My first time..

aumary · January 29, 2009

I ran the scans and got nothing found. But I am infected!!!

I hope I did this correct. And Thanks

StartupList report, 1/28/2009, 8:51:12 PM

StartupList version: 1.52.2

Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE

Detected: Windows XP SP3 (WinNT 5.01.2600)

Detected: Internet Explorer v7.00 (7.00.6000.16762)

* Using default options

==================================================

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\setrysvc.exe

C:\WINDOWS\System32\semwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Acer\Empowering Technology\admServ.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe

C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Outlook Express\msimn.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\Ati2evxx.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

DVD@ccess.lnk = ?

Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

AppleSyncNotifier = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]

=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe

SCRNSAVE.EXE=C:\WINDOWS\system32\mypixdx.scr

drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

(no name) - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job

--------------------------------------------------

Enumerating Download Program Files:

[support.com Configuration Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\tgctlcm.dll

CODEBASE = http://activation.rr.com/install/downloads/tgctlcm.cab

[QuickTime Object]

InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx

CODEBASE = http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

[shockwave ActiveX Control]

InProcServer32 = C:\WINDOWS\system32\Adobe\Director\SwDir.dll

CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

[Windows Genuine Advantage Validation Tool]

InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL

CODEBASE = http://download.microsoft.com/download/9/b...heckControl.cab

[PCPitstop AntiVirus]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\pcpitstopAntiVirus.dll

CODEBASE = http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx

CODEBASE = http://fpdownload.macromedia.com/get/shock...ash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\system32\webcheck.dll

SysTray: C:\WINDOWS\system32\stobject.dll

WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------

End of report, 6,935 bytes

Report generated in 0.047 seconds

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Malwarebytes' Anti-Malware 1.33

Database version: 1693

Windows 5.1.2600 Service Pack 3

1/28/2009 7:45:23 PM

mbam-log-2009-01-28 (19-45-23).txt

Scan type: Quick Scan

Objects scanned: 128982

Time elapsed: 22 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

AdvancedSetup · January 29, 2009

Please visit this webpage for instructions for downloading ComboFix to your

DESKTOP

:

how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

NOTE!!:

You must save and run

ComboFix.exe

on your DESKTOP and not from any other folder.

Also,

DO NOT

click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:

ComboFix.exe

Note:

The

Windows Recovery Console

will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click
Yes
to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please post the
C:\ComboFix.txt
along with a
new HijackThis log
so we may continue cleaning the system.

aumary · January 29, 2009

I am haveing trouble getting the Trend LOG but will post it when I get it....

ComboFix 09-01-21.04 - PAUL 2009-01-29 7:18:53.2 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.623 [GMT -5:00]

Running from: c:\documents and settings\PAUL\Desktop\ComboFix.exe

AV: AVG 7.5.552 *On-access scanning disabled* (Updated)

.

((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-29 )))))))))))))))))))))))))))))))

.

2009-01-25 18:20 . 2009-01-25 18:20 <DIR> d-------- c:\program files\Trend Micro

2009-01-24 08:54 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-24 08:54 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-24 08:25 . 2009-01-24 08:25 <DIR> d-------- c:\program files\PCPitstop

2009-01-24 08:25 . 2009-01-24 08:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\PCPitstop

2009-01-05 12:13 . 2004-06-11 10:31 135,168 -ra------ c:\windows\UNDPX2A.exe

2009-01-05 12:13 . 2004-06-11 10:34 53,693 -ra------ c:\windows\UNDPX2A.sys

2009-01-05 12:13 . 2004-06-10 19:42 15,429 -ra------ c:\windows\system32\drivers\Sacm2A.sys

2008-12-29 09:23 . 2008-12-29 09:23 <DIR> d-------- C:\logs

2008-12-29 09:22 . 2001-08-17 22:36 87,040 --a------ c:\windows\system32\wiafbdrv.dll

2008-12-29 09:22 . 2001-08-17 22:36 87,040 --a------ c:\windows\system32\dllcache\wiafbdrv.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-23 01:08 --------- d-----w c:\documents and settings\PAUL\Application Data\Lexmark Productivity Studio

2008-12-23 01:00 --------- d-----w c:\documents and settings\PAUL\Application Data\7600 Series

2008-12-23 00:52 --------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint

2008-12-23 00:52 --------- d-----w c:\documents and settings\All Users\Application Data\7600 Series

2008-12-21 12:52 --------- d-----w c:\documents and settings\PAUL\Application Data\Malwarebytes

2008-12-21 12:50 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2008-12-21 12:50 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2008-12-21 12:38 --------- d-----w c:\program files\Registry Mechanic(2)

2008-12-21 12:00 --------- d-----w c:\documents and settings\All Users\Application Data\TEMP

2008-12-13 05:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys

2008-09-09 23:31 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090920080910\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-24 219136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

DVD@ccess.lnk - c:\program files\Apple Computer\DVD@ccess\DVDAccess.exe [2006-12-12 888832]

Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-04-26 2048074]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux2"= wdmaud.sys

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=

"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=

"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 Hotkey;Hotkey;c:\windows\system32\drivers\HOTKEY.sys [2003-04-28 9867]

R1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2006-11-30 12106]

R3 SEM43XX;Sony Ericsson 802.11 Wireless LAN Adapter Driver SEM43XX;c:\windows\system32\drivers\semwl5.SYS [2005-01-03 368896]

R3 SEMWModem;Sony Ericsson SEMWModem;c:\windows\system32\drivers\GCXX.sys [2005-01-03 114944]

R3 SEMWWNIC;Sony Ericsson SEMWWNIC;c:\windows\system32\drivers\GCXXNet.sys [2005-01-03 53248]

R3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;c:\windows\system32\drivers\GCXXSC.sys [2004-12-21 21888]

R4 DVDAccss;DVDAccss;c:\windows\system32\drivers\DVDAccss.sys [2006-12-12 29156]

R4 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2006-11-30 7296]

R4 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2006-11-30 4010]

R4 setrysvc;Sony Ericsson Wireless LAN Tray Service;c:\windows\System32\setrysvc.exe c:\windows\System32\semwltry.exe --> c:\windows\System32\setrysvc.exe c:\windows\System32\semwltry.exe [?]

S1 mailKmd;mailKmd; [x]

S1 Wbutton;Wbutton;c:\windows\system32\drivers\Wbutton.sys --> c:\windows\system32\drivers\Wbutton.sys [?]

S3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\drivers\NdisFilt.sys [2006-11-30 4392]

S3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [2000-12-19 2343]

S3 SDSTOR2K;SanDisk USB ImageMate/SecureMate Mass Storage Driver;c:\windows\system32\drivers\SDSTOR2K.SYS [2007-05-30 37781]

S3 SEWModem;Sony Ericsson Wireless Modem;c:\windows\system32\drivers\GC75.sys [2007-10-09 109056]

S3 SEWWNIC;Sony Ericsson Wireless WAN Adapter;c:\windows\system32\drivers\GC75Net.sys [2007-10-09 58880]

S3 SI15CI;SI15CI;\??\c:\elements\1stboot\SI15CI.SYS --> c:\elements\1stboot\SI15CI.SYS [?]

S4 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]

S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [2009-01-24 77312]

.

Contents of the 'Scheduled Tasks' folder

2008-12-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://my.att.net/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-29 07:20:43

Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(528)

c:\windows\system32\Ati2evxx.dll

c:\windows\System32\SEMLogon.dll

- - - - - - - > 'winlogon.exe'(2292)

c:\windows\system32\Ati2evxx.dll

c:\windows\System32\SEMLogon.dll

.

Completion time: 2009-01-29 7:21:57

ComboFix-quarantined-files.txt 2009-01-29 12:21:56

ComboFix2.txt 2009-01-29 03:43:32

Pre-Run: 9,298,673,664 bytes free

Post-Run: 9,288,712,192 bytes free

127 --- E O F --- 2009-01-14 22:32:29

aumary · January 29, 2009

Srry but I get no HJT LOG....?????

aumary · January 29, 2009

When I run HJT a box comes up that ask if I want to OPEN or SAVE this file. If I click one or the other the box comes back each time..

AdvancedSetup · January 30, 2009

Try to install and run MBAM now.

Update and Scan with Malwarebytes' Anti-Malware

Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
- Update Malwarebytes' Anti-Malware
- Select the Update tab
- Click Update
[*]When the update is complete, select the Scanner tab
[*]Select Perform quick scan, then click Scan.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Be sure that everything is checked, and click Remove Selected.
[*]When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then RESTART the computer

AFTER the reboot run HJT Do a system scan and save a logfile

The post back NEW MBAM and HJT logs in that order please.

aumary · January 30, 2009

Nothing found

Malwarebytes' Anti-Malware 1.33

Database version: 1707

Windows 5.1.2600 Service Pack 3

1/29/2009 11:39:34 PM

mbam-log-2009-01-29 (23-39-34).txt

Scan type: Quick Scan

Objects scanned: 58454

Time elapsed: 2 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

aumary · January 30, 2009

Same as before can't get HJT log. Blue box --- Open OR Save wont work..

AdvancedSetup · January 31, 2009

Please download and try this utility to see if it can repair some of the DLL and other associations.

Dial-a-fix

aumary · January 31, 2009

I ran Dial a Fix. Still no HJT log.

AdvancedSetup · February 1, 2009

Okay let's try another tool then.

Important!

All of the following instructions must be run on the affected computer. Logs from a different computer will not help me help you. So, if you need to download all of this and then copy it to CD or memory stick and take it to the other computer, please do so. Either way, it's important. The logs have to be made by the computer with the problem.

I also need for you to download this program

OTListIt2.exe

to your desktop.

Close all applications and windows so that you have nothing open and are at your Desktop
Double-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt.
Place a checkmark in the
"Scan All Users"
checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)
Click the Run Scan button
NOTE:
Please be patient and let the scan run without using the computer
When the scan is complete, a text file (
OTListIt.Txt
) will open in Notepad (if not, it can be found on your Desktop)
In Notepad, click
Edit
,
Select all
then
Edit
,
Copy
Reply to this topic, click in the topic reply window, and press Ctrl+V to paste the log or Righ click paste.
Submit your reply and close the Notepad window with
OTList.txt
Also OTListIt's
Extras.txt
log file will be minimized in the Taskbar (and located on your Desktop) - click on this and maximize the window
In Notepad, click
Edit
,
Select all
then
Edit
,
Copy
Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log or Right click paste.
NOTE:
If the files (
OTListIt.txt, Extras.txt
) do not appear in your taskbar, just open the files in notepad from your desktop.

Please allow me time to analyze your post. If you don't see a reply from me after 48 hours, feel free to PM me.

aumary · February 1, 2009

OTListIt logfile created on: 2/1/2009 8:24:54 AM - Run 2

OTListIt2 by OldTimer - Version 1.0.4.1 Folder = C:\Documents and Settings\PAUL\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.16 Mb Total Physical Memory | 582.60 Mb Available Physical Memory | 60.80% Memory free

1.51 Gb Paging File | 1.18 Gb Available in Paging File | 77.93% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 43.88 Gb Total Space | 8.53 Gb Free Space | 19.43% Space Free | Partition Type: FAT32

Drive D: | 44.37 Gb Total Space | 44.09 Gb Free Space | 99.38% Space Free | Partition Type: FAT32

Drive E: | 627.32 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ACERLAPTOP

Current User Name: PAUL

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Output = Standard

File Age = 30 Days

Company Name Whitelist: On

========== Processes (SafeList) ==========

[2005/12/20 06:46:24 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe

[2005/01/04 00:32:42 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\setrysvc.exe

[2004/12/21 12:33:48 | 00,802,920 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\WINDOWS\System32\semwltry.exe

[2008/07/22 20:42:12 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

[2006/07/25 18:03:44 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

[2007/10/24 09:39:56 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

[2007/07/18 08:28:12 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

[2008/01/16 08:52:18 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

[2005/10/24 16:40:52 | 01,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe

[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

[2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe

[2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe

[2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe

[2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe

[2005/12/20 06:46:24 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe

[2008/07/30 10:47:56 | 00,289,064 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe

[2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe

[2007/07/30 12:42:10 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[2003/11/21 16:16:12 | 00,888,832 | ---- | M] (Apple Computer) -- C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe

[2007/04/26 12:35:24 | 02,048,074 | ---- | M] (Cisco Systems, Inc) -- C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe

[2008/07/30 10:47:48 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe

[2008/04/13 19:12:42 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe

[2009/02/01 08:21:40 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PAUL\Desktop\OTListIt2.exe

========== (O23) Win32 Services (SafeList) ==========

[2008/07/22 20:42:12 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2005/12/20 06:46:24 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])

[2006/07/25 18:03:44 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])

[2007/10/24 09:39:56 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe -- (Avg7Alrt [Auto | Running])

[2007/07/18 08:28:12 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe -- (Avg7UpdSvc [Auto | Running])

[2008/01/16 08:52:18 | 00,406,528 | ---- | M] (GRISOFT, s.r.o.) -- C:\PROGRA~1\Grisoft\AVG7\avgemc.exe -- (AVGEMS [Auto | Running])

[2005/10/24 16:40:52 | 01,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe -- (AWService [Auto | Running])

[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

[2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])

[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])

[2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])

[2008/12/28 13:24:14 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

[2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

[2008/07/30 10:47:48 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])

[2006/07/25 18:03:44 | 02,119,360 | ---- | M] (Symantec Corporation) -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate [On_Demand | Stopped])

File not found -- -- (lxdw_device [Auto | Stopped])

[2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])

[2004/08/10 04:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])

File not found -- -- (navapsvc [Auto | Stopped])

[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2008/10/21 12:50:02 | 00,077,312 | ---- | M] () -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling [Disabled | Stopped])

[2005/01/04 00:32:42 | 00,065,536 | ---- | M] () -- C:\WINDOWS\System32\setrysvc.exe -- (setrysvc [Auto | Running])

[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

[2006/09/28 18:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WUDFSvc.dll -- (WudfSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

[2008/01/13 22:21:54 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])

[2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [boot | Running])

[2008/04/13 13:36:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [boot | Running])

[2005/03/09 15:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [system | Running])

[2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [boot | Running])

[2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [boot | Running])

[2005/12/20 06:51:46 | 01,419,264 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])

[2007/10/24 09:39:54 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avg7core.sys -- (Avg7Core [system | Running])

[2007/07/18 08:28:16 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avg7rsw.sys -- (Avg7RsW [system | Running])

[2007/07/18 08:28:16 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys -- (Avg7RsXP [system | Running])

[2008/01/16 08:52:18 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgclean.sys -- (AvgClean [system | Running])

[2007/07/18 08:28:18 | 00,004,960 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdi.sys -- (AvgTdi [Auto | Running])

[2004/04/14 04:41:58 | 00,266,240 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Stopped])

[2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [boot | Running])

[2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [boot | Running])

[2003/11/21 16:15:14 | 00,029,156 | ---- | M] (Apple Computer, Inc.) -- C:\WINDOWS\system32\drivers\DVDAccss.sys -- (DVDAccss [Auto | Running])

[2008/04/13 13:36:40 | 00,046,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\gagp30kx.sys -- (gagp30kx [boot | Running])

[2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

[2007/03/08 17:18:00 | 00,008,320 | ---- | M] (GARMIN Corp.) -- C:\WINDOWS\system32\drivers\grmnusb.sys -- (grmnusb [On_Demand | Stopped])

[2008/04/13 11:36:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])

[2003/04/28 11:27:06 | 00,009,867 | ---- | M] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey [system | Running])

[2005/11/08 15:11:34 | 00,202,240 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])

[2005/11/08 15:12:18 | 00,997,376 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])

[2006/01/13 17:13:18 | 04,137,984 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])

[2005/10/05 15:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])

[2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [boot | Running])

[2005/09/13 15:34:40 | 00,004,392 | ---- | M] (OSA Technologies) -- C:\WINDOWS\System32\Drivers\NdisFilt.sys -- (NdisFilt [On_Demand | Stopped])

[2005/05/02 12:13:42 | 00,009,600 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\NETMNT.sys -- (NETMNT [On_Demand | Stopped])

[2008/04/13 13:54:36 | 00,028,672 | ---- | M] (National Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\nscirda.sys -- (NSCIRDA [On_Demand | Stopped])

[2006/06/14 21:51:02 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) -- C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])

[2005/10/15 18:20:44 | 00,012,106 | ---- | M] (OSA Technologies) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc [system | Running])

[2005/06/30 16:58:24 | 00,007,296 | ---- | M] (OSA Technologies, An Avocent Company) -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio [Auto | Running])

[2005/01/14 15:57:16 | 00,004,010 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm [Auto | Running])

[2002/02/11 14:15:50 | 00,014,572 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])

[2000/12/19 18:29:52 | 00,002,343 | ---- | M] () -- C:\Program Files\Launch Manager\POWERKEY.sys -- (POWERKEY [On_Demand | Stopped])

[2004/08/10 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

[2005/05/12 18:54:10 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

[2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [boot | Running])

[2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [boot | Running])

[2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [boot | Running])

[2004/12/02 16:36:08 | 00,070,912 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])

[2004/08/03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])

[2002/01/11 18:53:06 | 00,037,781 | ---- | M] (SanDisk Corporation) -- C:\WINDOWS\system32\DRIVERS\SDSTOR2K.SYS -- (SDSTOR2K [On_Demand | Stopped])

[2007/11/13 04:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2005/01/02 23:49:40 | 00,368,896 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\semwl5.sys -- (SEM43XX [On_Demand | Running])

[2005/01/02 23:32:42 | 00,114,944 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\GCXX.sys -- (SEMWModem [On_Demand | Running])

[2005/01/02 23:32:42 | 00,053,248 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\GCXXNet.sys -- (SEMWWNIC [On_Demand | Running])

[2003/07/16 14:27:40 | 00,043,264 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\ser2pl.sys -- (Ser2pl [On_Demand | Stopped])

[2004/04/26 00:42:32 | 00,109,056 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\GC75.sys -- (SEWModem [On_Demand | Stopped])

[2004/04/26 00:42:32 | 00,058,880 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\GC75Net.sys -- (SEWWNIC [On_Demand | Stopped])

[2008/04/13 13:36:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [boot | Running])

[2004/12/21 12:33:44 | 00,021,888 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\GCXXSC.sys -- (Sony_EricssonWWSC [On_Demand | Running])

[2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [boot | Running])

[2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [boot | Running])

[2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [boot | Running])

[2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [boot | Running])

[2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [boot | Running])

[2004/10/05 16:17:32 | 00,185,824 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])

[2004/12/17 16:14:44 | 00,013,952 | ---- | M] () -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper [boot | Running])

[2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [boot | Running])

[2004/06/10 19:42:38 | 00,015,429 | R--- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\Sacm2A.sys -- (USBCM [On_Demand | Stopped])

[2005/11/08 15:11:30 | 00,723,712 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

[2008/04/13 13:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\wmiacpi.sys -- (WmiAcpi [system | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-200969133-407574805-1789127490-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKU\S-1-5-21-200969133-407574805-1789127490-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKU\S-1-5-21-200969133-407574805-1789127490-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/

HKU\S-1-5-21-200969133-407574805-1789127490-1005\S-1-5-21-200969133-407574805-1789127490-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-200969133-407574805-1789127490-1005\S-1-5-21-200969133-407574805-1789127490-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)

O3 - HKCU\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

O3 - HKU\S-1-5-21-200969133-407574805-1789127490-1005\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKU\S-1-5-21-200969133-407574805-1789127490-1005\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\.DEFAULT..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)

O4 - HKU\S-1-5-18..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (GRISOFT, s.r.o.)

O4 - HKU\S-1-5-21-200969133-407574805-1789127490-1005..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

O4 - HKU\S-1-5-21-200969133-407574805-1789127490-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD@ccess.lnk = C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe (Apple Computer)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe (Cisco Systems, Inc)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-200969133-407574805-1789127490-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-200969133-407574805-1789127490-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-200969133-407574805-1789127490-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-200969133-407574805-1789127490-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-200969133-407574805-1789127490-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://activation.rr.com/install/downloads/tgctlcm.cab (Support.com Configuration Class)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab (QuickTime Object)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll (PCPitstop AntiVirus)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shock...ash/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler: - ipp - No CLSID value found

O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp - No CLSID value found

O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\system\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler: - mso-offdap - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler: - mso-offdap11 - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - See sections below for AppInitDlls and Winlogon settings

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Autorun Files on Drives ==========

autorun.inf [[autorun] | OPEN=HighSpeedInstaller.exe | ]

[2003/12/03 16:18:14 | 00,000,040 | R--- | M] () -- E:\autorun.inf -- [ CDFS ]

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]

[1 C:\WINDOWS\*.tmp files]

[2009/02/01 08:21:36 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PAUL\Desktop\OTListIt2.exe

[2009/01/31 10:32:37 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information

[2009/01/31 10:32:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2

[2009/01/31 10:31:51 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate

[2009/01/31 10:31:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp

[2009/01/31 10:18:18 | 00,335,992 | ---- | C] () -- C:\Documents and Settings\PAUL\Desktop\Dial-a-fix-v0.60.0.24.zip

[2009/01/28 22:39:40 | 00,000,209 | ---- | C] () -- C:\Boot.bak

[2009/01/28 22:39:38 | 00,260,272 | ---- | C] () -- C:\cmldr

[2009/01/28 22:39:35 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009/01/28 22:36:32 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2009/01/28 22:36:32 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2009/01/28 22:36:32 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2009/01/28 22:36:32 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2009/01/28 22:36:32 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe

[2009/01/28 22:36:32 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2009/01/28 22:36:32 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2009/01/28 22:36:32 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe

[2009/01/28 22:36:32 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009/01/28 22:36:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/01/28 22:36:27 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/01/28 22:28:59 | 03,048,418 | R--- | C] () -- C:\Documents and Settings\PAUL\Desktop\ComboFix.exe

[2009/01/25 18:20:34 | 00,001,642 | ---- | C] () -- C:\Documents and Settings\PAUL\Desktop\HijackThis.lnk

[2009/01/25 18:20:34 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/01/24 08:54:40 | 00,000,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/01/24 08:54:39 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/01/24 08:54:37 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/01/24 08:25:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop

[2009/01/24 08:25:11 | 00,000,000 | ---D | C] -- C:\Program Files\PCPitstop

[2009/01/24 07:58:44 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic

[2009/01/06 10:22:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC

[2009/01/05 12:13:03 | 00,135,168 | R--- | C] () -- C:\WINDOWS\UNDPX2A.exe

[2009/01/05 12:13:03 | 00,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys

[2009/01/05 12:13:03 | 00,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]

[1 C:\WINDOWS\*.tmp files]

[2009/02/01 08:21:40 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PAUL\Desktop\OTListIt2.exe

[2009/02/01 07:47:22 | 00,489,194 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/02/01 07:47:22 | 00,414,922 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/02/01 07:47:22 | 00,066,808 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/02/01 07:43:36 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/02/01 07:43:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/02/01 07:42:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/02/01 07:42:54 | 10,047,69280 | -HS- | M] () -- C:\hiberfil.sys

[2009/01/31 10:32:38 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2009/01/31 10:32:38 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2009/01/31 10:18:22 | 00,335,992 | ---- | M] () -- C:\Documents and Settings\PAUL\Desktop\Dial-a-fix-v0.60.0.24.zip

[2009/01/29 07:20:48 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/01/28 22:39:42 | 00,000,279 | RHS- | M] () -- C:\boot.ini

[2009/01/28 22:29:10 | 03,048,418 | R--- | M] () -- C:\Documents and Settings\PAUL\Desktop\ComboFix.exe

[2009/01/26 10:23:28 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2009/01/25 18:20:36 | 00,001,642 | ---- | M] () -- C:\Documents and Settings\PAUL\Desktop\HijackThis.lnk

[2009/01/24 08:54:42 | 00,000,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/01/14 16:11:32 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/01/14 16:11:28 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/01/09 20:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2009/01/06 10:22:24 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI

[2009/01/03 21:45:38 | 00,001,721 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wireless Manager.lnk

[2009/01/03 19:51:40 | 00,260,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

< End of report >