ()
SRV - (SavRoam [Auto | Running]) -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (SNDSrvc [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus [Auto | Running]) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (SymSecurePort [Auto | Running]) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe (Symantec Corporation)
SRV - (TPHDEXLGSVC [Auto | Running]) -- C:\WINDOWS\System32\TPHDEXLG.EXE (Lenovo.)
SRV - (TpKmpSVC [Auto | Running]) -- C:\WINDOWS\system32\TpKmpSVC.exe ()
SRV - (TrcBoot [Auto | Running]) -- C:\WINDOWS\system32\Drivers\trcboot.exe (IBM Corporation)
SRV - (usnjsvc [On_Demand | Running]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AFS2K [System | Running]) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (agnfilt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\agnfilt.sys (AT&T)
DRV - (agnwifi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\agnwifi.sys (AT&T)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (ANC [System | Running]) -- C:\WINDOWS\System32\drivers\ANC.SYS (IBM Corp.)
DRV - (Anydlc [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\anydlc.sys (IBM Corporation)
DRV - (Appn [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\appn.sys (IBM Corporation)
DRV - (AppnApi [Auto | Running]) -- C:\WINDOWS\System32\drivers\appnapi.sys (IBM Corporation)
DRV - (AppnBase [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\AppnBase.sys (IBM Corporation)
DRV - (AR5211 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ar5211.sys (Atheros Communications, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (avpnnic [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\avpnnic.sys (AT&T)
DRV - (b57w2k [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (BTKRNL [Boot | Running]) -- C:\WINDOWS\system32\drivers\btkrnl.sys (WIDCOMM, Inc.)
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (E1000 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e1000325.sys (Intel Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EGATHDRV [Auto | Running]) -- C:\WINDOWS\SYSTEM32\EGATHDRV.SYS (IBM Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (grmnusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\grmnusb.sys (GARMIN Corp.)
DRV - (HSFHWICH [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (iastor [Boot | Running]) -- C:\WINDOWS\System32\Drivers\iaStor.sys (Intel Corporation)
DRV - (IBMPMDRV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys (Lenovo.)
DRV - (IBMTPCHK [System | Running]) -- C:\WINDOWS\system32\Drivers\IBMBLDID.sys ()
DRV - (IBM_LLC2 [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\llc2.sys (IBM Corporation)
DRV - (KLOGNT [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\klognt.sys (IBM Corporation)
DRV - (LMIInfo [Auto | Running]) -- C:\Program Files\LogMeIn\x86\RaInfo.sys (LogMeIn, Inc.)
DRV - (lmimirr [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\lmimirr.sys (LogMeIn, Inc.)
DRV - (LMIRfsClientNP [Disabled | Stopped]) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver [Auto | Running]) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090501.017\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090501.017\NAVEX15.SYS (Symantec Corporation)
DRV - (NSCIRDA [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nscirda.sys (National Semiconductor Corporation)
DRV - (NsTrcNT [Auto | Running]) -- C:\WINDOWS\System32\drivers\nstrcnt.sys (IBM Corporation)
DRV - (PCX504 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\PCX504.sys (Cisco Systems)
DRV - (pdlnacom [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnacom.sys (IBM Corporation)
DRV - (pdlnafac [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnafac.sys (IBM Corporation)
DRV - (pdlnatcm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnatcm.sys (IBM Corporation)
DRV - (pdlnatdl [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnatdl.sys (IBM Corporation)
DRV - (pdlncbas [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlncbas.sys (IBM Corporation)
DRV - (pdlncfwk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlncfwk.sys (IBM Corporation)
DRV - (pdlnctdl [Auto | Running]) -- C:\WINDOWS\System32\drivers\pdlnctdl.sys (IBM Corporation)
DRV - (pdlndint [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlndint.sys (IBM Corporation)
DRV - (pdlndldl [Auto | Running]) -- C:\WINDOWS\System32\drivers\pdlndldl.sys (IBM Corporation)
DRV - (pdlndlpb [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlndlpb.sys (IBM Corporation)
DRV - (pdlndoem [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlndoem.sys (IBM Corporation)
DRV - (pdlndqll [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlndqll.sys (IBM Corporation)
DRV - (pdlndsdl [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlndsdl.sys (IBM Corporation)
DRV - (pdlndtdl [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlndtdl.sys (IBM Corporation)
DRV - (pdlnebas [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnebas.sys (IBM Corporation)
DRV - (pdlnecfg [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnecfg.sys (IBM Corporation)
DRV - (pdlnemap [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnemap.sys (IBM Corporation)
DRV - (pdlnemsg [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnemsg.sys (IBM Corporation)
DRV - (pdlnepkt [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnepkt.sys (IBM Corporation)
DRV - (pdlnshay [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnshay.sys (IBM Corporation)
DRV - (pdlnslea [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnslea.sys (IBM Corporation)
DRV - (pdlnsv25 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnsv25.sys (IBM Corporation)
DRV - (pdlnsx25 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnsx25.sys (IBM Corporation)
DRV - (PMEM [Auto | Running]) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (radpms [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\radpms.sys (LogMeIn, Inc.)
DRV - (SAVRT [System | Running]) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL [System | Running]) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (ShockMgr [System | Running]) -- C:\WINDOWS\System32\drivers\ShockMgr.sys (Lenovo.)
DRV - (Shockprf [Boot | Running]) -- C:\WINDOWS\System32\drivers\shockprf.sys (Lenovo)
DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Smapint [System | Running]) -- C:\WINDOWS\System32\drivers\Smapint.sys (Microsoft Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (SPBBCDrv [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (SYMDNS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMIDSCO [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20090416.002\SymIDSCo.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (TDSMAPI [System | Running]) -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS ()
DRV - (TPHKDRV [System | Running]) -- C:\WINDOWS\System32\drivers\TPHKDRV.sys (IBM Corporation)
DRV - (TPPWR [System | Running]) -- C:\WINDOWS\System32\drivers\Tppwr.sys (IBM Corp.)
DRV - (TSMAPIP [System | Running]) -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS ()
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbser [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usbser.sys (Microsoft Corporation)
DRV - (usb_rndisx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....Terms}&fr=yie7c
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2008/02/23 14:47:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/01 17:01:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/27 14:54:05 | 00,000,000 | ---D | M]

[2009/04/27 14:55:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2009/04/27 14:55:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2007/08/13 15:17:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\eclipse1\extensions
[2009/04/27 14:56:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\w4k5y8cy.default\extensions
[2009/05/02 07:44:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/27 14:54:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/06/26 15:59:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/07/24 10:19:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/11/18 08:27:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/02/15 16:56:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2009/01/20 01:08:56 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/01/20 01:08:57 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/01/19 19:28:04 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/19 19:28:04 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/01/19 19:28:04 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/19 19:28:04 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/19 19:28:04 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/01/19 19:28:04 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/01/19 19:28:04 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (CitiUSBrowserHelper Class) - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (TBSB07827 Class) - {F8DECFD3-B735-46DD-AFF9-D2D5F06FDC52} - C:\Program Files\IBM\Practitioner Portal Toolbar\gbsppietoolbar.dll ()
O3 - HKLM\..\Toolbar: (Practitioner Portal Toolbar) - {E7128DAA-707C-4552-AF47-906D4C610549} - C:\Program Files\IBM\Practitioner Portal Toolbar\gbsppietoolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7128DAA-707C-4552-AF47-906D4C610549} - C:\Program Files\IBM\Practitioner Portal Toolbar\gbsppietoolbar.dll ()
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor (IBM Corp.)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor ()
O4 - HKLM..\Run: [C4EBReg] "C:\Program Files\C4ebreg\c4ebreg.exe" /q (IBM Corp.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe" ()
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [Isamtray] "C:\Program Files\C4ebreg\isamtray.exe" (IBM Corp.)
O4 - HKLM..\Run: [ISSI Service] "c:\sdwork\issimsvc.exe" (IBM Corp.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" (LogMeIn, Inc.)
O4 - HKLM..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,[email protected] ()
O4 - HKLM..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe" (Lexmark International, Inc.)
O4 - HKLM..\Run: [MyHelpService] "C:\Program Files\IBM\My Help\workspace\service\delayStart.exe" ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [pmonmh] C:\Program Files\IBM\My Help\workspace\..\plugins\com.ibm.myhelp.common_1.3.14/pmonmh.exe [2008/06/12 16:43:06 | 00,000,000 | ---D | M]
O4 - HKLM..\Run: [PSQLLauncher] "C:\Program Files\Thinkvantage Fingerprint Software\launcher.exe" /startup File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup (IBM Corp.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] tp4ex.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe" ()
O4 - HKLM..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper (Lenovo)
O4 - HKLM..\Run: [TpShocks] TpShocks.exe (Lenovo, Ltd. and IBM Corporation.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Calendar] C:\Program Files\Desksware\Desktop iCal\Calendar.exe (Desksware Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
O4 - HKCU..\Run: [iCalendar] C:\Program Files\Desksware\Desktop iCal\Calendar.exe (Desksware Inc.)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Network Client\NetSP.exe" -show (AT&T)
O4 - HKCU..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\IBM\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Infoprint Select Notification.lnk = C:\Program Files\IBM\Infoprint Select\ipnotify.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe (Lotus Development Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe (3M)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm File not found
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm File not found
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm File not found
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: scottrade.com ([trading] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyds...DSL/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} http://www.andhrajyo...er/tdserver.cab (TDServer Control)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.micr...tualEarth3D.cab (Reg Error: Value error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://us.dl1.yimg.c...nst20040510.cab (YInstStarter Class)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmar...martActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://download.auto...NG/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://www.dotphoto....geUploader4.cab (Image Uploader Control)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgall..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} https://www.member-d...dc/EZTwainX.cab (EZTwainX by Dosadi)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} http://w3.ibm.com/bl...lnwebassist.cab (LNWebAssist Class)
O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} http://w3-3.ibm.com/...lugin/gpwsx.cab (gpwsx.plugin)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai...l/installer.exe (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://bluefishgrou...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...ivex/RACtrl.cab (Performance Viewer Activex Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll ()
O20 - Winlogon\Notify\atmgrtok: DllName - atmgrtok.dll - C:\Program Files\IBM\Personal Communications\atmgrtok.dll (IBM Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\pcsinst: DllName - pcsinst.dll - C:\WINDOWS\system32\pcsinst.dll (IBM)
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\system32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\system32\tphklock.dll ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/04 13:44:20 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{20ff5ac0-2337-11dc-a68a-00054e50c731}\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found
O33 - MountPoints2\{20ff5ac0-2337-11dc-a68a-00054e50c731}\Shell\Shell00\Command - "" = D:\Autorun.exe -- File not found
O33 - MountPoints2\{20ff5ac0-2337-11dc-a68a-00054e50c731}\Shell\Shell01\Command - "" = D:\Autorun.exe -- File not found
O33 - MountPoints2\{20ff5ac0-2337-11dc-a68a-00054e50c731}\Shell\Shell02\Command - "" = D:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]
[2009/05/02 08:46:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/02 08:45:46 | 00,000,654 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2009/05/02 08:45:46 | 00,000,635 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2009/05/02 08:45:37 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/02 08:01:58 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/01 18:45:58 | 00,056,956 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\honda Renewal 2009...pdf
[2009/05/01 18:43:48 | 00,057,495 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\nissan Renewal 2009...pdf
[2009/04/30 12:42:48 | 00,001,766 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WebRipper.lnk
[2009/04/30 12:42:48 | 00,000,000 | ---D | C] -- C:\Program Files\SamsonSoft
[2009/04/30 12:42:03 | 00,000,088 | R--- | C] () -- C:\WINDOWS\amunres.lsl
[2009/04/30 12:27:08 | 00,000,000 | ---D | C] -- C:\Program Files\Inquisitor
[2009/04/27 22:37:59 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo Password Recovery
[2009/04/27 22:33:53 | 00,000,115 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\IBM-23E3AEB6420 - karthikr.y8pd
[2009/04/27 14:54:13 | 00,001,645 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/04/26 10:44:14 | 02,136,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/04/26 10:44:13 | 02,180,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/04/26 10:44:12 | 02,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009/04/26 10:44:12 | 02,015,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/04/26 10:28:39 | 00,031,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2009/04/26 10:28:39 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2009/04/26 10:28:39 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2009/04/26 10:28:39 | 00,018,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2009/04/25 19:30:30 | 00,000,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/25 19:30:29 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/25 19:30:26 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/25 19:30:24 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/25 19:21:34 | 21,464,22784 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/25 17:42:21 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.uxtender
[2009/04/25 12:00:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{B98A2B83-8BB0-42E7-AA1D-D6FA6E7C8F31}
[2009/04/25 11:56:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Stardock
[2009/04/25 11:56:17 | 00,000,000 | ---D | C] -- C:\Program Files\Stardock
[2009/04/25 11:51:40 | 00,065,536 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SECURITIES SOLD.doc
[2009/04/25 11:49:18 | 00,000,000 | ---D | C] -- C:\Program Files\Styler
[2009/04/25 11:44:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Temp
[2009/04/19 13:26:18 | 00,087,552 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Monday April 20 2009.doc
[2009/04/16 14:32:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Download Manager
[2009/04/13 22:13:16 | 00,000,116 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI
[2009/04/13 22:12:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SolidDocuments
[2009/04/13 22:10:55 | 00,021,248 | ---- | C] () -- C:\WINDOWS\System32\solidlocalmon.dll
[2009/04/13 22:10:55 | 00,013,568 | ---- | C] () -- C:\WINDOWS\System32\solidlocalui.dll
[2009/04/13 22:10:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SolidDocuments
[2009/04/13 21:59:07 | 00,069,887 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\000500en.tif.pdf
[2009/04/13 21:54:53 | 00,000,000 | ---D | C] -- C:\Program Files\SimpleOCR
[2009/04/13 21:42:27 | 00,000,000 | ---D | C] -- C:\Program Files\Screen OCR
[2009/04/10 16:09:00 | 00,156,300 | ---- | C] () -- C:\install.properties
[2009/04/10 11:24:52 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lmmib2.dll
[2009/04/10 11:24:52 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2009/04/06 13:29:08 | 00,156,293 | ---- | C] () -- C:\install.windows.db2.cm.properties.bk
[2009/04/06 13:29:08 | 00,156,115 | ---- | C] () -- C:\install.windows.db2.cm.properties
[2009/02/02 20:03:17 | 00,000,592 | ---- | C] () -- C:\WINDOWS\Calendar.INI
[2008/06/25 15:24:07 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008/02/29 19:01:44 | 00,000,311 | ---- | C] () -- C:\WINDOWS\dmcl.ini
[2007/11/22 23:51:09 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/08/20 15:03:47 | 02,115,816 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/08/09 13:08:04 | 00,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/07/11 15:47:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Samson.INI
[2007/07/09 18:06:16 | 00,087,808 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/07/01 07:12:14 | 03,145,728 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/07/01 06:59:22 | 00,517,632 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/06/17 07:43:56 | 00,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/06/12 07:21:26 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/05/17 14:58:10 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/02/05 09:58:28 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/02/05 09:58:28 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/02/05 09:58:27 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/02/05 09:58:27 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/01/18 20:27:50 | 00,008,209 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/01/12 21:08:29 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/01/11 21:19:45 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/01/10 23:08:18 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbxvs.dll
[2007/01/09 13:05:50 | 00,026,112 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/01/08 17:45:56 | 00,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2006/11/10 11:22:52 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/08 15:37:59 | 00,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2006/11/08 15:36:20 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2006/11/08 15:35:16 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2006/11/08 15:33:48 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2006/11/08 15:33:15 | 00,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2006/11/08 15:28:41 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2006/11/08 15:28:40 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2006/05/01 19:08:20 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/23 20:55:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/04/27 05:53:10 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll
[2005/04/05 15:59:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcsmig.INI
[2005/04/05 15:45:55 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\pdresrc.dll
[2005/04/05 15:45:51 | 00,552,960 | ---- | C] () -- C:\WINDOWS\System32\pdclntif.dll
[2005/04/05 15:45:51 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\pdprDlg.dll
[2005/04/05 15:45:51 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\selnt.dll
[2005/04/05 15:45:51 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\IBMMenu.dll
[2005/04/04 15:42:47 | 00,000,299 | RH-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/03/10 20:00:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/11/24 15:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2004/10/03 13:50:54 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/08/04 01:00:00 | 00,000,589 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 01:00:00 | 00,000,337 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/01/20 15:16:56 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\btbip.dll
[2004/01/20 15:03:24 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\btsendto_ie.dll
[2004/01/20 15:02:40 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll
[2004/01/20 14:57:32 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2003/04/07 20:00:00 | 00,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[2003/04/07 20:00:00 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
[2003/04/07 20:00:00 | 00,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[2003/04/07 20:00:00 | 00,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[2003/04/07 20:00:00 | 00,000,462 | ---- | C] () -- C:\WINDOWS\lodbf13.ini
[2003/04/07 20:00:00 | 00,000,058 | ---- | C] () -- C:\WINDOWS\loss613.ini
[2003/04/07 20:00:00 | 00,000,058 | ---- | C] () -- C:\WINDOWS\loss09.ini
[2003/04/07 20:00:00 | 00,000,038 | ---- | C] () -- C:\WINDOWS\loidp13.ini
[2002/05/15 18:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2002/04/01 19:45:50 | 00,047,616 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
[2001/11/23 13:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 08:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1998/09/30 20:00:00 | 01,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997/06/17 20:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/06/17 20:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1979/11/29 19:59:59 | 00,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[1979/11/29 19:59:59 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[1979/11/29 19:59:59 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[1979/11/29 19:59:59 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\CInsX500.dll

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/05/02 08:45:46 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2009/05/02 08:45:46 | 00,000,635 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2009/05/02 06:33:47 | 00,000,702 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr
[2009/05/02 00:11:26 | 00,000,337 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/02 00:03:23 | 00,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0A690EFF-B344-40DD-B76D-30EC838C7E6E}.job
[2009/05/01 18:45:59 | 00,056,956 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\honda Renewal 2009...pdf
[2009/05/01 18:44:00 | 00,057,495 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\nissan Renewal 2009...pdf
[2009/05/01 15:53:14 | 00,001,192 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2009/04/30 21:35:54 | 00,395,346 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/30 21:35:53 | 00,060,514 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/30 21:35:51 | 00,462,298 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/30 17:29:10 | 00,000,640 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Sharing Folders.lnk
[2009/04/30 17:25:35 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\desktop.ini
[2009/04/30 17:25:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/30 17:25:13 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/30 17:25:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/30 17:25:00 | 21,464,22784 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/30 17:23:56 | 00,000,040 | ---- | M] () -- C:\WINDOWS\System32\profile.dat
[2009/04/30 12:42:48 | 00,001,766 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WebRipper.lnk
[2009/04/30 12:42:03 | 00,000,088 | R--- | M] () -- C:\WINDOWS\amunres.lsl
[2009/04/28 15:33:11 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\BMMTask.job
[2009/04/27 22:40:51 | 00,000,592 | ---- | M] () -- C:\WINDOWS\Calendar.INI
[2009/04/27 22:33:53 | 00,000,115 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\IBM-23E3AEB6420 - karthikr.y8pd
[2009/04/27 14:54:13 | 00,001,645 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/04/27 03:10:03 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/26 10:22:12 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/04/26 10:22:12 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/04/25 19:30:30 | 00,000,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/25 12:06:05 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/04/25 12:06:05 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/04/25 12:02:44 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/04/25 12:02:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/04/25 11:59:00 | 00,000,589 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/25 11:51:41 | 00,065,536 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SECURITIES SOLD.doc
[2009/04/23 10:18:00 | 00,087,552 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Monday April 20 2009.doc
[2009/04/14 11:53:01 | 00,156,115 | ---- | M] () -- C:\install.windows.db2.cm.properties
[2009/04/13 22:13:16 | 00,000,116 | ---- | M] () -- C:\WINDOWS\ConverterCore.INI
[2009/04/13 21:59:07 | 00,069,887 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\000500en.tif.pdf
[2009/04/10 15:15:31 | 00,156,300 | ---- | M] () -- C:\install.properties
[2009/04/08 19:04:14 | 00,156,293 | ---- | M] () -- C:\install.windows.db2.cm.properties.bk
[2009/04/08 07:57:29 | 01,057,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 07:57:26 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >














Thanks again for all the help.

Edited by karthik204, 02 May 2009 - 11:40 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP