Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer infected + in black box and red letters


  • This topic is locked This topic is locked
11 replies to this topic

#1 karenn05

karenn05

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 11 September 2009 - 12:30 AM

Hi
I have been trying to get this blck box with red letter off my computer to no avail. Tried a Search and Distroy.
Here is my hyjack log...at a loss what to delete\fix without further messing up my computer.
Computer is running slow . Thanks ahead for any advise!
karenn05

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:28 AM, on 9/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MemTurbo 4\MemTurbo.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\msa.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070614
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - Default URLSearchHook is missing
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9ed4a70160968) (gupdate1c9ed4a70160968) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickBooksDB17 - iAnywhere Solutions, Inc. - C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 5356 bytes

BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:51 PM

Posted 11 September 2009 - 09:06 AM

Hello Karen my name is Sempai and welcome to Bleeping Computer.

*We apologize for the delay. Forum have been busy.

*I want you to understand that I'm still a trainee here. I will be working with my Coach who will approve all my instructions before posting them to you, so there's a possibility to have some delays in my responses. But the good part is, there are two people reviewing your problem instead of one.

*It is important not to make any further changes or run any other tools unless instructed to. This may hinder the cleaning process of your machine.

*You must reply within 5 days otherwise this topic will be closed.


Your log will be analyzed and you will be instructed on what to do next as soon as possible.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:51 PM

Posted 11 September 2009 - 05:46 PM

Hello Karen,

Let's begin cleaning your computer. :(


1. Please download Malwarebytes' Anti-Malware from here:

MalwareBytes' AntiMalware download link

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



2. We Need to check for Rootkits with RootRepeal[*]Open Posted Image on your desktop.
[*]Click the Posted Image tab.
[*]Click the Posted Image button.
[*]Check all seven boxes: Posted Image
[*]Push Ok
[*]Check the box for your main system drive (Usually C:), and press Ok.
[*]Allow RootRepeal to run a scan of your system. This may take some time.
[*]Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply.
[/list]

3. We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please post the results of the following when you reply:
  • MBAM
  • Rootrepeal
  • OTL (OTL.txt and extra.txt)

Regards,
~Semp :(

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:51 PM

Posted 15 September 2009 - 04:10 AM

Hi,

Are you still in need of help?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 karenn05

karenn05
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 15 September 2009 - 08:01 PM

Yes I still need your help and I performed all three steps now. There is a lot of "stuff" on the report!

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a072ec12-a40b-41dd-9a1a-cdb848b70f3c} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f10587e9-0e47-4cbe-abcd-7dd20b862223} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AVR (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\AdvancedVirusRemover (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\James Nachtwey\Local Settings\Temp\a.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\msxml71.dll (Worm.Allaple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winhelper.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winupdate.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wisdstr.exe (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\James Nachtwey\Local Settings\Temporary Internet Files\Content.IE5\6OSJH2FB\setup[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\James Nachtwey\Local Settings\Temporary Internet Files\Content.IE5\I3TLB2UY\setup[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\James Nachtwey\Desktop\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\James Nachtwey\Start Menu\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\critical_warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\James Nachtwey\Cookies\uralovor.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.


2.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/15 20:24
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7401000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA66A5000 Size: 138496 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7C18000 Size: 3072 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7AB0000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7940000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xA8478000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF7640000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF7570000 Size: 53248 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF7560000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF73AB000 Size: 153344 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF7A34000 Size: 5888 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xEF614000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xA6470000 Size: 749568 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xA6DE2000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7C05000 Size: 4096 File Visible: - Signed: -
Status: -

Name: e1e5132.sys
Image Path: C:\WINDOWS\system32\DRIVERS\e1e5132.sys
Address: 0xF37F9000 Size: 230400 File Visible: - Signed: -
Status: -

Name: eeCtrl.sys
Image Path: C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Address: 0xA6543000 Size: 385024 File Visible: - Signed: -
Status: -

Name: EraserUtilRebootDrv.sys
Image Path: C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
Address: 0xA6527000 Size: 114688 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xA62FC000 Size: 143744 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xA9270000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF72D4000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7AAE000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF73D1000 Size: 125056 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
Address: 0xF7660000 Size: 40960 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E4000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF37AD000 Size: 163840 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xA9DEE000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xA8E1A000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xEF5B0000 Size: 10368 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA53F6000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i2omgmt.SYS
Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xF235A000 Size: 8576 File Visible: - Signed: -
Status: -

Name: iaStor.sys
Image Path: iaStor.sys
Address: 0xF72F4000 Size: 749568 File Visible: - Signed: -
Status: -

Name: igxpdv32.DLL
Image Path: C:\WINDOWS\System32\igxpdv32.DLL
Address: 0xBF049000 Size: 1298432 File Visible: - Signed: -
Status: -

Name: igxpdx32.DLL
Image Path: C:\WINDOWS\System32\igxpdx32.DLL
Address: 0xBF186000 Size: 2097152 File Visible: - Signed: -
Status: -

Name: igxpgd32.dll
Image Path: C:\WINDOWS\System32\igxpgd32.dll
Address: 0xBF022000 Size: 159744 File Visible: - Signed: -
Status: -

Name: igxpmp32.sys
Image Path: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
Address: 0xF3846000 Size: 1095968 File Visible: - Signed: -
Status: -

Name: igxprd32.dll
Image Path: C:\WINDOWS\System32\igxprd32.dll
Address: 0xBF012000 Size: 65536 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF7630000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA6714000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA6925000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF7530000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF7930000 Size: 24576 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xA9F4F000 Size: 14592 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7A30000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA4EC5000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF378A000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF72AB000 Size: 92928 File Visible: - Signed: -
Status: -

Name: LVPr2Mon.sys
Image Path: C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
Address: 0xF78B8000 Size: 18944 File Visible: - Signed: -
Status: -

Name: LVUSBSta.sys
Image Path: C:\WINDOWS\system32\drivers\LVUSBSta.sys
Address: 0xA8488000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7AB2000 Size: 4224 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF7938000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xA9F4B000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7540000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA61B7000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA65A1000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xA8DF2000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF34B3000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF7A0C000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF71D7000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NAVENG.SYS
Image Path: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080821.017\NAVENG.SYS
Address: 0xA885E000 Size: 82400 File Visible: - Signed: -
Status: -

Name: NAVEX15.SYS
Image Path: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080821.017\NAVEX15.SYS
Address: 0xA8873000 Size: 866848 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF71F1000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF79F0000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA6458000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF2CBA000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF03FC000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xA92C0000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA66C7000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xA8DEA000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF721E000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7B75000 Size: 2944 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF77B0000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF73F0000 Size: 68224 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xA96FD000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF2C59000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF7920000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF77B8000 Size: 20000 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xEF5A0000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF7680000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF34D3000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF34C3000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF7928000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA6611000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7AB4000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF28C5000 Size: 196224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF7650000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal1.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal1.sys
Address: 0xA5028000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SPBBCDrv.sys
Image Path: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
Address: 0xA663C000 Size: 430080 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF72C2000 Size: 73472 File Visible: - Signed: -
Status: -

Name: SRTSP.SYS
Image Path: C:\WINDOWS\System32\Drivers\SRTSP.SYS
Address: 0xA8C0C000 Size: 299008 File Visible: - Signed: -
Status: -

Name: SRTSPX.SYS
Image Path: C:\WINDOWS\System32\Drivers\SRTSPX.SYS
Address: 0xA9DCE000 Size: 36992 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA5FFD000 Size: 333952 File Visible: - Signed: -
Status: -

Name: sthda.sys
Image Path: C:\WINDOWS\system32\drivers\sthda.sys
Address: 0xA9721000 Size: 1111840 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7A84000 Size: 4352 File Visible: - Signed: -
Status: -

Name: SYMDNS.SYS
Image Path: C:\WINDOWS\System32\Drivers\SYMDNS.SYS
Address: 0xF7ABC000 Size: 6016 File Visible: - Signed: -
Status: -

Name: SYMEVENT.SYS
Image Path: C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
Address: 0xA66EF000 Size: 151552 File Visible: - Signed: -
Status: -

Name: SYMFW.SYS
Image Path: C:\WINDOWS\System32\Drivers\SYMFW.SYS
Address: 0xA635E000 Size: 139008 File Visible: - Signed: -
Status: -

Name: SYMIDS.SYS
Image Path: C:\WINDOWS\System32\Drivers\SYMIDS.SYS
Address: 0xF7750000 Size: 33152 File Visible: - Signed: -
Status: -

Name: SymIDSCo.sys
Image Path: C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20080813.001\SymIDSCo.sys
Address: 0xA6320000 Size: 253952 File Visible: - Signed: -
Status: -

Name: SYMNDIS.SYS
Image Path: C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
Address: 0xF77D8000 Size: 28288 File Visible: - Signed: -
Status: -

Name: SYMREDRV.SYS
Image Path: C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
Address: 0xF7910000 Size: 20608 File Visible: - Signed: -
Status: -

Name: SYMTDI.SYS
Image Path: C:\WINDOWS\System32\Drivers\SYMTDI.SYS
Address: 0xA673A000 Size: 184576 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA60AF000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA6768000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF7908000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF3473000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF2867000 Size: 384768 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xA6970000 Size: 32128 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7A88000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF7838000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF30E8000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF37D5000 Size: 147456 File Visible: - Signed: -
Status: -

Name: usbprint.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Address: 0xF23C7000 Size: 25856 File Visible: - Signed: -
Status: -

Name: usbscan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbscan.sys
Address: 0xA8C94000 Size: 15104 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xF18FB000 Size: 26368 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF7830000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xA8E0A000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF3832000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7550000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xA92D0000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xA8363000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA5DE0000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7A32000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

3.

OTL logfile created on: 9/15/2009 8:31:05 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\James Nachtwey\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.84 Mb Total Physical Memory | 435.41 Mb Available Physical Memory | 42.95% Memory free
2.38 Gb Paging File | 1.92 Gb Available in Paging File | 80.67% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 54.90 Gb Free Space | 76.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 7.47 Gb Total Space | 5.97 Gb Free Space | 79.91% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADMIN
Current User Name: James Nachtwey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2007/01/10 00:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/05 03:19:28 | 00,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/09/12 19:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/01/10 00:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006/10/11 16:48:50 | 00,532,480 | ---- | M] ( ) -- C:\WINDOWS\System32\dlcxcoms.exe
PRC - [2006/07/06 06:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2009/09/08 23:10:32 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/12/16 21:59:50 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/09 00:47:58 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2006/09/13 10:32:12 | 00,128,536 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/07/22 06:45:28 | 37,491,976 | ---- | M] (PC Utility, Inc.) -- C:\Program Files\Reg Tool\Reg Tool.exe
PRC - [2008/10/06 14:48:46 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2009/08/21 18:01:41 | 00,833,008 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2009/08/21 18:01:41 | 00,833,008 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2009/08/21 18:01:41 | 00,833,008 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2009/09/15 20:24:32 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\James Nachtwey\My Documents\Downloads\RootRepeal (1).exe
PRC - [2009/09/15 20:30:49 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Nachtwey\My Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/09/12 19:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/01/10 00:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
SRV - [2007/01/10 00:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/01/10 00:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
SRV - [2006/10/11 16:48:50 | 00,532,480 | ---- | M] ( ) -- C:\WINDOWS\System32\dlcxcoms.exe -- (dlcx_device [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/08/26 09:46:55 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103 [On_Demand | Stopped])
SRV - [2009/06/14 18:47:07 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9ed4a70160968 [Auto | Stopped])
SRV - [2007/06/26 10:01:55 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/07/06 06:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2007/01/14 02:11:06 | 00,080,504 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\isPwdSvc.exe -- (ISPwdSvc [On_Demand | Stopped])
SRV - [2009/09/08 23:10:32 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/09/12 19:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2007/01/10 00:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex [Auto | Running])
SRV - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Stopped])
SRV - [2008/12/16 21:59:50 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/04/09 00:47:58 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Auto | Running])
SRV - [2006/11/09 15:30:14 | 00,065,536 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [On_Demand | Stopped])
SRV - [2006/09/13 10:32:12 | 00,128,536 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -- (QuickBooksDB17 [Auto | Running])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2008/10/06 14:48:46 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Running])
SRV - [2007/01/05 03:19:28 | 00,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2006/01/10 10:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2001/08/17 11:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2006/07/19 14:42:16 | 00,230,400 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Running])
DRV - [2008/08/18 03:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2008/08/18 03:00:00 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2008/12/17 01:02:08 | 00,023,832 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys -- (FilterService [On_Demand | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2006/07/21 18:12:16 | 01,095,968 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2006/07/06 05:59:42 | 00,246,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2008/12/16 21:58:54 | 00,025,624 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
DRV - [2008/12/17 01:00:14 | 00,768,024 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\lvrs.sys -- (LVRS [On_Demand | Stopped])
DRV - [2008/12/17 01:01:22 | 00,041,752 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
DRV - [2008/12/17 01:01:44 | 06,364,440 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\lvuvc.sys -- (LVUVC [On_Demand | Stopped])
DRV - [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2006/06/05 02:39:56 | 00,024,064 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\Drivers\iqvw32.sys -- (NAL [On_Demand | Stopped])
DRV - [2008/08/20 03:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080821.017\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2008/08/20 03:00:00 | 00,873,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080821.017\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/04/25 02:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2007/04/14 02:49:32 | 00,418,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
DRV - [2007/11/30 23:57:12 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS -- (SRTSP [System | Running])
DRV - [2007/11/30 23:57:12 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS -- (SRTSPL [On_Demand | Stopped])
DRV - [2007/11/30 23:57:12 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2006/07/24 09:20:00 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2007/01/09 17:32:13 | 00,012,984 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Running])
DRV - [2008/10/06 14:48:58 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2007/01/09 17:32:13 | 00,145,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2007/01/09 17:32:13 | 00,040,120 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2008/02/13 11:18:19 | 00,240,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20080813.001\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Running])
DRV - [2007/01/09 17:32:13 | 00,035,256 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2007/01/09 17:32:13 | 00,027,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2007/01/09 17:32:13 | 00,191,544 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070614

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070614
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/07 03:00:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/09/08 23:10:38 | 00,000,000 | ---D | M]


O1 HOSTS File: (255759 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8896 more lines...
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [DLCXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [Reg Tool] C:\Program Files\Reg Tool\Reg Tool.exe (PC Utility, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: plaxo.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 00,000,309 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{20cf325e-2991-11dc-97aa-0019d1659db0}\Shell - "" = AutoRun
O33 - MountPoints2\{20cf325e-2991-11dc-97aa-0019d1659db0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{20cf325e-2991-11dc-97aa-0019d1659db0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/10/23 02:45:39 | 01,336,632 | R--- | M] ()
O33 - MountPoints2\{3da1b146-3645-11de-9942-0019d1659db0}\Shell - "" = AutoRun
O33 - MountPoints2\{3da1b146-3645-11de-9942-0019d1659db0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3da1b146-3645-11de-9942-0019d1659db0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/10/23 02:45:39 | 01,336,632 | R--- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/10/23 02:45:39 | 01,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/15 20:10:20 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2009/09/15 20:05:20 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal3.sys
[2009/09/15 20:04:40 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal7.sys
[2009/09/15 20:04:27 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal6.sys
[2009/09/15 20:04:15 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal5.sys
[2009/09/15 20:03:45 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal4.sys
[2009/09/15 07:01:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\James Nachtwey\Application Data\Malwarebytes
[2009/09/15 07:01:30 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/15 07:01:25 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/15 07:01:24 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/15 07:01:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/15 07:01:23 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/09 21:56:42 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\James Nachtwey\Desktop\HijackThis.lnk
[2009/09/09 21:56:41 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/09 21:18:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\James Nachtwey\Application Data\Sammsoft
[2009/09/09 21:18:22 | 00,001,718 | ---- | C] () -- C:\Documents and Settings\James Nachtwey\Desktop\Check PC For Errors.lnk
[2009/09/09 21:18:17 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MemTurbo - PC Optimizer.lnk
[2009/09/09 21:18:15 | 00,000,000 | ---D | C] -- C:\Program Files\MemTurbo 4
[2009/09/09 21:18:09 | 00,000,000 | ---D | C] -- C:\Program Files\Advanced Registry Optimizer
[2009/09/09 06:24:54 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/09/08 23:30:16 | 00,011,881 | ---- | C] () -- C:\WINDOWS\System32\quxigufeno.lib
[2009/09/08 23:21:19 | 00,000,440 | ---- | C] () -- C:\WINDOWS\tasks\Reg Tool Scan.job
[2009/09/08 23:21:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\James Nachtwey\Application Data\Reg Tool
[2009/09/08 23:20:44 | 00,001,848 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Reg Tool.lnk
[2009/09/08 23:20:40 | 00,000,000 | ---D | C] -- C:\Program Files\Reg Tool
[2009/09/08 23:20:07 | 00,000,000 | ---D | C] -- C:\Program Files\Downloaded Installers
[2009/09/08 23:11:22 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/09/08 23:11:22 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/09/08 23:11:22 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/09/08 23:11:22 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/09/08 23:01:40 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Corporation
[2009/09/02 21:14:56 | 00,017,028 | ---- | C] () -- C:\WINDOWS\pihuperyro.inf
[2009/09/02 21:14:56 | 00,016,610 | ---- | C] () -- C:\WINDOWS\mosazowa.vbs
[2009/09/02 21:14:55 | 00,017,886 | ---- | C] () -- C:\Program Files\Common Files\oluzyq.dl
[2009/09/02 21:14:55 | 00,015,659 | ---- | C] () -- C:\Documents and Settings\James Nachtwey\Application Data\uvazeduvet.dll
[2009/09/02 21:14:55 | 00,014,174 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\usuco.dat
[2009/09/02 21:14:55 | 00,014,145 | ---- | C] () -- C:\WINDOWS\ytaqafuwo.dat
[2009/09/02 21:14:55 | 00,013,277 | ---- | C] () -- C:\WINDOWS\yliqowuq.dll
[2009/09/02 21:14:55 | 00,012,548 | ---- | C] () -- C:\WINDOWS\System32\imegifezut.dll
[2009/09/02 21:14:55 | 00,012,128 | ---- | C] () -- C:\Documents and Settings\James Nachtwey\Application Data\yvytyb.inf
[2009/09/02 21:14:55 | 00,011,594 | ---- | C] () -- C:\WINDOWS\yqurer.vbs
[2009/09/02 21:14:55 | 00,010,945 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\xadiher.lib
[2009/09/02 21:14:54 | 00,014,467 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ymazejazo.db
[2009/09/02 21:14:53 | 00,018,621 | ---- | C] () -- C:\WINDOWS\System32\ewecisone.inf
[2009/09/02 21:14:53 | 00,018,496 | ---- | C] () -- C:\WINDOWS\lebohoqit.sys
[2009/09/02 21:14:53 | 00,018,285 | ---- | C] () -- C:\WINDOWS\System32\esumyqid.exe
[2009/09/02 21:14:53 | 00,016,288 | ---- | C] () -- C:\WINDOWS\System32\uluz.bat
[2009/09/02 21:14:53 | 00,015,680 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\vywimif.pif
[2009/09/02 21:14:53 | 00,015,419 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\erolyzige.bat
[2009/09/02 21:14:53 | 00,015,099 | ---- | C] () -- C:\WINDOWS\arokavuvaz.reg
[2009/09/02 21:14:53 | 00,014,019 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xufyhusaj.exe
[2009/09/02 21:14:53 | 00,012,666 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uxyfug.inf
[2009/09/02 21:14:53 | 00,012,295 | ---- | C] () -- C:\WINDOWS\ekihomah.exe
[2009/09/02 21:14:53 | 00,011,163 | ---- | C] () -- C:\WINDOWS\oxanyxycow.pif
[2009/06/14 18:22:39 | 00,081,110 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/05/01 06:49:56 | 00,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2009/05/01 06:49:38 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2009/05/01 06:49:17 | 00,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2009/05/01 06:48:16 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2008/12/16 21:58:54 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 00,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/07/24 15:29:39 | 00,000,245 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/13 13:50:15 | 00,000,276 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/07/06 11:00:49 | 00,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/07/06 11:00:49 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\8DDB1CFC55.sys
[2007/07/06 10:55:41 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcxvs.dll
[2007/07/06 10:55:38 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcxcoin.dll
[2007/07/06 10:55:20 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\dlcxdrs.dll
[2007/07/06 10:55:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcxcaps.dll
[2007/07/06 10:55:20 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcxcnv4.dll
[2007/07/06 10:53:03 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
[2007/07/06 10:53:03 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
[2007/07/06 10:52:25 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxinpa.dll
[2007/07/06 10:52:25 | 00,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxiesc.dll
[2007/07/06 10:52:25 | 00,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhcp.dll
[2007/07/06 10:52:25 | 00,274,432 | ---- | C] () -- C:\WINDOWS\System32\dlcxinst.dll
[2007/07/06 10:52:24 | 01,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2007/07/06 10:52:24 | 00,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2007/07/06 10:52:24 | 00,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2007/07/06 10:52:24 | 00,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxlmpm.dll
[2007/07/06 10:52:24 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2007/07/06 10:52:24 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2007/07/06 10:52:24 | 00,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
[2007/07/06 10:52:23 | 00,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll
[2007/07/06 10:52:23 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2007/07/06 10:52:23 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2007/07/06 10:52:23 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2007/07/06 10:52:23 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2007/07/06 10:52:23 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2007/07/06 10:52:22 | 00,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2007/07/06 10:52:22 | 00,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[2007/07/06 10:52:22 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2007/07/06 10:52:22 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2007/07/06 10:52:22 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2007/07/06 10:52:21 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\DLCXcfg.dll
[2007/06/14 09:58:35 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/06/14 09:29:51 | 00,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/06/14 09:29:51 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2007/06/14 09:26:21 | 00,001,122 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/12/02 12:08:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 16:24:19 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 16:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 16:00:37 | 00,000,602 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 16:00:35 | 00,000,260 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/09/15 20:15:07 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2009/09/15 20:10:13 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal7.sys
[2009/09/15 20:08:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/09/15 20:05:21 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal3.sys
[2009/09/15 20:04:28 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal6.sys
[2009/09/15 20:04:15 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal5.sys
[2009/09/15 20:03:52 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal4.sys
[2009/09/15 18:00:04 | 00,002,775 | ---- | M] () -- C:\Documents and Settings\James Nachtwey\Desktop\AOL.com - Welcome to AOL (2).url
[2009/09/15 12:00:00 | 00,000,440 | ---- | M] () -- C:\WINDOWS\tasks\Reg Tool Scan.job
[2009/09/15 10:24:26 | 00,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F2324832-B51B-4C0E-8AD1-8320F672BB37}.job
[2009/09/15 10:08:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/09/15 07:32:07 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/15 07:31:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/15 07:31:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/15 07:31:12 | 10,631,65952 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/15 07:30:00 | 00,000,574 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - James Nachtwey.job
[2009/09/15 07:01:30 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/10 21:15:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/09 21:56:42 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\James Nachtwey\Desktop\HijackThis.lnk
[2009/09/09 21:29:38 | 00,000,260 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/09 21:18:22 | 00,001,718 | ---- | M] () -- C:\Documents and Settings\James Nachtwey\Desktop\Check PC For Errors.lnk
[2009/09/09 21:18:17 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MemTurbo - PC Optimizer.lnk
[2009/09/09 06:43:54 | 00,000,276 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/09/09 06:26:55 | 00,005,852 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/09/09 06:26:55 | 00,000,056 | RHS- | M] () -- C:\WINDOWS\System32\8DDB1CFC55.sys
[2009/09/09 06:24:54 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/09/09 06:23:36 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/08 23:30:16 | 00,011,881 | ---- | M] () -- C:\WINDOWS\System32\quxigufeno.lib
[2009/09/08 23:20:44 | 00,001,848 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Reg Tool.lnk
[2009/09/08 23:10:31 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/09/08 23:10:31 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/09/08 23:10:31 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/09/08 23:10:31 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/09/08 23:10:30 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/09/08 22:39:15 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\James Nachtwey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/07 12:41:46 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/09/03 18:54:09 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/09/03 18:54:07 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2009/09/03 15:20:07 | 00,255,759 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/09/03 15:17:47 | 00,000,848 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090903-152007.backup
[2009/09/02 21:14:56 | 00,017,028 | ---- | M] () -- C:\WINDOWS\pihuperyro.inf
[2009/09/02 21:14:56 | 00,016,610 | ---- | M] () -- C:\WINDOWS\mosazowa.vbs
[2009/09/02 21:14:55 | 00,017,886 | ---- | M] () -- C:\Program Files\Common Files\oluzyq.dl
[2009/09/02 21:14:55 | 00,015,659 | ---- | M] () -- C:\Documents and Settings\James Nachtwey\Application Data\uvazeduvet.dll
[2009/09/02 21:14:55 | 00,014,174 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\usuco.dat
[2009/09/02 21:14:55 | 00,014,145 | ---- | M] () -- C:\WINDOWS\ytaqafuwo.dat
[2009/09/02 21:14:55 | 00,013,277 | ---- | M] () -- C:\WINDOWS\yliqowuq.dll
[2009/09/02 21:14:55 | 00,012,548 | ---- | M] () -- C:\WINDOWS\System32\imegifezut.dll
[2009/09/02 21:14:55 | 00,012,128 | ---- | M] () -- C:\Documents and Settings\James Nachtwey\Application Data\yvytyb.inf
[2009/09/02 21:14:55 | 00,011,594 | ---- | M] () -- C:\WINDOWS\yqurer.vbs
[2009/09/02 21:14:55 | 00,010,945 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\xadiher.lib
[2009/09/02 21:14:54 | 00,014,467 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ymazejazo.db
[2009/09/02 21:14:53 | 00,018,621 | ---- | M] () -- C:\WINDOWS\System32\ewecisone.inf
[2009/09/02 21:14:53 | 00,018,496 | ---- | M] () -- C:\WINDOWS\lebohoqit.sys
[2009/09/02 21:14:53 | 00,018,285 | ---- | M] () -- C:\WINDOWS\System32\esumyqid.exe
[2009/09/02 21:14:53 | 00,016,288 | ---- | M] () -- C:\WINDOWS\System32\uluz.bat
[2009/09/02 21:14:53 | 00,015,680 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\vywimif.pif
[2009/09/02 21:14:53 | 00,015,419 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\erolyzige.bat
[2009/09/02 21:14:53 | 00,015,099 | ---- | M] () -- C:\WINDOWS\arokavuvaz.reg
[2009/09/02 21:14:53 | 00,014,019 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\xufyhusaj.exe
[2009/09/02 21:14:53 | 00,012,666 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\uxyfug.inf
[2009/09/02 21:14:53 | 00,012,295 | ---- | M] () -- C:\WINDOWS\ekihomah.exe
[2009/09/02 21:14:53 | 00,011,163 | ---- | M] () -- C:\WINDOWS\oxanyxycow.pif
[2009/08/28 16:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/08/25 20:09:02 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/08/19 16:39:21 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
< End of report >

OTL Extras logfile created on: 9/15/2009 8:31:05 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\James Nachtwey\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.84 Mb Total Physical Memory | 435.41 Mb Available Physical Memory | 42.95% Memory free
2.38 Gb Paging File | 1.92 Gb Available in Paging File | 80.67% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 54.90 Gb Free Space | 76.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 7.47 Gb Total Space | 5.97 Gb Free Space | 79.91% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADMIN
Current User Name: James Nachtwey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3462751734-2760307193-2903758901-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\WINDOWS\system32\dlcxcoms.exe" = C:\WINDOWS\system32\dlcxcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{007DD97C-36DC-4C25-9B1C-7D22AC483D50}" = Reg Tool
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel® PRO Network Connections
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{228F6876-A313-40A3-91C0-C3CBE6997D09}" = Symantec
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}" = Internet Worm Protection
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{469436E4-A436-4a2f-8113-239EE6D1A60F}" = HP Scanjet 4800 series
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{7E545666-F422-45FD-B3DF-C0B99A1A579F}" = QuickBooks Pro 2007
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_BASICR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_BASICR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_BASICR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_BASICR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_BASICR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_BASICR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91208A47-5D08-4C79-986F-1931940F51BB}" = QuickBooks Product Listing Service
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD4D567E-44D7-4CDA-977D-C918D88FA3D9}_is1" = MemTurbo 4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}" = Norton AntiVirus SYMLT MSI
"{DA3A3A37-87D3-4E5A-AA27-005A9BCB28AA}" = Symantec Real Time Storage Protection Component
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F206B8BB-D34E-47B3-A8EF-B475EED73A64}" = Microsoft IE ActiveX Analyzer
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F5DA4BCE-78D3-4B15-A74B-1688A6EF38E3}" = hpg4850
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
"alotToolbar" = ALOT Toolbar
"BASICR" = Microsoft Office Basic 2007
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell PC Fax" = Dell PC Fax
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"Elections Toolbar" = Elections Toolbar
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SearchAssist" = SearchAssist
"SymSetup.{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus (Symantec Corporation)
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3462751734-2760307193-2903758901-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/8/2009 11:35:58 PM | Computer Name = ADMIN | Source = Application Hang | ID = 1002
Description = Hanging application hpqudc08.exe, version 53.0.13.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/9/2009 1:40:52 AM | Computer Name = ADMIN | Source = Application Hang | ID = 1002
Description = Hanging application hpqdirec.exe, version 50.0.152.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/9/2009 1:40:52 AM | Computer Name = ADMIN | Source = Application Hang | ID = 1002
Description = Hanging application hpqdirec.exe, version 50.0.152.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/9/2009 1:40:52 AM | Computer Name = ADMIN | Source = Application Hang | ID = 1002
Description = Hanging application hpqdirec.exe, version 50.0.152.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/9/2009 1:40:53 AM | Computer Name = ADMIN | Source = Application Hang | ID = 1002
Description = Hanging application hpqdirec.exe, version 50.0.152.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/9/2009 1:41:40 AM | Computer Name = ADMIN | Source = Application Hang | ID = 1002
Description = Hanging application hpqimzone.exe, version 53.0.13.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/9/2009 1:41:41 AM | Computer Name = ADMIN | Source = Application Hang | ID = 1002
Description = Hanging application hpqimzone.exe, version 53.0.13.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/9/2009 7:22:33 AM | Computer Name = ADMIN | Source = MsiInstaller | ID = 11704
Description = Product: Adobe Reader 9 -- Error 1704.An installation for Reg Tool
is currently suspended. You must undo the changes made by that installation to
continue. Do you want to undo those changes?

Error - 9/10/2009 9:30:20 AM | Computer Name = ADMIN | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 12.0.6504.5000, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/10/2009 9:33:03 AM | Computer Name = ADMIN | Source = Application Hang | ID = 1001
Description = Fault bucket 1303216512.

[ OSession Events ]
Error - 6/17/2009 12:01:50 PM | Computer Name = ADMIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/17/2009 12:02:03 PM | Computer Name = ADMIN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/21/2009 9:53:04 AM | Computer Name = ADMIN | Source = Print | ID = 6161
Description = The document https://www.avistarparking.com/fasttrack/re...tions/pay-at-lo
owned by James Nachtwey failed to print on printer Dell Photo AIO Printer 926.
Data type: LEMF. Size of the spool file in bytes: 541911. Number of bytes printed:
541911. Total number of pages in the document: 1. Number of pages printed: 0. Client
machine: \\ADMIN. Win32 error code returned by the print processor: 0 (0x0).

Error - 8/21/2009 9:53:07 AM | Computer Name = ADMIN | Source = Print | ID = 6161
Description = The document https://www.avistarparking.com/fasttrack/re...tions/pay-at-lo
owned by James Nachtwey failed to print on printer Dell Photo AIO Printer 926.
Data type: LEMF. Size of the spool file in bytes: 541911. Number of bytes printed:
541911. Total number of pages in the document: 1. Number of pages printed: 0. Client
machine: \\ADMIN. Win32 error code returned by the print processor: 0 (0x0).

Error - 8/21/2009 9:53:12 AM | Computer Name = ADMIN | Source = Print | ID = 6161
Description = The document https://www.avistarparking.com/fasttrack/re...tions/pay-at-lo
owned by James Nachtwey failed to print on printer Dell Photo AIO Printer 926.
Data type: LEMF. Size of the spool file in bytes: 541911. Number of bytes printed:
541911. Total number of pages in the document: 1. Number of pages printed: 0. Client
machine: \\ADMIN. Win32 error code returned by the print processor: 0 (0x0).

Error - 8/28/2009 6:21:19 PM | Computer Name = ADMIN | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.102 on
the Network Card with network address 0019D1659DB0.

Error - 9/2/2009 10:07:49 PM | Computer Name = ADMIN | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume2'. It has stopped
monitoring the volume.

Error - 9/3/2009 3:46:59 PM | Computer Name = ADMIN | Source = DCOM | ID = 10010
Description = The server {D0B7C734-2D1B-461D-93C6-8264DA4F038B} did not register
with DCOM within the required timeout.

Error - 9/7/2009 1:51:35 PM | Computer Name = ADMIN | Source = Print | ID = 6161
Description = The document Driving Directions from 2239 E Cook St , Springfield,
IL to Oak Terrace Golf Course, 100 Beyers Lk , Pana, IL owned by James Nachtwey
failed to print on printer Dell Photo AIO Printer 926. Data type: LEMF. Size of
the spool file in bytes: 1315253. Number of bytes printed: 1315253. Total number
of pages in the document: 2. Number of pages printed: 0. Client machine: \\ADMIN.
Win32 error code returned by the print processor: 0 (0x0).

Error - 9/9/2009 7:22:35 AM | Computer Name = ADMIN | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070652: Update for Microsoft Office Outlook 2007 Junk Email Filter
(KB973514).

Error - 9/9/2009 9:31:36 PM | Computer Name = ADMIN | Source = DCOM | ID = 10010
Description = The server {6BA70EAF-D5FF-4687-829A-A646EEC622F8} did not register
with DCOM within the required timeout.

Error - 9/9/2009 10:26:55 PM | Computer Name = ADMIN | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume2'. It has stopped
monitoring the volume.


< End of report >

Edited by karenn05, 15 September 2009 - 08:50 PM.


#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:51 PM

Posted 16 September 2009 - 07:23 AM

Hello karen,

1. Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:

*Registry tools can cause irreparable damage to your Operating System
*Registry tools can, as a result of the above, render your pc to be inoperable.

This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.

Cleaning the registry won't really improve system performance, even though there a lot of orphaned keys.
IMHO, if registry cleaning was required, then Microsoft would have added this option. So you use registry at you own risk. After all, a corrupted registry is a corrupted Windows.

Registry Cleaners and System Tweaking Tools



2. Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Documents and Settings\James Nachtwey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini


Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/



3. We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Files
    C:\WINDOWS\System32\quxigufeno.lib
    C:\WINDOWS\pihuperyro.inf
    C:\WINDOWS\mosazowa.vbs
    C:\Program Files\Common Files\oluzyq.dl
    C:\Documents and Settings\James Nachtwey\Application Data\uvazeduvet.dll
    C:\Documents and Settings\All Users\Application Data\usuco.dat
    C:\WINDOWS\ytaqafuwo.dat
    C:\WINDOWS\yliqowuq.dll
    C:\WINDOWS\System32\imegifezut.dll
    C:\Documents and Settings\James Nachtwey\Application Data\yvytyb.inf
    C:\WINDOWS\yqurer.vbs
    C:\Documents and Settings\All Users\Documents\xadiher.lib
    C:\Documents and Settings\All Users\Documents\ymazejazo.db
    C:\WINDOWS\System32\ewecisone.inf
    C:\WINDOWS\lebohoqit.sys
    C:\WINDOWS\System32\esumyqid.exe
    C:\WINDOWS\System32\uluz.bat
    C:\Documents and Settings\All Users\Documents\vywimif.pif
    C:\Documents and Settings\All Users\Documents\erolyzige.bat
    C:\WINDOWS\arokavuvaz.reg
    C:\Documents and Settings\All Users\Application Data\xufyhusaj.exe
    C:\Documents and Settings\All Users\Application Data\uxyfug.inf
    C:\WINDOWS\ekihomah.exe
    C:\WINDOWS\oxanyxycow.pif
    C:\WINDOWS\imsins.BAK
    C:\WINDOWS\System32\quxigufeno.lib
    C:\WINDOWS\System32\drivers\lvuvc.hs
    C:\WINDOWS\System32\drivers\logiflt.iad
    
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000000
    
    :commands
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

~Semp :(

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:51 PM

Posted 19 September 2009 - 09:32 PM

Hi,

Are you still there?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#8 karenn05

karenn05
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 20 September 2009 - 07:27 PM

OTL logfile created on: 9/20/2009 7:21:41 PM - Run 3
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\James Nachtwey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.84 Mb Total Physical Memory | 614.45 Mb Available Physical Memory | 60.61% Memory free
2.38 Gb Paging File | 2.03 Gb Available in Paging File | 85.25% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 54.73 Gb Free Space | 76.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADMIN
Current User Name: James Nachtwey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2007/01/10 00:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/05 03:19:28 | 00,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/09/12 19:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/01/10 00:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006/10/11 16:48:50 | 00,532,480 | ---- | M] ( ) -- C:\WINDOWS\System32\dlcxcoms.exe
PRC - [2006/07/06 06:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2009/09/08 23:10:32 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/12/16 21:59:50 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/09 00:47:58 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2006/09/13 10:32:12 | 00,128,536 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/06/29 03:35:10 | 00,634,632 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/09/20 19:20:45 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Nachtwey\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/09/12 19:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/01/10 00:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
SRV - [2007/01/10 00:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/01/10 00:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
SRV - [2006/10/11 16:48:50 | 00,532,480 | ---- | M] ( ) -- C:\WINDOWS\System32\dlcxcoms.exe -- (dlcx_device [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/08/26 09:46:55 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103 [On_Demand | Stopped])
SRV - [2009/06/14 18:47:07 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9ed4a70160968 [Auto | Stopped])
SRV - [2007/06/26 10:01:55 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/07/06 06:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2007/01/14 02:11:06 | 00,080,504 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\isPwdSvc.exe -- (ISPwdSvc [On_Demand | Stopped])
SRV - [2009/09/08 23:10:32 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/09/12 19:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2007/01/10 00:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex [Auto | Running])
SRV - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Stopped])
SRV - [2008/12/16 21:59:50 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/04/09 00:47:58 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Auto | Running])
SRV - [2006/11/09 15:30:14 | 00,065,536 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [On_Demand | Stopped])
SRV - [2006/09/13 10:32:12 | 00,128,536 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -- (QuickBooksDB17 [Auto | Running])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2008/10/06 14:48:46 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
SRV - [2007/01/05 03:19:28 | 00,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2006/01/10 10:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2001/08/17 11:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2006/07/19 14:42:16 | 00,230,400 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Running])
DRV - [2008/08/18 03:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2008/08/18 03:00:00 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2008/12/17 01:02:08 | 00,023,832 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys -- (FilterService [On_Demand | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2006/07/21 18:12:16 | 01,095,968 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2006/07/06 05:59:42 | 00,246,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2008/12/16 21:58:54 | 00,025,624 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
DRV - [2008/12/17 01:00:14 | 00,768,024 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\lvrs.sys -- (LVRS [On_Demand | Stopped])
DRV - [2008/12/17 01:01:22 | 00,041,752 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
DRV - [2008/12/17 01:01:44 | 06,364,440 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\lvuvc.sys -- (LVUVC [On_Demand | Stopped])
DRV - [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2006/06/05 02:39:56 | 00,024,064 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\Drivers\iqvw32.sys -- (NAL [On_Demand | Stopped])
DRV - [2008/08/20 03:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080821.017\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2008/08/20 03:00:00 | 00,873,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080821.017\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/04/25 02:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2009/09/15 20:15:07 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys -- (rootrepeal [On_Demand | Stopped])
DRV - [2009/09/15 20:05:21 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal3.sys -- (rootrepeal3 [On_Demand | Stopped])
DRV - [2009/09/15 20:03:52 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal4.sys -- (rootrepeal4 [On_Demand | Stopped])
DRV - [2009/09/15 20:04:15 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal5.sys -- (rootrepeal5 [On_Demand | Stopped])
DRV - [2009/09/15 20:04:28 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal6.sys -- (rootrepeal6 [On_Demand | Stopped])
DRV - [2009/09/15 20:10:13 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal7.sys -- (rootrepeal7 [On_Demand | Stopped])
DRV - [2009/09/20 18:39:06 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal[2].sys -- (rootrepeal[2] [On_Demand | Stopped])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2007/04/14 02:49:32 | 00,418,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
DRV - [2007/11/30 23:57:12 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS -- (SRTSP [System | Running])
DRV - [2007/11/30 23:57:12 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS -- (SRTSPL [On_Demand | Stopped])
DRV - [2007/11/30 23:57:12 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2006/07/24 09:20:00 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2007/01/09 17:32:13 | 00,012,984 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Running])
DRV - [2008/10/06 14:48:58 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2007/01/09 17:32:13 | 00,145,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2007/01/09 17:32:13 | 00,040,120 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2008/02/13 11:18:19 | 00,240,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20080813.001\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Running])
DRV - [2007/01/09 17:32:13 | 00,035,256 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2007/01/09 17:32:13 | 00,027,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2007/01/09 17:32:13 | 00,191,544 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070614


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070614
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070614
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-21-3462751734-2760307193-2903758901-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070614
IE - HKU\S-1-5-21-3462751734-2760307193-2903758901-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3462751734-2760307193-2903758901-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3462751734-2760307193-2903758901-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3462751734-2760307193-2903758901-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-3462751734-2760307193-2903758901-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKU\S-1-5-21-3462751734-2760307193-2903758901-1005\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKU\S-1-5-21-3462751734-2760307193-2903758901-1005\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\S-1-5-21-3462751734-2760307193-2903758901-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-3462751734-2760307193-2903758901-1005\S-1-5-21-3462751734-2760307193-2903758901-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3462751734-2760307193-2903758901-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070614
IE - HKU\S-1-5-21-3462751734-2760307193-2903758901-1006\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-21-3462751734-2760307193-2903758901-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3462751734-2760307193-2903758901-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
IE - HKU\S-1-5-21-3462751734-2760307193-2903758901-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-21-3462751734-2760307193-2903758901-1006\S-1-5-21-3462751734-2760307193-2903758901-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/07 03:00:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/09/08 23:10:38 | 00,000,000 | ---D | M]


O1 HOSTS File: (255759 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8896 more lines...
O3 - HKU\S-1-5-21-3462751734-2760307193-2903758901-1005\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-3462751734-2760307193-2903758901-1005\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [DLCXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3462751734-2760307193-2903758901-1005..\Run: [Reg Tool] C:\Program Files\Reg Tool\Reg Tool.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3462751734-2760307193-2903758901-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3462751734-2760307193-2903758901-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-21-3462751734-2760307193-2903758901-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKU\S-1-5-21-3462751734-2760307193-2903758901-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-3462751734-2760307193-2903758901-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-3462751734-2760307193-2903758901-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-21-3462751734-2760307193-2903758901-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 40 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 40 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3462751734-2760307193-2903758901-1005\..Trusted Domains: plaxo.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3462751734-2760307193-2903758901-1005\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3462751734-2760307193-2903758901-1006\..Trusted Domains: 40 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{20cf325e-2991-11dc-97aa-0019d1659db0}\Shell - "" = AutoRun
O33 - MountPoints2\{20cf325e-2991-11dc-97aa-0019d1659db0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{20cf325e-2991-11dc-97aa-0019d1659db0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{3da1b146-3645-11de-9942-0019d1659db0}\Shell - "" = AutoRun
O33 - MountPoints2\{3da1b146-3645-11de-9942-0019d1659db0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3da1b146-3645-11de-9942-0019d1659db0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/20 19:20:06 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\James Nachtwey\Desktop\OTL.exe
[2009/09/20 18:38:56 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal[2].sys
[2009/09/20 18:37:41 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\James Nachtwey\Desktop\settings.dat
[2009/09/20 16:00:21 | 00,000,000 | ---D | C] -- C:\Program Files\wiartf
[2009/09/15 20:10:20 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2009/09/15 20:05:20 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal3.sys
[2009/09/15 20:04:40 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal7.sys
[2009/09/15 20:04:27 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal6.sys
[2009/09/15 20:04:15 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal5.sys
[2009/09/15 20:03:45 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal4.sys
[2009/09/15 07:01:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\James Nachtwey\Application Data\Malwarebytes
[2009/09/15 07:01:30 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/15 07:01:25 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/15 07:01:24 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/15 07:01:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/15 07:01:23 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/09 21:56:42 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\James Nachtwey\Desktop\HijackThis.lnk
[2009/09/09 21:56:41 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/09 21:18:17 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MemTurbo - PC Optimizer.lnk
[2009/09/09 21:18:15 | 00,000,000 | ---D | C] -- C:\Program Files\MemTurbo 4
[2009/09/09 21:18:09 | 00,000,000 | ---D | C] -- C:\Program Files\Advanced Registry Optimizer
[2009/09/09 06:24:54 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/09/08 23:30:16 | 00,011,881 | ---- | C] () -- C:\WINDOWS\System32\quxigufeno.lib
[2009/09/08 23:21:19 | 00,000,440 | ---- | C] () -- C:\WINDOWS\tasks\Reg Tool Scan.job
[2009/09/08 23:21:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\James Nachtwey\Application Data\Reg Tool
[2009/09/08 23:11:22 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/09/08 23:11:22 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/09/08 23:11:22 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/09/08 23:11:22 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/09/08 23:01:40 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Corporation
[2009/09/02 21:14:56 | 00,017,028 | ---- | C] () -- C:\WINDOWS\pihuperyro.inf
[2009/09/02 21:14:56 | 00,016,610 | ---- | C] () -- C:\WINDOWS\mosazowa.vbs
[2009/09/02 21:14:55 | 00,017,886 | ---- | C] () -- C:\Program Files\Common Files\oluzyq.dl
[2009/09/02 21:14:55 | 00,015,659 | ---- | C] () -- C:\Documents and Settings\James Nachtwey\Application Data\uvazeduvet.dll
[2009/09/02 21:14:55 | 00,014,174 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\usuco.dat
[2009/09/02 21:14:55 | 00,014,145 | ---- | C] () -- C:\WINDOWS\ytaqafuwo.dat
[2009/09/02 21:14:55 | 00,013,277 | ---- | C] () -- C:\WINDOWS\yliqowuq.dll
[2009/09/02 21:14:55 | 00,012,548 | ---- | C] () -- C:\WINDOWS\System32\imegifezut.dll
[2009/09/02 21:14:55 | 00,012,128 | ---- | C] () -- C:\Documents and Settings\James Nachtwey\Application Data\yvytyb.inf
[2009/09/02 21:14:55 | 00,011,594 | ---- | C] () -- C:\WINDOWS\yqurer.vbs
[2009/09/02 21:14:55 | 00,010,945 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\xadiher.lib
[2009/09/02 21:14:54 | 00,014,467 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ymazejazo.db
[2009/09/02 21:14:53 | 00,018,621 | ---- | C] () -- C:\WINDOWS\System32\ewecisone.inf
[2009/09/02 21:14:53 | 00,018,496 | ---- | C] () -- C:\WINDOWS\lebohoqit.sys
[2009/09/02 21:14:53 | 00,018,285 | ---- | C] () -- C:\WINDOWS\System32\esumyqid.exe
[2009/09/02 21:14:53 | 00,016,288 | ---- | C] () -- C:\WINDOWS\System32\uluz.bat
[2009/09/02 21:14:53 | 00,015,680 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\vywimif.pif
[2009/09/02 21:14:53 | 00,015,419 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\erolyzige.bat
[2009/09/02 21:14:53 | 00,015,099 | ---- | C] () -- C:\WINDOWS\arokavuvaz.reg
[2009/09/02 21:14:53 | 00,014,019 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xufyhusaj.exe
[2009/09/02 21:14:53 | 00,012,666 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uxyfug.inf
[2009/09/02 21:14:53 | 00,012,295 | ---- | C] () -- C:\WINDOWS\ekihomah.exe
[2009/09/02 21:14:53 | 00,011,163 | ---- | C] () -- C:\WINDOWS\oxanyxycow.pif
[2009/06/14 18:22:39 | 00,081,110 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/05/01 06:49:56 | 00,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2009/05/01 06:49:38 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2009/05/01 06:49:17 | 00,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2009/05/01 06:48:16 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2008/12/16 21:58:54 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 00,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/07/24 15:29:39 | 00,000,245 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/13 13:50:15 | 00,000,276 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/07/06 11:00:49 | 00,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/07/06 11:00:49 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\8DDB1CFC55.sys
[2007/07/06 10:55:41 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcxvs.dll
[2007/07/06 10:55:38 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcxcoin.dll
[2007/07/06 10:55:20 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\dlcxdrs.dll
[2007/07/06 10:55:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcxcaps.dll
[2007/07/06 10:55:20 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcxcnv4.dll
[2007/07/06 10:53:03 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
[2007/07/06 10:53:03 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
[2007/07/06 10:52:25 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxinpa.dll
[2007/07/06 10:52:25 | 00,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxiesc.dll
[2007/07/06 10:52:25 | 00,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhcp.dll
[2007/07/06 10:52:25 | 00,274,432 | ---- | C] () -- C:\WINDOWS\System32\dlcxinst.dll
[2007/07/06 10:52:24 | 01,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2007/07/06 10:52:24 | 00,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2007/07/06 10:52:24 | 00,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2007/07/06 10:52:24 | 00,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxlmpm.dll
[2007/07/06 10:52:24 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2007/07/06 10:52:24 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2007/07/06 10:52:24 | 00,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
[2007/07/06 10:52:23 | 00,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll
[2007/07/06 10:52:23 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2007/07/06 10:52:23 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2007/07/06 10:52:23 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2007/07/06 10:52:23 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2007/07/06 10:52:23 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2007/07/06 10:52:22 | 00,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2007/07/06 10:52:22 | 00,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[2007/07/06 10:52:22 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2007/07/06 10:52:22 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2007/07/06 10:52:22 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2007/07/06 10:52:21 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\DLCXcfg.dll
[2007/06/14 09:58:35 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/06/14 09:29:51 | 00,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/06/14 09:29:51 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2007/06/14 09:26:21 | 00,001,122 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/12/02 12:08:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 16:24:19 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 16:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 16:00:37 | 00,000,602 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 16:00:35 | 00,000,260 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/09/20 19:20:45 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Nachtwey\Desktop\OTL.exe
[2009/09/20 19:15:32 | 00,002,775 | ---- | M] () -- C:\Documents and Settings\James Nachtwey\Desktop\AOL.com - Welcome to AOL (2).url
[2009/09/20 19:15:09 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/20 19:15:07 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/09/20 19:08:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/09/20 19:02:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/20 19:02:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/20 19:02:31 | 10,631,65952 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/20 18:39:06 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal[2].sys
[2009/09/20 18:37:41 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\James Nachtwey\Desktop\settings.dat
[2009/09/20 16:49:23 | 00,000,440 | ---- | M] () -- C:\WINDOWS\tasks\Reg Tool Scan.job
[2009/09/20 09:51:21 | 00,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F2324832-B51B-4C0E-8AD1-8320F672BB37}.job
[2009/09/17 21:15:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/16 12:56:37 | 00,005,852 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/09/16 12:56:36 | 00,000,056 | RHS- | M] () -- C:\WINDOWS\System32\8DDB1CFC55.sys
[2009/09/15 23:08:38 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/09/15 20:15:07 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2009/09/15 20:10:13 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal7.sys
[2009/09/15 20:05:21 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal3.sys
[2009/09/15 20:04:28 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal6.sys
[2009/09/15 20:04:15 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal5.sys
[2009/09/15 20:03:52 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal4.sys
[2009/09/15 07:30:00 | 00,000,574 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - James Nachtwey.job
[2009/09/15 07:01:30 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/10 23:42:39 | 00,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/09 21:56:42 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\James Nachtwey\Desktop\HijackThis.lnk
[2009/09/09 21:29:38 | 00,000,260 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/09 21:18:17 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MemTurbo - PC Optimizer.lnk
[2009/09/09 06:43:54 | 00,000,276 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/09/09 06:24:54 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/09/08 23:30:16 | 00,011,881 | ---- | M] () -- C:\WINDOWS\System32\quxigufeno.lib
[2009/09/08 23:10:31 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/09/08 23:10:31 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/09/08 23:10:31 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/09/08 23:10:31 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/09/08 23:10:30 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/09/08 22:39:15 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\James Nachtwey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/07 12:41:46 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/09/03 18:54:09 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/09/03 18:54:07 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2009/09/03 15:20:07 | 00,255,759 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/09/03 15:17:47 | 00,000,848 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090903-152007.backup
[2009/09/02 21:14:56 | 00,017,028 | ---- | M] () -- C:\WINDOWS\pihuperyro.inf
[2009/09/02 21:14:56 | 00,016,610 | ---- | M] () -- C:\WINDOWS\mosazowa.vbs
[2009/09/02 21:14:55 | 00,017,886 | ---- | M] () -- C:\Program Files\Common Files\oluzyq.dl
[2009/09/02 21:14:55 | 00,015,659 | ---- | M] () -- C:\Documents and Settings\James Nachtwey\Application Data\uvazeduvet.dll
[2009/09/02 21:14:55 | 00,014,174 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\usuco.dat
[2009/09/02 21:14:55 | 00,014,145 | ---- | M] () -- C:\WINDOWS\ytaqafuwo.dat
[2009/09/02 21:14:55 | 00,013,277 | ---- | M] () -- C:\WINDOWS\yliqowuq.dll
[2009/09/02 21:14:55 | 00,012,548 | ---- | M] () -- C:\WINDOWS\System32\imegifezut.dll
[2009/09/02 21:14:55 | 00,012,128 | ---- | M] () -- C:\Documents and Settings\James Nachtwey\Application Data\yvytyb.inf
[2009/09/02 21:14:55 | 00,011,594 | ---- | M] () -- C:\WINDOWS\yqurer.vbs
[2009/09/02 21:14:55 | 00,010,945 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\xadiher.lib
[2009/09/02 21:14:54 | 00,014,467 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ymazejazo.db
[2009/09/02 21:14:53 | 00,018,621 | ---- | M] () -- C:\WINDOWS\System32\ewecisone.inf
[2009/09/02 21:14:53 | 00,018,496 | ---- | M] () -- C:\WINDOWS\lebohoqit.sys
[2009/09/02 21:14:53 | 00,018,285 | ---- | M] () -- C:\WINDOWS\System32\esumyqid.exe
[2009/09/02 21:14:53 | 00,016,288 | ---- | M] () -- C:\WINDOWS\System32\uluz.bat
[2009/09/02 21:14:53 | 00,015,680 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\vywimif.pif
[2009/09/02 21:14:53 | 00,015,419 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\erolyzige.bat
[2009/09/02 21:14:53 | 00,015,099 | ---- | M] () -- C:\WINDOWS\arokavuvaz.reg
[2009/09/02 21:14:53 | 00,014,019 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\xufyhusaj.exe
[2009/09/02 21:14:53 | 00,012,666 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\uxyfug.inf
[2009/09/02 21:14:53 | 00,012,295 | ---- | M] () -- C:\WINDOWS\ekihomah.exe
[2009/09/02 21:14:53 | 00,011,163 | ---- | M] () -- C:\WINDOWS\oxanyxycow.pif
[2009/08/28 16:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== Custom Scans ==========


< :Files >

< C:\WINDOWS\System32\quxigufeno.lib >
[2009/09/08 23:30:16 | 00,011,881 | ---- | M] () -- C:\WINDOWS\System32\quxigufeno.lib
[1 C:\WINDOWS\System32\*.tmp files]

< C:\WINDOWS\pihuperyro.inf >
[2009/09/02 21:14:56 | 00,017,028 | ---- | M] () -- C:\WINDOWS\pihuperyro.inf
[1 C:\WINDOWS\*.tmp files]

< C:\WINDOWS\mosazowa.vbs >
[2009/09/02 21:14:56 | 00,016,610 | ---- | M] () -- C:\WINDOWS\mosazowa.vbs
[1 C:\WINDOWS\*.tmp files]

< C:\Program Files\Common Files\oluzyq.dl >
[2009/09/02 21:14:55 | 00,017,886 | ---- | M] () -- C:\Program Files\Common Files\oluzyq.dl

< C:\Documents and Settings\James Nachtwey\Application Data\uvazeduvet.dll >
[2009/09/02 21:14:55 | 00,015,659 | ---- | M] () -- C:\Documents and Settings\James Nachtwey\Application Data\uvazeduvet.dll

< C:\Documents and Settings\All Users\Application Data\usuco.dat >
[2009/09/02 21:14:55 | 00,014,174 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\usuco.dat

< C:\WINDOWS\ytaqafuwo.dat >
[2009/09/02 21:14:55 | 00,014,145 | ---- | M] () -- C:\WINDOWS\ytaqafuwo.dat
[1 C:\WINDOWS\*.tmp files]

< C:\WINDOWS\yliqowuq.dll >
[2009/09/02 21:14:55 | 00,013,277 | ---- | M] () -- C:\WINDOWS\yliqowuq.dll
[1 C:\WINDOWS\*.tmp files]

< C:\WINDOWS\System32\imegifezut.dll >
[2009/09/02 21:14:55 | 00,012,548 | ---- | M] () -- C:\WINDOWS\System32\imegifezut.dll
[1 C:\WINDOWS\System32\*.tmp files]

< C:\Documents and Settings\James Nachtwey\Application Data\yvytyb.inf >
[2009/09/02 21:14:55 | 00,012,128 | ---- | M] () -- C:\Documents and Settings\James Nachtwey\Application Data\yvytyb.inf

< C:\WINDOWS\yqurer.vbs >
[2009/09/02 21:14:55 | 00,011,594 | ---- | M] () -- C:\WINDOWS\yqurer.vbs
[1 C:\WINDOWS\*.tmp files]

< C:\Documents and Settings\All Users\Documents\xadiher.lib >
[2009/09/02 21:14:55 | 00,010,945 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\xadiher.lib

< C:\Documents and Settings\All Users\Documents\ymazejazo.db >
[2009/09/02 21:14:54 | 00,014,467 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ymazejazo.db

< C:\WINDOWS\System32\ewecisone.inf >
[2009/09/02 21:14:53 | 00,018,621 | ---- | M] () -- C:\WINDOWS\System32\ewecisone.inf
[1 C:\WINDOWS\System32\*.tmp files]

< C:\WINDOWS\lebohoqit.sys >
[2009/09/02 21:14:53 | 00,018,496 | ---- | M] () -- C:\WINDOWS\lebohoqit.sys
[1 C:\WINDOWS\*.tmp files]

< C:\WINDOWS\System32\esumyqid.exe >
[2009/09/02 21:14:53 | 00,018,285 | ---- | M] () -- C:\WINDOWS\System32\esumyqid.exe
[1 C:\WINDOWS\System32\*.tmp files]

< C:\WINDOWS\System32\uluz.bat >
[2009/09/02 21:14:53 | 00,016,288 | ---- | M] () -- C:\WINDOWS\System32\uluz.bat
[1 C:\WINDOWS\System32\*.tmp files]

< C:\Documents and Settings\All Users\Documents\vywimif.pif >
[2009/09/02 21:14:53 | 00,015,680 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\vywimif.pif

< C:\Documents and Settings\All Users\Documents\erolyzige.bat >
[2009/09/02 21:14:53 | 00,015,419 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\erolyzige.bat

< C:\WINDOWS\arokavuvaz.reg >
[2009/09/02 21:14:53 | 00,015,099 | ---- | M] () -- C:\WINDOWS\arokavuvaz.reg
[1 C:\WINDOWS\*.tmp files]

< C:\Documents and Settings\All Users\Application Data\xufyhusaj.exe >
[2009/09/02 21:14:53 | 00,014,019 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\xufyhusaj.exe

< C:\Documents and Settings\All Users\Application Data\uxyfug.inf >
[2009/09/02 21:14:53 | 00,012,666 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\uxyfug.inf

< C:\WINDOWS\ekihomah.exe >
[2009/09/02 21:14:53 | 00,012,295 | ---- | M] () -- C:\WINDOWS\ekihomah.exe
[1 C:\WINDOWS\*.tmp files]

< C:\WINDOWS\oxanyxycow.pif >
[2009/09/02 21:14:53 | 00,011,163 | ---- | M] () -- C:\WINDOWS\oxanyxycow.pif
[1 C:\WINDOWS\*.tmp files]

< C:\WINDOWS\imsins.BAK >
[2009/09/10 23:42:39 | 00,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\*.tmp files]

< C:\WINDOWS\System32\quxigufeno.lib >
[2009/09/08 23:30:16 | 00,011,881 | ---- | M] () -- C:\WINDOWS\System32\quxigufeno.lib
[1 C:\WINDOWS\System32\*.tmp files]

< C:\WINDOWS\System32\drivers\lvuvc.hs >
[2009/09/03 18:54:09 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs

< C:\WINDOWS\System32\drivers\logiflt.iad >
[2009/09/03 18:54:07 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad

< >

< :reg >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] >

< "DisableMonitoring"=dword:00000000 >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] >

< "DisableMonitoring"=dword:00000000 >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] >

< "DisableMonitoring"=dword:00000000 >

< >

< :commands >

< [Reboot] >
< End of report >

#9 karenn05

karenn05
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 20 September 2009 - 07:32 PM

OTL logfile created on: 9/20/2009 6:55:56 PM - Run 2
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\James Nachtwey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.84 Mb Total Physical Memory | 574.59 Mb Available Physical Memory | 56.67% Memory free
2.38 Gb Paging File | 1.99 Gb Available in Paging File | 83.35% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 54.73 Gb Free Space | 76.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADMIN
Current User Name: James Nachtwey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2007/01/10 00:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/05 03:19:28 | 00,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/09/12 19:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/01/10 00:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006/10/11 16:48:50 | 00,532,480 | ---- | M] ( ) -- C:\WINDOWS\System32\dlcxcoms.exe
PRC - [2006/07/06 06:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2009/09/08 23:10:32 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/12/16 21:59:50 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/09 00:47:58 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2006/09/13 10:32:12 | 00,128,536 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/06/29 03:35:10 | 00,634,632 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/09/20 18:38:12 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\James Nachtwey\Local Settings\Temporary Internet Files\Content.IE5\BNKXMUQT\RootRepeal[1].exe
PRC - [2009/09/20 18:40:10 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Nachtwey\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/09/12 19:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/01/10 00:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
SRV - [2007/01/10 00:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/01/10 00:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
SRV - [2006/10/11 16:48:50 | 00,532,480 | ---- | M] ( ) -- C:\WINDOWS\System32\dlcxcoms.exe -- (dlcx_device [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/08/26 09:46:55 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103 [On_Demand | Stopped])
SRV - [2009/06/14 18:47:07 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9ed4a70160968 [Auto | Stopped])
SRV - [2007/06/26 10:01:55 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/07/06 06:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2007/01/14 02:11:06 | 00,080,504 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\isPwdSvc.exe -- (ISPwdSvc [On_Demand | Stopped])
SRV - [2009/09/08 23:10:32 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/09/12 19:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2007/01/10 00:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex [Auto | Running])
SRV - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Stopped])
SRV - [2008/12/16 21:59:50 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/04/09 00:47:58 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService [Auto | Running])
SRV - [2006/11/09 15:30:14 | 00,065,536 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService [On_Demand | Stopped])
SRV - [2006/09/13 10:32:12 | 00,128,536 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -- (QuickBooksDB17 [Auto | Running])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2008/10/06 14:48:46 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
SRV - [2007/01/05 03:19:28 | 00,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2006/01/10 10:07:58 | 00,004,864 | ---- | M] (GTek Technologies Ltd.) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2001/08/17 11:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2006/07/19 14:42:16 | 00,230,400 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Running])
DRV - [2008/08/18 03:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2008/08/18 03:00:00 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2008/12/17 01:02:08 | 00,023,832 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys -- (FilterService [On_Demand | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2006/07/21 18:12:16 | 01,095,968 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2006/07/06 05:59:42 | 00,246,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2008/12/16 21:58:54 | 00,025,624 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
DRV - [2008/12/17 01:00:14 | 00,768,024 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\lvrs.sys -- (LVRS [On_Demand | Stopped])
DRV - [2008/12/17 01:01:22 | 00,041,752 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
DRV - [2008/12/17 01:01:44 | 06,364,440 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\lvuvc.sys -- (LVUVC [On_Demand | Stopped])
DRV - [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2006/06/05 02:39:56 | 00,024,064 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\Drivers\iqvw32.sys -- (NAL [On_Demand | Stopped])
DRV - [2008/08/20 03:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080821.017\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2008/08/20 03:00:00 | 00,873,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080821.017\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/04/25 02:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2009/09/15 20:15:07 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys -- (rootrepeal [On_Demand | Stopped])
DRV - [2009/09/15 20:05:21 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal3.sys -- (rootrepeal3 [On_Demand | Stopped])
DRV - [2009/09/15 20:03:52 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal4.sys -- (rootrepeal4 [On_Demand | Stopped])
DRV - [2009/09/15 20:04:15 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal5.sys -- (rootrepeal5 [On_Demand | Stopped])
DRV - [2009/09/15 20:04:28 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal6.sys -- (rootrepeal6 [On_Demand | Stopped])
DRV - [2009/09/15 20:10:13 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal7.sys -- (rootrepeal7 [On_Demand | Stopped])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2007/04/14 02:49:32 | 00,418,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
DRV - [2007/11/30 23:57:12 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS -- (SRTSP [System | Running])
DRV - [2007/11/30 23:57:12 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS -- (SRTSPL [On_Demand | Stopped])
DRV - [2007/11/30 23:57:12 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2006/07/24 09:20:00 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2007/01/09 17:32:13 | 00,012,984 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Running])
DRV - [2008/10/06 14:48:58 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2007/01/09 17:32:13 | 00,145,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2007/01/09 17:32:13 | 00,040,120 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS [On_Demand | Running])
DRV - [2008/02/13 11:18:19 | 00,240,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20080813.001\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Running])
DRV - [2007/01/09 17:32:13 | 00,035,256 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS [On_Demand | Running])
DRV - [2007/01/09 17:32:13 | 00,027,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2007/01/09 17:32:13 | 00,191,544 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070614

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070614
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/07 03:00:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/09/08 23:10:38 | 00,000,000 | ---D | M]


O1 HOSTS File: (255759 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8896 more lines...
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [DLCXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [Reg Tool] C:\Program Files\Reg Tool\Reg Tool.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: plaxo.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{20cf325e-2991-11dc-97aa-0019d1659db0}\Shell - "" = AutoRun
O33 - MountPoints2\{20cf325e-2991-11dc-97aa-0019d1659db0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{20cf325e-2991-11dc-97aa-0019d1659db0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{3da1b146-3645-11de-9942-0019d1659db0}\Shell - "" = AutoRun
O33 - MountPoints2\{3da1b146-3645-11de-9942-0019d1659db0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3da1b146-3645-11de-9942-0019d1659db0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/20 18:55:45 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\James Nachtwey\Desktop\OTL.exe
[2009/09/20 18:38:56 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal[2].sys
[2009/09/20 18:37:41 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\James Nachtwey\Desktop\settings.dat
[2009/09/20 16:00:21 | 00,000,000 | ---D | C] -- C:\Program Files\wiartf
[2009/09/15 20:10:20 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2009/09/15 20:05:20 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal3.sys
[2009/09/15 20:04:40 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal7.sys
[2009/09/15 20:04:27 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal6.sys
[2009/09/15 20:04:15 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal5.sys
[2009/09/15 20:03:45 | 00,034,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\rootrepeal4.sys
[2009/09/15 07:01:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\James Nachtwey\Application Data\Malwarebytes
[2009/09/15 07:01:30 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/15 07:01:25 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/15 07:01:24 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/15 07:01:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/15 07:01:23 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/09 21:56:42 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\James Nachtwey\Desktop\HijackThis.lnk
[2009/09/09 21:56:41 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/09 21:18:17 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MemTurbo - PC Optimizer.lnk
[2009/09/09 21:18:15 | 00,000,000 | ---D | C] -- C:\Program Files\MemTurbo 4
[2009/09/09 21:18:09 | 00,000,000 | ---D | C] -- C:\Program Files\Advanced Registry Optimizer
[2009/09/09 06:24:54 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/09/08 23:30:16 | 00,011,881 | ---- | C] () -- C:\WINDOWS\System32\quxigufeno.lib
[2009/09/08 23:21:19 | 00,000,440 | ---- | C] () -- C:\WINDOWS\tasks\Reg Tool Scan.job
[2009/09/08 23:21:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\James Nachtwey\Application Data\Reg Tool
[2009/09/08 23:11:22 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/09/08 23:11:22 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/09/08 23:11:22 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/09/08 23:11:22 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/09/08 23:01:40 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Corporation
[2009/09/02 21:14:56 | 00,017,028 | ---- | C] () -- C:\WINDOWS\pihuperyro.inf
[2009/09/02 21:14:56 | 00,016,610 | ---- | C] () -- C:\WINDOWS\mosazowa.vbs
[2009/09/02 21:14:55 | 00,017,886 | ---- | C] () -- C:\Program Files\Common Files\oluzyq.dl
[2009/09/02 21:14:55 | 00,015,659 | ---- | C] () -- C:\Documents and Settings\James Nachtwey\Application Data\uvazeduvet.dll
[2009/09/02 21:14:55 | 00,014,174 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\usuco.dat
[2009/09/02 21:14:55 | 00,014,145 | ---- | C] () -- C:\WINDOWS\ytaqafuwo.dat
[2009/09/02 21:14:55 | 00,013,277 | ---- | C] () -- C:\WINDOWS\yliqowuq.dll
[2009/09/02 21:14:55 | 00,012,548 | ---- | C] () -- C:\WINDOWS\System32\imegifezut.dll
[2009/09/02 21:14:55 | 00,012,128 | ---- | C] () -- C:\Documents and Settings\James Nachtwey\Application Data\yvytyb.inf
[2009/09/02 21:14:55 | 00,011,594 | ---- | C] () -- C:\WINDOWS\yqurer.vbs
[2009/09/02 21:14:55 | 00,010,945 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\xadiher.lib
[2009/09/02 21:14:54 | 00,014,467 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ymazejazo.db
[2009/09/02 21:14:53 | 00,018,621 | ---- | C] () -- C:\WINDOWS\System32\ewecisone.inf
[2009/09/02 21:14:53 | 00,018,496 | ---- | C] () -- C:\WINDOWS\lebohoqit.sys
[2009/09/02 21:14:53 | 00,018,285 | ---- | C] () -- C:\WINDOWS\System32\esumyqid.exe
[2009/09/02 21:14:53 | 00,016,288 | ---- | C] () -- C:\WINDOWS\System32\uluz.bat
[2009/09/02 21:14:53 | 00,015,680 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\vywimif.pif
[2009/09/02 21:14:53 | 00,015,419 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\erolyzige.bat
[2009/09/02 21:14:53 | 00,015,099 | ---- | C] () -- C:\WINDOWS\arokavuvaz.reg
[2009/09/02 21:14:53 | 00,014,019 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xufyhusaj.exe
[2009/09/02 21:14:53 | 00,012,666 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uxyfug.inf
[2009/09/02 21:14:53 | 00,012,295 | ---- | C] () -- C:\WINDOWS\ekihomah.exe
[2009/09/02 21:14:53 | 00,011,163 | ---- | C] () -- C:\WINDOWS\oxanyxycow.pif
[2009/06/14 18:22:39 | 00,081,110 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/05/01 06:49:56 | 00,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2009/05/01 06:49:38 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2009/05/01 06:49:17 | 00,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2009/05/01 06:48:16 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2008/12/16 21:58:54 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 00,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/07/24 15:29:39 | 00,000,245 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/13 13:50:15 | 00,000,276 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/07/06 11:00:49 | 00,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/07/06 11:00:49 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\8DDB1CFC55.sys
[2007/07/06 10:55:41 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcxvs.dll
[2007/07/06 10:55:38 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcxcoin.dll
[2007/07/06 10:55:20 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\dlcxdrs.dll
[2007/07/06 10:55:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcxcaps.dll
[2007/07/06 10:55:20 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcxcnv4.dll
[2007/07/06 10:53:03 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
[2007/07/06 10:53:03 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
[2007/07/06 10:52:25 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxinpa.dll
[2007/07/06 10:52:25 | 00,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxiesc.dll
[2007/07/06 10:52:25 | 00,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhcp.dll
[2007/07/06 10:52:25 | 00,274,432 | ---- | C] () -- C:\WINDOWS\System32\dlcxinst.dll
[2007/07/06 10:52:24 | 01,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2007/07/06 10:52:24 | 00,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2007/07/06 10:52:24 | 00,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2007/07/06 10:52:24 | 00,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxlmpm.dll
[2007/07/06 10:52:24 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2007/07/06 10:52:24 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2007/07/06 10:52:24 | 00,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
[2007/07/06 10:52:23 | 00,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll
[2007/07/06 10:52:23 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2007/07/06 10:52:23 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2007/07/06 10:52:23 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2007/07/06 10:52:23 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2007/07/06 10:52:23 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2007/07/06 10:52:22 | 00,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2007/07/06 10:52:22 | 00,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[2007/07/06 10:52:22 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2007/07/06 10:52:22 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2007/07/06 10:52:22 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2007/07/06 10:52:21 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\DLCXcfg.dll
[2007/06/14 09:58:35 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/06/14 09:29:51 | 00,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/06/14 09:29:51 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2007/06/14 09:26:21 | 00,001,122 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/12/02 12:08:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 16:24:19 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 16:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 16:00:37 | 00,000,602 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 16:00:35 | 00,000,260 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/09/20 18:40:10 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James Nachtwey\Desktop\OTL.exe
[2009/09/20 18:39:06 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal[2].sys
[2009/09/20 18:37:41 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\James Nachtwey\Desktop\settings.dat
[2009/09/20 18:35:38 | 00,002,775 | ---- | M] () -- C:\Documents and Settings\James Nachtwey\Desktop\AOL.com - Welcome to AOL (2).url
[2009/09/20 18:35:13 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/20 18:35:10 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/09/20 18:24:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/20 18:24:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/20 18:24:06 | 10,631,65952 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/20 18:08:01 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/09/20 16:49:23 | 00,000,440 | ---- | M] () -- C:\WINDOWS\tasks\Reg Tool Scan.job
[2009/09/20 09:51:21 | 00,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F2324832-B51B-4C0E-8AD1-8320F672BB37}.job
[2009/09/17 21:15:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/16 12:56:37 | 00,005,852 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/09/16 12:56:36 | 00,000,056 | RHS- | M] () -- C:\WINDOWS\System32\8DDB1CFC55.sys
[2009/09/15 23:08:38 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/09/15 20:15:07 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal.sys
[2009/09/15 20:10:13 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal7.sys
[2009/09/15 20:05:21 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal3.sys
[2009/09/15 20:04:28 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal6.sys
[2009/09/15 20:04:15 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal5.sys
[2009/09/15 20:03:52 | 00,034,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\rootrepeal4.sys
[2009/09/15 07:30:00 | 00,000,574 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - James Nachtwey.job
[2009/09/15 07:01:30 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/10 23:42:39 | 00,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/09 21:56:42 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\James Nachtwey\Desktop\HijackThis.lnk
[2009/09/09 21:29:38 | 00,000,260 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/09 21:18:17 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MemTurbo - PC Optimizer.lnk
[2009/09/09 06:43:54 | 00,000,276 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/09/09 06:24:54 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/09/08 23:30:16 | 00,011,881 | ---- | M] () -- C:\WINDOWS\System32\quxigufeno.lib
[2009/09/08 23:10:31 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/09/08 23:10:31 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/09/08 23:10:31 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/09/08 23:10:31 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/09/08 23:10:30 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/09/08 22:39:15 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\James Nachtwey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/07 12:41:46 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/09/03 18:54:09 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/09/03 18:54:07 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2009/09/03 15:20:07 | 00,255,759 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/09/03 15:17:47 | 00,000,848 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090903-152007.backup
[2009/09/02 21:14:56 | 00,017,028 | ---- | M] () -- C:\WINDOWS\pihuperyro.inf
[2009/09/02 21:14:56 | 00,016,610 | ---- | M] () -- C:\WINDOWS\mosazowa.vbs
[2009/09/02 21:14:55 | 00,017,886 | ---- | M] () -- C:\Program Files\Common Files\oluzyq.dl
[2009/09/02 21:14:55 | 00,015,659 | ---- | M] () -- C:\Documents and Settings\James Nachtwey\Application Data\uvazeduvet.dll
[2009/09/02 21:14:55 | 00,014,174 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\usuco.dat
[2009/09/02 21:14:55 | 00,014,145 | ---- | M] () -- C:\WINDOWS\ytaqafuwo.dat
[2009/09/02 21:14:55 | 00,013,277 | ---- | M] () -- C:\WINDOWS\yliqowuq.dll
[2009/09/02 21:14:55 | 00,012,548 | ---- | M] () -- C:\WINDOWS\System32\imegifezut.dll
[2009/09/02 21:14:55 | 00,012,128 | ---- | M] () -- C:\Documents and Settings\James Nachtwey\Application Data\yvytyb.inf
[2009/09/02 21:14:55 | 00,011,594 | ---- | M] () -- C:\WINDOWS\yqurer.vbs
[2009/09/02 21:14:55 | 00,010,945 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\xadiher.lib
[2009/09/02 21:14:54 | 00,014,467 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ymazejazo.db
[2009/09/02 21:14:53 | 00,018,621 | ---- | M] () -- C:\WINDOWS\System32\ewecisone.inf
[2009/09/02 21:14:53 | 00,018,496 | ---- | M] () -- C:\WINDOWS\lebohoqit.sys
[2009/09/02 21:14:53 | 00,018,285 | ---- | M] () -- C:\WINDOWS\System32\esumyqid.exe
[2009/09/02 21:14:53 | 00,016,288 | ---- | M] () -- C:\WINDOWS\System32\uluz.bat
[2009/09/02 21:14:53 | 00,015,680 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\vywimif.pif
[2009/09/02 21:14:53 | 00,015,419 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\erolyzige.bat
[2009/09/02 21:14:53 | 00,015,099 | ---- | M] () -- C:\WINDOWS\arokavuvaz.reg
[2009/09/02 21:14:53 | 00,014,019 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\xufyhusaj.exe
[2009/09/02 21:14:53 | 00,012,666 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\uxyfug.inf
[2009/09/02 21:14:53 | 00,012,295 | ---- | M] () -- C:\WINDOWS\ekihomah.exe
[2009/09/02 21:14:53 | 00,011,163 | ---- | M] () -- C:\WINDOWS\oxanyxycow.pif
[2009/08/28 16:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >

#10 karenn05

karenn05
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 20 September 2009 - 07:37 PM

Thanks Sempai
Hope you had a great weekend and thanks for handiong in there with me...I've had to let a few days lag.
Not sure what you met by the registry tool Iteme in your last response. I think I did everything else you asked for.
Karen

#11 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:51 PM

Posted 21 September 2009 - 06:28 AM

Hi Karen,

Not sure what you met by the registry tool Iteme in your last response.

What I mean is that you are using a program that modifies your computer's registry, the program names are Advanced Registry Optimizer and Reg Tool. Please avoid these kind of programs because they can possibly cause major damage to your computer.


I can still see the same logs with bunch of malware on it. I think you were misled by my instructions. Let's do it again:


1. Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Documents and Settings\James Nachtwey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini


Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/



2. We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Files
    C:\WINDOWS\System32\quxigufeno.lib
    C:\WINDOWS\pihuperyro.inf
    C:\WINDOWS\mosazowa.vbs
    C:\Program Files\Common Files\oluzyq.dl
    C:\Documents and Settings\James Nachtwey\Application Data\uvazeduvet.dll
    C:\Documents and Settings\All Users\Application Data\usuco.dat
    C:\WINDOWS\ytaqafuwo.dat
    C:\WINDOWS\yliqowuq.dll
    C:\WINDOWS\System32\imegifezut.dll
    C:\Documents and Settings\James Nachtwey\Application Data\yvytyb.inf
    C:\WINDOWS\yqurer.vbs
    C:\Documents and Settings\All Users\Documents\xadiher.lib
    C:\Documents and Settings\All Users\Documents\ymazejazo.db
    C:\WINDOWS\System32\ewecisone.inf
    C:\WINDOWS\lebohoqit.sys
    C:\WINDOWS\System32\esumyqid.exe
    C:\WINDOWS\System32\uluz.bat
    C:\Documents and Settings\All Users\Documents\vywimif.pif
    C:\Documents and Settings\All Users\Documents\erolyzige.bat
    C:\WINDOWS\arokavuvaz.reg
    C:\Documents and Settings\All Users\Application Data\xufyhusaj.exe
    C:\Documents and Settings\All Users\Application Data\uxyfug.inf
    C:\WINDOWS\ekihomah.exe
    C:\WINDOWS\oxanyxycow.pif
    C:\WINDOWS\imsins.BAK
    C:\WINDOWS\System32\quxigufeno.lib
    C:\WINDOWS\System32\drivers\lvuvc.hs
    C:\WINDOWS\System32\drivers\logiflt.iad
    
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000000
    
    :commands
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.


The things I need to see when you reply are the results of:
  • Jotti
  • OTL Fix

Thanks,
~Semp :(

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#12 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:51 AM

Posted 25 September 2009 - 12:04 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users