Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

100% CPU Usage Most of the time


  • This topic is locked This topic is locked
14 replies to this topic

#1 buckn2sox

buckn2sox

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CT
  • Local time:04:22 AM

Posted 03 January 2010 - 08:43 PM

I have run malware remover, spy doctor and spy bot. I have also defraged and added RAM. It takes forever to boot and load pages from the internet or even open a program from the hard drive.

Any help would be great
Thanks,
dan

DDS (Ver_09-12-01.01) - NTFSx86
Run by fsuteam at 16:56:44.11 on Sun 01/03/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1526.789 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE
C:\Program Files\Microsoft Shared Computer Toolkit\bin\SCTThresholdMonitor.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\drivers\trcboot.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\PROGRA~1\NETSUP~1\client32.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\All Users\Application Data\Google Updater\cache\packdata_ci_ar_9.1.0.0_en_setup.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Adobe\Reader 9.1\Setup Files\setup.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\Update.exe
C:\Documents and Settings\administrator\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.nycenet.edu/
uInternet Connection Wizard,ShellNext = hxxp://www.nycenet.edu/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Google Updater] "c:\program files\google\google updater\GoogleUpdater.exe" -systray -startup
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\vzacce~1.lnk - c:\program files\verizon wireless\vzaccess manager\VZAccess Manager.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: bmnet.dll
Trusted Zone: cybershift.net
Trusted Zone: nyc.gov\schools
Trusted Zone: nycboe.net
Trusted Zone: nycenet.edu
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119976409718
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160567331578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 a320raid;a320raid;c:\windows\system32\drivers\A320RAID.SYS [2006-7-21 251578]
R0 ewf;ewf;c:\windows\system32\drivers\ewf.sys [2006-2-23 46976]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100102.020\naveng.sys [2010-1-3 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100102.020\navex15.sys [2010-1-3 1323568]
S0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\aac.sys --> c:\windows\system32\drivers\aac.sys [?]
S0 aarich;aarich;c:\windows\system32\drivers\aarich.sys --> c:\windows\system32\drivers\aarich.sys [?]

=============== Created Last 30 ================

2010-01-03 20:31:48 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-01-03 20:31:46 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-03 20:30:12 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-01-03 20:30:11 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-01-03 20:30:11 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-03 20:30:10 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-03 20:28:12 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-01-03 20:28:11 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-03 20:16:30 0 d-----w- c:\program files\common files\PC Tools
2010-01-03 20:16:28 0 d-----w- c:\program files\Spyware Doctor
2010-01-03 20:16:28 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-01-03 20:16:28 0 d-----w- c:\docume~1\admini~1\applic~1\PC Tools
2010-01-03 20:08:04 0 d-----w- c:\windows\system32\IOSUBSYS
2010-01-03 19:13:59 0 d-----w- c:\program files\Trend Micro
2010-01-01 07:17:25 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-01-01 07:17:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-01 07:17:13 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-01 07:17:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 07:17:12 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-31 22:17:03 0 ----a-w- c:\windows\pcfriend.INI
2009-12-31 21:45:35 0 d-----w- c:\program files\PCFriendly
2009-12-14 00:00:07 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-14 00:00:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-12-12 20:24:06 0 d-----w- c:\documents and settings\administrator\Tracing
2009-12-12 20:16:05 0 d-----w- c:\program files\Microsoft
2009-12-12 20:15:40 0 d-----w- c:\program files\Windows Live SkyDrive
2009-12-12 20:08:46 0 d-----w- c:\program files\common files\Windows Live
2009-12-12 00:22:56 0 d-----w- c:\program files\MSECache

==================== Find3M ====================

2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:53:29 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 09:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll

============= FINISH: 17:09:00.88 ===============

SECOND FILE REQUESTED

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/28/2005 11:36:48 AM
System Uptime: 1/3/2010 2:38:04 PM (3 hours ago)

Motherboard: Dell Inc. | | 0FT292
Processor: Intel® Core™2 CPU T5500 @ 1.66GHz | Microprocessor | 981/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 55.07 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCI\VEN_14E4&DEV_1600&SUBSYS_01C21028&REV_02\4&378EDFA4&0&00E2
Manufacturer: Broadcom
Name: Broadcom NetXtreme 57xx Gigabit Controller #2
PNP Device ID: PCI\VEN_14E4&DEV_1600&SUBSYS_01C21028&REV_02\4&378EDFA4&0&00E2
Service: b57w2k

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth Personal Area Network from TOSHIBA
Device ID: BLUETOOTH\0004&0007\0000
Manufacturer: Toshiba
Name: Bluetooth Personal Area Network from TOSHIBA
PNP Device ID: BLUETOOTH\0004&0007\0000
Service: tosrfnds

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

==== System Restore Points ===================

RP189: 10/10/2009 12:36:49 PM - System Checkpoint
RP190: 10/11/2009 1:15:40 PM - System Checkpoint
RP191: 10/12/2009 1:38:46 PM - System Checkpoint
RP192: 10/16/2009 1:01:39 PM - Software Distribution Service 3.0
RP193: 10/25/2009 11:33:58 AM - NMEA Port
RP194: 10/25/2009 11:35:40 AM - Removed Sprint SmartView.
RP195: 10/25/2009 2:57:58 PM - Installed BlackBerry Device Software v4.5.0 for the BlackBerry 8330 smartphone.
RP196: 10/25/2009 3:23:51 PM - Installed Sprint SmartView.
RP197: 10/31/2009 1:58:51 AM - System Checkpoint
RP198: 11/1/2009 2:40:03 AM - System Checkpoint
RP199: 11/2/2009 3:37:35 AM - System Checkpoint
RP200: 11/14/2009 3:37:33 PM - System Checkpoint
RP201: 11/15/2009 1:01:51 PM - Software Distribution Service 3.0
RP202: 11/27/2009 1:00:47 PM - Software Distribution Service 3.0
RP203: 11/28/2009 1:52:48 PM - System Checkpoint
RP204: 11/29/2009 2:04:23 PM - System Checkpoint
RP205: 12/5/2009 11:58:19 PM - System Checkpoint
RP206: 12/11/2009 7:23:59 PM - Installed Compatibility Pack for the 2007 Office system
RP207: 12/11/2009 8:41:09 PM - Installed Java™ 6 Update 17
RP208: 12/12/2009 1:02:32 PM - Software Distribution Service 3.0
RP209: 12/13/2009 1:00:51 PM - Software Distribution Service 3.0
RP210: 12/13/2009 2:51:07 PM - Software Distribution Service 3.0
RP211: 12/14/2009 1:08:23 PM - Software Distribution Service 3.0
RP212: 12/15/2009 1:45:20 PM - System Checkpoint
RP213: 12/20/2009 3:20:48 PM - System Checkpoint
RP214: 12/20/2009 3:43:44 PM - Late DEC 09 after slow down - Reg speed again
RP215: 12/21/2009 1:04:29 PM - Software Distribution Service 3.0
RP216: 12/24/2009 1:50:41 PM - System Checkpoint
RP217: 12/25/2009 8:47:55 PM - System Checkpoint
RP218: 12/26/2009 9:06:05 PM - System Checkpoint
RP219: 12/27/2009 9:27:46 PM - System Checkpoint
RP220: 1/1/2010 3:18:48 AM - System Checkpoint
RP221: 1/2/2010 4:04:58 AM - System Checkpoint
RP222: 1/3/2010 5:04:56 AM - System Checkpoint

==== Installed Programs ======================

Adobe Acrobat 7.0 Standard
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Premiere Elements 2.0
Advanced Video FX Engine
AOL Uninstaller (Choose which Products to Remove)
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
BlackBerry Desktop Software 4.3
BlackBerry Device Software v4.5.0 for the BlackBerry 8330 smartphone
Bluetooth Stack for Windows by Toshiba
Broadcom Gigabit Integrated Controller
CCleaner
Cisco Systems VPN Client 4.6.01.0019
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Creative Live! Cam Center
Creative Live! Cam Manager
Creative Live! Cam Notebook Ultra Driver (1.02.01.00)
Creative Live! Cam Optia Driver (1.03.01.0000)
Creative Live! Cam Optia User's Guide (English)
Creative Photo Calendar
Creative Photo Manager
Creative Software AutoUpdate
Creative System Information
Crystal Offline Viewer (English)
Crystal Reports Viewer
Dell Image Preparation Tool
Dell ResourceCD
Google Apps
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
HP Install Network Printer Wizard
IBM Personal Communications
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software
iTunes
J2SE Runtime Environment 5.0 Update 2
Java™ 6 Update 17
Lexmark Software Uninstall
Lexmark X6100 Series
LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Reader
Microsoft Shared Computer Toolkit
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIWA
mLogView
mMHouse
Modem Helper
Move Media Player
mPfMgr
mPfWiz
mProSafe
MSN Music Assistant
mSSO
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
mToolkit
muvee autoProducer 4.1
mWlsSafe
mWMI

3rd File
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/03 17:29
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA8DEC000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBADE4000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA65B7000 Size: 49152 File Visible: No Signed: -
Status: -

Name: uphcleanhlp.sys
Image Path: C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
Address: 0xA7828000 Size: 8960 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\documents and settings\all users\application data\pure networks\log\logfile.nmsrvc_exe.txt
Status: Size mismatch (API: 9690, Raw: 9476)

Path: C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100102.020\EraserUtilDrvI9.sys
Status: Locked to the Windows API!

Path: c:\windows\system32\ccm\servicedata\messaging\endpointqueues\policyagent_policyevaluator\000000xq.msg
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\windows\system32\ccm\servicedata\messaging\endpointqueues\certificatemaintenanceendpoint\0000001l.msg
Status: Allocation size mismatch (API: 57344, Raw: 53248)

Path: c:\windows\system32\ccm\servicedata\messaging\endpointqueues\policyagent_requestassignments\000000bt.msg
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: c:\windows\system32\ccm\servicedata\messaging\outgoingqueues\amp_[http]mp_locationmanager\0000001p.msg
Status: Allocation size mismatch (API: 57344, Raw: 40960)

SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x8a66b690

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTCore.sys" at address 0xa67d2e52

#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTCore.sys" at address 0xa67b3cde

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTCore.sys" at address 0xa67b3ed0

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTCore.sys" at address 0xa67d3640

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTCore.sys" at address 0xa67d38f4

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTCore.sys" at address 0xa67d1b44

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTCore.sys" at address 0xa67d3d60

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTCore.sys" at address 0xa67d3112

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\PCTCore.sys" at address 0xa67b3984

#: 263 Function Name: NtUnloadKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\uphcleanhlp.sys" at address 0xa78286d0

==EOF==

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:22 AM

Posted 11 January 2010 - 07:13 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 buckn2sox

buckn2sox
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CT
  • Local time:04:22 AM

Posted 17 January 2010 - 12:16 AM

Dear Myrti:

The requested log is below.
Please Help
Dan


OTL logfile created on: 1/16/2010 10:19:38 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 55.03 Gb Free Space | 73.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOELATITUDEDAD
Current User Name: fsuteam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/16 22:07:40 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator\My Documents\Downloads\OTL.exe
PRC - [2010/01/03 14:50:41 | 00,122,880 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2010/01/03 14:49:01 | 00,160,752 | ---- | M] (Google) -- C:\Program Files\Google\Google Updater\GoogleUpdater.exe
PRC - [2009/12/09 18:22:33 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/02/28 21:18:46 | 01,733,936 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
PRC - [2008/01/08 16:20:44 | 00,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/02/23 18:18:28 | 00,008,192 | ---- | M] () -- C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE
PRC - [2006/02/23 18:18:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Microsoft Shared Computer Toolkit\bin\SCTThresholdMonitor.EXE
PRC - [2005/12/28 11:04:56 | 00,262,217 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2005/12/28 10:47:10 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/12/28 10:45:02 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/12/28 10:44:24 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/09/09 02:24:30 | 00,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
PRC - [2005/07/27 10:30:54 | 00,016,447 | ---- | M] (NetSupport Ltd) -- C:\Program Files\NetSupport Manager\client32.exe
PRC - [2005/06/23 18:27:28 | 01,715,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/06/23 18:27:18 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/06/02 08:21:46 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/06/02 08:21:40 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/04/27 13:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2005/01/07 13:15:58 | 01,409,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2004/08/04 02:05:00 | 00,570,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2003/02/25 05:52:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2003/02/25 05:50:00 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2002/08/14 04:06:04 | 00,040,960 | ---- | M] (IBM Corporation) -- C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
PRC - [2002/08/14 04:06:04 | 00,028,672 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\trcboot.exe
PRC - [2002/08/14 04:06:04 | 00,028,672 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\ldlcserv.exe


========== Modules (SafeList) ==========

MOD - [2010/01/16 22:07:40 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/03 15:11:03 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2010/01/03 14:49:06 | 00,194,032 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/25 08:04:34 | 00,120,064 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/18 09:31:46 | 00,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2008/01/08 16:20:44 | 00,451,896 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/08/16 07:56:16 | 00,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2007/08/16 07:56:14 | 00,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2007/08/16 07:56:10 | 01,092,080 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/07/24 04:14:08 | 00,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/07/24 04:14:06 | 00,358,896 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/02/23 18:18:28 | 00,008,192 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE -- (WDPOperations)
SRV - [2006/02/23 18:18:28 | 00,008,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE -- (SCTThresholdMon)
SRV - [2005/12/28 11:04:56 | 00,262,217 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2005/12/28 10:47:10 | 00,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/12/28 10:45:02 | 00,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/12/28 10:44:24 | 00,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/09/09 02:24:30 | 00,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2005/08/30 16:36:00 | 00,188,416 | ---- | M] (Cambridge Silicon Radio) [Disabled | Stopped] -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe -- (Bluetooth Hid Switch Service)
SRV - [2005/07/27 10:30:54 | 00,016,447 | ---- | M] (NetSupport Ltd) [Auto | Running] -- C:\Program Files\NetSupport Manager\client32.exe -- (Client32)
SRV - [2005/06/23 18:27:30 | 00,124,608 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/06/23 18:27:28 | 01,715,904 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/06/23 18:27:18 | 00,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/06/02 08:21:46 | 00,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/06/02 08:21:46 | 00,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/06/02 08:21:40 | 00,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/05/13 23:20:28 | 00,327,680 | ---- | M] (Apple Computer, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)
SRV - [2005/04/27 13:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2005/04/22 11:03:28 | 00,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/30 20:48:22 | 00,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/03/29 20:57:08 | 00,360,448 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/03/29 20:05:00 | 00,516,096 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2005/01/07 13:15:58 | 01,409,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/04 02:05:00 | 00,570,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2004/07/15 00:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/02/25 05:52:00 | 00,303,104 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)
SRV - [2002/08/14 04:06:04 | 00,028,672 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\WINDOWS\system32\drivers\trcboot.exe -- (TrcBoot)
SRV - [2002/08/14 04:06:04 | 00,028,672 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\WINDOWS\system32\drivers\ldlcserv.exe -- (ldlcserv)


========== Driver Services (SafeList) ==========

DRV - [2009/09/25 08:04:42 | 00,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2009/09/25 08:04:42 | 00,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009/09/25 08:04:40 | 00,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/08/27 03:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100116.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/08/27 03:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/27 03:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100116.005\NAVENG.SYS -- (NAVENG)
DRV - [2009/03/06 21:51:52 | 00,026,888 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/11/24 17:04:10 | 00,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/11/20 14:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2008/01/08 16:16:10 | 00,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/01/08 16:16:10 | 00,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/08/20 01:03:00 | 00,227,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0270Dev.sys -- (VF0270Dev)
DRV - [2007/06/10 12:01:00 | 00,142,656 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\C0130Afx.sys -- (VC0130Afx)
DRV - [2007/05/31 12:39:50 | 00,022,656 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2007/04/30 19:30:14 | 00,058,240 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCWWAN.sys -- (PTDCWWAN)
DRV - [2007/04/17 12:00:00 | 00,690,656 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\C0130Vid.sys -- (VC0130Dev)
DRV - [2007/04/01 05:45:30 | 00,039,808 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCVsp.sys -- (PTDCVsp) PANTECH PC Card Diagnostic Serial Port (UDP)
DRV - [2007/04/01 05:45:26 | 00,041,728 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCMdm.sys -- (PTDCMdm) PANTECH PC Card Drivers (UDP)
DRV - [2007/04/01 05:45:22 | 00,027,520 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDCBus.sys -- (PTDCBus) PANTECH PC Card Composite Device Driver (UDP)
DRV - [2007/03/27 12:00:00 | 00,094,976 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\C0130Aud.sys -- (VC0130Aud)
DRV - [2007/03/05 18:45:04 | 00,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0270Vfx.sys -- (VF0270Vfx)
DRV - [2007/01/18 09:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2007/01/18 09:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimSerPort)
DRV - [2006/08/24 07:45:34 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2006/07/21 08:54:42 | 00,871,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2006/07/21 08:54:42 | 00,036,096 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2006/07/21 08:54:41 | 00,251,578 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\a320raid.sys -- (a320raid)
DRV - [2006/06/19 12:05:00 | 00,006,912 | R--- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\C0130Vfx.sys -- (VC0130Vfx)
DRV - [2006/03/24 16:34:30 | 01,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/02/23 18:18:30 | 00,046,976 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ewf.sys -- (ewf)
DRV - [2006/02/09 20:31:00 | 00,039,936 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/01/20 16:08:00 | 00,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/01/11 16:29:42 | 00,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/12/28 12:22:08 | 00,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/13 17:09:34 | 01,364,574 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/12/04 23:55:30 | 01,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/12/01 02:40:56 | 00,936,960 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 02:40:12 | 00,192,512 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 02:40:08 | 00,669,696 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/11/22 08:47:00 | 00,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/10/26 09:01:02 | 00,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/10/04 23:57:08 | 00,012,544 | R--- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/10/03 11:57:00 | 00,086,867 | R--- | M] (CSR) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCOREUSB.sys -- (BCOREUSB)
DRV - [2005/09/15 17:06:08 | 00,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/09/12 02:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (drvmcdb)
DRV - [2005/09/08 04:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 04:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 04:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 04:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 04:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 04:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 04:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 11:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 04:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (drvnddm)
DRV - [2005/08/01 15:45:08 | 00,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/27 10:30:28 | 00,032,823 | ---- | M] (NetSupport Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pcisys.sys -- (PCISys)
DRV - [2005/07/27 10:30:26 | 00,024,633 | ---- | M] (NetSupport Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gdihook5.sys -- (gdihook5)
DRV - [2005/07/11 17:58:56 | 00,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/05/13 18:50:10 | 00,123,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/05/13 16:27:56 | 00,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2005/04/22 11:03:02 | 00,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/22 11:03:00 | 00,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/04/06 08:54:44 | 00,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/03/30 20:48:20 | 00,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/03/29 21:03:06 | 01,035,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/07 10:52:48 | 00,014,408 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2005/02/04 19:14:32 | 00,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/02/04 19:14:30 | 00,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/01/27 14:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2005/01/07 13:14:30 | 00,297,035 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2005/01/06 12:42:42 | 00,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/09/17 08:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/09/03 10:25:48 | 00,396,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/08/12 16:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 22:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/06/27 01:50:00 | 00,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2004/02/02 11:29:00 | 00,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2003/09/25 21:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/08/28 20:40:26 | 00,189,792 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2003/05/01 12:26:34 | 00,005,220 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2003/01/10 16:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/26 13:54:58 | 00,016,936 | ---- | M] (Smith Micro Software, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys -- (SMNDIS5)
DRV - [2002/08/14 04:06:04 | 01,271,808 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\appn.sys -- (Appn)
DRV - [2002/08/14 04:06:04 | 00,183,584 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AppnBase.sys -- (AppnBase)
DRV - [2002/08/14 04:06:04 | 00,160,288 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlncfwk.sys -- (pdlncfwk)
DRV - [2002/08/14 04:06:04 | 00,119,168 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\appnapi.sys -- (AppnApi)
DRV - [2002/08/14 04:06:04 | 00,101,312 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\llc2.sys -- (IBM_LLC2)
DRV - [2002/08/14 04:06:04 | 00,074,992 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnacom.sys -- (pdlnacom)
DRV - [2002/08/14 04:06:04 | 00,070,144 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndlpb.sys -- (pdlndlpb)
DRV - [2002/08/14 04:06:04 | 00,067,120 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnemap.sys -- (pdlnemap)
DRV - [2002/08/14 04:06:04 | 00,067,072 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndsdl.sys -- (pdlndsdl)
DRV - [2002/08/14 04:06:04 | 00,059,504 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnshay.sys -- (pdlnshay)
DRV - [2002/08/14 04:06:04 | 00,058,880 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\pdlndldl.sys -- (pdlndldl) IBM Enterprise Extender (HPR/IP)
DRV - [2002/08/14 04:06:04 | 00,058,432 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnsx25.sys -- (pdlnsx25)
DRV - [2002/08/14 04:06:04 | 00,054,416 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnsv25.sys -- (pdlnsv25)
DRV - [2002/08/14 04:06:04 | 00,053,248 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndqll.sys -- (pdlndqll)
DRV - [2002/08/14 04:06:04 | 00,051,712 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndtdl.sys -- (pdlndtdl)
DRV - [2002/08/14 04:06:04 | 00,050,336 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnecfg.sys -- (pdlnecfg)
DRV - [2002/08/14 04:06:04 | 00,038,172 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\anydlc.sys -- (Anydlc)
DRV - [2002/08/14 04:06:04 | 00,036,048 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnafac.sys -- (pdlnafac)
DRV - [2002/08/14 04:06:04 | 00,024,588 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\klognt.sys -- (KLOGNT)
DRV - [2002/08/14 04:06:04 | 00,022,384 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnslea.sys -- (pdlnslea)
DRV - [2002/08/14 04:06:04 | 00,020,480 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnatcm.sys -- (pdlnatcm)
DRV - [2002/08/14 04:06:04 | 00,019,984 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnepkt.sys -- (pdlnepkt)
DRV - [2002/08/14 04:06:04 | 00,018,944 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndoem.sys -- (pdlndoem)
DRV - [2002/08/14 04:06:04 | 00,018,432 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnatdl.sys -- (pdlnatdl)
DRV - [2002/08/14 04:06:04 | 00,012,800 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndint.sys -- (pdlndint)
DRV - [2002/08/14 04:06:04 | 00,012,768 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnemsg.sys -- (pdlnemsg)
DRV - [2002/08/14 04:06:04 | 00,012,288 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\pdlnctdl.sys -- (pdlnctdl)
DRV - [2002/08/14 04:06:04 | 00,012,060 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\nstrcnt.sys -- (NsTrcNT)
DRV - [2002/08/14 04:06:04 | 00,008,608 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnebas.sys -- (pdlnebas)
DRV - [2002/08/14 04:06:04 | 00,006,784 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlncbas.sys -- (pdlncbas)
DRV - [2001/08/23 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/23 07:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2001/08/22 07:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 11:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2043816017-598559613-990730574-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nycenet.edu/
IE - HKU\S-1-5-21-2043816017-598559613-990730574-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2043816017-598559613-990730574-1005\S-1-5-21-2043816017-598559613-990730574-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009/12/14 08:30:26 | 00,362,801 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12470 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2043816017-598559613-990730574-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - Startup: C:\Documents and Settings\administrator\Start Menu\Programs\Startup\VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (Smith Micro Software, Inc.)
O4 - Startup: C:\Documents and Settings\fsuteam\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2043816017-598559613-990730574-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2043816017-598559613-990730574-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2043816017-598559613-990730574-1005\..Trusted Domains: cybershift.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2043816017-598559613-990730574-1005\..Trusted Domains: nyc.gov ([schools] http in Trusted sites)
O15 - HKU\S-1-5-21-2043816017-598559613-990730574-1005\..Trusted Domains: nycboe.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2043816017-598559613-990730574-1005\..Trusted Domains: nycenet.edu ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2043816017-598559613-990730574-1005\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1119976409718 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1160567331578 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\doe installs\Nslogo.bmp
O24 - Desktop BackupWallPaper: C:\doe installs\Nslogo.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/23 13:14:06 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{18808b80-e0e6-11dd-a943-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{18808b80-e0e6-11dd-a943-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{18808b80-e0e6-11dd-a943-00038a000015}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{1aa51260-04d2-11de-a947-001641dd264e}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\{79446060-4c4f-11de-a952-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{79446060-4c4f-11de-a952-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{79446060-4c4f-11de-a952-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{afbaac01-a1c8-11dd-a92e-7a8020000200}\Shell\AutoRun\command - "" = D:\Launch.exe -- File not found
O33 - MountPoints2\{ce144890-eecd-11dd-a944-7a8020000200}\Shell - "" = AutoRun
O33 - MountPoints2\{ce144890-eecd-11dd-a944-7a8020000200}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ce144890-eecd-11dd-a944-7a8020000200}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d4bd1a03-364e-11de-a950-00188bbc8608}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe
O33 - MountPoints2\{d4bd1a03-364e-11de-a950-00188bbc8608}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe
O33 - MountPoints2\{d4bd1a0c-364e-11de-a950-00188bbc8608}\Shell\AutoRun\command - "" = F:\CA_EdgeLitemobile.exe -- File not found
O33 - MountPoints2\{f7bc36b1-ee25-11dc-a8de-00188bbc8608}\Shell\AutoRun\command - "" = F:\LinksysConnectPC.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/12 02:33:22 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\administrator\Recent
[2010/01/03 17:24:40 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\administrator\Desktop\RootRepeal.exe
[2010/01/03 16:01:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator\Application Data\Google
[2010/01/03 15:19:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/03 15:15:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/03 15:12:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/03 15:08:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IOSUBSYS
[2010/01/03 14:49:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/01/03 14:49:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2010/01/03 14:49:06 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2010/01/03 14:13:59 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/01 02:17:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator\Application Data\Malwarebytes
[2010/01/01 02:17:16 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/01 02:17:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/01 02:17:12 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/01 02:17:12 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/31 16:45:35 | 00,000,000 | ---D | C] -- C:\Program Files\PCFriendly
[2009/12/24 13:27:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator\Local Settings\Application Data\ApplicationHistory
[2009/08/28 16:53:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
[2009/08/28 16:49:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Bytemobile
[2009/03/30 15:58:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2008/08/02 18:47:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/07/17 18:17:34 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/08/24 08:54:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2005/06/28 10:57:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/06/28 10:38:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2002/06/04 13:23:00 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dlL
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/16 23:04:05 | 00,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/16 22:34:20 | 00,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2043816017-598559613-990730574-1005UA.job
[2010/01/16 18:34:26 | 00,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2043816017-598559613-990730574-1005Core.job
[2010/01/16 16:08:59 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/16 16:04:07 | 00,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/16 14:31:40 | 00,000,495 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2010/01/16 14:30:24 | 00,001,893 | ---- | M] () -- C:\Documents and Settings\administrator\Start Menu\Programs\Startup\VZAccess Manager.lnk
[2010/01/16 14:30:22 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/16 14:27:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/16 14:26:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/16 14:25:25 | 00,000,008 | ---- | M] () -- C:\WINDOWS\System32\pcisys.ntk
[2010/01/12 02:34:21 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\administrator\ntuser.dat
[2010/01/12 02:34:21 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\administrator\ntuser.ini
[2010/01/12 00:03:49 | 00,000,416 | ---- | M] () -- C:\Documents and Settings\administrator\Desktop\Google.url
[2010/01/10 23:23:11 | 00,020,872 | ---- | M] () -- C:\Documents and Settings\administrator\My Documents\cc_20100110_232257.reg
[2010/01/03 17:27:56 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\administrator\Desktop\settings.dat
[2010/01/03 17:25:12 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\administrator\Desktop\RootRepeal.exe
[2010/01/03 17:12:36 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/01/03 16:46:33 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\administrator\Desktop\dds.scr
[2010/01/03 15:13:19 | 00,001,774 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Calendar.lnk
[2010/01/03 15:13:19 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Mail.lnk
[2010/01/03 15:13:19 | 00,001,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Docs.lnk
[2010/01/03 14:14:00 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\administrator\Desktop\HijackThis.lnk
[2010/01/01 02:17:20 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/31 17:32:22 | 00,385,544 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/31 17:32:21 | 00,054,586 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/31 17:32:20 | 00,446,068 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/31 17:17:03 | 00,000,000 | ---- | M] () -- C:\WINDOWS\pcfriend.INI
[2009/12/31 16:47:55 | 00,000,640 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PCFriendly DVD.lnk
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/26 22:53:22 | 00,048,034 | ---- | M] () -- C:\Documents and Settings\administrator\My Documents\cc_20091226_225312.reg
[2009/12/25 19:38:19 | 00,000,821 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/12/25 17:03:48 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/25 17:03:48 | 00,000,210 | RHS- | M] () -- C:\boot.ini
[2009/12/24 11:35:57 | 00,002,344 | ---- | M] () -- C:\Documents and Settings\administrator\Desktop\Google Chrome.lnk
[2009/12/20 15:57:58 | 00,092,656 | ---- | M] () -- C:\Documents and Settings\administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/10 23:23:07 | 00,020,872 | ---- | C] () -- C:\Documents and Settings\administrator\My Documents\cc_20100110_232257.reg
[2010/01/03 17:27:56 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\administrator\Desktop\settings.dat
[2010/01/03 17:12:36 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/01/03 16:46:13 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\administrator\Desktop\dds.scr
[2010/01/03 15:13:19 | 00,001,774 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Calendar.lnk
[2010/01/03 15:13:19 | 00,001,728 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Docs.lnk
[2010/01/03 15:13:18 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Mail.lnk
[2010/01/03 15:12:23 | 00,000,888 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/03 15:12:22 | 00,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/03 14:49:09 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/03 14:14:00 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\administrator\Desktop\HijackThis.lnk
[2010/01/01 02:17:20 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/31 17:17:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/12/31 16:47:54 | 00,000,640 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PCFriendly DVD.lnk
[2009/12/26 22:53:17 | 00,048,034 | ---- | C] () -- C:\Documents and Settings\administrator\My Documents\cc_20091226_225312.reg
[2009/03/06 21:51:52 | 00,026,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/04/28 11:02:12 | 00,098,359 | ---- | C] () -- C:\WINDOWS\System32\pcimon.dll
[2008/04/28 11:02:12 | 00,073,784 | ---- | C] () -- C:\WINDOWS\System32\clhook4.dll
[2008/04/28 11:02:12 | 00,036,911 | ---- | C] () -- C:\WINDOWS\System32\pcimsg.dll
[2008/04/28 11:02:12 | 00,028,728 | ---- | C] () -- C:\WINDOWS\System32\pcigina.dll
[2008/04/28 11:02:12 | 00,020,535 | ---- | C] () -- C:\WINDOWS\System32\pcivdd.dll
[2007/12/23 15:14:51 | 01,228,854 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\OrbError.bmp
[2007/12/23 14:46:32 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/12/23 13:26:14 | 00,005,120 | ---- | C] () -- C:\Documents and Settings\administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/24 08:07:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2006/07/21 08:54:42 | 00,004,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINIO.SYS
[2006/06/07 10:33:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcsmig.INI
[2006/06/07 10:26:49 | 00,000,495 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2006/06/07 10:08:47 | 00,000,100 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2006/06/07 10:07:11 | 00,001,345 | ---- | C] () -- C:\WINDOWS\LMAAT2DD.ini
[2006/06/07 10:06:48 | 00,000,873 | ---- | C] () -- C:\WINDOWS\LMAAJ2DD.ini
[2006/06/07 10:05:44 | 00,000,836 | ---- | C] () -- C:\WINDOWS\LMAAZ2DD.ini
[2006/06/07 10:05:10 | 00,001,084 | ---- | C] () -- C:\WINDOWS\LMAAP2DD.ini
[2006/06/07 10:04:39 | 00,001,013 | ---- | C] () -- C:\WINDOWS\LMAAE2DD.ini
[2006/06/07 10:03:56 | 00,000,748 | ---- | C] () -- C:\WINDOWS\LMAAL2DD.ini
[2006/06/07 10:01:55 | 00,001,546 | ---- | C] () -- C:\WINDOWS\LMAAR2DD.ini
[2006/06/07 09:57:30 | 00,008,521 | ---- | C] () -- C:\WINDOWS\lmpcl2a.ini
[2006/05/10 11:14:37 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbfvs.dll
[2006/05/10 11:14:36 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBFLCNP.DLL
[2006/05/10 11:14:36 | 00,000,188 | ---- | C] () -- C:\WINDOWS\System32\lxbfcoin.ini
[2005/11/18 13:47:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/01 20:44:00 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 20:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/06/28 11:46:24 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2005/06/28 11:46:13 | 00,001,794 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2005/06/28 11:42:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2005/06/28 11:18:42 | 00,000,300 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/06/28 11:17:00 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/21 11:02:28 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2005/01/07 13:15:56 | 00,172,056 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/01/07 13:10:26 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2004/07/20 16:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 13:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/04 13:23:00 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\lexdlls.dlL
[1998/10/11 00:07:38 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:22 AM

Posted 17 January 2010 - 07:39 AM

Hi,

there are a couple of malicious entries on your PC. To prevent infection from spreading from your PC to another please do the following:

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

Afterwards I will need a scan with gmer, to get a more complete check of your system:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 buckn2sox

buckn2sox
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CT
  • Local time:04:22 AM

Posted 18 January 2010 - 12:05 PM

After a very long scan......

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-18 10:37:20
Windows 5.1.2600 Service Pack 2
Running: n60llrmw.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtoqfow.sys


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat BA24AC8A

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0016418a7538 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016418a7538 (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016418a7538

---- EOF - GMER 1.0.15 ----

Attached Files

  • Attached File  gmer.log   951bytes   0 downloads


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:22 AM

Posted 19 January 2010 - 10:15 AM

Hi

the good news is that there does not seem to be a rootkit on your system. :(

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    
    O33 - MountPoints2\{d4bd1a03-364e-11de-a950-00188bbc8608}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe
    O33 - MountPoints2\{d4bd1a03-364e-11de-a950-00188bbc8608}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
Your initial post showed you were running Spyware Doctor with Antivirus and Symantec:
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Spyware Doctor or Symantec.

Please also try running StartupLite to remove unneeded startup items:
Download and Run StartupLite
This program will identify and give you the option to remove uneeded startup items to free memory.
  • Download StartupLite.exe by MalwareBytes to your desktop.
  • Double click the icon to start the program. If you are using Windows Vista, right click the icon and select Run As Administrator.
  • A list of uneeded startup entries will be compiled. Leave all the items as Disabled and click Continue.
  • Restart your computer.
#

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 buckn2sox

buckn2sox
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CT
  • Local time:04:22 AM

Posted 20 January 2010 - 02:22 PM

I don't understand what to do in this OTL Part. How do I run it?

Sorry

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:22 AM

Posted 20 January 2010 - 03:55 PM

Hi,

Double click OTL.exe to launch the program, then you copy the content of the code-window in my last reply into the window labeled Custom Scans/Fixes in OTL and click on the button named "Run Fix" to execute the program.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 buckn2sox

buckn2sox
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CT
  • Local time:04:22 AM

Posted 21 January 2010 - 11:44 AM

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4bd1a03-364e-11de-a950-00188bbc8608}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4bd1a03-364e-11de-a950-00188bbc8608}\ not found.
File C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4bd1a03-364e-11de-a950-00188bbc8608}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4bd1a03-364e-11de-a950-00188bbc8608}\ not found.
File C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: admin
->Temp folder emptied: 166 bytes
->Temporary Internet Files folder emptied: 51779 bytes

User: administrator
->Temp folder emptied: 464 bytes
->Temporary Internet Files folder emptied: 1843862 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6099312 bytes

User: All Users

User: ccsi

User: Default User

User: fsuteam
->Temp folder emptied: 44174830 bytes
->Temporary Internet Files folder emptied: 162789 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33664 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: student.orig

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1119049 bytes
%systemroot%\System32 .tmp files removed: 5552657 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 56.00 mb


OTL by OldTimer - Version 3.1.25.2 log created on 01202010_165725

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


SECOND SCAN=============================================
OTL logfile created on: 1/21/2010 11:17:11 AM - Run 2
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 55.15 Gb Free Space | 74.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOELATITUDEDAD
Current User Name: fsuteam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\administrator\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE ()
PRC - C:\Program Files\Microsoft Shared Computer Toolkit\bin\SCTThresholdMonitor.EXE ()
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\NetSupport Manager\client32.exe (NetSupport Ltd)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\WINDOWS\system32\CCM\CcmExec.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\system32\LEXPPS.EXE (Lexmark International, Inc.)
PRC - C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE (IBM Corporation)
PRC - C:\WINDOWS\system32\drivers\trcboot.exe (IBM Corporation)
PRC - C:\WINDOWS\system32\drivers\ldlcserv.exe (IBM Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\administrator\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (SprintRcAppSvc) -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe (SmithMicro Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (nmraapache) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (Pure Networks, Inc.)
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxWatch9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (RoxMediaDB9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (WDPOperations) -- C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE ()
SRV - (SCTThresholdMon) -- C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE ()
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor4.0) -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()
SRV - (Bluetooth Hid Switch Service) -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe (Cambridge Silicon Radio)
SRV - (Client32) -- C:\Program Files\NetSupport Manager\client32.exe (NetSupport Ltd)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (iPodService) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (CcmExec) -- C:\WINDOWS\system32\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (LexBceS) -- C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
SRV - (TrcBoot) -- C:\WINDOWS\system32\drivers\trcboot.exe (IBM Corporation)
SRV - (ldlcserv) -- C:\WINDOWS\system32\drivers\ldlcserv.exe (IBM Corporation)


========== Driver Services (SafeList) ==========

DRV - (PCTINDIS5) -- C:\WINDOWS\system32\PCTINDIS5.sys (Smith Micro Inc.)
DRV - (tcpipBM) -- C:\WINDOWS\system32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100117.002\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100117.002\NAVENG.SYS (Symantec Corporation)
DRV - (SMSIVZAM5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys (Smith Micro Inc.)
DRV - (swmsflt) -- C:\WINDOWS\System32\drivers\swmsflt.sys ()
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (PxHelp20) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Pure Networks, Inc.)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Pure Networks, Inc.)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (VF0270Dev) -- C:\WINDOWS\system32\drivers\V0270Dev.sys (Creative Technology Ltd.)
DRV - (VC0130Afx) -- C:\WINDOWS\system32\drivers\C0130Afx.sys (Creative Technology Ltd.)
DRV - (RimUsb) -- C:\WINDOWS\system32\drivers\RimUsb.sys (Research In Motion Limited)
DRV - (VC0130Dev) -- C:\WINDOWS\system32\drivers\C0130Vid.sys (Creative Technology Ltd.)
DRV - (VC0130Aud) -- C:\WINDOWS\system32\drivers\C0130Aud.sys (Creative Technology Ltd.)
DRV - (VF0270Vfx) -- C:\WINDOWS\system32\drivers\V0270Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (RimVSerPort) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd)
DRV - (RimSerPort) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - (iaStor) -- C:\WINDOWS\System32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (Symmpi) -- C:\WINDOWS\System32\DRIVERS\symmpi.sys (LSI Logic)
DRV - (a320raid) -- C:\WINDOWS\System32\DRIVERS\a320raid.sys (Adaptec, Inc.)
DRV - (VC0130Vfx) -- C:\WINDOWS\system32\drivers\C0130Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (ewf) -- C:\WINDOWS\system32\drivers\ewf.sys (Microsoft Corporation)
DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (BCOREUSB) -- C:\WINDOWS\system32\drivers\BCOREUSB.sys (CSR)
DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (drvmcdb) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (PCISys) -- C:\WINDOWS\system32\drivers\pcisys.sys (NetSupport Ltd)
DRV - (gdihook5) -- C:\WINDOWS\system32\drivers\gdihook5.sys (NetSupport Ltd)
DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (smwdm) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (prepdrvr) -- C:\WINDOWS\system32\CCM\PrepDrv.sys (Microsoft Corporation)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (Appn) -- C:\WINDOWS\System32\drivers\appn.sys (IBM Corporation)
DRV - (AppnBase) -- C:\WINDOWS\System32\drivers\AppnBase.sys (IBM Corporation)
DRV - (pdlncfwk) -- C:\WINDOWS\System32\drivers\pdlncfwk.sys (IBM Corporation)
DRV - (AppnApi) -- C:\WINDOWS\System32\drivers\appnapi.sys (IBM Corporation)
DRV - (IBM_LLC2) -- C:\WINDOWS\system32\drivers\llc2.sys (IBM Corporation)
DRV - (pdlnacom) -- C:\WINDOWS\System32\drivers\pdlnacom.sys (IBM Corporation)
DRV - (pdlndlpb) -- C:\WINDOWS\System32\drivers\pdlndlpb.sys (IBM Corporation)
DRV - (pdlnemap) -- C:\WINDOWS\System32\drivers\pdlnemap.sys (IBM Corporation)
DRV - (pdlndsdl) -- C:\WINDOWS\System32\drivers\pdlndsdl.sys (IBM Corporation)
DRV - (pdlnshay) -- C:\WINDOWS\System32\drivers\pdlnshay.sys (IBM Corporation)
DRV - (pdlndldl) IBM Enterprise Extender (HPR/IP) -- C:\WINDOWS\System32\drivers\pdlndldl.sys (IBM Corporation)
DRV - (pdlnsx25) -- C:\WINDOWS\System32\drivers\pdlnsx25.sys (IBM Corporation)
DRV - (pdlnsv25) -- C:\WINDOWS\System32\drivers\pdlnsv25.sys (IBM Corporation)
DRV - (pdlndqll) -- C:\WINDOWS\System32\drivers\pdlndqll.sys (IBM Corporation)
DRV - (pdlndtdl) -- C:\WINDOWS\System32\drivers\pdlndtdl.sys (IBM Corporation)
DRV - (pdlnecfg) -- C:\WINDOWS\System32\drivers\pdlnecfg.sys (IBM Corporation)
DRV - (Anydlc) -- C:\WINDOWS\System32\drivers\anydlc.sys (IBM Corporation)
DRV - (pdlnafac) -- C:\WINDOWS\System32\drivers\pdlnafac.sys (IBM Corporation)
DRV - (KLOGNT) -- C:\WINDOWS\System32\drivers\klognt.sys (IBM Corporation)
DRV - (pdlnslea) -- C:\WINDOWS\System32\drivers\pdlnslea.sys (IBM Corporation)
DRV - (pdlnatcm) -- C:\WINDOWS\System32\drivers\pdlnatcm.sys (IBM Corporation)
DRV - (pdlnepkt) -- C:\WINDOWS\System32\drivers\pdlnepkt.sys (IBM Corporation)
DRV - (pdlndoem) -- C:\WINDOWS\System32\drivers\pdlndoem.sys (IBM Corporation)
DRV - (pdlnatdl) -- C:\WINDOWS\System32\drivers\pdlnatdl.sys (IBM Corporation)
DRV - (pdlndint) -- C:\WINDOWS\System32\drivers\pdlndint.sys (IBM Corporation)
DRV - (pdlnemsg) -- C:\WINDOWS\System32\drivers\pdlnemsg.sys (IBM Corporation)
DRV - (pdlnctdl) -- C:\WINDOWS\System32\drivers\pdlnctdl.sys (IBM Corporation)
DRV - (NsTrcNT) -- C:\WINDOWS\System32\drivers\nstrcnt.sys (IBM Corporation)
DRV - (pdlnebas) -- C:\WINDOWS\System32\drivers\pdlnebas.sys (IBM Corporation)
DRV - (pdlncbas) -- C:\WINDOWS\System32\drivers\pdlncbas.sys (IBM Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nycenet.edu/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009/12/14 08:30:26 | 00,362,801 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12470 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: cybershift.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: nyc.gov ([schools] http in Trusted sites)
O15 - HKCU\..Trusted Domains: nycboe.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: nycenet.edu ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1119976409718 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1160567331578 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.251.18.120 10.251.16.20
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\doe installs\Nslogo.bmp
O24 - Desktop BackupWallPaper: C:\doe installs\Nslogo.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/23 13:14:06 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/17 13:54:53 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{18808b80-e0e6-11dd-a943-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{18808b80-e0e6-11dd-a943-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{18808b80-e0e6-11dd-a943-00038a000015}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{1aa51260-04d2-11de-a947-001641dd264e}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\{79446060-4c4f-11de-a952-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{79446060-4c4f-11de-a952-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{79446060-4c4f-11de-a952-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{afbaac01-a1c8-11dd-a92e-7a8020000200}\Shell\AutoRun\command - "" = D:\Launch.exe -- File not found
O33 - MountPoints2\{ce144890-eecd-11dd-a944-7a8020000200}\Shell - "" = AutoRun
O33 - MountPoints2\{ce144890-eecd-11dd-a944-7a8020000200}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ce144890-eecd-11dd-a944-7a8020000200}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f7bc36b1-ee25-11dc-a8de-00188bbc8608}\Shell\AutoRun\command - "" = F:\LinksysConnectPC.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/20 17:02:13 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\WLANProfiles
[2010/01/20 16:57:25 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/20 12:07:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/01/20 12:07:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/01/20 12:07:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/01/20 12:07:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/01/20 12:07:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/01/20 12:07:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/01/20 12:07:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/01/20 12:07:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/01/20 12:07:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/01/20 12:07:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/01/20 12:07:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/01/20 12:07:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/01/20 12:07:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/01/20 12:07:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/01/20 12:07:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/01/20 12:07:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/01/20 12:07:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/01/18 23:40:42 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\administrator\Recent
[2010/01/18 11:51:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator\Application Data\Verizon Wireless
[2010/01/18 11:10:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2010/01/18 11:10:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Verizon Wireless
[2010/01/18 11:05:45 | 00,090,112 | ---- | C] (DEVGURU) -- C:\WINDOWS\System32\pxfhwmcp64.dll
[2010/01/18 11:01:36 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\administrator\UserData
[2010/01/17 13:54:53 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2010/01/16 15:15:03 | 00,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/03 17:24:40 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\administrator\Desktop\RootRepeal.exe
[2010/01/03 16:01:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator\Application Data\Google
[2010/01/03 15:19:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/03 15:15:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/03 15:12:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/03 15:08:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IOSUBSYS
[2010/01/03 14:49:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/01/03 14:49:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2010/01/03 14:49:06 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2010/01/03 14:13:59 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/01 02:17:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator\Application Data\Malwarebytes
[2010/01/01 02:17:16 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/01 02:17:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/01 02:17:12 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/01 02:17:12 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/31 16:45:35 | 00,000,000 | ---D | C] -- C:\Program Files\PCFriendly
[2009/12/24 13:27:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\administrator\Local Settings\Application Data\ApplicationHistory
[2009/08/28 16:53:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
[2009/08/28 16:49:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Bytemobile
[2009/03/30 15:58:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2008/08/02 18:47:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/07/17 18:17:34 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/08/24 08:54:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2005/06/28 10:57:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/06/28 10:38:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2002/06/04 13:23:00 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dlL

========== Files - Modified Within 30 Days ==========

[2010/01/21 11:34:33 | 00,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2043816017-598559613-990730574-1005UA.job
[2010/01/21 11:04:13 | 00,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/21 10:52:29 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/21 10:52:04 | 00,000,416 | ---- | M] () -- C:\Documents and Settings\administrator\Desktop\Google.url
[2010/01/21 10:48:42 | 00,000,495 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2010/01/21 10:48:12 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/21 10:45:55 | 00,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/21 10:45:54 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/01/21 10:45:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/21 10:45:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/21 10:43:47 | 00,000,008 | ---- | M] () -- C:\WINDOWS\System32\pcisys.ntk
[2010/01/20 17:02:13 | 00,000,706 | ---- | M] () -- C:\Settings.ini
[2010/01/20 16:58:26 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\administrator\ntuser.dat
[2010/01/20 16:58:04 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\administrator\ntuser.ini
[2010/01/18 18:34:00 | 00,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2043816017-598559613-990730574-1005Core.job
[2010/01/18 11:10:48 | 00,001,013 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk
[2010/01/17 14:37:12 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\administrator\Desktop\n60llrmw.exe
[2010/01/17 13:45:59 | 00,132,597 | ---- | M] () -- C:\Documents and Settings\administrator\Desktop\Flash_Disinfector.exe
[2010/01/10 23:23:11 | 00,020,872 | ---- | M] () -- C:\Documents and Settings\administrator\My Documents\cc_20100110_232257.reg
[2010/01/03 17:27:56 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\administrator\Desktop\settings.dat
[2010/01/03 17:25:12 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\administrator\Desktop\RootRepeal.exe
[2010/01/03 17:12:36 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/01/03 16:46:33 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\administrator\Desktop\dds.scr
[2010/01/03 15:13:19 | 00,001,774 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Calendar.lnk
[2010/01/03 15:13:19 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Mail.lnk
[2010/01/03 15:13:19 | 00,001,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Docs.lnk
[2010/01/03 14:14:00 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\administrator\Desktop\HijackThis.lnk
[2010/01/01 02:17:20 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/31 17:32:22 | 00,385,544 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/31 17:32:21 | 00,054,586 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/31 17:32:20 | 00,446,068 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/31 17:17:03 | 00,000,000 | ---- | M] () -- C:\WINDOWS\pcfriend.INI
[2009/12/31 16:47:55 | 00,000,640 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PCFriendly DVD.lnk
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/26 22:53:22 | 00,048,034 | ---- | M] () -- C:\Documents and Settings\administrator\My Documents\cc_20091226_225312.reg
[2009/12/25 19:38:19 | 00,000,821 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/12/25 17:03:48 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/25 17:03:48 | 00,000,210 | RHS- | M] () -- C:\boot.ini
[2009/12/24 11:35:57 | 00,002,344 | ---- | M] () -- C:\Documents and Settings\administrator\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2010/01/20 17:02:13 | 00,000,706 | ---- | C] () -- C:\Settings.ini
[2010/01/20 12:07:21 | 00,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/01/18 11:10:48 | 00,001,013 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk
[2010/01/17 14:37:07 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\administrator\Desktop\n60llrmw.exe
[2010/01/17 13:45:59 | 00,132,597 | ---- | C] () -- C:\Documents and Settings\administrator\Desktop\Flash_Disinfector.exe
[2010/01/10 23:23:07 | 00,020,872 | ---- | C] () -- C:\Documents and Settings\administrator\My Documents\cc_20100110_232257.reg
[2010/01/03 17:27:56 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\administrator\Desktop\settings.dat
[2010/01/03 17:12:36 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/01/03 16:46:13 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\administrator\Desktop\dds.scr
[2010/01/03 15:13:19 | 00,001,774 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Calendar.lnk
[2010/01/03 15:13:19 | 00,001,728 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Docs.lnk
[2010/01/03 15:13:18 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Mail.lnk
[2010/01/03 15:12:23 | 00,000,888 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/03 15:12:22 | 00,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/03 14:49:09 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/03 14:14:00 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\administrator\Desktop\HijackThis.lnk
[2010/01/01 02:17:20 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/31 17:17:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/12/31 16:47:54 | 00,000,640 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PCFriendly DVD.lnk
[2009/12/26 22:53:17 | 00,048,034 | ---- | C] () -- C:\Documents and Settings\administrator\My Documents\cc_20091226_225312.reg
[2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/06 21:51:52 | 00,026,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/04/28 11:02:12 | 00,098,359 | ---- | C] () -- C:\WINDOWS\System32\pcimon.dll
[2008/04/28 11:02:12 | 00,073,784 | ---- | C] () -- C:\WINDOWS\System32\clhook4.dll
[2008/04/28 11:02:12 | 00,036,911 | ---- | C] () -- C:\WINDOWS\System32\pcimsg.dll
[2008/04/28 11:02:12 | 00,028,728 | ---- | C] () -- C:\WINDOWS\System32\pcigina.dll
[2008/04/28 11:02:12 | 00,020,535 | ---- | C] () -- C:\WINDOWS\System32\pcivdd.dll
[2007/12/23 15:14:51 | 01,228,854 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\OrbError.bmp
[2007/12/23 14:46:32 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/12/23 13:26:14 | 00,005,120 | ---- | C] () -- C:\Documents and Settings\administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/24 08:07:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2006/07/21 08:54:42 | 00,004,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINIO.SYS
[2006/06/07 10:33:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcsmig.INI
[2006/06/07 10:26:49 | 00,000,495 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2006/06/07 10:08:47 | 00,000,100 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2006/06/07 10:07:11 | 00,001,345 | ---- | C] () -- C:\WINDOWS\LMAAT2DD.ini
[2006/06/07 10:06:48 | 00,000,873 | ---- | C] () -- C:\WINDOWS\LMAAJ2DD.ini
[2006/06/07 10:05:44 | 00,000,836 | ---- | C] () -- C:\WINDOWS\LMAAZ2DD.ini
[2006/06/07 10:05:10 | 00,001,084 | ---- | C] () -- C:\WINDOWS\LMAAP2DD.ini
[2006/06/07 10:04:39 | 00,001,013 | ---- | C] () -- C:\WINDOWS\LMAAE2DD.ini
[2006/06/07 10:03:56 | 00,000,748 | ---- | C] () -- C:\WINDOWS\LMAAL2DD.ini
[2006/06/07 10:01:55 | 00,001,546 | ---- | C] () -- C:\WINDOWS\LMAAR2DD.ini
[2006/06/07 09:57:30 | 00,008,521 | ---- | C] () -- C:\WINDOWS\lmpcl2a.ini
[2006/05/10 11:14:37 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbfvs.dll
[2006/05/10 11:14:36 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBFLCNP.DLL
[2006/05/10 11:14:36 | 00,000,188 | ---- | C] () -- C:\WINDOWS\System32\lxbfcoin.ini
[2005/11/18 13:47:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/01 20:44:00 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 20:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/06/28 11:46:24 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2005/06/28 11:46:13 | 00,001,794 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2005/06/28 11:42:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2005/06/28 11:18:42 | 00,000,300 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/06/28 11:17:00 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/21 11:02:28 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2005/01/07 13:15:56 | 00,172,056 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/01/07 13:10:26 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2004/07/20 16:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 13:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/04 13:23:00 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\lexdlls.dlL
[1998/10/11 00:07:38 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:22 AM

Posted 22 January 2010 - 11:13 AM

Hi,

please scan with Malwarebytes for any remaining infection:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

How is the PC doing?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 buckn2sox

buckn2sox
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CT
  • Local time:04:22 AM

Posted 24 January 2010 - 04:10 PM

It is still running at 100% CPU usage while only running the anti-maleware program.
Can we try some more things to correct this Please? It ca't even keep up with my typing and i only hunt and peck with a few fingers

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:22 AM

Posted 24 January 2010 - 07:21 PM

Hi,

have you run startuplite as instructed earlier?

Which process is using up all the CPU?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 buckn2sox

buckn2sox
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CT
  • Local time:04:22 AM

Posted 24 January 2010 - 07:44 PM

yes i ran starlite

Anti-malware took the 100% It was stalling and hardly going it said not responding a lot of times and would then pick up again. so i canceled the scan re-booted into safe mode and started the scan again. It seemed better - that scan i running now.

Anything else I should do?

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:22 AM

Posted 24 January 2010 - 08:06 PM

Hi,

yes when the PC is getting slow again (and Malwarebytes isn't running) please open your taskmanager (press ctrl - alt -del) and click once on the title cpu, this should sort all your running processes by CPU usage. Which processes use the most CPU?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:22 AM

Posted 05 February 2010 - 04:00 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users