Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Horribly Infected Computer (vundu among others) [Closed]

Started by madnessman , Apr 22 2009 07:58 AM

  • This topic is locked This topic is locked

#1
madnessman
Posted 22 April 2009 - 07:58 AM

madnessman

    Member

  • Member
  • PipPip
  • 28 posts
I took a look at the family laptop (I never use it anymore) and it was filled with maleware. Malwarebytes found 301 infections (a new record?) but couldn't remove some of them. So I know I still have some trojans (vundu I think) in here. I went through my startup list removing all the junk files and the computer sped up substantially. The CPU still spikes every couple of seconds (and it goes to a different window.. like the window bar goes gray).

COMPUTER:
IBM ThinkPad.
I don't need Epson or Googletoolbar anymore.

HIJACK THIS LOG (IT'S A LONG ONE!):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:03 PM, on 4/22/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\trcboot.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\c4ebreg\isamsmt.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
c:\sdwork\issimsvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\drivers\ldlcserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\c4ebreg\c4ebreg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\lry0gRw3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w3.ibm.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.../winsearch.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.hakozaki.ibm.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = w3.ibm.com;<local>
R3 - Default URLSearchHook is missing
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O1 - Hosts: anner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\c4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\c4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [TCms.exe] C:\docume~1\admini~1\locals~1\temp\TCms.exe
O4 - HKLM\..\Run: [ACUMon] "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe" -a
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [pcsmig] "C:\Program Files\IBM\Personal Communications\pcsmig.exe" -L (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [pcsmig] "C:\Program Files\IBM\Personal Communications\pcsmig.exe" -L (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [pcsmig] "C:\Program Files\IBM\Personal Communications\pcsmig.exe" -L (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [pcsmig] "C:\Program Files\IBM\Personal Communications\pcsmig.exe" -L (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DA90235-1EF4-46D8-A6F5-0E46C6A975F7}: Domain = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DF0BAF2-D7F8-468E-BAD0-8482C68E2C19}: Domain = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DF0BAF2-D7F8-468E-BAD0-8482C68E2C19}: NameServer = 165.21.100.88,165.21.83.88
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = IBM.COM
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = IBM.COM
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = IBM.COM
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\wamujibo.dll ,
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate1c9b5be3f1d6640) (gupdate1c9b5be3f1d6640) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISAM SMT Service (ISAMsmt) - IBM Global Services - C:\Program Files\c4ebreg\isamsmt.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ldlcserv - Unknown owner - C:\WINDOWS\System32\drivers\ldlcserv.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe (file missing)
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: TrcBoot - Unknown owner - C:\WINDOWS\System32\drivers\trcboot.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10547 bytes

Edited by madnessman, 22 April 2009 - 08:00 AM.

  • 0

Advertisements

#2
Rorschach112
Posted 22 April 2009 - 10:22 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hello

Please run the MGA Diagnostic Tool and post back the report it shall produce:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.

  • 0

#3
madnessman
Posted 23 April 2009 - 07:54 AM

madnessman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
thanks for the fast reply.

Diagnostic Report (1.9.0006.1):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-RY7BM-HM3KT-BKVRW
Windows Product Key Hash: 6994t4LQCbvkXhtNbqQCL4+auQs=
Windows Product ID: 55274-OEM-2211906-00107
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010100.1.0.pro
ID: {AA30CA69-02F3-4C33-9495-4598DF770310}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.36.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office XP Standard - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{AA30CA69-02F3-4C33-9495-4598DF770310}</UGUID><Version>1.9.0006.1</Version><OS>5.1.2600.2.00010100.1.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-BKVRW</PKey><PID>55274-OEM-2211906-00107</PID><PIDType>2</PIDType><SID>S-1-5-21-963918322-163748893-4247568029</SID><SYSTEM><Manufacturer>IBM</Manufacturer><Model>2366UN7</Model></SYSTEM><BIOS><Manufacturer>IBM</Manufacturer><Version>1IET70WW (2.09 )</Version><SMBIOSVersion major="2" minor="31"/><Date>20050808******.******+***</Date><SLPBIOS>IBM CORPORATION,IBM CORPORATION</SLPBIOS></BIOS><HWID>9BE93107018400D2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Malay Peninsula Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>IBM</name><model>C4EB XP 1.0</model></SBID><OEM/><GANotification/></MachineData> <Software><Office><Result>100</Result><Products><Product GUID="{90120409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office XP Standard</Name><Ver>10</Ver><Val>57EF8B74C63D076</Val><Hash>HcjclsOHW16EMDBIvsEwKXr88H8=</Hash><Pid>54187-640-8049232-17628</Pid><PidType>14</PidType></Product></Products><Applications><App Id="16" Version="10" Result="100"/><App Id="18" Version="10" Result="100"/><App Id="1A" Version="10" Result="100"/><App Id="1B" Version="10" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 146F7:IBM|147B2:Lenovo
Marker string from OEMBIOS.DAT: IBM CORPORATION,IBM CORPORATION

OEM Activation 2.0 Data-->
N/A
  • 0

#4
Rorschach112
Posted 23 April 2009 - 12:27 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hello

Download Rooter.exe to your desktop
  • Then doubleclick it to start the tool
  • A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here

  • 0

#5
madnessman
Posted 24 April 2009 - 08:42 AM

madnessman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
added as an attachment.

Attached Files


  • 0

#6
Rorschach112
Posted 24 April 2009 - 01:40 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
don't attach the logs

Please download OTMoveIt3 by OldTimer
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe

:Services

:Reg

:Files
C:\WINDOWS\System32\lry0gRw3.exe 
C:\WINDOWS\tasks\At*.job

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\System32\antiwpa.dll
    %systemroot%\SYSTEM32\wpa.dll
    %systemroot%\setup\scripts\biestart.exe
    %systemroot%\system32\drivers\royal.sys
    %SYSTEMDRIVE%\*.
    %PROGRAMFILES%\*.

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

  • 0

#7
madnessman
Posted 25 April 2009 - 02:38 AM

madnessman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\System32\lry0gRw3.exe moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At49.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At50.job moved successfully.
C:\WINDOWS\tasks\At51.job moved successfully.
C:\WINDOWS\tasks\At52.job moved successfully.
C:\WINDOWS\tasks\At53.job moved successfully.
C:\WINDOWS\tasks\At54.job moved successfully.
C:\WINDOWS\tasks\At55.job moved successfully.
C:\WINDOWS\tasks\At56.job moved successfully.
C:\WINDOWS\tasks\At57.job moved successfully.
C:\WINDOWS\tasks\At58.job moved successfully.
C:\WINDOWS\tasks\At59.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At60.job moved successfully.
C:\WINDOWS\tasks\At61.job moved successfully.
C:\WINDOWS\tasks\At62.job moved successfully.
C:\WINDOWS\tasks\At63.job moved successfully.
C:\WINDOWS\tasks\At64.job moved successfully.
C:\WINDOWS\tasks\At65.job moved successfully.
C:\WINDOWS\tasks\At66.job moved successfully.
C:\WINDOWS\tasks\At67.job moved successfully.
C:\WINDOWS\tasks\At68.job moved successfully.
C:\WINDOWS\tasks\At69.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At70.job moved successfully.
C:\WINDOWS\tasks\At71.job moved successfully.
C:\WINDOWS\tasks\At72.job moved successfully.
C:\WINDOWS\tasks\At73.job moved successfully.
C:\WINDOWS\tasks\At74.job moved successfully.
C:\WINDOWS\tasks\At75.job moved successfully.
C:\WINDOWS\tasks\At76.job moved successfully.
C:\WINDOWS\tasks\At77.job moved successfully.
C:\WINDOWS\tasks\At78.job moved successfully.
C:\WINDOWS\tasks\At79.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At80.job moved successfully.
C:\WINDOWS\tasks\At81.job moved successfully.
C:\WINDOWS\tasks\At82.job moved successfully.
C:\WINDOWS\tasks\At83.job moved successfully.
C:\WINDOWS\tasks\At84.job moved successfully.
C:\WINDOWS\tasks\At85.job moved successfully.
C:\WINDOWS\tasks\At86.job moved successfully.
C:\WINDOWS\tasks\At87.job moved successfully.
C:\WINDOWS\tasks\At88.job moved successfully.
C:\WINDOWS\tasks\At89.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\tasks\At90.job moved successfully.
C:\WINDOWS\tasks\At91.job moved successfully.
C:\WINDOWS\tasks\At92.job moved successfully.
C:\WINDOWS\tasks\At93.job moved successfully.
C:\WINDOWS\tasks\At94.job moved successfully.
C:\WINDOWS\tasks\At95.job moved successfully.
C:\WINDOWS\tasks\At96.job moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_BXYB40d31jkE6DCUVp5y scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFA8A9.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFA8DF.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFDBB0.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFDCF3.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YR4Z0V2F\ShowLetter[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\M8QDVHOS\search[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H9JBCV56\01[1].html scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\EHKJQ5QT\ads[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\E7471A3U\{C5A6B046-2067-45A2-B609-E1D730642BDA}[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_858.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\b88361cj.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\b88361cj.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\b88361cj.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\b88361cj.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\b88361cj.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\b88361cj.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04252009_161153

Files moved on Reboot...
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_BXYB40d31jkE6DCUVp5y not found!
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFA8A9.tmp not found!
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFA8DF.tmp not found!
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFDBB0.tmp not found!
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFDCF3.tmp not found!
File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YR4Z0V2F\ShowLetter[1]. not found!
File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\M8QDVHOS\search[1]. not found!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H9JBCV56\01[1].html moved successfully.
File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\EHKJQ5QT\ads[1]. not found!
File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\E7471A3U\{C5A6B046-2067-45A2-B609-E1D730642BDA}[1]. not found!
File C:\WINDOWS\temp\Perflib_Perfdata_858.dat not found!
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\b88361cj.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\b88361cj.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\b88361cj.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\b88361cj.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\b88361cj.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\b88361cj.default\XUL.mfl moved successfully.

-----------------------------------------------------------

OTListIt logfile created on: 4/25/2009 4:26:40 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.98 Mb Total Physical Memory | 272.89 Mb Available Physical Memory | 53.41% Memory free
1.22 Gb Paging File | 1.01 Gb Available in Paging File | 82.88% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 1.13 Gb Free Space | 3.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: T30
Current User Name: hmong
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\ibmpmsvc.exe ()
PRC - C:\WINDOWS\System32\drivers\trcboot.exe ()
PRC - C:\WINDOWS\System32\Ati2evxx.exe ()
PRC - C:\Program Files\c4ebreg\isamsmt.exe (IBM Global Services)
PRC - c:\sdwork\issimsvc.exe (IBM Global Services)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE (IBM Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\AT&T Network Client\NetCfgSv.EXE (AT&T)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\System32\drivers\ldlcserv.exe ()
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\c4ebreg\c4ebreg.exe (IBM Global Services)
PRC - C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe ()
PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe (IBM Corporation)
PRC - C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe ()
SRV - (gupdate1c9b5be3f1d6640 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IBMPMSVC [Auto | Running]) -- C:\WINDOWS\System32\ibmpmsvc.exe ()
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
SRV - (Irmon [Auto | Running]) -- C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
SRV - (ISAMsmt [Auto | Running]) -- C:\Program Files\c4ebreg\isamsmt.exe (IBM Global Services)
SRV - (ISSIMon [Auto | Running]) -- c:\sdwork\issimsvc.exe (IBM Global Services)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (ldlcserv [Auto | Running]) -- C:\WINDOWS\System32\drivers\ldlcserv.exe ()
SRV - (MyWebSearchService [Auto | Stopped]) -- File not found
SRV - (NetCfgSvr [Auto | Running]) -- C:\Program Files\AT&T Network Client\NetCfgSv.EXE (AT&T)
SRV - (TrcBoot [Auto | Running]) -- C:\WINDOWS\System32\drivers\trcboot.exe ()
SRV - (uploadmgr [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (usnjsvc [On_Demand | Running]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (AliIde [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (Anydlc [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\anydlc.sys ()
DRV - (Appn [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\appn.sys ()
DRV - (AppnApi [Auto | Running]) -- C:\WINDOWS\System32\drivers\appnapi.sys ()
DRV - (AppnBase [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\AppnBase.sys ()
DRV - (asc [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (avpnnic [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\avpnnic.sys (AT&T)
DRV - (BUFADPT [System | Running]) -- C:\WINDOWS\System32\BUFADPT.SYS (BUFFALO INC.)
DRV - (bwcdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\bwcdrv.sys (MELCO INC.)
DRV - (CBBCM43 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (CmdIde [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (ESSIDSET [On_Demand | Stopped]) -- C:\WINDOWS\System32\ESSIDSET.SYS (MELCO INC.)
DRV - (FsVga [System | Running]) -- C:\WINDOWS\System32\DRIVERS\fsvga.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (gwiopm [On_Demand | Stopped]) -- C:\Program Files\WST\gwiopm.sys ()
DRV - (IBMPMDRV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys ()
DRV - (IBMTRP [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\IBMTRP.SYS (IBM Corporation)
DRV - (KLOGNT [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\klognt.sys ()
DRV - (mraid35x [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (NPPTNT [System | Running]) -- C:\WINDOWS\System32\npptNT.sys (INCA Internet Co., Ltd.)
DRV - (NPPTNT2 [System | Running]) -- C:\WINDOWS\System32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (NSCIRDA [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nscirda.sys (National Semiconductor Corporation)
DRV - (NsTrcNT [Auto | Running]) -- C:\WINDOWS\System32\drivers\nstrcnt.sys ()
DRV - (PCX504 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\PCX504.sys (Cisco Systems)
DRV - (pdlnacom [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnacom.sys ()
DRV - (pdlnafac [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnafac.sys ()
DRV - (pdlnatcm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnatcm.sys ()
DRV - (pdlnatdl [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnatdl.sys ()
DRV - (pdlncbas [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlncbas.sys ()
DRV - (pdlncfwk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlncfwk.sys ()
DRV - (pdlnctdl [Auto | Running]) -- C:\WINDOWS\System32\drivers\pdlnctdl.sys ()
DRV - (pdlndint [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlndint.sys ()
DRV - (pdlndldl [Auto | Running]) -- C:\WINDOWS\System32\drivers\pdlndldl.sys ()
DRV - (pdlndlpb [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlndlpb.sys ()
DRV - (pdlndoem [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlndoem.sys ()
DRV - (pdlndqll [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlndqll.sys ()
DRV - (pdlndsdl [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlndsdl.sys ()
DRV - (pdlndtdl [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlndtdl.sys ()
DRV - (pdlnebas [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnebas.sys ()
DRV - (pdlnecfg [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnecfg.sys ()
DRV - (pdlnemap [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnemap.sys ()
DRV - (pdlnemsg [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnemsg.sys ()
DRV - (pdlnepkt [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnepkt.sys ()
DRV - (pdlnshay [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnshay.sys ()
DRV - (pdlnslea [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnslea.sys ()
DRV - (pdlnsv25 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnsv25.sys ()
DRV - (pdlnsx25 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnsx25.sys ()
DRV - (PMEM [Auto | Running]) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (S3Inc [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s3mt3d.sys (S3 Incorporated)
DRV - (SE2Bbus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SE2Bbus.sys (MCCI)
DRV - (SE2Bmdfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SE2Bmdfl.sys (MCCI)
DRV - (SE2Bmdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SE2Bmdm.sys (MCCI)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys ()
DRV - (sfdrv01 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (sfvfs02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sisagp [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Smapint [System | Running]) -- C:\WINDOWS\System32\drivers\Smapint.sys (Microsoft Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (symc810 [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (TDSMAPI [System | Running]) -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS ()
DRV - (TPHKDRV [System | Running]) -- C:\WINDOWS\System32\drivers\TPHKDRV.sys (IBM Corporation)
DRV - (TPPWR [System | Running]) -- C:\WINDOWS\System32\drivers\Tppwr.sys (IBM Corp.)
DRV - (ultra [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (WinDriver6 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\windrvr6.sys (Jungo)
DRV - (wlluc48 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wlluc48.sys (Lucent Technologies)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w3.ibm.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.../winsearch.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.sg/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = w3.ibm.com;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/04/21 21:52:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/22 23:24:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/22 23:24:15 | 00,000,000 | ---D | M]

[2008/12/08 16:05:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2008/12/08 16:05:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2006/01/16 16:15:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\b88361cj.default\extensions
[2009/04/24 22:42:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/22 23:24:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/21 21:54:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/22 23:24:07 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/22 23:24:07 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/08 16:04:17 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/08 16:04:17 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/08 16:04:17 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/08 16:04:17 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/08 16:04:17 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/08 16:04:17 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/08 16:04:17 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (1068 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O1 - Hosts: anner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx ()
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ACUMon] "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe" -a (Cisco Systems, Inc.)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ATIModeChange] Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [C4EBReg] "C:\Program Files\c4ebreg\c4ebreg.exe" /q (IBM Global Services)
O4 - HKLM..\Run: [ISAM SMT Service] "C:\Program Files\c4ebreg\isamsmt.exe" (IBM Global Services)
O4 - HKLM..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe" (IBM Global Services)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TCms.exe] C:\docume~1\admini~1\locals~1\temp\TCms.exe File not found
O4 - HKLM..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKCU\..Trusted Sites: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: 82 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} http://a1540.g.akama...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7658.3445023148 (Update Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.3.1_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{9DA90235-1EF4-46D8-A6F5-0E46C6A975F7}\\Domain = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{9DF0BAF2-D7F8-468E-BAD0-8482C68E2C19}\\Domain = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{9DF0BAF2-D7F8-468E-BAD0-8482C68E2C19}\\NameServer = 165.21.100.88,165.21.83.88
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx ()
O20 - AppInit_DLLs: (c:\windows\system32\wamujibo.dll) - c:\windows\system32\wamujibo.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (cswGina.dll) - C:\WINDOWS\system32\cswGina.dll (Cisco Systems, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
NetSvcs: 6to4 -
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll (Microsoft Corporation)
NetSvcs: AudioSrv - C:\WINDOWS\System32\audiosrv.dll (Microsoft Corporation)
NetSvcs: Browser - C:\WINDOWS\System32\browser.dll (Microsoft Corporation)
NetSvcs: CryptSvc - C:\WINDOWS\System32\cryptsvc.dll (Microsoft Corporation)
NetSvcs: DMServer - C:\WINDOWS\System32\dmserver.dll (Microsoft Corp.)
NetSvcs: DHCP - C:\WINDOWS\System32\dhcpcsvc.dll (Microsoft Corporation)
NetSvcs: ERSvc - C:\WINDOWS\System32\ersvc.dll (Microsoft Corporation)
NetSvcs: EventSystem - C:\WINDOWS\System32\es.dll (Microsoft Corporation)
NetSvcs: FastUserSwitchingCompatibility - C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias -
NetSvcs: Iprip -
NetSvcs: Irmon - C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
NetSvcs: LanmanServer - C:\WINDOWS\System32\srvsvc.dll (Microsoft Corporation)
NetSvcs: LanmanWorkstation - C:\WINDOWS\System32\wkssvc.dll (Microsoft Corporation)
NetSvcs: Messenger - C:\WINDOWS\System32\msgsvc.dll (Microsoft Corporation)
NetSvcs: Netman - C:\WINDOWS\System32\netman.dll (Microsoft Corporation)
NetSvcs: Nla - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
NetSvcs: Ntmssvc - C:\WINDOWS\system32\ntmssvc.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation -
NetSvcs: Nwsapagent -
NetSvcs: Rasauto - C:\WINDOWS\System32\rasauto.dll (Microsoft Corporation)
NetSvcs: Rasman - C:\WINDOWS\System32\rasmans.dll (Microsoft Corporation)
NetSvcs: Remoteaccess - C:\WINDOWS\System32\mprdim.dll (Microsoft Corporation)
NetSvcs: Schedule - C:\WINDOWS\system32\schedsvc.dll (Microsoft Corporation)
NetSvcs: Seclogon - C:\WINDOWS\System32\seclogon.dll (Microsoft Corporation)
NetSvcs: SENS - C:\WINDOWS\system32\sens.dll (Microsoft Corporation)
NetSvcs: Sharedaccess - C:\WINDOWS\System32\ipnathlp.dll (Microsoft Corporation)
NetSvcs: SRService - C:\WINDOWS\System32\srsvc.dll (Microsoft Corporation)
NetSvcs: Tapisrv - C:\WINDOWS\System32\tapisrv.dll (Microsoft Corporation)
NetSvcs: Themes - C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)
NetSvcs: TrkWks - C:\WINDOWS\system32\trkwks.dll (Microsoft Corporation)
NetSvcs: W32Time - C:\WINDOWS\System32\w32time.dll (Microsoft Corporation)
NetSvcs: WZCSVC - C:\WINDOWS\System32\wzcsvc.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\WINDOWS\System32\advapi32.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -
NetSvcs: winmgmt - C:\WINDOWS\system32\wbem\WMIsvc.dll (Microsoft Corporation)
NetSvcs: TermService - C:\WINDOWS\System32\termsrv.dll (Microsoft Corporation)
NetSvcs: wuauserv - C:\WINDOWS\System32\wuauserv.dll (Microsoft Corporation)
NetSvcs: BITS - C:\WINDOWS\System32\qmgr.dll (Microsoft Corporation)
NetSvcs: ShellHWDetection - C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
NetSvcs: uploadmgr - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
NetSvcs: WmdmPmSN - C:\WINDOWS\System32\mspmsnsv.dll (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus QuickStart.lnk - %SystemDrive%\lotus\wordpro\ltsstart.exe - (Lotus Development Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Loader supervisory.lnk - %ProgramFiles%\CASIO\Photo Loader\Plauto.exe - (CASIO COMPUTER CO.,LTD.)
MsConfig - StartUpReg: 5cc09d41 - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemRoot%\System32\yolevebi.DLL File not found
MsConfig - StartUpReg: Bar - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSAwH8Xe.exe File not found
MsConfig - StartUpReg: Cognac - hkey=HKCU - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~tmpc.exe File not found
MsConfig - StartUpReg: CPM5ff3aedd - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemRoot%\system32\wahenoho.DLL File not found
MsConfig - StartUpReg: EPSON Stylus CX4100 Series - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemRoot%\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE (SEIKO EPSON CORPORATION)
MsConfig - StartUpReg: iTunesHelper - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %ProgramFiles%\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: KernelFaultCheck - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - File not found
MsConfig - StartUpReg: le2o - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemRoot%\System32\le2o.exe File not found
MsConfig - StartUpReg: MSFox - hkey=HKCU - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\a.exe File not found
MsConfig - StartUpReg: msnmsgr - hkey=HKCU - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %ProgramFiles%\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: My Web Search Bar - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemDrive%\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL File not found
MsConfig - StartUpReg: MyWebSearch Email Plugin - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemDrive%\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe File not found
MsConfig - StartUpReg: MyWebSearch Plugin - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemDrive%\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL File not found
MsConfig - StartUpReg: pajibugalu - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemRoot%\System32\gusilaji.DLL File not found
MsConfig - StartUpReg: QuickTime Task - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %ProgramFiles%\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: swg - hkey=HKCU - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: ZangoOE - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %ProgramFiles%\Zango\bin\10.3.75.0\OEAddOn.exe File not found
MsConfig - StartUpReg: ZangoSA - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %ProgramFiles%\Zango\bin\10.3.75.0\ZangoSA.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll (Microsoft Corporation)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: CryptSvc - %SystemRoot%\System32\cryptsvc.dll (Microsoft Corporation)
SafeBootMin: dmadmin - %SystemRoot%\System32\dmadmin.exe (Microsoft Corp., Veritas Software)
SafeBootMin: dmboot.sys - %SystemRoot%\System32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)
SafeBootMin: dmio.sys - %SystemRoot%\System32\drivers\dmio.sys (Microsoft Corp., Veritas Software)
SafeBootMin: dmload.sys - %SystemRoot%\System32\drivers\dmload.sys (Microsoft Corp., Veritas Software.)
SafeBootMin: dmserver - %SystemRoot%\System32\dmserver.dll (Microsoft Corp.)
SafeBootMin: EventLog - %SystemRoot%\system32\services.exe (Microsoft Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootMin: Netlogon - %SystemRoot%\System32\lsass.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PlugPlay - %SystemRoot%\system32\services.exe (Microsoft Corporation)
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcSs - %SystemRoot%\system32\rpcss.dll (Microsoft Corporation)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: sr.sys - %SystemRoot%\System32\DRIVERS\sr.sys (Microsoft Corporation)
SafeBootMin: SRService - %SystemRoot%\System32\srsvc.dll (Microsoft Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: vgasave.sys - %SystemRoot%\System32\drivers\vga.sys (Microsoft Corporation)
SafeBootMin: WinMgmt - %SystemRoot%\system32\wbem\WMIsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: AFD - %SystemRoot%\System32\drivers\afd.sys (Microsoft Corporation)
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll (Microsoft Corporation)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Browser - %SystemRoot%\System32\browser.dll (Microsoft Corporation)
SafeBootNet: CryptSvc - %SystemRoot%\System32\cryptsvc.dll (Microsoft Corporation)
SafeBootNet: Dhcp - %SystemRoot%\System32\dhcpcsvc.dll (Microsoft Corporation)
SafeBootNet: dmadmin - %SystemRoot%\System32\dmadmin.exe (Microsoft Corp., Veritas Software)
SafeBootNet: dmboot.sys - %SystemRoot%\System32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)
SafeBootNet: dmio.sys - %SystemRoot%\System32\drivers\dmio.sys (Microsoft Corp., Veritas Software)
SafeBootNet: dmload.sys - %SystemRoot%\System32\drivers\dmload.sys (Microsoft Corp., Veritas Software.)
SafeBootNet: dmserver - %SystemRoot%\System32\dmserver.dll (Microsoft Corp.)
SafeBootNet: DnsCache - %SystemRoot%\System32\dnsrslvr.dll (Microsoft Corporation)
SafeBootNet: EventLog - %SystemRoot%\system32\services.exe (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootNet: LanmanServer - %SystemRoot%\System32\srvsvc.dll (Microsoft Corporation)
SafeBootNet: LanmanWorkstation - %SystemRoot%\System32\wkssvc.dll (Microsoft Corporation)
SafeBootNet: LmHosts - %SystemRoot%\System32\lmhsvc.dll (Microsoft Corporation)
SafeBootNet: Messenger - %SystemRoot%\System32\msgsvc.dll (Microsoft Corporation)
SafeBootNet: NDIS - %SystemRoot%\System32\drivers\ndis.sys (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: Ndisuio - %SystemRoot%\System32\DRIVERS\ndisuio.sys (Microsoft Corporation)
SafeBootNet: NetBIOS - %SystemRoot%\System32\DRIVERS\netbios.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetBT - %SystemRoot%\System32\DRIVERS\netbt.sys (Microsoft Corporation)
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Netlogon - %SystemRoot%\System32\lsass.exe (Microsoft Corporation)
SafeBootNet: NetMan - %SystemRoot%\System32\netman.dll (Microsoft Corporation)
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - File not found
SafeBootNet: nm.sys - File not found
SafeBootNet: NtLmSsp - %SystemRoot%\System32\lsass.exe (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PlugPlay - %SystemRoot%\system32\services.exe (Microsoft Corporation)
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdpcdd.sys - %SystemRoot%\System32\DRIVERS\RDPCDD.sys (Microsoft Corporation)
SafeBootNet: rdpdd.sys - %SystemRoot%\System32\rdpdd.dll (Microsoft Corporation)
SafeBootNet: rdpwd.sys - %SystemRoot%\System32\drivers\rdpwd.sys (Microsoft Corporation)
SafeBootNet: rdsessmgr - %SystemRoot%\system32\sessmgr.exe (Microsoft Corporation)
SafeBootNet: RpcSs - %SystemRoot%\system32\rpcss.dll (Microsoft Corporation)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: sr.sys - %SystemRoot%\System32\DRIVERS\sr.sys (Microsoft Corporation)
SafeBootNet: SRService - %SystemRoot%\System32\srsvc.dll (Microsoft Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: Tcpip - %SystemRoot%\System32\DRIVERS\tcpip.sys (Microsoft Corporation)
SafeBootNet: TDI - Driver Group
SafeBootNet: tdpipe.sys - %SystemRoot%\System32\drivers\tdpipe.sys (Microsoft Corporation)
SafeBootNet: tdtcp.sys - %SystemRoot%\System32\drivers\tdtcp.sys (Microsoft Corporation)
SafeBootNet: termservice - %SystemRoot%\System32\termsrv.dll (Microsoft Corporation)
SafeBootNet: UploadMgr - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootNet: vga.sys - Driver
SafeBootNet: vgasave.sys - %SystemRoot%\System32\drivers\vga.sys (Microsoft Corporation)
SafeBootNet: WinMgmt - %SystemRoot%\system32\wbem\WMIsvc.dll (Microsoft Corporation)
SafeBootNet: WZCSVC - %SystemRoot%\System32\wzcsvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {032A6019-9DAA-40f9-A3B3-34ABB0AA0947} - Q813951
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {429D8DD3-05E0-4F56-B6D6-AC0730567C02} - Euro Update Tool
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {78705f0d-e8db-4b2d-8193-982bdda15ecd} - .NET Framework
ActiveX: {81B52903-4C11-11D6-B6E1-00B0D049139F} - Microsoft .NET Framework Service Pack 2
ActiveX: {871F8A30-15A2-11D6-8711-0002B3281F8B} - Microsoft .NET Framework Service Pack 1
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C34F4917-ED43-439f-9023-97B0024A2B3B} - Q810847
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.0
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DBB3C81D-3C91-4a1e-BDDF-905B61C7CEDF} - Security Update for the Microsoft VM
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: midi - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\system32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\system32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\system32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\system32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\system32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\system32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\system32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\system32\sirenacm.dll (Microsoft Corp.)
Drivers32: msacm.sl_anet - C:\WINDOWS\system32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\system32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\system32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\system32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\system32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\system32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\system32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\system32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\system32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\system32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\system32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\system32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yuy2 - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\system32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\system32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/04/25 16:24:28 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/04/25 16:11:53 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/04/25 16:10:43 | 00,389,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTMoveIt3.exe
[2009/04/24 22:37:02 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/24 22:36:57 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Rooter.exe
[2009/04/23 21:52:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009/04/23 21:52:13 | 01,561,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\MGADiag.exe
[2009/04/22 21:51:48 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/04/22 21:51:48 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/22 21:51:37 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2009/04/18 10:30:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/04/18 10:30:29 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/18 10:30:29 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/18 10:30:25 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/18 10:30:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/18 10:30:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/16 23:26:00 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\~$unt EC-Taxi.DOC
[2009/04/16 23:24:08 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Count EC-Taxi.DOC
[2009/04/05 17:58:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2009/04/05 15:17:38 | 00,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/04/05 15:15:09 | 00,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/04/05 15:13:59 | 00,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/04/05 15:13:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/04/05 15:13:46 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/04/01 12:05:52 | 01,417,531 | -HS- | C] () -- C:\WINDOWS\System32\atupajiz.ini
[2009/03/31 19:34:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\attachments_2009_03_31
[2009/03/28 16:00:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WeatherDPA
[2009/03/28 16:00:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Zango
[2009/01/16 18:57:49 | 00,049,152 | -HS- | C] () -- C:\WINDOWS\System32\tukowohu.dll
[2009/01/11 12:52:55 | 00,049,152 | -HS- | C] () -- C:\WINDOWS\System32\fevukoze.dll
[2009/01/07 17:02:56 | 00,087,552 | -HS- | C] () -- C:\WINDOWS\System32\degiwiku.dll
[2009/01/05 12:19:22 | 00,087,552 | -HS- | C] () -- C:\WINDOWS\System32\livazojo.dll
[2009/01/04 13:36:22 | 00,087,552 | -HS- | C] () -- C:\WINDOWS\System32\jebuhike.dll
[2009/01/02 18:50:33 | 00,049,152 | -HS- | C] () -- C:\WINDOWS\System32\vikesori.dll
[2009/01/01 12:05:38 | 00,087,552 | -HS- | C] () -- C:\WINDOWS\System32\hapowoko.dll
[2008/08/11 23:17:27 | 00,001,795 | ---- | C] () -- C:\WINDOWS\ActivStats.INI
[2007/06/15 18:49:30 | 00,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/06/15 18:45:43 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX4100EC.ini
[2006/04/02 14:54:46 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2006/01/16 16:38:36 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\CInsX500.dll
[2006/01/03 22:19:00 | 00,000,637 | ---- | C] () -- C:\WINDOWS\System32\msexcr.ini
[2006/01/02 01:50:17 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/10/29 21:20:48 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/09/12 11:03:35 | 00,044,869 | ---- | C] () -- C:\WINDOWS\UN800101.INI
[2005/05/21 10:29:40 | 00,000,047 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/06/06 16:07:02 | 00,000,030 | ---- | C] () -- C:\WINDOWS\Morphexe.INI
[2004/05/16 15:45:35 | 00,013,242 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/04/06 19:26:18 | 00,000,039 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/07/29 13:57:19 | 00,327,680 | R--- | C] () -- C:\WINDOWS\System32\psctsnmp.dll
[2003/04/12 03:31:29 | 00,000,224 | ---- | C] () -- C:\WINDOWS\Netscape.INI
[2003/04/01 23:40:45 | 00,000,543 | ---- | C] () -- C:\WINDOWS\PKZIPW.INI
[2003/04/01 05:49:15 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/03/31 21:21:30 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2003/03/31 21:19:57 | 00,010,009 | ---- | C] () -- C:\WINDOWS\agnslang.ini
[2003/03/31 21:19:14 | 00,051,959 | ---- | C] () -- C:\WINDOWS\System32\SynUnst.ini
[2003/03/31 21:19:14 | 00,007,052 | ---- | C] () -- C:\WINDOWS\System32\SynTPEnh.ini
[2003/03/31 21:19:12 | 00,110,836 | ---- | C] () -- C:\WINDOWS\System32\SynTP.ini
[2003/03/31 21:19:12 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2003/03/31 21:19:09 | 00,002,336 | ---- | C] () -- C:\WINDOWS\System32\IBM_DP.ini
[2003/03/31 21:19:09 | 00,000,110 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2003/02/07 02:58:36 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/16 10:29:49 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\tgreg32.dll
[2002/09/24 21:29:22 | 00,000,022 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2002/09/24 05:46:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcscfg.INI
[2002/09/24 05:29:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcsmig.INI
[2002/09/24 03:03:45 | 00,544,768 | ---- | C] () -- C:\WINDOWS\System32\pdclntif.dll
[2002/09/24 03:03:45 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\ipmonnt.dll
[2002/09/24 03:03:45 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\pdresrc.dll
[2002/09/23 22:24:57 | 00,000,261 | RH-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/09/12 14:21:31 | 00,000,508 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/09/12 14:21:13 | 00,000,321 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/09/12 14:20:56 | 00,011,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/06/26 00:59:00 | 00,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[2002/06/26 00:59:00 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
[2002/06/26 00:59:00 | 00,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[2002/06/26 00:58:00 | 00,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[2002/06/26 00:58:00 | 00,000,462 | ---- | C] () -- C:\WINDOWS\lodbf13.ini
[2002/06/26 00:58:00 | 00,000,058 | ---- | C] () -- C:\WINDOWS\loss613.ini
[2002/06/26 00:58:00 | 00,000,058 | ---- | C] () -- C:\WINDOWS\loss09.ini
[2002/06/26 00:58:00 | 00,000,038 | ---- | C] () -- C:\WINDOWS\loidp13.ini
[2002/04/09 23:23:36 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\ibmnpws.dll
[2002/04/09 23:23:36 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\IBMNPMON.DLL
[2002/04/09 23:23:34 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\ibmnpdlg.dll
[2002/03/30 03:12:28 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2001/08/21 14:50:04 | 01,263,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\appn.sys
[2001/08/21 14:50:04 | 00,182,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\appnbase.sys
[2001/08/21 14:50:04 | 00,159,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlncfwk.sys
[2001/08/21 14:50:04 | 00,117,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\appnapi.sys
[2001/08/21 14:50:04 | 00,099,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\llc2.sys
[2001/08/21 14:50:04 | 00,073,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnacom.sys
[2001/08/21 14:50:04 | 00,068,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlndlpb.sys
[2001/08/21 14:50:04 | 00,065,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnemap.sys
[2001/08/21 14:50:04 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlndsdl.sys
[2001/08/21 14:50:04 | 00,058,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnshay.sys
[2001/08/21 14:50:04 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlndldl.sys
[2001/08/21 14:50:04 | 00,057,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnsx25.sys
[2001/08/21 14:50:04 | 00,053,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnsv25.sys
[2001/08/21 14:50:04 | 00,051,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlndqll.sys
[2001/08/21 14:50:04 | 00,050,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlndtdl.sys
[2001/08/21 14:50:04 | 00,049,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnecfg.sys
[2001/08/21 14:50:04 | 00,036,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\anydlc.sys
[2001/08/21 14:50:04 | 00,034,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnafac.sys
[2001/08/21 14:50:04 | 00,023,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\klognt.sys
[2001/08/21 14:50:04 | 00,021,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnslea.sys
[2001/08/21 14:50:04 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnatcm.sys
[2001/08/21 14:50:04 | 00,018,720 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnepkt.sys
[2001/08/21 14:50:04 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlndoem.sys
[2001/08/21 14:50:04 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnatdl.sys
[2001/08/21 14:50:04 | 00,011,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnemsg.sys
[2001/08/21 14:50:04 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlndint.sys
[2001/08/21 14:50:04 | 00,010,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\nstrcnt.sys
[2001/08/21 14:50:04 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnctdl.sys
[2001/08/21 14:50:04 | 00,007,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnebas.sys
[2001/08/21 14:50:04 | 00,005,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlncbas.sys
[1998/10/01 12:00:00 | 01,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1998/10/01 12:00:00 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1997/06/18 12:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/06/18 12:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1979/11/30 07:59:59 | 00,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\ibmpmdrv.sys

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/04/25 16:24:27 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/04/25 16:17:55 | 00,000,606 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Sharing Folders.lnk
[2009/04/25 16:16:03 | 00,054,496 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/25 16:15:35 | 00,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/04/25 16:14:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/25 16:14:43 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/25 16:14:41 | 53,587,5584 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/25 16:10:41 | 00,389,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTMoveIt3.exe
[2009/04/25 15:11:25 | 00,000,314 | ---- | M] () -- C:\WINDOWS\tasks\BMMTask.job
[2009/04/24 22:36:55 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Rooter.exe
[2009/04/24 22:33:51 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/04/23 21:52:29 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/23 21:52:15 | 01,561,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\MGADiag.exe
[2009/04/22 22:23:06 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Word.lnk
[2009/04/22 21:51:48 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/04/22 21:51:45 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2009/04/22 00:21:59 | 00,000,508 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/22 00:21:59 | 00,000,321 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/22 00:21:59 | 00,000,297 | RHS- | M] () -- C:\boot.ini
[2009/04/21 21:39:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\apmctrc.BAK
[2009/04/18 11:41:45 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\dihuyoba
[2009/04/18 10:30:29 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/18 09:40:03 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\vegiyemi.exe
[2009/04/16 23:26:00 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\~$unt EC-Taxi.DOC
[2009/04/16 23:24:05 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Count EC-Taxi.DOC
[2009/04/14 18:09:51 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/04/14 15:33:50 | 02,110,104 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/04/11 13:00:25 | 00,010,240 | -HS- | M] () -- C:\WINDOWS\Thumbs.db
[2009/04/11 12:53:27 | 00,049,152 | -HS- | M] () -- C:\WINDOWS\System32\fevukoze.dll
[2009/04/07 17:02:59 | 00,087,552 | -HS- | M] () -- C:\WINDOWS\System32\degiwiku.dll
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/05 12:19:29 | 00,087,552 | -HS- | M] () -- C:\WINDOWS\System32\livazojo.dll
[2009/04/04 13:36:26 | 00,087,552 | -HS- | M] () -- C:\WINDOWS\System32\jebuhike.dll
[2009/04/02 18:51:04 | 00,049,152 | -HS- | M] () -- C:\WINDOWS\System32\vikesori.dll
[2009/04/02 18:49:53 | 01,417,531 | -HS- | M] () -- C:\WINDOWS\System32\atupajiz.ini
[2009/04/01 12:05:40 | 00,087,552 | -HS- | M] () -- C:\WINDOWS\System32\hapowoko.dll

========== LOP Check ==========

[2009/04/18 10:30:44 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2005/05/07 14:04:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.bittorrent
[2008/10/29 22:05:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2007/10/10 18:56:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Aim
[2004/08/23 21:48:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2006/07/11 06:17:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG7
[2006/10/24 17:28:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Google
[2005/03/14 09:18:38 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\GTek
[2007/06/29 13:16:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2003/04/22 03:11:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Help
[2002/09/24 05:23:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IBM
[2002/09/12 11:58:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2008/10/22 21:39:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2003/09/27 23:42:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2004/08/22 18:44:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Kazaa Lite
[2006/01/15 20:43:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lavasoft
[2004/06/27 13:00:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2009/04/18 10:30:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2006/07/11 06:16:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2005/04/01 21:32:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2005/02/26 10:46:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSN6
[2002/09/24 04:05:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PerSys
[2008/03/25 14:33:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Real
[2009/04/14 20:18:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Skype
[2009/04/14 18:10:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\skypePM
[2006/01/16 16:24:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2008/11/04 02:10:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\U3
[2007/06/08 20:01:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2008/03/25 15:59:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Viewpoint
[2009/03/28 16:00:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WeatherDPA
[2007/12/14 00:44:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2009/03/28 16:04:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Zango
[2009/04/23 21:52:26 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2003/09/28 00:03:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/03/25 15:50:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2008/03/25 15:50:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2007/01/20 17:46:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2007/07/26 15:14:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2009/04/01 12:00:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2005/03/14 09:18:37 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\GTek
[2002/09/24 05:29:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBM
[2003/09/28 00:03:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Identities
[2005/12/21 14:37:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2003/09/28 00:03:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterTrust
[2009/04/18 10:30:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/25 17:48:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2006/05/14 14:56:37 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2005/01/23 18:19:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2009/04/23 21:52:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2003/09/28 00:03:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PerSys
[2004/01/21 21:56:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2009/04/05 15:13:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2006/09/30 15:59:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2007/06/15 18:54:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2008/03/25 15:50:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/09/12 11:50:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/04/03 06:42:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2009/04/25 15:11:25 | 00,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job
[2002/08/29 20:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/04/25 16:15:35 | 00,000,880 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachine.job
[2009/04/25 16:14:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Custom Scans ==========


< %systemroot%\System32\antiwpa.dll >

< %systemroot%\SYSTEM32\wpa.dll >

< %systemroot%\setup\scripts\biestart.exe >

< %systemroot%\system32\drivers\royal.sys >

< %SYSTEMDRIVE%\*. >
[2009/04/25 16:17:11 | 00,000,000 | ---D | M] -- C:
[2007/12/11 21:00:56 | 00,000,000 | ---D | M] -- C:\$user
[2007/07/23 00:02:21 | 00,000,000 | RH-D | M] -- C:\$VAULT$.AVG
[2009/04/25 16:11:53 | 00,000,000 | ---D | M] -- C:\_OTMoveIt
[2003/04/09 00:51:15 | 00,000,000 | ---D | M] -- C:\a
[2005/09/12 11:03:23 | 00,000,000 | ---D | M] -- C:\buffalo
[2005/09/12 11:57:41 | 00,000,000 | ---D | M] -- C:\cisco update
[2003/03/31 21:18:07 | 00,000,000 | RHSD | M] -- C:\cmdcons
[2003/04/09 00:51:15 | 00,000,000 | ---D | M] -- C:\Diners
[2003/10/26 06:44:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings
[2007/08/18 23:55:25 | 00,000,000 | ---D | M] -- C:\Drivers
[2003/04/01 05:46:19 | 00,000,000 | ---D | M] -- C:\i387
[2002/09/24 03:03:46 | 00,000,000 | ---D | M] -- C:\Infoprint
[2007/12/11 21:00:58 | 00,000,000 | ---D | M] -- C:\lotus
[2006/02/25 22:49:59 | 00,000,000 | ---D | M] -- C:\My Shared Folder
[2007/12/11 21:01:00 | 00,000,000 | ---D | M] -- C:\Notes
[2003/04/09 00:51:19 | 00,000,000 | ---D | M] -- C:\NotesBackup
[2002/09/25 06:34:34 | 00,000,000 | ---D | M] -- C:\NotesSQL
[2003/04/09 00:33:43 | 00,000,000 | ---D | M] -- C:\Personal
[2002/09/24 03:16:28 | 00,000,000 | ---D | M] -- C:\pkware
[2003/03/31 22:05:56 | 00,000,000 | -H-D | M] -- C:\pnp
[2009/04/25 16:11:25 | 00,000,000 | ---D | M] -- C:\Program Files
[2003/04/01 03:34:17 | 00,000,000 | -HSD | M] -- C:\RECYCLER
[2009/04/24 22:40:23 | 00,000,000 | ---D | M] -- C:\Rooter$
[2009/04/25 16:14:57 | 00,000,000 | ---D | M] -- C:\sdwork
[2005/01/22 14:21:14 | 00,000,000 | ---D | M] -- C:\swd
[2003/03/31 21:16:48 | 00,000,000 | -HSD | M] -- C:\System Volume Information
[2002/09/24 03:32:28 | 00,000,000 | ---D | M] -- C:\Temp Fonts
[2003/04/09 01:42:15 | 00,000,000 | ---D | M] -- C:\tgcache
[2002/09/24 03:21:28 | 00,000,000 | ---D | M] -- C:\Utilities
[2009/04/25 16:14:49 | 00,000,000 | ---D | M] -- C:\WINDOWS
[2005/03/14 09:47:39 | 00,000,000 | ---D | M] -- C:\WUTemp
[2003/03/31 21:18:49 | 00,000,000 | ---D | M] -- C:\wxpdrive

< %PROGRAMFILES%\*. >
[2009/04/25 16:11:25 | 00,000,000 | ---D | M] -- C:\Program Files
[2003/09/27 23:42:23 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2002/09/25 02:59:50 | 00,000,000 | ---D | M] -- C:\Program Files\AFP Workbench 32
[2006/07/09 06:31:27 | 00,000,000 | ---D | M] -- C:\Program Files\aod
[2007/01/20 17:46:31 | 00,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2005/01/22 14:21:14 | 00,000,000 | ---D | M] -- C:\Program Files\AT&T Network Client
[2003/03/31 21:22:23 | 00,000,000 | ---D | M] -- C:\Program Files\AT&T Network Client Install
[2005/09/12 11:10:48 | 00,000,000 | ---D | M] -- C:\Program Files\BUFFALO
[2009/04/25 16:16:05 | 00,000,000 | ---D | M] -- C:\Program Files\C4ebreg
[2006/04/09 16:03:19 | 00,000,000 | ---D | M] -- C:\Program Files\CASIO
[2008/10/23 00:27:01 | 00,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/01/25 17:44:29 | 00,000,000 | ---D | M] -- C:\Program Files\Circle Developement
[2006/01/16 16:39:38 | 00,000,000 | ---D | M] -- C:\Program Files\Cisco Systems
[2007/09/28 16:16:22 | 00,000,000 | ---D | M] -- C:\Program Files\Citrix
[2009/04/05 15:13:53 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2002/09/12 11:51:13 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2006/04/02 14:54:46 | 00,000,000 | ---D | M] -- C:\Program Files\Convar
[2006/11/23 12:15:49 | 00,000,000 | ---D | M] -- C:\Program Files\DAP
[2005/01/14 15:25:32 | 00,000,000 | ---D | M] -- C:\Program Files\directx
[2008/06/16 00:01:41 | 00,000,000 | ---D | M] -- C:\Program Files\DivX
[2004/10/31 20:05:56 | 00,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2007/06/15 18:57:39 | 00,000,000 | ---D | M] -- C:\Program Files\EPSON
[2002/09/21 01:48:54 | 00,000,000 | ---D | M] -- C:\Program Files\EuroTool
[2006/05/17 18:39:05 | 00,000,000 | ---D | M] -- C:\Program Files\Free iPod Video Converter
[2009/04/05 15:19:27 | 00,000,000 | ---D | M] -- C:\Program Files\Google
[2007/07/26 15:14:11 | 00,000,000 | ---D | M] -- C:\Program Files\Grisoft
[2003/01/29 23:29:20 | 00,000,000 | ---D | M] -- C:\Program Files\IBM
[2003/06/18 22:38:06 | 00,000,000 | ---D | M] -- C:\Program Files\IBM SalesPack
[2008/10/22 21:40:21 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/04/18 11:39:03 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2007/01/20 17:52:12 | 00,000,000 | ---D | M] -- C:\Program Files\iPod
[2008/03/25 14:54:34 | 00,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2007/01/20 17:52:36 | 00,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/04/21 21:52:02 | 00,000,000 | ---D | M] -- C:\Program Files\Java
[2004/04/03 21:24:43 | 00,000,000 | ---D | M] -- C:\Program Files\JavaSoft
[2007/10/21 20:45:13 | 00,000,000 | ---D | M] -- C:\Program Files\KODAK
[2005/10/12 22:18:15 | 00,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2007/10/21 20:45:13 | 00,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2002/09/24 03:45:25 | 00,000,000 | ---D | M] -- C:\Program Files\Lotus
[2004/04/09 18:48:48 | 00,000,000 | ---D | M] -- C:\Program Files\Lycos
[2009/04/18 10:30:39 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2007/01/02 15:32:13 | 00,000,000 | ---D | M] -- C:\Program Files\Maxis
[2005/03/02 18:18:14 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/02/28 13:34:03 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger Plus! Live
[2003/04/01 05:48:23 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2006/01/16 15:37:16 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft AntiSpyware
[2002/09/12 11:59:44 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2007/12/11 22:01:12 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2004/10/17 20:26:23 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Windows Script
[2003/03/31 21:21:47 | 00,000,000 | ---D | M] -- C:\Program Files\MobSetup
[2007/10/21 20:45:18 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/04/25 16:17:11 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2007/12/11 22:00:28 | 00,000,000 | ---D | M] -- C:\Program Files\MSECache
[2004/08/29 11:07:44 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Apps
[2002/09/12 11:50:17 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/01/25 17:44:26 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Messenger
[2004/05/11 17:27:08 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/03/08 14:43:39 | 00,000,000 | ---D | M] -- C:\Program Files\Norton Security Scan
[2002/09/12 11:54:33 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services
[2004/05/11 17:37:37 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2002/09/24 04:05:33 | 00,000,000 | ---D | M] -- C:\Program Files\PerSys
[2005/05/04 17:35:25 | 00,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2007/01/20 17:49:25 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2003/04/02 00:15:41 | 00,000,000 | ---D | M] -- C:\Program Files\Real
[2009/04/05 15:13:57 | 00,000,000 | R--D | M] -- C:\Program Files\Skype
[2003/09/27 23:35:15 | 00,000,000 | ---D | M] -- C:\Program Files\Snapshot Viewer
[2006/09/30 16:10:49 | 00,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2002/10/10 06:00:46 | 00,000,000 | ---D | M] -- C:\Program Files\Stampede
[2009/01/18 21:02:50 | 00,000,000 | ---D | M] -- C:\Program Files\Starcraft
[2004/04/13 22:58:00 | 00,000,000 | ---D | M] -- C:\Program Files\StreamCast
[2006/01/16 16:01:26 | 00,000,000 | ---D | M] -- C:\Program Files\Symantec
[2003/03/31 21:22:19 | 00,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2003/03/31 21:22:12 | 00,000,000 | ---D | M] -- C:\Program Files\ThinkPad
[2002/09/25 05:16:52 | 00,000,000 | ---D | M] -- C:\Program Files\Tivoli
[2009/04/22 21:51:48 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2002/09/12 12:06:58 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2007/06/08 13:46:46 | 00,000,000 | ---D | M] -- C:\Program Files\utorrent
[2008/03/06 23:32:39 | 00,000,000 | ---D | M] -- C:\Program Files\Vernier Software
[2008/03/25 15:50:50 | 00,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2003/09/27 23:32:41 | 00,000,000 | ---D | M] -- C:\Program Files\VViewer
[2004/04/16 22:21:13 | 00,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2003/02/07 01:05:55 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Journal Viewer
[2009/01/25 17:44:26 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2007/10/21 20:45:19 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2002/09/12 11:50:13 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/10/30 12:07:28 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2007/07/02 00:30:43 | 00,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2008/05/21 19:00:41 | 00,000,000 | ---D | M] -- C:\Program Files\WST
[2002/09/12 11:59:45 | 00,000,000 | ---D | M] -- C:\Program Files\xerox
[2002/09/24 21:54:40 | 00,000,000 | ---D | M] -- C:\Program Files\ZapNotes
[2003/08/14 10:50:41 | 00,000,000 | ---D | M] -- C:\Program Files\Zone Labs
< End of report >

----------------------------------------

OTListIt Extras logfile created on: 4/25/2009 4:26:40 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.98 Mb Total Physical Memory | 272.89 Mb Available Physical Memory | 53.41% Memory free
1.22 Gb Paging File | 1.01 Gb Available in Paging File | 82.88% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 1.13 Gb Free Space | 3.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: T30
Current User Name: hmong
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"IBMconfig" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{113EECD6-9A04-11D4-811D-00805F923B86}" = Lotus NotesSQL 3.01 driver
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2C82A426-15DA-11D4-AC4E-000629F40F93}" = Personal System Configuration
"{314F6D08-A8B7-11D8-8446-0050BA1D384D}" = EPSON Image Clip Palette
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FFC2A8F-16B1-11D4-AC4E-000629F40F93}" = Mobile IP Address SetUp
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{48B82226-75E3-4E90-92CC-D30F79EA6380}" = Norton Security Scan
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{50D8FFDD-90CD-4859-841F-AA1961C7767A}" = QuickTime
"{536D6172-7453-7569-7465-392E37300409}" = Lotus SmartSuite - English
"{53A93780-6073-4207-A729-A99A30AFDE40}" = AFP Workbench for Windows
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{70B45586-B51E-4947-A258-A895596C5CED}" = Photo Loader 2.3E
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{810F9D75-E0B8-4350-87D2-A9F91249C96D}" = IBM SalesPack for e-business on demand
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad UltraNav Wizard
"{82AC0022-A41B-4642-B003-D254ED0809D6}" = IBM Personal Communications
"{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}" = Garena
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{94F9723E-900A-43C5-8F4E-AD2D2ED09273}" = Microsoft Visio Viewer 2002
"{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}" = Apple Software Update
"{AB246327-D9BA-4D93-A620-A149D0260D05}" = IBM System Migration Assistant 3.1
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{E7B7F75E-A83B-4F09-91B4-44E2156524D1}" = Logger Pro 3.4.6
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AT&T Network Client {C:,PROGRA~1,AT&TNE~1,}" = AT&T Network Client
"ATI Display Driver" = ATI Display Driver
"CBPRstor" = IBM Migration Restore Assistant for ISCI
"CCleaner" = CCleaner (remove only)
"CiscoInstallWizard" = Cisco Aironet Installation Wizard
"ColorNick" = ColorNick v2 plugin for Messenger Plus!
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESCX4700_4100 User's Guide" = ESCX4700_4100 User's Guide
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.26
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"hp deskjet 630c series_Driver" = hp deskjet 630c series
"Infoprint Select" = Infoprint Select
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"ISCI25dc" = ISCI Documentation
"JRE 1.3.1_04" = Java 2 Runtime Environment Standard Edition v1.3.1_04
"LimeWire" = LimeWire 4.10.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live & Sponsor (CiD)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Mozilla Firefox (3.0.9)" = Mozilla Firefox (3.0.9)
"MsgPlus! Plugin" = Messenger Plus! 3
"MSN Toolbar" = MSN Toolbar
"Netscape Communicator 4.75" = Netscape Communicator 4.75
"Network Play System (Patching)" = Network Play System (Patching)
"oeupdate" = Outlook Express Q837009
"Picasa2" = Picasa 2
"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
"PPTView97" = Microsoft PowerPoint Viewer 97
"Presentation Director" = IBM ThinkPad Presentation Director
"PROSet" = Intel® PRO Ethernet Adapter and Software
"Q322011" = Windows XP Hotfix (SP2) Q322011
"Q327979" = Windows XP Hotfix (SP2) Q327979
"Q328310" = Windows XP Hotfix (SP2) Q328310
"Q329048" = Windows XP Hotfix (SP2) [See Q329048 for more information]
"Q329115" = Windows XP Hotfix (SP2) [See Q329115 for more information]
"Q329170" = Windows XP Hotfix (SP2) Q329170
"Q329390" = Windows XP Hotfix (SP2) [See Q329390 for more information]
"Q329581" = Windows XP Hotfix (SP2) [See Q329581 for more information]
"Q329834" = Windows XP Hotfix (SP2) [See Q329834 for more information]
"Q810565" = Windows XP Hotfix (SP2) Q810565
"Q810577" = Windows XP Hotfix (SP2) Q810577
"Q810833" = Windows XP Hotfix (SP2) Q810833
"Q815021" = Windows XP Hotfix (SP2) Q815021
"Sametime Client v3.1" = Sametime Client v3.1
"Shockwave" = Shockwave
"Snapshot Viewer 9.0" = Snapshot Viewer 9.0
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Starcraft" = Starcraft
"StuffPlug-NG" = StuffPlug-NG (Messenger Plus! Plugins)
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"ThinkPad Configuration" = IBM ThinkPad Configuration
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinGTK-2_is1" = GTK+ 2.10.6-1 runtime environment
"WinRAR archiver" = WinRAR archiver
"Workstation Security Tool_is1" = Workstation Security Tool v1.4.3
"XLViewer97" = Microsoft Excel Viewer 97
"ZapNotes" = ZapNotes

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/13/2008 4:54:09 AM | Computer Name = T30 | Source = Userenv | ID = 1068
Description = Windows ended GPO processing because the computer shut down or the
user logged off.

Error - 10/28/2008 1:31:29 PM | Computer Name = T30 | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application winword.exe, version 10.0.5522.0, faulting module
winword.exe, version 10.0.5522.0, fault address 0x0010640d.

Error - 10/29/2008 9:00:06 AM | Computer Name = T30 | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 7.0.2.16, faulting module
ntdll.dll, version 5.1.2600.1217, fault address 0x00007bd2.

Error - 10/31/2008 9:24:43 PM | Computer Name = T30 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting
module mshtml.dll, version 6.0.2800.1476, fault address 0x000ec056.

Error - 1/18/2009 9:41:26 AM | Computer Name = T30 | Source = Application Error | ID = 1000
Description = Faulting application ~tmpc.exe, version 0.0.0.0, faulting module ~tmpc.exe,
version 0.0.0.0, fault address 0x0000131b.

Error - 1/29/2009 6:59:44 AM | Computer Name = T30 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting
module ntdll.dll, version 5.1.2600.1217, fault address 0x00019ecd.

Error - 4/5/2009 3:02:21 AM | Computer Name = T30 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting
module ntdll.dll, version 5.1.2600.1217, fault address 0x00019ecd.

Error - 4/5/2009 3:02:35 AM | Computer Name = T30 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting
module ntdll.dll, version 5.1.2600.1217, fault address 0x00019ecd.

Error - 4/14/2009 8:50:48 AM | Computer Name = T30 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting
module toolbar.dll, version 10.3.75.0, fault address 0x0003a199.

Error - 4/25/2009 12:08:30 AM | Computer Name = T30 | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfDisk"
in
the "C:\WINDOWS\system32\perfdisk.dll" Library to finish has expired. There may
be a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.

[ System Events ]
Error - 4/17/2009 11:45:19 PM | Computer Name = T30 | Source = Service Control Manager | ID = 7000
Description = The My Web Search Service service failed to start due to the following
error: %%3

Error - 4/17/2009 11:45:19 PM | Computer Name = T30 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
mraid35x
PCIIde
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 4/18/2009 12:27:21 AM | Computer Name = T30 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 4/18/2009 9:23:34 PM | Computer Name = T30 | Source = Service Control Manager | ID = 7000
Description = The My Web Search Service service failed to start due to the following
error: %%3

Error - 4/21/2009 9:40:15 AM | Computer Name = T30 | Source = Service Control Manager | ID = 7000
Description = The My Web Search Service service failed to start due to the following
error: %%3

Error - 4/21/2009 9:40:15 AM | Computer Name = T30 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
mraid35x
PCIIde
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 4/22/2009 9:34:38 AM | Computer Name = T30 | Source = Service Control Manager | ID = 7031
Description = The Google Updater Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 900000 milliseconds:
Restart the service.

Error - 4/25/2009 4:12:47 AM | Computer Name = T30 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 4/25/2009 4:16:05 AM | Computer Name = T30 | Source = Service Control Manager | ID = 7000
Description = The My Web Search Service service failed to start due to the following
error: %%3

Error - 4/25/2009 4:16:05 AM | Computer Name = T30 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
mraid35x
PCIIde
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde


< End of report >

how do the logs look? the random cpu usage surges haven't occurred today (yet).

Edited by madnessman, 25 April 2009 - 02:55 AM.

  • 0

#8
Rorschach112
Posted 25 April 2009 - 04:43 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hello

Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
SRV - (MyWebSearchService [Auto | Stopped]) -- File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (c:\windows\system32\wamujibo.dll) - c:\windows\system32\wamujibo.dll File not found
MsConfig - StartUpReg: 5cc09d41 - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemRoot%\System32\yolevebi.DLL File not found
MsConfig - StartUpReg: Bar - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSAwH8Xe.exe File not found
MsConfig - StartUpReg: Cognac - hkey=HKCU - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~tmpc.exe File not found
MsConfig - StartUpReg: CPM5ff3aedd - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemRoot%\system32\wahenoho.DLL File not found
MsConfig - StartUpReg: le2o - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemRoot%\System32\le2o.exe File not found
MsConfig - StartUpReg: MSFox - hkey=HKCU - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\a.exe File not found
MsConfig - StartUpReg: My Web Search Bar - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemDrive%\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL File not found
MsConfig - StartUpReg: MyWebSearch Email Plugin - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemDrive%\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe File not found
MsConfig - StartUpReg: MyWebSearch Plugin - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemDrive%\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL File not found
MsConfig - StartUpReg: pajibugalu - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemRoot%\System32\gusilaji.DLL File not found
MsConfig - StartUpReg: ZangoOE - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %ProgramFiles%\Zango\bin\10.3.75.0\OEAddOn.exe File not found
MsConfig - StartUpReg: ZangoSA - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %ProgramFiles%\Zango\bin\10.3.75.0\ZangoSA.exe File not found
[2009/04/01 12:05:52 | 01,417,531 | -HS- | C] () -- C:\WINDOWS\System32\atupajiz.ini
[2009/03/28 16:00:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Zango
[2009/01/16 18:57:49 | 00,049,152 | -HS- | C] () -- C:\WINDOWS\System32\tukowohu.dll
[2009/01/11 12:52:55 | 00,049,152 | -HS- | C] () -- C:\WINDOWS\System32\fevukoze.dll
[2009/01/07 17:02:56 | 00,087,552 | -HS- | C] () -- C:\WINDOWS\System32\degiwiku.dll
[2009/01/05 12:19:22 | 00,087,552 | -HS- | C] () -- C:\WINDOWS\System32\livazojo.dll
[2009/01/04 13:36:22 | 00,087,552 | -HS- | C] () -- C:\WINDOWS\System32\jebuhike.dll
[2009/01/02 18:50:33 | 00,049,152 | -HS- | C] () -- C:\WINDOWS\System32\vikesori.dll
[2009/01/01 12:05:38 | 00,087,552 | -HS- | C] () -- C:\WINDOWS\System32\hapowoko.dll
[2009/04/21 21:39:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\apmctrc.BAK
[2009/04/18 11:41:45 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\dihuyoba
[2009/04/18 09:40:03 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\vegiyemi.exe
[2009/04/11 12:53:27 | 00,049,152 | -HS- | M] () -- C:\WINDOWS\System32\fevukoze.dll
[2009/04/07 17:02:59 | 00,087,552 | -HS- | M] () -- C:\WINDOWS\System32\degiwiku.dll
[2009/04/05 12:19:29 | 00,087,552 | -HS- | M] () -- C:\WINDOWS\System32\livazojo.dll
[2009/04/04 13:36:26 | 00,087,552 | -HS- | M] () -- C:\WINDOWS\System32\jebuhike.dll
[2009/04/02 18:51:04 | 00,049,152 | -HS- | M] () -- C:\WINDOWS\System32\vikesori.dll
[2009/04/02 18:49:53 | 01,417,531 | -HS- | M] () -- C:\WINDOWS\System32\atupajiz.ini
[2009/04/01 12:05:40 | 00,087,552 | -HS- | M] () -- C:\WINDOWS\System32\hapowoko.dll
[2005/05/07 14:04:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.bittorrent
[2007/06/08 20:01:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2008/03/25 15:59:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Viewpoint
[2009/03/28 16:04:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Zango

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time, and don't run the Custom Scan )

  • 0

#9
madnessman
Posted 25 April 2009 - 02:42 PM

madnessman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
========== OTLISTIT ==========
Process explorer.exe killed successfully!

Service\Driver MyWebSearchService deleted successfully.
File File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\wamujibo.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\5cc09d41\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Bar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Cognac\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\CPM5ff3aedd\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\le2o\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\MSFox\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\My Web Search Bar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\MyWebSearch Email Plugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\MyWebSearch Plugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\pajibugalu\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ZangoOE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ZangoSA\ deleted successfully.
C:\WINDOWS\System32\atupajiz.ini moved successfully.
C:\Documents and Settings\Administrator\Application Data\Zango moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\tukowohu.dll
C:\WINDOWS\System32\tukowohu.dll NOT unregistered.
C:\WINDOWS\System32\tukowohu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\fevukoze.dll
C:\WINDOWS\System32\fevukoze.dll NOT unregistered.
C:\WINDOWS\System32\fevukoze.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\degiwiku.dll
C:\WINDOWS\System32\degiwiku.dll NOT unregistered.
C:\WINDOWS\System32\degiwiku.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\livazojo.dll
C:\WINDOWS\System32\livazojo.dll NOT unregistered.
C:\WINDOWS\System32\livazojo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\jebuhike.dll
C:\WINDOWS\System32\jebuhike.dll NOT unregistered.
C:\WINDOWS\System32\jebuhike.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\vikesori.dll
C:\WINDOWS\System32\vikesori.dll NOT unregistered.
C:\WINDOWS\System32\vikesori.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\hapowoko.dll
C:\WINDOWS\System32\hapowoko.dll NOT unregistered.
C:\WINDOWS\System32\hapowoko.dll moved successfully.
C:\WINDOWS\System32\apmctrc.BAK moved successfully.
C:\WINDOWS\System32\dihuyoba moved successfully.
C:\WINDOWS\System32\vegiyemi.exe moved successfully.
File C:\WINDOWS\System32\fevukoze.dll not found.
File C:\WINDOWS\System32\degiwiku.dll not found.
File C:\WINDOWS\System32\livazojo.dll not found.
File C:\WINDOWS\System32\jebuhike.dll not found.
File C:\WINDOWS\System32\vikesori.dll not found.
File C:\WINDOWS\System32\atupajiz.ini not found.
File C:\WINDOWS\System32\hapowoko.dll not found.
Folder C:\Documents and Settings\Administrator\Application Data\.bittorrent not found.
C:\Documents and Settings\Administrator\Application Data\uTorrent moved successfully.
C:\Documents and Settings\Administrator\Application Data\Viewpoint moved successfully.
Folder C:\Documents and Settings\Administrator\Application Data\Zango not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\~DF8E68.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\~DF8E93.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\~DFD49A.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\~DFD4C7.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YR4Z0V2F\ShowLetter[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\M8QDVHOS\search[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\EHKJQ5QT\ads[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\E7471A3U\{C5A6B046-2067-45A2-B609-E1D730642BDA}[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_650.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 04262009_043603

Files moved on Reboot...
File C:\Documents and Settings\Administrator\Local Settings\Temp\~DF8E68.tmp not found!
File C:\Documents and Settings\Administrator\Local Settings\Temp\~DF8E93.tmp not found!
File C:\Documents and Settings\Administrator\Local Settings\Temp\~DFD49A.tmp not found!
File C:\Documents and Settings\Administrator\Local Settings\Temp\~DFD4C7.tmp not found!
File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YR4Z0V2F\ShowLetter[1]. not found!
File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\M8QDVHOS\search[1]. not found!
File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\EHKJQ5QT\ads[1]. not found!
File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\E7471A3U\{C5A6B046-2067-45A2-B609-E1D730642BDA}[1]. not found!
File C:\WINDOWS\temp\Perflib_Perfdata_650.dat not found!

Registry entries deleted on Reboot...
  • 0

#10
Rorschach112
Posted 26 April 2009 - 12:06 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
post a new OTL log
  • 0

Advertisements

#11
Rorschach112
Posted 30 April 2009 - 09:25 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#12
Rorschach112
Posted 02 May 2009 - 07:44 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
post the logs
  • 0

#13
madnessman
Posted 02 May 2009 - 09:03 AM

madnessman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
sorry for the delay and thanks again for your help.

OTListIt logfile created on: 5/2/2009 8:07:54 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.98 Mb Total Physical Memory | 312.21 Mb Available Physical Memory | 61.10% Memory free
1.22 Gb Paging File | 1.06 Gb Available in Paging File | 86.64% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 1.22 Gb Free Space | 3.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: T30
Current User Name: hmong
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\ibmpmsvc.exe ()
PRC - C:\WINDOWS\System32\drivers\trcboot.exe ()
PRC - C:\WINDOWS\System32\Ati2evxx.exe ()
PRC - C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE (IBM Corporation)
PRC - C:\Program Files\c4ebreg\isamsmt.exe (IBM Global Services)
PRC - c:\sdwork\issimsvc.exe (IBM Global Services)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\AT&T Network Client\NetCfgSv.EXE (AT&T)
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\c4ebreg\c4ebreg.exe (IBM Global Services)
PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe ()
PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe (IBM Corporation)
PRC - C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
PRC - C:\WINDOWS\System32\drivers\ldlcserv.exe ()
PRC - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\CASIO\Photo Loader\Plauto.exe (CASIO COMPUTER CO.,LTD.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
PRC - C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe ()
SRV - (gupdate1c9b5be3f1d6640 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IBMPMSVC [Auto | Running]) -- C:\WINDOWS\System32\ibmpmsvc.exe ()
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
SRV - (Irmon [Auto | Running]) -- C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
SRV - (ISAMsmt [Auto | Running]) -- C:\Program Files\c4ebreg\isamsmt.exe (IBM Global Services)
SRV - (ISSIMon [Auto | Running]) -- c:\sdwork\issimsvc.exe (IBM Global Services)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (ldlcserv [Auto | Running]) -- C:\WINDOWS\System32\drivers\ldlcserv.exe ()
SRV - (NetCfgSvr [Auto | Running]) -- C:\Program Files\AT&T Network Client\NetCfgSv.EXE (AT&T)
SRV - (TrcBoot [Auto | Running]) -- C:\WINDOWS\System32\drivers\trcboot.exe ()
SRV - (uploadmgr [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (Anydlc [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\anydlc.sys ()
DRV - (Appn [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\appn.sys ()
DRV - (AppnApi [Auto | Running]) -- C:\WINDOWS\System32\drivers\appnapi.sys ()
DRV - (AppnBase [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\AppnBase.sys ()
DRV - (asc [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (avpnnic [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\avpnnic.sys (AT&T)
DRV - (BUFADPT [System | Running]) -- C:\WINDOWS\System32\BUFADPT.SYS (BUFFALO INC.)
DRV - (bwcdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\bwcdrv.sys (MELCO INC.)
DRV - (CBBCM43 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (ESSIDSET [On_Demand | Stopped]) -- C:\WINDOWS\System32\ESSIDSET.SYS (MELCO INC.)
DRV - (FsVga [System | Running]) -- C:\WINDOWS\System32\DRIVERS\fsvga.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (gwiopm [On_Demand | Stopped]) -- C:\Program Files\WST\gwiopm.sys ()
DRV - (IBMPMDRV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys ()
DRV - (IBMTRP [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\IBMTRP.SYS (IBM Corporation)
DRV - (KLOGNT [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\klognt.sys ()
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (NPPTNT [System | Running]) -- C:\WINDOWS\System32\npptNT.sys (INCA Internet Co., Ltd.)
DRV - (NPPTNT2 [System | Running]) -- C:\WINDOWS\System32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (NSCIRDA [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nscirda.sys (National Semiconductor Corporation)
DRV - (NsTrcNT [Auto | Running]) -- C:\WINDOWS\System32\drivers\nstrcnt.sys ()
DRV - (PCX504 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\PCX504.sys (Cisco Systems)
DRV - (pdlnacom [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnacom.sys ()
DRV - (pdlnafac [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnafac.sys ()
DRV - (pdlnatcm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnatcm.sys ()
DRV - (pdlnatdl [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnatdl.sys ()
DRV - (pdlncbas [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlncbas.sys ()
DRV - (pdlncfwk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlncfwk.sys ()
DRV - (pdlnctdl [Auto | Running]) -- C:\WINDOWS\System32\drivers\pdlnctdl.sys ()
DRV - (pdlndint [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlndint.sys ()
DRV - (pdlndldl [Auto | Running]) -- C:\WINDOWS\System32\drivers\pdlndldl.sys ()
DRV - (pdlndlpb [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlndlpb.sys ()
DRV - (pdlndoem [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlndoem.sys ()
DRV - (pdlndqll [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlndqll.sys ()
DRV - (pdlndsdl [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlndsdl.sys ()
DRV - (pdlndtdl [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlndtdl.sys ()
DRV - (pdlnebas [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnebas.sys ()
DRV - (pdlnecfg [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnecfg.sys ()
DRV - (pdlnemap [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnemap.sys ()
DRV - (pdlnemsg [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnemsg.sys ()
DRV - (pdlnepkt [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnepkt.sys ()
DRV - (pdlnshay [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnshay.sys ()
DRV - (pdlnslea [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnslea.sys ()
DRV - (pdlnsv25 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnsv25.sys ()
DRV - (pdlnsx25 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnsx25.sys ()
DRV - (PMEM [Auto | Running]) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (S3Inc [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s3mt3d.sys (S3 Incorporated)
DRV - (SE2Bbus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SE2Bbus.sys (MCCI)
DRV - (SE2Bmdfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SE2Bmdfl.sys (MCCI)
DRV - (SE2Bmdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SE2Bmdm.sys (MCCI)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys ()
DRV - (sfdrv01 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (sfvfs02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Smapint [System | Running]) -- C:\WINDOWS\System32\drivers\Smapint.sys (Microsoft Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (TDSMAPI [System | Running]) -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS ()
DRV - (TPHKDRV [System | Running]) -- C:\WINDOWS\System32\drivers\TPHKDRV.sys (IBM Corporation)
DRV - (TPPWR [System | Running]) -- C:\WINDOWS\System32\drivers\Tppwr.sys (IBM Corp.)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (WinDriver6 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\windrvr6.sys (Jungo)
DRV - (wlluc48 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wlluc48.sys (Lucent Technologies)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w3.ibm.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.../winsearch.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.sg/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = w3.ibm.com;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/04/21 21:52:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/01 09:16:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/29 20:56:29 | 00,000,000 | ---D | M]

[2008/12/08 16:05:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2008/12/08 16:05:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2006/01/16 16:15:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\b88361cj.default\extensions
[2009/04/30 23:27:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/29 20:56:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/21 21:54:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/29 20:56:01 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/29 20:56:02 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/08 16:04:17 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/08 16:04:17 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/08 16:04:17 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/08 16:04:17 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/08 16:04:17 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/08 16:04:17 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/08 16:04:17 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (1068 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O1 - Hosts: anner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx ()
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ACUMon] "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe" -a (Cisco Systems, Inc.)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ATIModeChange] Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [C4EBReg] "C:\Program Files\c4ebreg\c4ebreg.exe" /q (IBM Global Services)
O4 - HKLM..\Run: [CPM5ff3aedd] Rundll32.exe "C:\WINDOWS\System32\degiwiku.dll",a File not found
O4 - HKLM..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB002" /M "Stylus CX4100" (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ISAM SMT Service] "C:\Program Files\c4ebreg\isamsmt.exe" (IBM Global Services)
O4 - HKLM..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe" (IBM Global Services)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Computer, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TCms.exe] C:\docume~1\admini~1\locals~1\temp\TCms.exe File not found
O4 - HKLM..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe (Lotus Development Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe (CASIO COMPUTER CO.,LTD.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKCU\..Trusted Sites: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: 82 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} http://a1540.g.akama...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7658.3445023148 (Update Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.3.1_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{9DA90235-1EF4-46D8-A6F5-0E46C6A975F7}\\Domain = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{9DF0BAF2-D7F8-468E-BAD0-8482C68E2C19}\\Domain = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{9DF0BAF2-D7F8-468E-BAD0-8482C68E2C19}\\NameServer = 165.21.100.88,165.21.83.88
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (cswGina.dll) - C:\WINDOWS\system32\cswGina.dll (Cisco Systems, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll ()
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jebuhike.dll File not found
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - c:\windows\system32\jebuhike.dll File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/05/02 20:07:26 | 31,928,474 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\crazy3.wav
[2009/05/02 20:01:42 | 03,969,058 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\crazy2.wav
[2009/05/01 12:24:58 | 00,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk
[2009/05/01 12:24:58 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus QuickStart.lnk
[2009/04/30 22:22:06 | 02,646,058 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\crazy.wav
[2009/04/30 22:12:04 | 01,323,058 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\blank.wav
[2009/04/29 22:08:39 | 05,394,613 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\17 I Believe.mp3
[2009/04/28 23:25:41 | 00,700,210 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\summertime.wav
[2009/04/28 23:15:42 | 00,028,058 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\What the....wav
[2009/04/26 04:36:03 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/25 16:24:28 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/04/25 16:11:53 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/04/25 16:10:43 | 00,389,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTMoveIt3.exe
[2009/04/24 22:37:02 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/24 22:36:57 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Rooter.exe
[2009/04/23 21:52:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009/04/23 21:52:13 | 01,561,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\MGADiag.exe
[2009/04/22 21:51:48 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/04/22 21:51:48 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/22 21:51:37 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2009/04/18 10:30:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/04/18 10:30:29 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/18 10:30:29 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/18 10:30:25 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/18 10:30:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/18 10:30:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/16 23:26:00 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\~$unt EC-Taxi.DOC
[2009/04/16 23:24:08 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Count EC-Taxi.DOC
[2009/04/05 17:58:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2009/04/05 15:17:38 | 00,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/04/05 15:15:09 | 00,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/04/05 15:13:59 | 00,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/04/05 15:13:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/04/05 15:13:46 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2008/08/11 23:17:27 | 00,001,795 | ---- | C] () -- C:\WINDOWS\ActivStats.INI
[2007/06/15 18:49:30 | 00,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/06/15 18:45:43 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX4100EC.ini
[2006/04/02 14:54:46 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2006/01/16 16:38:36 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\CInsX500.dll
[2006/01/03 22:19:00 | 00,000,637 | ---- | C] () -- C:\WINDOWS\System32\msexcr.ini
[2006/01/02 01:50:17 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/10/29 21:20:48 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/09/12 11:03:35 | 00,044,869 | ---- | C] () -- C:\WINDOWS\UN800101.INI
[2005/05/21 10:29:40 | 00,000,047 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/06/06 16:07:02 | 00,000,030 | ---- | C] () -- C:\WINDOWS\Morphexe.INI
[2004/05/16 15:45:35 | 00,013,242 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/04/06 19:26:18 | 00,000,039 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/07/29 13:57:19 | 00,327,680 | R--- | C] () -- C:\WINDOWS\System32\psctsnmp.dll
[2003/04/12 03:31:29 | 00,000,224 | ---- | C] () -- C:\WINDOWS\Netscape.INI
[2003/04/01 23:40:45 | 00,000,543 | ---- | C] () -- C:\WINDOWS\PKZIPW.INI
[2003/04/01 05:49:15 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/03/31 21:21:30 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2003/03/31 21:19:57 | 00,010,009 | ---- | C] () -- C:\WINDOWS\agnslang.ini
[2003/03/31 21:19:14 | 00,051,959 | ---- | C] () -- C:\WINDOWS\System32\SynUnst.ini
[2003/03/31 21:19:14 | 00,007,052 | ---- | C] () -- C:\WINDOWS\System32\SynTPEnh.ini
[2003/03/31 21:19:12 | 00,110,836 | ---- | C] () -- C:\WINDOWS\System32\SynTP.ini
[2003/03/31 21:19:12 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2003/03/31 21:19:09 | 00,002,336 | ---- | C] () -- C:\WINDOWS\System32\IBM_DP.ini
[2003/03/31 21:19:09 | 00,000,110 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2003/02/07 02:58:36 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/16 10:29:49 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\tgreg32.dll
[2002/09/24 21:29:22 | 00,000,022 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2002/09/24 05:46:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcscfg.INI
[2002/09/24 05:29:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcsmig.INI
[2002/09/24 03:03:45 | 00,544,768 | ---- | C] () -- C:\WINDOWS\System32\pdclntif.dll
[2002/09/24 03:03:45 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\ipmonnt.dll
[2002/09/24 03:03:45 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\pdresrc.dll
[2002/09/23 22:24:57 | 00,000,261 | RH-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/09/12 14:21:31 | 00,000,508 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/09/12 14:21:13 | 00,000,321 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/09/12 14:20:56 | 00,011,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/06/26 00:59:00 | 00,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[2002/06/26 00:59:00 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
[2002/06/26 00:59:00 | 00,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[2002/06/26 00:58:00 | 00,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[2002/06/26 00:58:00 | 00,000,462 | ---- | C] () -- C:\WINDOWS\lodbf13.ini
[2002/06/26 00:58:00 | 00,000,058 | ---- | C] () -- C:\WINDOWS\loss613.ini
[2002/06/26 00:58:00 | 00,000,058 | ---- | C] () -- C:\WINDOWS\loss09.ini
[2002/06/26 00:58:00 | 00,000,038 | ---- | C] () -- C:\WINDOWS\loidp13.ini
[2002/04/09 23:23:36 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\ibmnpws.dll
[2002/04/09 23:23:36 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\IBMNPMON.DLL
[2002/04/09 23:23:34 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\ibmnpdlg.dll
[2002/03/30 03:12:28 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2001/08/21 14:50:04 | 01,263,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\appn.sys
[2001/08/21 14:50:04 | 00,182,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\appnbase.sys
[2001/08/21 14:50:04 | 00,159,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlncfwk.sys
[2001/08/21 14:50:04 | 00,117,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\appnapi.sys
[2001/08/21 14:50:04 | 00,099,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\llc2.sys
[2001/08/21 14:50:04 | 00,073,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnacom.sys
[2001/08/21 14:50:04 | 00,068,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlndlpb.sys
[2001/08/21 14:50:04 | 00,065,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnemap.sys
[2001/08/21 14:50:04 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlndsdl.sys
[2001/08/21 14:50:04 | 00,058,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnshay.sys
[2001/08/21 14:50:04 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlndldl.sys
[2001/08/21 14:50:04 | 00,057,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnsx25.sys
[2001/08/21 14:50:04 | 00,053,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnsv25.sys
[2001/08/21 14:50:04 | 00,051,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlndqll.sys
[2001/08/21 14:50:04 | 00,050,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlndtdl.sys
[2001/08/21 14:50:04 | 00,049,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnecfg.sys
[2001/08/21 14:50:04 | 00,036,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\anydlc.sys
[2001/08/21 14:50:04 | 00,034,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnafac.sys
[2001/08/21 14:50:04 | 00,023,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\klognt.sys
[2001/08/21 14:50:04 | 00,021,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnslea.sys
[2001/08/21 14:50:04 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnatcm.sys
[2001/08/21 14:50:04 | 00,018,720 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnepkt.sys
[2001/08/21 14:50:04 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlndoem.sys
[2001/08/21 14:50:04 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnatdl.sys
[2001/08/21 14:50:04 | 00,011,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnemsg.sys
[2001/08/21 14:50:04 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlndint.sys
[2001/08/21 14:50:04 | 00,010,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\nstrcnt.sys
[2001/08/21 14:50:04 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnctdl.sys
[2001/08/21 14:50:04 | 00,007,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnebas.sys
[2001/08/21 14:50:04 | 00,005,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlncbas.sys
[1998/10/01 12:00:00 | 01,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1998/10/01 12:00:00 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1997/06/18 12:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/06/18 12:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1979/11/30 07:59:59 | 00,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\ibmpmdrv.sys

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/05/02 20:07:31 | 31,928,474 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\crazy3.wav
[2009/05/02 20:01:43 | 03,969,058 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\crazy2.wav
[2009/05/02 19:56:28 | 00,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/05/02 19:56:27 | 00,000,314 | ---- | M] () -- C:\WINDOWS\tasks\BMMTask.job
[2009/05/01 18:55:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/01 18:55:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/01 18:55:28 | 53,587,5584 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/01 12:27:17 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\apmctrc.BAK
[2009/05/01 12:24:58 | 00,000,508 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/01 12:24:58 | 00,000,321 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/01 12:24:58 | 00,000,297 | RHS- | M] () -- C:\boot.ini
[2009/05/01 12:19:46 | 02,643,154 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/05/01 12:19:26 | 00,000,594 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Sharing Folders.lnk
[2009/05/01 08:24:35 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/04/30 22:22:06 | 02,646,058 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\crazy.wav
[2009/04/30 22:12:04 | 01,323,058 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\blank.wav
[2009/04/30 06:20:29 | 00,002,481 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Excel.lnk
[2009/04/29 22:13:28 | 05,394,613 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\17 I Believe.mp3
[2009/04/28 23:25:43 | 00,700,210 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\summertime.wav
[2009/04/28 23:15:42 | 00,028,058 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\What the....wav
[2009/04/26 04:38:18 | 00,238,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/25 16:24:27 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/04/25 16:16:03 | 00,054,496 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/25 16:10:41 | 00,389,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTMoveIt3.exe
[2009/04/24 22:36:55 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Rooter.exe
[2009/04/24 22:33:51 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/04/23 21:52:29 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/23 21:52:15 | 01,561,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\MGADiag.exe
[2009/04/22 22:23:06 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Word.lnk
[2009/04/22 21:51:48 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/04/22 21:51:45 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2009/04/18 10:30:29 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/16 23:26:00 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\~$unt EC-Taxi.DOC
[2009/04/16 23:24:05 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Count EC-Taxi.DOC
[2009/04/11 13:00:25 | 00,010,240 | -HS- | M] () -- C:\WINDOWS\Thumbs.db
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
< End of report >
  • 0

#14
Rorschach112
Posted 02 May 2009 - 10:54 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hello

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#15
madnessman
Posted 03 May 2009 - 08:32 AM

madnessman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Here is the Malewarebytes log...

Malwarebytes' Anti-Malware 1.36
Database version: 1997
Windows 5.1.2600 Service Pack 1

5/3/2009 10:29:48 PM
mbam-log-2009-05-03 (22-29-48).txt

Scan type: Quick Scan
Objects scanned: 78392
Time elapsed: 7 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\a (Trojan.Agent) -> Delete on reboot.

That trojan won't go away! It says it deletes on reboot but it doesn't. Even when I reboot the computer, malewarebytes still finds it. I'll post the kaspersky log soon.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP