========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\System32\lry0gRw3.exe moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At49.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At50.job moved successfully.
C:\WINDOWS\tasks\At51.job moved successfully.
C:\WINDOWS\tasks\At52.job moved successfully.
C:\WINDOWS\tasks\At53.job moved successfully.
C:\WINDOWS\tasks\At54.job moved successfully.
C:\WINDOWS\tasks\At55.job moved successfully.
C:\WINDOWS\tasks\At56.job moved successfully.
C:\WINDOWS\tasks\At57.job moved successfully.
C:\WINDOWS\tasks\At58.job moved successfully.
C:\WINDOWS\tasks\At59.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At60.job moved successfully.
C:\WINDOWS\tasks\At61.job moved successfully.
C:\WINDOWS\tasks\At62.job moved successfully.
C:\WINDOWS\tasks\At63.job moved successfully.
C:\WINDOWS\tasks\At64.job moved successfully.
C:\WINDOWS\tasks\At65.job moved successfully.
C:\WINDOWS\tasks\At66.job moved successfully.
C:\WINDOWS\tasks\At67.job moved successfully.
C:\WINDOWS\tasks\At68.job moved successfully.
C:\WINDOWS\tasks\At69.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At70.job moved successfully.
C:\WINDOWS\tasks\At71.job moved successfully.
C:\WINDOWS\tasks\At72.job moved successfully.
C:\WINDOWS\tasks\At73.job moved successfully.
C:\WINDOWS\tasks\At74.job moved successfully.
C:\WINDOWS\tasks\At75.job moved successfully.
C:\WINDOWS\tasks\At76.job moved successfully.
C:\WINDOWS\tasks\At77.job moved successfully.
C:\WINDOWS\tasks\At78.job moved successfully.
C:\WINDOWS\tasks\At79.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At80.job moved successfully.
C:\WINDOWS\tasks\At81.job moved successfully.
C:\WINDOWS\tasks\At82.job moved successfully.
C:\WINDOWS\tasks\At83.job moved successfully.
C:\WINDOWS\tasks\At84.job moved successfully.
C:\WINDOWS\tasks\At85.job moved successfully.
C:\WINDOWS\tasks\At86.job moved successfully.
C:\WINDOWS\tasks\At87.job moved successfully.
C:\WINDOWS\tasks\At88.job moved successfully.
C:\WINDOWS\tasks\At89.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\tasks\At90.job moved successfully.
C:\WINDOWS\tasks\At91.job moved successfully.
C:\WINDOWS\tasks\At92.job moved successfully.
C:\WINDOWS\tasks\At93.job moved successfully.
C:\WINDOWS\tasks\At94.job moved successfully.
C:\WINDOWS\tasks\At95.job moved successfully.
C:\WINDOWS\tasks\At96.job moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_BXYB40d31jkE6DCUVp5y scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFA8A9.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFA8DF.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFDBB0.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFDCF3.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YR4Z0V2F\ShowLetter[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\M8QDVHOS\search[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H9JBCV56\01[1].html scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\EHKJQ5QT\ads[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\E7471A3U\{C5A6B046-2067-45A2-B609-E1D730642BDA}[1]. scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_858.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\b88361cj.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\b88361cj.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\b88361cj.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\b88361cj.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\b88361cj.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\b88361cj.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04252009_161153
Files moved on Reboot...
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_BXYB40d31jkE6DCUVp5y not found!
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFA8A9.tmp not found!
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFA8DF.tmp not found!
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFDBB0.tmp not found!
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFDCF3.tmp not found!
File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YR4Z0V2F\ShowLetter[1]. not found!
File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\M8QDVHOS\search[1]. not found!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H9JBCV56\01[1].html moved successfully.
File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\EHKJQ5QT\ads[1]. not found!
File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\E7471A3U\{C5A6B046-2067-45A2-B609-E1D730642BDA}[1]. not found!
File C:\WINDOWS\temp\Perflib_Perfdata_858.dat not found!
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\b88361cj.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\b88361cj.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\b88361cj.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\b88361cj.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\b88361cj.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\b88361cj.default\XUL.mfl moved successfully.
-----------------------------------------------------------
OTListIt logfile created on: 4/25/2009 4:26:40 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
510.98 Mb Total Physical Memory | 272.89 Mb Available Physical Memory | 53.41% Memory free
1.22 Gb Paging File | 1.01 Gb Available in Paging File | 82.88% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 1.13 Gb Free Space | 3.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: T30
Current User Name: hmong
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ========== PRC - C:\WINDOWS\System32\ibmpmsvc.exe ()
PRC - C:\WINDOWS\System32\drivers\trcboot.exe ()
PRC - C:\WINDOWS\System32\Ati2evxx.exe ()
PRC - C:\Program Files\c4ebreg\isamsmt.exe (IBM Global Services)
PRC - c:\sdwork\issimsvc.exe (IBM Global Services)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE (IBM Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\AT&T Network Client\NetCfgSv.EXE (AT&T)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\System32\drivers\ldlcserv.exe ()
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\c4ebreg\c4ebreg.exe (IBM Global Services)
PRC - C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe ()
PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe (IBM Corporation)
PRC - C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ========== SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe ()
SRV - (gupdate1c9b5be3f1d6640 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IBMPMSVC [Auto | Running]) -- C:\WINDOWS\System32\ibmpmsvc.exe ()
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
SRV - (Irmon [Auto | Running]) -- C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
SRV - (ISAMsmt [Auto | Running]) -- C:\Program Files\c4ebreg\isamsmt.exe (IBM Global Services)
SRV - (ISSIMon [Auto | Running]) -- c:\sdwork\issimsvc.exe (IBM Global Services)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (ldlcserv [Auto | Running]) -- C:\WINDOWS\System32\drivers\ldlcserv.exe ()
SRV - (MyWebSearchService [Auto | Stopped]) -- File not found
SRV - (NetCfgSvr [Auto | Running]) -- C:\Program Files\AT&T Network Client\NetCfgSv.EXE (AT&T)
SRV - (TrcBoot [Auto | Running]) -- C:\WINDOWS\System32\drivers\trcboot.exe ()
SRV - (uploadmgr [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (usnjsvc [On_Demand | Running]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
========== Driver Services (SafeList) ========== DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (AliIde [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (Anydlc [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\anydlc.sys ()
DRV - (Appn [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\appn.sys ()
DRV - (AppnApi [Auto | Running]) -- C:\WINDOWS\System32\drivers\appnapi.sys ()
DRV - (AppnBase [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\AppnBase.sys ()
DRV - (asc [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (avpnnic [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\avpnnic.sys (AT&T)
DRV - (BUFADPT [System | Running]) -- C:\WINDOWS\System32\BUFADPT.SYS (BUFFALO INC.)
DRV - (bwcdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\bwcdrv.sys (MELCO INC.)
DRV - (CBBCM43 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (CmdIde [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (ESSIDSET [On_Demand | Stopped]) -- C:\WINDOWS\System32\ESSIDSET.SYS (MELCO INC.)
DRV - (FsVga [System | Running]) -- C:\WINDOWS\System32\DRIVERS\fsvga.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (gwiopm [On_Demand | Stopped]) -- C:\Program Files\WST\gwiopm.sys ()
DRV - (IBMPMDRV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys ()
DRV - (IBMTRP [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\IBMTRP.SYS (IBM Corporation)
DRV - (KLOGNT [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\klognt.sys ()
DRV - (mraid35x [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (NPPTNT [System | Running]) -- C:\WINDOWS\System32\npptNT.sys (INCA Internet Co., Ltd.)
DRV - (NPPTNT2 [System | Running]) -- C:\WINDOWS\System32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (NSCIRDA [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nscirda.sys (National Semiconductor Corporation)
DRV - (NsTrcNT [Auto | Running]) -- C:\WINDOWS\System32\drivers\nstrcnt.sys ()
DRV - (PCX504 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\PCX504.sys (Cisco Systems)
DRV - (pdlnacom [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnacom.sys ()
DRV - (pdlnafac [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnafac.sys ()
DRV - (pdlnatcm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnatcm.sys ()
DRV - (pdlnatdl [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnatdl.sys ()
DRV - (pdlncbas [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlncbas.sys ()
DRV - (pdlncfwk [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlncfwk.sys ()
DRV - (pdlnctdl [Auto | Running]) -- C:\WINDOWS\System32\drivers\pdlnctdl.sys ()
DRV - (pdlndint [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlndint.sys ()
DRV - (pdlndldl [Auto | Running]) -- C:\WINDOWS\System32\drivers\pdlndldl.sys ()
DRV - (pdlndlpb [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlndlpb.sys ()
DRV - (pdlndoem [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlndoem.sys ()
DRV - (pdlndqll [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlndqll.sys ()
DRV - (pdlndsdl [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlndsdl.sys ()
DRV - (pdlndtdl [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlndtdl.sys ()
DRV - (pdlnebas [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnebas.sys ()
DRV - (pdlnecfg [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnecfg.sys ()
DRV - (pdlnemap [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnemap.sys ()
DRV - (pdlnemsg [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnemsg.sys ()
DRV - (pdlnepkt [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnepkt.sys ()
DRV - (pdlnshay [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnshay.sys ()
DRV - (pdlnslea [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnslea.sys ()
DRV - (pdlnsv25 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnsv25.sys ()
DRV - (pdlnsx25 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pdlnsx25.sys ()
DRV - (PMEM [Auto | Running]) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (S3Inc [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s3mt3d.sys (S3 Incorporated)
DRV - (SE2Bbus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SE2Bbus.sys (MCCI)
DRV - (SE2Bmdfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SE2Bmdfl.sys (MCCI)
DRV - (SE2Bmdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SE2Bmdm.sys (MCCI)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys ()
DRV - (sfdrv01 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (sfvfs02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sisagp [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Smapint [System | Running]) -- C:\WINDOWS\System32\drivers\Smapint.sys (Microsoft Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (symc810 [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (TDSMAPI [System | Running]) -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS ()
DRV - (TPHKDRV [System | Running]) -- C:\WINDOWS\System32\drivers\TPHKDRV.sys (IBM Corporation)
DRV - (TPPWR [System | Running]) -- C:\WINDOWS\System32\drivers\Tppwr.sys (IBM Corp.)
DRV - (ultra [Boot | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (WinDriver6 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\windrvr6.sys (Jungo)
DRV - (wlluc48 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wlluc48.sys (Lucent Technologies)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://w3.ibm.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://home.netscape.../winsearch.htmlIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://ie.search.msn...st/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com.sg/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ieIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = w3.ibm.com;<local>
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems:
[email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9
FF - HKLM\software\mozilla\Firefox\Extensions\\
[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/04/21 21:52:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/22 23:24:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/22 23:24:15 | 00,000,000 | ---D | M]
[2008/12/08 16:05:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2008/12/08 16:05:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2006/01/16 16:15:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\b88361cj.default\extensions
[2009/04/24 22:42:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/22 23:24:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/21 21:54:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/22 23:24:07 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/22 23:24:07 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/08 16:04:17 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/08 16:04:17 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/08 16:04:17 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/08 16:04:17 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/08 16:04:17 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/08 16:04:17 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/08 16:04:17 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (1068 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O1 - Hosts: anner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx ()
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ACUMon] "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe" -a (Cisco Systems, Inc.)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ATIModeChange] Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [C4EBReg] "C:\Program Files\c4ebreg\c4ebreg.exe" /q (IBM Global Services)
O4 - HKLM..\Run: [ISAM SMT Service] "C:\Program Files\c4ebreg\isamsmt.exe" (IBM Global Services)
O4 - HKLM..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe" (IBM Global Services)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TCms.exe] C:\docume~1\admini~1\locals~1\temp\TCms.exe File not found
O4 - HKLM..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKCU\..Trusted Sites: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: 82 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565}
http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24}
http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE}
http://a1540.g.akama...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
http://go.divx.com/p...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F}
http://v4.windowsupd...7658.3445023148 (Update Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.3.1_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D}
http://h30043.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}
http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{9DA90235-1EF4-46D8-A6F5-0E46C6A975F7}\\Domain = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{9DF0BAF2-D7F8-468E-BAD0-8482C68E2C19}\\Domain = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{9DF0BAF2-D7F8-468E-BAD0-8482C68E2C19}\\NameServer = 165.21.100.88,165.21.83.88
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx ()
O20 - AppInit_DLLs: (c:\windows\system32\wamujibo.dll) - c:\windows\system32\wamujibo.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (cswGina.dll) - C:\WINDOWS\system32\cswGina.dll (Cisco Systems, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
NetSvcs: 6to4 -
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll (Microsoft Corporation)
NetSvcs: AudioSrv - C:\WINDOWS\System32\audiosrv.dll (Microsoft Corporation)
NetSvcs: Browser - C:\WINDOWS\System32\browser.dll (Microsoft Corporation)
NetSvcs: CryptSvc - C:\WINDOWS\System32\cryptsvc.dll (Microsoft Corporation)
NetSvcs: DMServer - C:\WINDOWS\System32\dmserver.dll (Microsoft Corp.)
NetSvcs: DHCP - C:\WINDOWS\System32\dhcpcsvc.dll (Microsoft Corporation)
NetSvcs: ERSvc - C:\WINDOWS\System32\ersvc.dll (Microsoft Corporation)
NetSvcs: EventSystem - C:\WINDOWS\System32\es.dll (Microsoft Corporation)
NetSvcs: FastUserSwitchingCompatibility - C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias -
NetSvcs: Iprip -
NetSvcs: Irmon - C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
NetSvcs: LanmanServer - C:\WINDOWS\System32\srvsvc.dll (Microsoft Corporation)
NetSvcs: LanmanWorkstation - C:\WINDOWS\System32\wkssvc.dll (Microsoft Corporation)
NetSvcs: Messenger - C:\WINDOWS\System32\msgsvc.dll (Microsoft Corporation)
NetSvcs: Netman - C:\WINDOWS\System32\netman.dll (Microsoft Corporation)
NetSvcs: Nla - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
NetSvcs: Ntmssvc - C:\WINDOWS\system32\ntmssvc.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation -
NetSvcs: Nwsapagent -
NetSvcs: Rasauto - C:\WINDOWS\System32\rasauto.dll (Microsoft Corporation)
NetSvcs: Rasman - C:\WINDOWS\System32\rasmans.dll (Microsoft Corporation)
NetSvcs: Remoteaccess - C:\WINDOWS\System32\mprdim.dll (Microsoft Corporation)
NetSvcs: Schedule - C:\WINDOWS\system32\schedsvc.dll (Microsoft Corporation)
NetSvcs: Seclogon - C:\WINDOWS\System32\seclogon.dll (Microsoft Corporation)
NetSvcs: SENS - C:\WINDOWS\system32\sens.dll (Microsoft Corporation)
NetSvcs: Sharedaccess - C:\WINDOWS\System32\ipnathlp.dll (Microsoft Corporation)
NetSvcs: SRService - C:\WINDOWS\System32\srsvc.dll (Microsoft Corporation)
NetSvcs: Tapisrv - C:\WINDOWS\System32\tapisrv.dll (Microsoft Corporation)
NetSvcs: Themes - C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)
NetSvcs: TrkWks - C:\WINDOWS\system32\trkwks.dll (Microsoft Corporation)
NetSvcs: W32Time - C:\WINDOWS\System32\w32time.dll (Microsoft Corporation)
NetSvcs: WZCSVC - C:\WINDOWS\System32\wzcsvc.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\WINDOWS\System32\advapi32.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -
NetSvcs: winmgmt - C:\WINDOWS\system32\wbem\WMIsvc.dll (Microsoft Corporation)
NetSvcs: TermService - C:\WINDOWS\System32\termsrv.dll (Microsoft Corporation)
NetSvcs: wuauserv - C:\WINDOWS\System32\wuauserv.dll (Microsoft Corporation)
NetSvcs: BITS - C:\WINDOWS\System32\qmgr.dll (Microsoft Corporation)
NetSvcs: ShellHWDetection - C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
NetSvcs: uploadmgr - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
NetSvcs: WmdmPmSN - C:\WINDOWS\System32\mspmsnsv.dll (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus QuickStart.lnk - %SystemDrive%\lotus\wordpro\ltsstart.exe - (Lotus Development Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Loader supervisory.lnk - %ProgramFiles%\CASIO\Photo Loader\Plauto.exe - (CASIO COMPUTER CO.,LTD.)
MsConfig - StartUpReg:
5cc09d41 - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemRoot%\System32\yolevebi.DLL File not found
MsConfig - StartUpReg:
Bar - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSAwH8Xe.exe File not found
MsConfig - StartUpReg:
Cognac - hkey=HKCU - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~tmpc.exe File not found
MsConfig - StartUpReg:
CPM5ff3aedd - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemRoot%\system32\wahenoho.DLL File not found
MsConfig - StartUpReg:
EPSON Stylus CX4100 Series - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemRoot%\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE (SEIKO EPSON CORPORATION)
MsConfig - StartUpReg:
iTunesHelper - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %ProgramFiles%\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
MsConfig - StartUpReg:
KernelFaultCheck - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - File not found
MsConfig - StartUpReg:
le2o - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemRoot%\System32\le2o.exe File not found
MsConfig - StartUpReg:
MSFox - hkey=HKCU - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemDrive%\DOCUME~1\ADMINI~1\LOCALS~1\Temp\a.exe File not found
MsConfig - StartUpReg:
msnmsgr - hkey=HKCU - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %ProgramFiles%\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg:
My Web Search Bar - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemDrive%\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL File not found
MsConfig - StartUpReg:
MyWebSearch Email Plugin - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemDrive%\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe File not found
MsConfig - StartUpReg:
MyWebSearch Plugin - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemDrive%\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL File not found
MsConfig - StartUpReg:
pajibugalu - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %SystemRoot%\System32\gusilaji.DLL File not found
MsConfig - StartUpReg:
QuickTime Task - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %ProgramFiles%\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig - StartUpReg:
swg - hkey=HKCU - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg:
ZangoOE - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %ProgramFiles%\Zango\bin\10.3.75.0\OEAddOn.exe File not found
MsConfig - StartUpReg:
ZangoSA - hkey=HKLM - key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run - %ProgramFiles%\Zango\bin\10.3.75.0\ZangoSA.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll (Microsoft Corporation)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: CryptSvc - %SystemRoot%\System32\cryptsvc.dll (Microsoft Corporation)
SafeBootMin: dmadmin - %SystemRoot%\System32\dmadmin.exe (Microsoft Corp., Veritas Software)
SafeBootMin: dmboot.sys - %SystemRoot%\System32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)
SafeBootMin: dmio.sys - %SystemRoot%\System32\drivers\dmio.sys (Microsoft Corp., Veritas Software)
SafeBootMin: dmload.sys - %SystemRoot%\System32\drivers\dmload.sys (Microsoft Corp., Veritas Software.)
SafeBootMin: dmserver - %SystemRoot%\System32\dmserver.dll (Microsoft Corp.)
SafeBootMin: EventLog - %SystemRoot%\system32\services.exe (Microsoft Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootMin: Netlogon - %SystemRoot%\System32\lsass.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PlugPlay - %SystemRoot%\system32\services.exe (Microsoft Corporation)
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcSs - %SystemRoot%\system32\rpcss.dll (Microsoft Corporation)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: sr.sys - %SystemRoot%\System32\DRIVERS\sr.sys (Microsoft Corporation)
SafeBootMin: SRService - %SystemRoot%\System32\srsvc.dll (Microsoft Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: vgasave.sys - %SystemRoot%\System32\drivers\vga.sys (Microsoft Corporation)
SafeBootMin: WinMgmt - %SystemRoot%\system32\wbem\WMIsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: AFD - %SystemRoot%\System32\drivers\afd.sys (Microsoft Corporation)
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll (Microsoft Corporation)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Browser - %SystemRoot%\System32\browser.dll (Microsoft Corporation)
SafeBootNet: CryptSvc - %SystemRoot%\System32\cryptsvc.dll (Microsoft Corporation)
SafeBootNet: Dhcp - %SystemRoot%\System32\dhcpcsvc.dll (Microsoft Corporation)
SafeBootNet: dmadmin - %SystemRoot%\System32\dmadmin.exe (Microsoft Corp., Veritas Software)
SafeBootNet: dmboot.sys - %SystemRoot%\System32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)
SafeBootNet: dmio.sys - %SystemRoot%\System32\drivers\dmio.sys (Microsoft Corp., Veritas Software)
SafeBootNet: dmload.sys - %SystemRoot%\System32\drivers\dmload.sys (Microsoft Corp., Veritas Software.)
SafeBootNet: dmserver - %SystemRoot%\System32\dmserver.dll (Microsoft Corp.)
SafeBootNet: DnsCache - %SystemRoot%\System32\dnsrslvr.dll (Microsoft Corporation)
SafeBootNet: EventLog - %SystemRoot%\system32\services.exe (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootNet: LanmanServer - %SystemRoot%\System32\srvsvc.dll (Microsoft Corporation)
SafeBootNet: LanmanWorkstation - %SystemRoot%\System32\wkssvc.dll (Microsoft Corporation)
SafeBootNet: LmHosts - %SystemRoot%\System32\lmhsvc.dll (Microsoft Corporation)
SafeBootNet: Messenger - %SystemRoot%\System32\msgsvc.dll (Microsoft Corporation)
SafeBootNet: NDIS - %SystemRoot%\System32\drivers\ndis.sys (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: Ndisuio - %SystemRoot%\System32\DRIVERS\ndisuio.sys (Microsoft Corporation)
SafeBootNet: NetBIOS - %SystemRoot%\System32\DRIVERS\netbios.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetBT - %SystemRoot%\System32\DRIVERS\netbt.sys (Microsoft Corporation)
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Netlogon - %SystemRoot%\System32\lsass.exe (Microsoft Corporation)
SafeBootNet: NetMan - %SystemRoot%\System32\netman.dll (Microsoft Corporation)
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - File not found
SafeBootNet: nm.sys - File not found
SafeBootNet: NtLmSsp - %SystemRoot%\System32\lsass.exe (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PlugPlay - %SystemRoot%\system32\services.exe (Microsoft Corporation)
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdpcdd.sys - %SystemRoot%\System32\DRIVERS\RDPCDD.sys (Microsoft Corporation)
SafeBootNet: rdpdd.sys - %SystemRoot%\System32\rdpdd.dll (Microsoft Corporation)
SafeBootNet: rdpwd.sys - %SystemRoot%\System32\drivers\rdpwd.sys (Microsoft Corporation)
SafeBootNet: rdsessmgr - %SystemRoot%\system32\sessmgr.exe (Microsoft Corporation)
SafeBootNet: RpcSs - %SystemRoot%\system32\rpcss.dll (Microsoft Corporation)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: sr.sys - %SystemRoot%\System32\DRIVERS\sr.sys (Microsoft Corporation)
SafeBootNet: SRService - %SystemRoot%\System32\srsvc.dll (Microsoft Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: Tcpip - %SystemRoot%\System32\DRIVERS\tcpip.sys (Microsoft Corporation)
SafeBootNet: TDI - Driver Group
SafeBootNet: tdpipe.sys - %SystemRoot%\System32\drivers\tdpipe.sys (Microsoft Corporation)
SafeBootNet: tdtcp.sys - %SystemRoot%\System32\drivers\tdtcp.sys (Microsoft Corporation)
SafeBootNet: termservice - %SystemRoot%\System32\termsrv.dll (Microsoft Corporation)
SafeBootNet: UploadMgr - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SafeBootNet: vga.sys - Driver
SafeBootNet: vgasave.sys - %SystemRoot%\System32\drivers\vga.sys (Microsoft Corporation)
SafeBootNet: WinMgmt - %SystemRoot%\system32\wbem\WMIsvc.dll (Microsoft Corporation)
SafeBootNet: WZCSVC - %SystemRoot%\System32\wzcsvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {032A6019-9DAA-40f9-A3B3-34ABB0AA0947} - Q813951
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {429D8DD3-05E0-4F56-B6D6-AC0730567C02} - Euro Update Tool
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {78705f0d-e8db-4b2d-8193-982bdda15ecd} - .NET Framework
ActiveX: {81B52903-4C11-11D6-B6E1-00B0D049139F} - Microsoft .NET Framework Service Pack 2
ActiveX: {871F8A30-15A2-11D6-8711-0002B3281F8B} - Microsoft .NET Framework Service Pack 1
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C34F4917-ED43-439f-9023-97B0024A2B3B} - Q810847
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.0
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DBB3C81D-3C91-4a1e-BDDF-905B61C7CEDF} - Security Update for the Microsoft VM
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: midi - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\system32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\system32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\system32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\system32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\system32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\system32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\system32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\system32\sirenacm.dll (Microsoft Corp.)
Drivers32: msacm.sl_anet - C:\WINDOWS\system32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\system32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\system32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\system32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\system32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\system32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\system32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\system32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\system32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\system32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\system32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\system32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yuy2 - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\system32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\system32\msacm32.drv (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ========== [2009/04/25 16:24:28 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/04/25 16:11:53 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/04/25 16:10:43 | 00,389,632 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTMoveIt3.exe
[2009/04/24 22:37:02 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/24 22:36:57 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Rooter.exe
[2009/04/23 21:52:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009/04/23 21:52:13 | 01,561,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\MGADiag.exe
[2009/04/22 21:51:48 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/04/22 21:51:48 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/22 21:51:37 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2009/04/18 10:30:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/04/18 10:30:29 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/18 10:30:29 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/18 10:30:25 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/18 10:30:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/18 10:30:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/16 23:26:00 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\~$unt EC-Taxi.DOC
[2009/04/16 23:24:08 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Count EC-Taxi.DOC
[2009/04/05 17:58:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2009/04/05 15:17:38 | 00,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/04/05 15:15:09 | 00,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/04/05 15:13:59 | 00,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/04/05 15:13:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/04/05 15:13:46 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/04/01 12:05:52 | 01,417,531 | -HS- | C] () -- C:\WINDOWS\System32\atupajiz.ini
[2009/03/31 19:34:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\attachments_2009_03_31
[2009/03/28 16:00:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WeatherDPA
[2009/03/28 16:00:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Zango
[2009/01/16 18:57:49 | 00,049,152 | -HS- | C] () -- C:\WINDOWS\System32\tukowohu.dll
[2009/01/11 12:52:55 | 00,049,152 | -HS- | C] () -- C:\WINDOWS\System32\fevukoze.dll
[2009/01/07 17:02:56 | 00,087,552 | -HS- | C] () -- C:\WINDOWS\System32\degiwiku.dll
[2009/01/05 12:19:22 | 00,087,552 | -HS- | C] () -- C:\WINDOWS\System32\livazojo.dll
[2009/01/04 13:36:22 | 00,087,552 | -HS- | C] () -- C:\WINDOWS\System32\jebuhike.dll
[2009/01/02 18:50:33 | 00,049,152 | -HS- | C] () -- C:\WINDOWS\System32\vikesori.dll
[2009/01/01 12:05:38 | 00,087,552 | -HS- | C] () -- C:\WINDOWS\System32\hapowoko.dll
[2008/08/11 23:17:27 | 00,001,795 | ---- | C] () -- C:\WINDOWS\ActivStats.INI
[2007/06/15 18:49:30 | 00,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/06/15 18:45:43 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX4100EC.ini
[2006/04/02 14:54:46 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2006/01/16 16:38:36 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\CInsX500.dll
[2006/01/03 22:19:00 | 00,000,637 | ---- | C] () -- C:\WINDOWS\System32\msexcr.ini
[2006/01/02 01:50:17 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/10/29 21:20:48 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/09/12 11:03:35 | 00,044,869 | ---- | C] () -- C:\WINDOWS\UN800101.INI
[2005/05/21 10:29:40 | 00,000,047 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/06/06 16:07:02 | 00,000,030 | ---- | C] () -- C:\WINDOWS\Morphexe.INI
[2004/05/16 15:45:35 | 00,013,242 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/04/06 19:26:18 | 00,000,039 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/07/29 13:57:19 | 00,327,680 | R--- | C] () -- C:\WINDOWS\System32\psctsnmp.dll
[2003/04/12 03:31:29 | 00,000,224 | ---- | C] () -- C:\WINDOWS\Netscape.INI
[2003/04/01 23:40:45 | 00,000,543 | ---- | C] () -- C:\WINDOWS\PKZIPW.INI
[2003/04/01 05:49:15 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/03/31 21:21:30 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2003/03/31 21:19:57 | 00,010,009 | ---- | C] () -- C:\WINDOWS\agnslang.ini
[2003/03/31 21:19:14 | 00,051,959 | ---- | C] () -- C:\WINDOWS\System32\SynUnst.ini
[2003/03/31 21:19:14 | 00,007,052 | ---- | C] () -- C:\WINDOWS\System32\SynTPEnh.ini
[2003/03/31 21:19:12 | 00,110,836 | ---- | C] () -- C:\WINDOWS\System32\SynTP.ini
[2003/03/31 21:19:12 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2003/03/31 21:19:09 | 00,002,336 | ---- | C] () -- C:\WINDOWS\System32\IBM_DP.ini
[2003/03/31 21:19:09 | 00,000,110 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2003/02/07 02:58:36 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/16 10:29:49 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\tgreg32.dll
[2002/09/24 21:29:22 | 00,000,022 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2002/09/24 05:46:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcscfg.INI
[2002/09/24 05:29:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcsmig.INI
[2002/09/24 03:03:45 | 00,544,768 | ---- | C] () -- C:\WINDOWS\System32\pdclntif.dll
[2002/09/24 03:03:45 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\ipmonnt.dll
[2002/09/24 03:03:45 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\pdresrc.dll
[2002/09/23 22:24:57 | 00,000,261 | RH-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/09/12 14:21:31 | 00,000,508 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/09/12 14:21:13 | 00,000,321 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/09/12 14:20:56 | 00,011,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/06/26 00:59:00 | 00,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[2002/06/26 00:59:00 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
[2002/06/26 00:59:00 | 00,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[2002/06/26 00:58:00 | 00,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[2002/06/26 00:58:00 | 00,000,462 | ---- | C] () -- C:\WINDOWS\lodbf13.ini
[2002/06/26 00:58:00 | 00,000,058 | ---- | C] () -- C:\WINDOWS\loss613.ini
[2002/06/26 00:58:00 | 00,000,058 | ---- | C] () -- C:\WINDOWS\loss09.ini
[2002/06/26 00:58:00 | 00,000,038 | ---- | C] () -- C:\WINDOWS\loidp13.ini
[2002/04/09 23:23:36 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\ibmnpws.dll
[2002/04/09 23:23:36 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\IBMNPMON.DLL
[2002/04/09 23:23:34 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\ibmnpdlg.dll
[2002/03/30 03:12:28 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2001/08/21 14:50:04 | 01,263,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\appn.sys
[2001/08/21 14:50:04 | 00,182,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\appnbase.sys
[2001/08/21 14:50:04 | 00,159,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlncfwk.sys
[2001/08/21 14:50:04 | 00,117,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\appnapi.sys
[2001/08/21 14:50:04 | 00,099,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\llc2.sys
[2001/08/21 14:50:04 | 00,073,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnacom.sys
[2001/08/21 14:50:04 | 00,068,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlndlpb.sys
[2001/08/21 14:50:04 | 00,065,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnemap.sys
[2001/08/21 14:50:04 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlndsdl.sys
[2001/08/21 14:50:04 | 00,058,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnshay.sys
[2001/08/21 14:50:04 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlndldl.sys
[2001/08/21 14:50:04 | 00,057,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnsx25.sys
[2001/08/21 14:50:04 | 00,053,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnsv25.sys
[2001/08/21 14:50:04 | 00,051,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlndqll.sys
[2001/08/21 14:50:04 | 00,050,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlndtdl.sys
[2001/08/21 14:50:04 | 00,049,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnecfg.sys
[2001/08/21 14:50:04 | 00,036,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\anydlc.sys
[2001/08/21 14:50:04 | 00,034,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnafac.sys
[2001/08/21 14:50:04 | 00,023,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\klognt.sys
[2001/08/21 14:50:04 | 00,021,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnslea.sys
[2001/08/21 14:50:04 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnatcm.sys
[2001/08/21 14:50:04 | 00,018,720 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnepkt.sys
[2001/08/21 14:50:04 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlndoem.sys
[2001/08/21 14:50:04 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnatdl.sys
[2001/08/21 14:50:04 | 00,011,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnemsg.sys
[2001/08/21 14:50:04 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlndint.sys
[2001/08/21 14:50:04 | 00,010,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\nstrcnt.sys
[2001/08/21 14:50:04 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnctdl.sys
[2001/08/21 14:50:04 | 00,007,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlnebas.sys
[2001/08/21 14:50:04 | 00,005,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdlncbas.sys
[1998/10/01 12:00:00 | 01,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1998/10/01 12:00:00 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[1997/06/18 12:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/06/18 12:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1979/11/30 07:59:59 | 00,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\ibmpmdrv.sys
========== Files - Modified Within 30 Days ========== [4 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/04/25 16:24:27 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTListIt2.exe
[2009/04/25 16:17:55 | 00,000,606 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Sharing Folders.lnk
[2009/04/25 16:16:03 | 00,054,496 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/25 16:15:35 | 00,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/04/25 16:14:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/25 16:14:43 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/25 16:14:41 | 53,587,5584 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/25 16:10:41 | 00,389,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTMoveIt3.exe
[2009/04/25 15:11:25 | 00,000,314 | ---- | M] () -- C:\WINDOWS\tasks\BMMTask.job
[2009/04/24 22:36:55 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Rooter.exe
[2009/04/24 22:33:51 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/04/23 21:52:29 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/23 21:52:15 | 01,561,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\MGADiag.exe
[2009/04/22 22:23:06 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Word.lnk
[2009/04/22 21:51:48 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/04/22 21:51:45 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2009/04/22 00:21:59 | 00,000,508 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/22 00:21:59 | 00,000,321 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/22 00:21:59 | 00,000,297 | RHS- | M] () -- C:\boot.ini
[2009/04/21 21:39:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\apmctrc.BAK
[2009/04/18 11:41:45 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\dihuyoba
[2009/04/18 10:30:29 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/18 09:40:03 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\vegiyemi.exe
[2009/04/16 23:26:00 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\~$unt EC-Taxi.DOC
[2009/04/16 23:24:05 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Count EC-Taxi.DOC
[2009/04/14 18:09:51 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/04/14 15:33:50 | 02,110,104 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/04/11 13:00:25 | 00,010,240 | -HS- | M] () -- C:\WINDOWS\Thumbs.db
[2009/04/11 12:53:27 | 00,049,152 | -HS- | M] () -- C:\WINDOWS\System32\fevukoze.dll
[2009/04/07 17:02:59 | 00,087,552 | -HS- | M] () -- C:\WINDOWS\System32\degiwiku.dll
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/05 12:19:29 | 00,087,552 | -HS- | M] () -- C:\WINDOWS\System32\livazojo.dll
[2009/04/04 13:36:26 | 00,087,552 | -HS- | M] () -- C:\WINDOWS\System32\jebuhike.dll
[2009/04/02 18:51:04 | 00,049,152 | -HS- | M] () -- C:\WINDOWS\System32\vikesori.dll
[2009/04/02 18:49:53 | 01,417,531 | -HS- | M] () -- C:\WINDOWS\System32\atupajiz.ini
[2009/04/01 12:05:40 | 00,087,552 | -HS- | M] () -- C:\WINDOWS\System32\hapowoko.dll
========== LOP Check ========== [2009/04/18 10:30:44 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2005/05/07 14:04:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.bittorrent
[2008/10/29 22:05:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2007/10/10 18:56:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Aim
[2004/08/23 21:48:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2006/07/11 06:17:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG7
[2006/10/24 17:28:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Google
[2005/03/14 09:18:38 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\GTek
[2007/06/29 13:16:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2003/04/22 03:11:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Help
[2002/09/24 05:23:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IBM
[2002/09/12 11:58:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2008/10/22 21:39:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2003/09/27 23:42:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2004/08/22 18:44:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Kazaa Lite
[2006/01/15 20:43:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lavasoft
[2004/06/27 13:00:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2009/04/18 10:30:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2006/07/11 06:16:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2005/04/01 21:32:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2005/02/26 10:46:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSN6
[2002/09/24 04:05:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PerSys
[2008/03/25 14:33:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Real
[2009/04/14 20:18:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Skype
[2009/04/14 18:10:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\skypePM
[2006/01/16 16:24:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2008/11/04 02:10:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\U3
[2007/06/08 20:01:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2008/03/25 15:59:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Viewpoint
[2009/03/28 16:00:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WeatherDPA
[2007/12/14 00:44:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2009/03/28 16:04:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Zango
[2009/04/23 21:52:26 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2003/09/28 00:03:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/03/25 15:50:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2008/03/25 15:50:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2007/01/20 17:46:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2007/07/26 15:14:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2009/04/01 12:00:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2005/03/14 09:18:37 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\GTek
[2002/09/24 05:29:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBM
[2003/09/28 00:03:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Identities
[2005/12/21 14:37:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2003/09/28 00:03:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterTrust
[2009/04/18 10:30:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/25 17:48:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2006/05/14 14:56:37 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2005/01/23 18:19:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2009/04/23 21:52:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2003/09/28 00:03:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PerSys
[2004/01/21 21:56:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2009/04/05 15:13:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2006/09/30 15:59:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2007/06/15 18:54:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2008/03/25 15:50:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/09/12 11:50:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/04/03 06:42:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2009/04/25 15:11:25 | 00,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job
[2002/08/29 20:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/04/25 16:15:35 | 00,000,880 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachine.job
[2009/04/25 16:14:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ========== ========== Custom Scans ========== < %systemroot%\System32\antiwpa.dll > < %systemroot%\SYSTEM32\wpa.dll > < %systemroot%\setup\scripts\biestart.exe > < %systemroot%\system32\drivers\royal.sys > < %SYSTEMDRIVE%\*. >[2009/04/25 16:17:11 | 00,000,000 | ---D | M] -- C:
[2007/12/11 21:00:56 | 00,000,000 | ---D | M] -- C:\$user
[2007/07/23 00:02:21 | 00,000,000 | RH-D | M] -- C:\$VAULT$.AVG
[2009/04/25 16:11:53 | 00,000,000 | ---D | M] -- C:\_OTMoveIt
[2003/04/09 00:51:15 | 00,000,000 | ---D | M] -- C:\a
[2005/09/12 11:03:23 | 00,000,000 | ---D | M] -- C:\buffalo
[2005/09/12 11:57:41 | 00,000,000 | ---D | M] -- C:\cisco update
[2003/03/31 21:18:07 | 00,000,000 | RHSD | M] -- C:\cmdcons
[2003/04/09 00:51:15 | 00,000,000 | ---D | M] -- C:\Diners
[2003/10/26 06:44:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings
[2007/08/18 23:55:25 | 00,000,000 | ---D | M] -- C:\Drivers
[2003/04/01 05:46:19 | 00,000,000 | ---D | M] -- C:\i387
[2002/09/24 03:03:46 | 00,000,000 | ---D | M] -- C:\Infoprint
[2007/12/11 21:00:58 | 00,000,000 | ---D | M] -- C:\lotus
[2006/02/25 22:49:59 | 00,000,000 | ---D | M] -- C:\My Shared Folder
[2007/12/11 21:01:00 | 00,000,000 | ---D | M] -- C:\Notes
[2003/04/09 00:51:19 | 00,000,000 | ---D | M] -- C:\NotesBackup
[2002/09/25 06:34:34 | 00,000,000 | ---D | M] -- C:\NotesSQL
[2003/04/09 00:33:43 | 00,000,000 | ---D | M] -- C:\Personal
[2002/09/24 03:16:28 | 00,000,000 | ---D | M] -- C:\pkware
[2003/03/31 22:05:56 | 00,000,000 | -H-D | M] -- C:\pnp
[2009/04/25 16:11:25 | 00,000,000 | ---D | M] -- C:\Program Files
[2003/04/01 03:34:17 | 00,000,000 | -HSD | M] -- C:\RECYCLER
[2009/04/24 22:40:23 | 00,000,000 | ---D | M] -- C:\Rooter$
[2009/04/25 16:14:57 | 00,000,000 | ---D | M] -- C:\sdwork
[2005/01/22 14:21:14 | 00,000,000 | ---D | M] -- C:\swd
[2003/03/31 21:16:48 | 00,000,000 | -HSD | M] -- C:\System Volume Information
[2002/09/24 03:32:28 | 00,000,000 | ---D | M] -- C:\Temp Fonts
[2003/04/09 01:42:15 | 00,000,000 | ---D | M] -- C:\tgcache
[2002/09/24 03:21:28 | 00,000,000 | ---D | M] -- C:\Utilities
[2009/04/25 16:14:49 | 00,000,000 | ---D | M] -- C:\WINDOWS
[2005/03/14 09:47:39 | 00,000,000 | ---D | M] -- C:\WUTemp
[2003/03/31 21:18:49 | 00,000,000 | ---D | M] -- C:\wxpdrive
< %PROGRAMFILES%\*. >[2009/04/25 16:11:25 | 00,000,000 | ---D | M] -- C:\Program Files
[2003/09/27 23:42:23 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2002/09/25 02:59:50 | 00,000,000 | ---D | M] -- C:\Program Files\AFP Workbench 32
[2006/07/09 06:31:27 | 00,000,000 | ---D | M] -- C:\Program Files\aod
[2007/01/20 17:46:31 | 00,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2005/01/22 14:21:14 | 00,000,000 | ---D | M] -- C:\Program Files\AT&T Network Client
[2003/03/31 21:22:23 | 00,000,000 | ---D | M] -- C:\Program Files\AT&T Network Client Install
[2005/09/12 11:10:48 | 00,000,000 | ---D | M] -- C:\Program Files\BUFFALO
[2009/04/25 16:16:05 | 00,000,000 | ---D | M] -- C:\Program Files\C4ebreg
[2006/04/09 16:03:19 | 00,000,000 | ---D | M] -- C:\Program Files\CASIO
[2008/10/23 00:27:01 | 00,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/01/25 17:44:29 | 00,000,000 | ---D | M] -- C:\Program Files\Circle Developement
[2006/01/16 16:39:38 | 00,000,000 | ---D | M] -- C:\Program Files\Cisco Systems
[2007/09/28 16:16:22 | 00,000,000 | ---D | M] -- C:\Program Files\Citrix
[2009/04/05 15:13:53 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2002/09/12 11:51:13 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2006/04/02 14:54:46 | 00,000,000 | ---D | M] -- C:\Program Files\Convar
[2006/11/23 12:15:49 | 00,000,000 | ---D | M] -- C:\Program Files\DAP
[2005/01/14 15:25:32 | 00,000,000 | ---D | M] -- C:\Program Files\directx
[2008/06/16 00:01:41 | 00,000,000 | ---D | M] -- C:\Program Files\DivX
[2004/10/31 20:05:56 | 00,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2007/06/15 18:57:39 | 00,000,000 | ---D | M] -- C:\Program Files\EPSON
[2002/09/21 01:48:54 | 00,000,000 | ---D | M] -- C:\Program Files\EuroTool
[2006/05/17 18:39:05 | 00,000,000 | ---D | M] -- C:\Program Files\Free iPod Video Converter
[2009/04/05 15:19:27 | 00,000,000 | ---D | M] -- C:\Program Files\Google
[2007/07/26 15:14:11 | 00,000,000 | ---D | M] -- C:\Program Files\Grisoft
[2003/01/29 23:29:20 | 00,000,000 | ---D | M] -- C:\Program Files\IBM
[2003/06/18 22:38:06 | 00,000,000 | ---D | M] -- C:\Program Files\IBM SalesPack
[2008/10/22 21:40:21 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/04/18 11:39:03 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2007/01/20 17:52:12 | 00,000,000 | ---D | M] -- C:\Program Files\iPod
[2008/03/25 14:54:34 | 00,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2007/01/20 17:52:36 | 00,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/04/21 21:52:02 | 00,000,000 | ---D | M] -- C:\Program Files\Java
[2004/04/03 21:24:43 | 00,000,000 | ---D | M] -- C:\Program Files\JavaSoft
[2007/10/21 20:45:13 | 00,000,000 | ---D | M] -- C:\Program Files\KODAK
[2005/10/12 22:18:15 | 00,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2007/10/21 20:45:13 | 00,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2002/09/24 03:45:25 | 00,000,000 | ---D | M] -- C:\Program Files\Lotus
[2004/04/09 18:48:48 | 00,000,000 | ---D | M] -- C:\Program Files\Lycos
[2009/04/18 10:30:39 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2007/01/02 15:32:13 | 00,000,000 | ---D | M] -- C:\Program Files\Maxis
[2005/03/02 18:18:14 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/02/28 13:34:03 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger Plus! Live
[2003/04/01 05:48:23 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2006/01/16 15:37:16 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft AntiSpyware
[2002/09/12 11:59:44 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2007/12/11 22:01:12 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2004/10/17 20:26:23 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Windows Script
[2003/03/31 21:21:47 | 00,000,000 | ---D | M] -- C:\Program Files\MobSetup
[2007/10/21 20:45:18 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/04/25 16:17:11 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2007/12/11 22:00:28 | 00,000,000 | ---D | M] -- C:\Program Files\MSECache
[2004/08/29 11:07:44 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Apps
[2002/09/12 11:50:17 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/01/25 17:44:26 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Messenger
[2004/05/11 17:27:08 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/03/08 14:43:39 | 00,000,000 | ---D | M] -- C:\Program Files\Norton Security Scan
[2002/09/12 11:54:33 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services
[2004/05/11 17:37:37 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2002/09/24 04:05:33 | 00,000,000 | ---D | M] -- C:\Program Files\PerSys
[2005/05/04 17:35:25 | 00,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2007/01/20 17:49:25 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2003/04/02 00:15:41 | 00,000,000 | ---D | M] -- C:\Program Files\Real
[2009/04/05 15:13:57 | 00,000,000 | R--D | M] -- C:\Program Files\Skype
[2003/09/27 23:35:15 | 00,000,000 | ---D | M] -- C:\Program Files\Snapshot Viewer
[2006/09/30 16:10:49 | 00,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2002/10/10 06:00:46 | 00,000,000 | ---D | M] -- C:\Program Files\Stampede
[2009/01/18 21:02:50 | 00,000,000 | ---D | M] -- C:\Program Files\Starcraft
[2004/04/13 22:58:00 | 00,000,000 | ---D | M] -- C:\Program Files\StreamCast
[2006/01/16 16:01:26 | 00,000,000 | ---D | M] -- C:\Program Files\Symantec
[2003/03/31 21:22:19 | 00,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2003/03/31 21:22:12 | 00,000,000 | ---D | M] -- C:\Program Files\ThinkPad
[2002/09/25 05:16:52 | 00,000,000 | ---D | M] -- C:\Program Files\Tivoli
[2009/04/22 21:51:48 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2002/09/12 12:06:58 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2007/06/08 13:46:46 | 00,000,000 | ---D | M] -- C:\Program Files\utorrent
[2008/03/06 23:32:39 | 00,000,000 | ---D | M] -- C:\Program Files\Vernier Software
[2008/03/25 15:50:50 | 00,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2003/09/27 23:32:41 | 00,000,000 | ---D | M] -- C:\Program Files\VViewer
[2004/04/16 22:21:13 | 00,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2003/02/07 01:05:55 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Journal Viewer
[2009/01/25 17:44:26 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2007/10/21 20:45:19 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2002/09/12 11:50:13 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/10/30 12:07:28 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2007/07/02 00:30:43 | 00,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2008/05/21 19:00:41 | 00,000,000 | ---D | M] -- C:\Program Files\WST
[2002/09/12 11:59:45 | 00,000,000 | ---D | M] -- C:\Program Files\xerox
[2002/09/24 21:54:40 | 00,000,000 | ---D | M] -- C:\Program Files\ZapNotes
[2003/08/14 10:50:41 | 00,000,000 | ---D | M] -- C:\Program Files\Zone Labs
< End of report >
----------------------------------------
OTListIt Extras logfile created on: 4/25/2009 4:26:40 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
510.98 Mb Total Physical Memory | 272.89 Mb Available Physical Memory | 53.41% Memory free
1.22 Gb Paging File | 1.01 Gb Available in Paging File | 82.88% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 1.13 Gb Free Space | 3.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: T30
Current User Name: hmong
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"IBMconfig" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{113EECD6-9A04-11D4-811D-00805F923B86}" = Lotus NotesSQL 3.01 driver
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2C82A426-15DA-11D4-AC4E-000629F40F93}" = Personal System Configuration
"{314F6D08-A8B7-11D8-8446-0050BA1D384D}" = EPSON Image Clip Palette
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FFC2A8F-16B1-11D4-AC4E-000629F40F93}" = Mobile IP Address SetUp
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{48B82226-75E3-4E90-92CC-D30F79EA6380}" = Norton Security Scan
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{50D8FFDD-90CD-4859-841F-AA1961C7767A}" = QuickTime
"{536D6172-7453-7569-7465-392E37300409}" = Lotus SmartSuite - English
"{53A93780-6073-4207-A729-A99A30AFDE40}" = AFP Workbench for Windows
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{70B45586-B51E-4947-A258-A895596C5CED}" = Photo Loader 2.3E
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{810F9D75-E0B8-4350-87D2-A9F91249C96D}" = IBM SalesPack for e-business on demand
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad UltraNav Wizard
"{82AC0022-A41B-4642-B003-D254ED0809D6}" = IBM Personal Communications
"{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}" = Garena
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{94F9723E-900A-43C5-8F4E-AD2D2ED09273}" = Microsoft Visio Viewer 2002
"{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}" = Apple Software Update
"{AB246327-D9BA-4D93-A620-A149D0260D05}" = IBM System Migration Assistant 3.1
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{E7B7F75E-A83B-4F09-91B4-44E2156524D1}" = Logger Pro 3.4.6
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AT&T Network Client {C:,PROGRA~1,AT&TNE~1,}" = AT&T Network Client
"ATI Display Driver" = ATI Display Driver
"CBPRstor" = IBM Migration Restore Assistant for ISCI
"CCleaner" = CCleaner (remove only)
"CiscoInstallWizard" = Cisco Aironet Installation Wizard
"ColorNick" = ColorNick v2 plugin for Messenger Plus!
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESCX4700_4100 User's Guide" = ESCX4700_4100 User's Guide
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.26
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"hp deskjet 630c series_Driver" = hp deskjet 630c series
"Infoprint Select" = Infoprint Select
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"ISCI25dc" = ISCI Documentation
"JRE 1.3.1_04" = Java 2 Runtime Environment Standard Edition v1.3.1_04
"LimeWire" = LimeWire 4.10.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live & Sponsor (CiD)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Mozilla Firefox (3.0.9)" = Mozilla Firefox (3.0.9)
"MsgPlus! Plugin" = Messenger Plus! 3
"MSN Toolbar" = MSN Toolbar
"Netscape Communicator 4.75" = Netscape Communicator 4.75
"Network Play System (Patching)" = Network Play System (Patching)
"oeupdate" = Outlook Express Q837009
"Picasa2" = Picasa 2
"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
"PPTView97" = Microsoft PowerPoint Viewer 97
"Presentation Director" = IBM ThinkPad Presentation Director
"PROSet" = Intel® PRO Ethernet Adapter and Software
"Q322011" = Windows XP Hotfix (SP2) Q322011
"Q327979" = Windows XP Hotfix (SP2) Q327979
"Q328310" = Windows XP Hotfix (SP2) Q328310
"Q329048" = Windows XP Hotfix (SP2) [See Q329048 for more information]
"Q329115" = Windows XP Hotfix (SP2) [See Q329115 for more information]
"Q329170" = Windows XP Hotfix (SP2) Q329170
"Q329390" = Windows XP Hotfix (SP2) [See Q329390 for more information]
"Q329581" = Windows XP Hotfix (SP2) [See Q329581 for more information]
"Q329834" = Windows XP Hotfix (SP2) [See Q329834 for more information]
"Q810565" = Windows XP Hotfix (SP2) Q810565
"Q810577" = Windows XP Hotfix (SP2) Q810577
"Q810833" = Windows XP Hotfix (SP2) Q810833
"Q815021" = Windows XP Hotfix (SP2) Q815021
"Sametime Client v3.1" = Sametime Client v3.1
"Shockwave" = Shockwave
"Snapshot Viewer 9.0" = Snapshot Viewer 9.0
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Starcraft" = Starcraft
"StuffPlug-NG" = StuffPlug-NG (Messenger Plus! Plugins)
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"ThinkPad Configuration" = IBM ThinkPad Configuration
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinGTK-2_is1" = GTK+ 2.10.6-1 runtime environment
"WinRAR archiver" = WinRAR archiver
"Workstation Security Tool_is1" = Workstation Security Tool v1.4.3
"XLViewer97" = Microsoft Excel Viewer 97
"ZapNotes" = ZapNotes
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 10/13/2008 4:54:09 AM | Computer Name = T30 | Source = Userenv | ID = 1068
Description = Windows ended GPO processing because the computer shut down or the
user logged off.
Error - 10/28/2008 1:31:29 PM | Computer Name = T30 | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application winword.exe, version 10.0.5522.0, faulting module
winword.exe, version 10.0.5522.0, fault address 0x0010640d.
Error - 10/29/2008 9:00:06 AM | Computer Name = T30 | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 7.0.2.16, faulting module
ntdll.dll, version 5.1.2600.1217, fault address 0x00007bd2.
Error - 10/31/2008 9:24:43 PM | Computer Name = T30 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting
module mshtml.dll, version 6.0.2800.1476, fault address 0x000ec056.
Error - 1/18/2009 9:41:26 AM | Computer Name = T30 | Source = Application Error | ID = 1000
Description = Faulting application ~tmpc.exe, version 0.0.0.0, faulting module ~tmpc.exe,
version 0.0.0.0, fault address 0x0000131b.
Error - 1/29/2009 6:59:44 AM | Computer Name = T30 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting
module ntdll.dll, version 5.1.2600.1217, fault address 0x00019ecd.
Error - 4/5/2009 3:02:21 AM | Computer Name = T30 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting
module ntdll.dll, version 5.1.2600.1217, fault address 0x00019ecd.
Error - 4/5/2009 3:02:35 AM | Computer Name = T30 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting
module ntdll.dll, version 5.1.2600.1217, fault address 0x00019ecd.
Error - 4/14/2009 8:50:48 AM | Computer Name = T30 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting
module toolbar.dll, version 10.3.75.0, fault address 0x0003a199.
Error - 4/25/2009 12:08:30 AM | Computer Name = T30 | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfDisk"
in
the "C:\WINDOWS\system32\perfdisk.dll" Library to finish has expired. There may
be a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.
[ System Events ]
Error - 4/17/2009 11:45:19 PM | Computer Name = T30 | Source = Service Control Manager | ID = 7000
Description = The My Web Search Service service failed to start due to the following
error: %%3
Error - 4/17/2009 11:45:19 PM | Computer Name = T30 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
mraid35x
PCIIde
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde
Error - 4/18/2009 12:27:21 AM | Computer Name = T30 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.
Error - 4/18/2009 9:23:34 PM | Computer Name = T30 | Source = Service Control Manager | ID = 7000
Description = The My Web Search Service service failed to start due to the following
error: %%3
Error - 4/21/2009 9:40:15 AM | Computer Name = T30 | Source = Service Control Manager | ID = 7000
Description = The My Web Search Service service failed to start due to the following
error: %%3
Error - 4/21/2009 9:40:15 AM | Computer Name = T30 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
mraid35x
PCIIde
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde
Error - 4/22/2009 9:34:38 AM | Computer Name = T30 | Source = Service Control Manager | ID = 7031
Description = The Google Updater Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 900000 milliseconds:
Restart the service.
Error - 4/25/2009 4:12:47 AM | Computer Name = T30 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.
Error - 4/25/2009 4:16:05 AM | Computer Name = T30 | Source = Service Control Manager | ID = 7000
Description = The My Web Search Service service failed to start due to the following
error: %%3
Error - 4/25/2009 4:16:05 AM | Computer Name = T30 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
mraid35x
PCIIde
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde
< End of report >
how do the logs look? the random cpu usage surges haven't occurred today (yet).
Edited by madnessman, 25 April 2009 - 02:55 AM.