Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Rootkit.0access.H [Solved]


  • This topic is locked This topic is locked

#1
Tpacholik

Tpacholik

    New Member

  • Member
  • Pip
  • 6 posts
This has been going on for about 6 weeks. It started with the xp anitspyware 2012. I have since gotten it removed but my system is running really slow and i keep getting pop ups. I ran malwarebytes and it showed that I have rootkit.0access.h. I selected to remove them and once i did my system restarted. I then used the tdsskiller.exe and when my laptop restarted it ran a error check on the hard drive. Now it will not let me access the internet. Please help. Attached are the logs from malwarebytes and tdss killer

Attached Files


  • 0

Advertisements


#2
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Welcome to GTG. Let's help you out with your malware issue(s).

Before we start, make sure you carefully read what I have to say. Don't skip anything. You may even want to have this all printed out in case you're forced to exit this window.

Also, from now on, please paste the contents of any requested logs directly into your posts instead of attaching them.

Download OTL to your Desktop
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    msconfig
    safebootminimal
    safebootnetwork
    activex
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\*.*
    %systemroot%\Tasks\*.job
    c:\ipsec.sys /s /md5
    
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
Tpacholik

Tpacholik

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
OTL logfile created on: 2/26/2012 5:15:38 PM - Run 2
OTL by OldTimer - Version 3.2.33.2 Folder = E:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.97 Mb Total Physical Memory | 429.46 Mb Available Physical Memory | 48.04% Memory free
2.11 Gb Paging File | 1.74 Gb Available in Paging File | 82.30% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 75.03 Gb Free Space | 69.09% Space Free | Partition Type: NTFS
Drive E: | 982.72 Mb Total Space | 15.47 Mb Free Space | 1.57% Space Free | Partition Type: FAT

Computer Name: JOEY | User Name: Joey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/26 17:06:34 | 000,583,680 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2012/01/24 15:42:53 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/11/19 21:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2008/10/30 13:16:42 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/14 14:03:54 | 000,596,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 12:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/09/22 11:06:26 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/08/17 09:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 20:10:40 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/04/05 18:08:34 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2009/04/05 18:08:34 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2009/04/05 18:08:33 | 001,400,832 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2009/04/05 18:08:33 | 000,798,720 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2009/04/05 18:08:33 | 000,786,432 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2009/04/05 18:08:33 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2009/04/05 18:08:33 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2009/04/05 18:08:33 | 000,236,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2009/04/05 18:08:33 | 000,159,744 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2009/04/05 18:08:32 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2009/04/05 18:08:32 | 000,872,448 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2009/04/05 18:08:30 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2009/04/05 18:08:29 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2009/04/05 18:08:28 | 000,090,112 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2009/04/05 18:08:27 | 000,404,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2009/04/05 18:08:27 | 000,128,512 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2009/04/05 18:08:27 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2009/04/05 18:08:27 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2009/04/05 18:08:26 | 000,466,944 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2009/04/05 18:08:26 | 000,354,816 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2009/04/05 18:08:26 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2009/04/05 18:08:25 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2009/04/05 18:08:25 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2009/04/05 18:08:25 | 000,315,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2009/04/05 18:08:25 | 000,258,560 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2009/04/05 18:08:25 | 000,232,960 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2009/04/05 18:08:25 | 000,096,768 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2009/04/05 18:08:25 | 000,083,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2009/04/05 18:08:24 | 001,240,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2009/04/05 18:08:24 | 000,757,760 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2009/04/05 18:08:24 | 000,675,840 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2009/04/05 18:08:24 | 000,171,008 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2009/04/05 18:08:24 | 000,117,760 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2009/04/05 18:08:23 | 000,077,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2008/06/20 10:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 10:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/14 13:58:40 | 002,854,912 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2008/04/14 13:55:58 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2005/12/19 15:08:30 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ZTEusbser6k)
SRV - File not found [Auto | Stopped] -- -- (z525mdfl)
SRV - File not found [Auto | Stopped] -- -- (Xyz777s)
SRV - File not found [Auto | Stopped] -- -- (wlancfg)
SRV - File not found [Auto | Stopped] -- -- (winpowerrmi)
SRV - File not found [Auto | Stopped] -- -- (Wdf01000)
SRV - File not found [Auto | Stopped] -- -- (w810bus)
SRV - File not found [Auto | Stopped] -- -- (viagfx)
SRV - File not found [Auto | Stopped] -- -- (Via4in1)
SRV - File not found [Auto | Stopped] -- -- (trackcam4)
SRV - File not found [Auto | Stopped] -- -- (tap0901)
SRV - File not found [Auto | Stopped] -- -- (symfw)
SRV - File not found [Auto | Stopped] -- -- (sscdserd)
SRV - File not found [Auto | Stopped] -- -- (sqlagent$soshome22)
SRV - File not found [Auto | Stopped] -- -- (sp_clamsrv)
SRV - File not found [Auto | Stopped] -- -- (snareiis)
SRV - File not found [Auto | Stopped] -- -- (snapman380)
SRV - File not found [Auto | Stopped] -- -- (SI3112)
SRV - File not found [Auto | Stopped] -- -- (sbpci)
SRV - File not found [Auto | Stopped] -- -- (s24trans)
SRV - File not found [Auto | Stopped] -- -- (s217mdfl)
SRV - File not found [Auto | Stopped] -- -- (rxfilter)
SRV - File not found [Auto | Stopped] -- -- (rvsinst)
SRV - File not found [Auto | Stopped] -- -- (rtl8139)
SRV - File not found [Auto | Stopped] -- -- (rpaservice)
SRV - File not found [Auto | Stopped] -- -- (rnadiagreceiver)
SRV - File not found [Auto | Stopped] -- -- (REVO)
SRV - File not found [Auto | Stopped] -- -- (remoterecord)
SRV - File not found [Auto | Stopped] -- -- (qagswfg)
SRV - File not found [Auto | Stopped] -- -- (pxwutw)
SRV - File not found [Auto | Stopped] -- -- (procexp100)
SRV - File not found [Auto | Stopped] -- -- (pop3d32)
SRV - File not found [Auto | Stopped] -- -- (pmem)
SRV - File not found [Auto | Stopped] -- -- (pensup)
SRV - File not found [Auto | Stopped] -- -- (pelusblf)
SRV - File not found [Auto | Stopped] -- -- (pdiddcci)
SRV - File not found [Auto | Stopped] -- -- (pca)
SRV - File not found [Auto | Stopped] -- -- (p2pimsvc)
SRV - File not found [Auto | Stopped] -- -- (oraclesnmppeerencapsulator)
SRV - File not found [Auto | Stopped] -- -- (oracleorahome92pagingserver)
SRV - File not found [Auto | Stopped] -- -- (nwlnkspx)
SRV - File not found [Auto | Stopped] -- -- (nvsvc)
SRV - File not found [Auto | Stopped] -- -- (nvata)
SRV - File not found [Auto | Stopped] -- -- (ntiopnp)
SRV - File not found [Auto | Stopped] -- -- (nsvcip)
SRV - File not found [Auto | Stopped] -- -- (NSNDIS5)
SRV - File not found [Auto | Stopped] -- -- (netw4x32)
SRV - File not found [Auto | Stopped] -- -- (Mtlmnt5)
SRV - File not found [Auto | Stopped] -- -- (mstdfrgs)
SRV - File not found [Auto | Stopped] -- -- (MR97310_USB_DUAL_CAMERA)
SRV - File not found [Auto | Stopped] -- -- (mcdetect.exe)
SRV - File not found [Auto | Stopped] -- -- (maya70docserver)
SRV - File not found [Auto | Stopped] -- -- (lvuvc)
SRV - File not found [Auto | Stopped] -- -- (lvusbsta)
SRV - File not found [Auto | Stopped] -- -- (lvpr2mon)
SRV - File not found [Auto | Stopped] -- -- (lkcitadelserver)
SRV - File not found [Auto | Stopped] -- -- (lfsfilt)
SRV - File not found [Auto | Stopped] -- -- (lbtserv)
SRV - File not found [Auto | Stopped] -- -- (KLOGNT)
SRV - File not found [Auto | Stopped] -- -- (InterBaseGuardian)
SRV - File not found [Auto | Stopped] -- -- (https-nassry)
SRV - File not found [Auto | Stopped] -- -- (HPFECP20)
SRV - File not found [Auto | Stopped] -- -- (hidbatt)
SRV - File not found [Auto | Stopped] -- -- (eventclientmultiplexer)
SRV - File not found [Auto | Stopped] -- -- (eloggersvc6)
SRV - File not found [Auto | Stopped] -- -- (dlpwd)
SRV - File not found [Auto | Stopped] -- -- (DLH5X)
SRV - File not found [Auto | Stopped] -- -- (dcstor32)
SRV - File not found [Auto | Stopped] -- -- (cwafnotesservice)
SRV - File not found [Auto | Stopped] -- -- (cusrvc)
SRV - File not found [Auto | Stopped] -- -- (cics.region1)
SRV - File not found [Auto | Stopped] -- -- (cercsr6)
SRV - File not found [Auto | Stopped] -- -- (BCM43XV)
SRV - File not found [Auto | Stopped] -- -- (ATMsrvc)
SRV - File not found [Auto | Stopped] -- -- (AtcL002)
SRV - File not found [Auto | Stopped] -- -- (aswlsvc)
SRV - File not found [Auto | Stopped] -- -- (asapiw2k)
SRV - File not found [Auto | Stopped] -- -- (armoucfltr)
SRV - File not found [Auto | Stopped] -- -- (arcltsrv)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (apache2)
SRV - File not found [Auto | Stopped] -- -- (AF15BDA)
SRV - File not found [Auto | Stopped] -- -- (acermemusagecheckservice)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - File not found [Auto | Stopped] -- -- (3comtftp)
SRV - [2012/01/24 15:42:53 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011/04/26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008/04/15 11:14:02 | 000,990,632 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/04/15 11:13:58 | 000,534,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/04/13 12:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/03/27 17:18:12 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/03/10 18:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/02/04 17:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/02/04 17:57:30 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/12/25 22:37:08 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2007/11/28 10:55:03 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2007/10/16 21:16:14 | 001,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/09/20 11:59:14 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/12/12 10:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/22 11:06:26 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,033,592 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\DLADHK_M.SYS -- (DLADHK_M)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/17 16:56:52 | 000,042,240 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2plms.sys -- (ser2plms)
DRV - [2006/08/17 13:55:16 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/11 10:35:20 | 000,013,688 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLADiagM.SYS -- (DLADiagM)
DRV - [2006/08/11 10:35:18 | 000,030,744 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLAPMonM.SYS -- (DLAPMonM)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/12/21 08:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 08:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 08:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/11/02 19:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/14 23:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071128


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071128
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071128
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071128
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071128
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-793404001-1316298628-3179757127-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-793404001-1316298628-3179757127-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-793404001-1316298628-3179757127-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-793404001-1316298628-3179757127-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-793404001-1316298628-3179757127-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-793404001-1316298628-3179757127-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.0: C:\Program Files\Virtual Earth 3D\ [2008/04/06 13:28:16 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Joey\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Joey\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Joey\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)


[2011/01/06 21:05:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joey\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Joey\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Joey\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Joey\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Joey\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Joey\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Documents and Settings\Joey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-793404001-1316298628-3179757127-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [DLADiag] C:\WINDOWS\DLADiag.EXE (Roxio)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-793404001-1316298628-3179757127-1006..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-793404001-1316298628-3179757127-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\nwprovau.dll File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77928C0A-9068-4A52-974D-23A3E408D4DF}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Joey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Joey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/01/13 18:25:08 | 000,000,090 | ---- | M] () - E:\AUTORUN.INF -- [ FAT ]
O33 - MountPoints2\{6a7f0296-4dc0-11e1-b80e-001d09ac488c}\Shell - "" = AutoRun
O33 - MountPoints2\{6a7f0296-4dc0-11e1-b80e-001d09ac488c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6a7f0296-4dc0-11e1-b80e-001d09ac488c}\Shell\AutoRun\command - "" = E:\IronKey.exe
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: 65133852.sys - File not found
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootNet: 65133852.sys - File not found
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - File not found
SafeBootNet: nm.sys - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: rvsinst - File not found
NetSvcs: hidbatt - File not found
NetSvcs: dcstor32 - File not found
NetSvcs: pdiddcci - File not found
NetSvcs: 3comtftp - File not found
NetSvcs: Wdf01000 - File not found
NetSvcs: Via4in1 - File not found
NetSvcs: pelusblf - File not found
NetSvcs: mstdfrgs - File not found
NetSvcs: eventclientmultiplexer - File not found
NetSvcs: remoterecord - File not found
NetSvcs: oracleorahome92pagingserver - File not found
NetSvcs: netw4x32 - File not found
NetSvcs: nvsvc - File not found
NetSvcs: ATMsrvc - File not found
NetSvcs: cics.region1 - File not found
NetSvcs: rpaservice - File not found
NetSvcs: cusrvc - File not found
NetSvcs: InterBaseGuardian - File not found
NetSvcs: lvusbsta - File not found
NetSvcs: pca - File not found
NetSvcs: p2pimsvc - File not found
NetSvcs: oraclesnmppeerencapsulator - File not found
NetSvcs: apache2 - File not found
NetSvcs: lvuvc - File not found
NetSvcs: REVO - File not found
NetSvcs: nvata - File not found
NetSvcs: rtl8139 - File not found
NetSvcs: lkcitadelserver - File not found
NetSvcs: sscdserd - File not found
NetSvcs: KLOGNT - File not found
NetSvcs: NSNDIS5 - File not found
NetSvcs: sbpci - File not found
NetSvcs: lvpr2mon - File not found
NetSvcs: Mtlmnt5 - File not found
NetSvcs: sp_clamsrv - File not found
NetSvcs: HPFECP20 - File not found
NetSvcs: AF15BDA - File not found
NetSvcs: XTrapD12 - File not found
NetSvcs: w810bus - File not found
NetSvcs: EMATCORE - File not found
NetSvcs: nwlnkspx - File not found
NetSvcs: acermemusagecheckservice - File not found
NetSvcs: nsvcip - File not found
NetSvcs: pmem - File not found
NetSvcs: procexp100 - File not found
NetSvcs: venturi2 - File not found
NetSvcs: arcltsrv - File not found
NetSvcs: tap0901 - File not found
NetSvcs: ZTEusbser6k - File not found
NetSvcs: z525mdfl - File not found
NetSvcs: sqlagent$soshome22 - File not found
NetSvcs: armoucfltr - File not found
NetSvcs: cwafnotesservice - File not found
NetSvcs: mcdetect.exe - File not found
NetSvcs: wlancfg - File not found
NetSvcs: MR97310_USB_DUAL_CAMERA - File not found
NetSvcs: snapman380 - File not found
NetSvcs: SI3112 - File not found
NetSvcs: pop3d32 - File not found
NetSvcs: trackcam4 - File not found
NetSvcs: rnadiagreceiver - File not found
NetSvcs: ntiopnp - File not found
NetSvcs: AtcL002 - File not found
NetSvcs: lbtserv - File not found
NetSvcs: asapiw2k - File not found
NetSvcs: maya70docserver - File not found
NetSvcs: cercsr6 - File not found
NetSvcs: eloggersvc6 - File not found
NetSvcs: symfw - File not found
NetSvcs: BCM43XV - File not found
NetSvcs: aswlsvc - File not found
NetSvcs: winpowerrmi - File not found
NetSvcs: snareiis - File not found
NetSvcs: dlpwd - File not found
NetSvcs: lfsfilt - File not found
NetSvcs: pensup - File not found
NetSvcs: Xyz777s - File not found
NetSvcs: https-nassry - File not found
NetSvcs: rxfilter - File not found
NetSvcs: viagfx - File not found
NetSvcs: DLH5X - File not found
NetSvcs: s217mdfl - File not found
NetSvcs: s24trans - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: pxwutw - File not found
NetSvcs: qagswfg - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mjpg - pvmjpg30.dll File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/02/25 22:46:47 | 000,000,000 | -HSD | C] -- C:\found.001
[2012/02/25 22:35:27 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/25 22:33:30 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Joey\Desktop\tdsskiller.exe
[2012/02/22 20:45:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2012/02/18 10:01:28 | 000,117,760 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpz3l5k2.dll
[2012/02/18 10:01:25 | 000,267,864 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpzids01.dll
[2012/02/18 09:50:42 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2012/02/02 11:36:58 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Joey\My Documents\mbam-setup-1.60.1.1000.exe
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/26 17:06:25 | 000,000,265 | ---- | M] () -- C:\Documents and Settings\Joey\Desktop\Shortcut to OTL.lnk
[2012/02/26 15:16:56 | 000,000,602 | ---- | M] () -- C:\WINDOWS\ssdiag.ini
[2012/02/26 14:58:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/26 14:58:11 | 937,472,000 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/26 11:34:10 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-793404001-1316298628-3179757127-1006UA.job
[2012/02/26 11:20:17 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2012/02/26 11:20:17 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2012/02/26 11:00:14 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2012/02/26 11:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2012/02/26 11:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At106.job
[2012/02/26 10:21:32 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2012/02/26 10:21:31 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2012/02/26 10:20:17 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7B66FA72-A2CA-408C-B65A-FC2B1EA6AAB8}.job
[2012/02/26 10:15:31 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2012/02/26 10:15:29 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2012/02/26 08:01:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2012/02/26 08:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2012/02/26 08:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At103.job
[2012/02/26 07:21:31 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2012/02/26 07:21:21 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2012/02/26 07:00:14 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2012/02/26 07:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2012/02/26 07:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At102.job
[2012/02/26 06:20:16 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2012/02/26 06:20:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2012/02/26 06:00:14 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2012/02/26 06:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2012/02/26 06:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At101.job
[2012/02/26 05:20:16 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2012/02/26 05:20:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2012/02/26 05:01:28 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2012/02/26 05:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2012/02/26 05:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At100.job
[2012/02/26 04:20:17 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2012/02/26 04:20:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2012/02/26 04:01:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2012/02/26 04:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At99.job
[2012/02/26 04:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2012/02/26 03:20:16 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2012/02/26 03:20:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2012/02/26 03:00:14 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2012/02/26 03:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At98.job
[2012/02/26 03:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2012/02/26 02:20:16 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2012/02/26 02:20:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2012/02/26 02:00:14 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2012/02/26 02:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At97.job
[2012/02/26 02:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2012/02/26 01:20:16 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/02/26 01:20:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/02/26 01:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At96.job
[2012/02/26 01:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2012/02/26 00:41:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
[2012/02/26 00:31:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2012/02/26 00:21:46 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/02/26 00:21:45 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/02/25 22:33:36 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Joey\Desktop\tdsskiller.exe
[2012/02/25 22:28:17 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/25 22:22:02 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2012/02/25 22:22:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2012/02/25 22:02:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At90.job
[2012/02/25 22:02:14 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/02/25 22:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At93.job
[2012/02/25 22:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At117.job
[2012/02/25 20:51:02 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\3P0IaE03.exe.d
[2012/02/25 20:46:27 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At118.job
[2012/02/25 20:46:27 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At116.job
[2012/02/25 20:46:27 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At115.job
[2012/02/25 20:46:27 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At114.job
[2012/02/25 20:46:26 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At113.job
[2012/02/25 20:46:26 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At112.job
[2012/02/25 20:46:26 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At111.job
[2012/02/25 20:46:26 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At110.job
[2012/02/25 20:46:25 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At109.job
[2012/02/25 20:46:25 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At108.job
[2012/02/25 20:46:25 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At107.job
[2012/02/25 20:46:25 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At105.job
[2012/02/25 20:46:25 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At104.job
[2012/02/25 20:46:17 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At95.job
[2012/02/25 20:46:14 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At91.job
[2012/02/25 20:46:14 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At92.job
[2012/02/25 20:46:13 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At89.job
[2012/02/25 20:46:13 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At87.job
[2012/02/25 20:46:13 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At85.job
[2012/02/25 20:46:13 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At83.job
[2012/02/25 20:46:13 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At81.job
[2012/02/25 20:46:13 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At79.job
[2012/02/25 20:46:13 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At77.job
[2012/02/25 20:46:13 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At75.job
[2012/02/25 20:46:13 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At73.job
[2012/02/25 20:46:13 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2012/02/25 20:46:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At88.job
[2012/02/25 20:46:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At86.job
[2012/02/25 20:46:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At84.job
[2012/02/25 20:46:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At82.job
[2012/02/25 20:46:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At80.job
[2012/02/25 20:46:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At78.job
[2012/02/25 20:46:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At76.job
[2012/02/25 20:46:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At74.job
[2012/02/25 20:46:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2012/02/25 20:46:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2012/02/25 20:46:07 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2012/02/25 20:46:07 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2012/02/25 20:46:07 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2012/02/25 20:20:25 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2012/02/25 20:20:22 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2012/02/25 19:22:33 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2012/02/25 19:22:31 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2012/02/25 18:26:48 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2012/02/25 18:26:45 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2012/02/24 23:22:07 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2012/02/24 23:21:59 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2012/02/24 22:29:21 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2012/02/24 22:29:21 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2012/02/24 22:08:01 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\3P0IaE03.exe_.b
[2012/02/24 22:08:01 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\3P0IaE03.exe.b
[2012/02/22 20:34:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/18 10:02:05 | 000,155,378 | ---- | M] () -- C:\WINDOWS\hpwins12.dat
[2012/02/18 10:01:42 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\d3jVyLa.dat
[2012/02/18 09:48:55 | 000,087,176 | ---- | M] () -- C:\WINDOWS\System32\k8nvaGece.com_
[2012/02/18 09:48:55 | 000,087,176 | ---- | M] () -- C:\WINDOWS\System32\k8nvaGece.com
[2012/02/18 09:48:55 | 000,087,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\3P0IaE03.exe
[2012/02/18 09:47:31 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2012/02/18 06:36:46 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Joey\Desktop\Google Chrome.lnk
[2012/02/18 06:36:46 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Joey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/16 18:43:56 | 000,352,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/16 18:34:46 | 000,483,680 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/16 18:34:45 | 000,080,918 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/14 23:04:54 | 000,149,504 | ---- | M] () -- C:\Documents and Settings\Joey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/02 12:34:04 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-793404001-1316298628-3179757127-1006Core.job
[2012/02/02 11:37:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/02 11:37:06 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Joey\My Documents\mbam-setup-1.60.1.1000.exe
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/26 17:06:25 | 000,000,265 | ---- | C] () -- C:\Documents and Settings\Joey\Desktop\Shortcut to OTL.lnk
[2012/02/26 14:58:11 | 937,472,000 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/26 04:20:02 | 000,087,176 | ---- | C] () -- C:\WINDOWS\System32\k8nvaGece.com
[2012/02/25 20:51:02 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\3P0IaE03.exe.d
[2012/02/25 20:46:27 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At118.job
[2012/02/25 20:46:27 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At117.job
[2012/02/25 20:46:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At116.job
[2012/02/25 20:46:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At115.job
[2012/02/25 20:46:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At114.job
[2012/02/25 20:46:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At113.job
[2012/02/25 20:46:25 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At112.job
[2012/02/25 20:46:25 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At111.job
[2012/02/25 20:46:25 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At110.job
[2012/02/25 20:46:25 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At109.job
[2012/02/25 20:46:24 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At108.job
[2012/02/25 20:46:24 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At107.job
[2012/02/25 20:46:24 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At106.job
[2012/02/25 20:46:24 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At105.job
[2012/02/25 20:46:24 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At104.job
[2012/02/25 20:46:24 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At103.job
[2012/02/25 20:46:24 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At102.job
[2012/02/25 20:46:23 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At101.job
[2012/02/25 20:46:23 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At100.job
[2012/02/25 20:46:22 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At99.job
[2012/02/25 20:46:20 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At98.job
[2012/02/25 20:46:18 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At97.job
[2012/02/25 20:46:17 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At96.job
[2012/02/25 20:46:16 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At95.job
[2012/02/25 20:46:15 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At94.job
[2012/02/25 20:46:14 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At93.job
[2012/02/25 20:46:14 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At91.job
[2012/02/25 20:46:14 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At92.job
[2012/02/25 20:46:13 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At89.job
[2012/02/25 20:46:13 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At87.job
[2012/02/25 20:46:13 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At85.job
[2012/02/25 20:46:13 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At83.job
[2012/02/25 20:46:13 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At81.job
[2012/02/25 20:46:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At90.job
[2012/02/25 20:46:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At88.job
[2012/02/25 20:46:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At86.job
[2012/02/25 20:46:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At84.job
[2012/02/25 20:46:13 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At82.job
[2012/02/25 20:46:12 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At79.job
[2012/02/25 20:46:12 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At77.job
[2012/02/25 20:46:12 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At75.job
[2012/02/25 20:46:12 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At80.job
[2012/02/25 20:46:12 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At78.job
[2012/02/25 20:46:12 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At76.job
[2012/02/25 20:46:11 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At73.job
[2012/02/25 20:46:11 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2012/02/25 20:46:11 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2012/02/25 20:46:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At74.job
[2012/02/25 20:46:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2012/02/25 20:46:11 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2012/02/25 20:46:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2012/02/25 20:46:05 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2012/02/25 20:46:04 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2012/02/25 20:46:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2012/02/25 20:46:02 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2012/02/25 20:46:02 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2012/02/25 20:46:02 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2012/02/25 20:46:02 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2012/02/25 20:46:02 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2012/02/25 20:46:02 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2012/02/25 20:46:02 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2012/02/25 20:46:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2012/02/25 20:46:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2012/02/25 20:46:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2012/02/25 20:46:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2012/02/25 20:46:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2012/02/25 20:46:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2012/02/25 20:46:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2012/02/25 20:45:12 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2012/02/25 20:44:49 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2012/02/24 22:08:01 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\3P0IaE03.exe_.b
[2012/02/24 22:08:01 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\3P0IaE03.exe.b
[2012/02/24 21:36:01 | 000,087,176 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\3P0IaE03.exe
[2012/02/18 10:20:02 | 000,087,176 | ---- | C] () -- C:\WINDOWS\System32\k8nvaGece.com_
[2012/02/18 10:01:58 | 000,155,378 | ---- | C] () -- C:\WINDOWS\hpwins12.dat
[2012/02/18 10:01:58 | 000,000,981 | ---- | C] () -- C:\WINDOWS\hpwmdl12.dat
[2012/02/18 09:47:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2012/02/18 09:47:31 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\d3jVyLa.dat
[2012/02/15 18:15:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 18:15:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/05 15:25:08 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/01/09 21:15:16 | 000,017,264 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\378297015
[2012/01/09 21:15:15 | 000,017,264 | -HS- | C] () -- C:\Documents and Settings\Joey\Local Settings\Application Data\378297015
[2012/01/09 21:15:02 | 000,017,868 | -HS- | C] () -- C:\Documents and Settings\Joey\Local Settings\Application Data\767t3m7h5421
[2012/01/09 21:15:02 | 000,017,852 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\767t3m7h5421
[2011/11/22 16:58:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2011/11/22 16:33:42 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Electric Piano
[2011/11/22 16:33:42 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Joey\Application Data\Dynamic Library
[2011/11/22 16:33:42 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2011/11/22 16:31:42 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2011/11/22 16:31:41 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Electric Clav
[2011/11/22 16:31:41 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Joey\Application Data\Drums
[2011/11/22 16:31:41 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2011/09/11 21:09:40 | 000,214,118 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/10/26 20:21:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/05 20:41:06 | 000,000,602 | ---- | C] () -- C:\WINDOWS\ssdiag.ini
[2010/03/11 21:42:03 | 000,056,360 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/12/05 11:53:37 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/11/28 10:16:06 | 000,007,230 | RH-- | M] () -- C:\dell.sdr
[2009/07/20 18:47:24 | 000,000,090 | ---- | M] () -- C:\error.log
[2012/02/26 14:58:11 | 937,472,000 | -HS- | M] () -- C:\hiberfil.sys
[2007/12/25 01:09:35 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2007/11/28 10:55:22 | 000,000,844 | -H-- | M] () -- C:\IPH.PH
[2010/10/24 19:50:29 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/07/03 20:19:39 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/02/26 14:58:10 | 1409,286,144 | -HS- | M] () -- C:\pagefile.sys
[2012/01/23 15:16:37 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2007/11/28 10:56:33 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2012/01/13 20:51:03 | 000,070,874 | ---- | M] () -- C:\TDSSKiller.2.7.1.0_13.01.2012_20.50.43_log.txt
[2012/02/25 22:35:59 | 000,074,534 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_25.02.2012_22.33.39_log.txt

< %PROGRAMFILES%\*.* >

< %APPDATA%\*.* >
[2004/08/10 12:57:42 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Joey\Application Data\desktop.ini
[2008/09/30 20:53:22 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\Joey\Application Data\Digital Mono
[2011/11/22 16:31:41 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\Joey\Application Data\Drums
[2011/11/22 16:33:42 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\Joey\Application Data\Dynamic Library
[2011/09/04 20:48:22 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\Joey\Application Data\wklnhst.dat

< %systemroot%\Tasks\*.job >
[2012/01/20 16:40:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2012/02/26 00:21:45 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2012/02/26 04:20:17 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2012/02/26 05:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At100.job
[2012/02/26 06:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At101.job
[2012/02/26 07:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At102.job
[2012/02/26 08:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At103.job
[2012/02/25 20:46:25 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At104.job
[2012/02/25 20:46:25 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At105.job
[2012/02/26 11:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At106.job
[2012/02/25 20:46:25 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At107.job
[2012/02/25 20:46:25 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At108.job
[2012/02/25 20:46:25 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At109.job
[2012/02/26 05:20:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2012/02/25 20:46:26 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At110.job
[2012/02/25 20:46:26 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At111.job
[2012/02/25 20:46:26 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At112.job
[2012/02/25 20:46:26 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At113.job
[2012/02/25 20:46:27 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At114.job
[2012/02/25 20:46:27 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At115.job
[2012/02/25 20:46:27 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At116.job
[2012/02/25 22:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At117.job
[2012/02/25 20:46:27 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At118.job
[2012/02/26 05:20:16 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2012/02/26 06:20:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2012/02/26 06:20:16 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2012/02/26 07:21:31 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2012/02/26 07:21:21 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2012/02/26 10:15:29 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2012/02/26 10:15:31 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2012/02/26 00:21:46 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2012/02/26 10:21:32 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2012/02/26 10:21:31 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2012/02/26 11:20:17 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2012/02/26 11:20:17 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2012/02/26 01:20:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2012/02/18 09:47:31 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2012/02/18 09:47:31 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2012/02/25 18:26:48 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2012/02/25 18:26:45 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2012/02/25 19:22:31 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2012/02/26 01:20:16 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2012/02/25 19:22:33 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2012/02/25 20:20:22 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2012/02/25 20:20:25 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2012/02/24 22:29:21 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2012/02/24 22:29:21 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2012/02/25 22:22:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2012/02/25 22:22:02 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2012/02/24 23:21:59 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2012/02/24 23:22:07 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2012/02/26 00:31:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
[2012/02/26 02:20:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2012/02/26 02:00:14 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
[2012/02/26 01:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
[2012/02/26 03:00:14 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
[2012/02/26 02:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
[2012/02/26 04:01:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
[2012/02/26 03:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
[2012/02/26 05:01:28 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
[2012/02/26 04:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
[2012/02/26 06:00:14 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
[2012/02/26 05:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
[2012/02/26 02:20:16 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2012/02/26 07:00:14 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
[2012/02/26 06:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
[2012/02/26 08:01:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
[2012/02/26 07:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
[2012/02/25 20:46:07 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
[2012/02/26 08:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
[2012/02/25 20:46:07 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
[2012/02/25 20:46:07 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
[2012/02/26 11:00:14 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
[2012/02/25 20:46:13 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
[2012/02/26 03:20:16 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2012/02/25 20:46:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
[2012/02/26 11:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
[2012/02/25 20:46:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
[2012/02/25 20:46:13 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At73.job
[2012/02/25 20:46:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At74.job
[2012/02/25 20:46:13 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At75.job
[2012/02/25 20:46:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At76.job
[2012/02/25 20:46:13 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At77.job
[2012/02/25 20:46:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At78.job
[2012/02/25 20:46:13 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At79.job
[2012/02/26 03:20:16 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2012/02/25 20:46:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At80.job
[2012/02/25 20:46:13 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At81.job
[2012/02/25 20:46:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At82.job
[2012/02/25 20:46:13 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At83.job
[2012/02/25 20:46:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At84.job
[2012/02/25 20:46:13 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At85.job
[2012/02/25 20:46:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At86.job
[2012/02/25 20:46:13 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At87.job
[2012/02/25 20:46:13 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At88.job
[2012/02/25 20:46:13 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At89.job
[2012/02/26 04:20:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2012/02/25 22:02:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At90.job
[2012/02/25 20:46:14 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At91.job
[2012/02/25 20:46:14 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At92.job
[2012/02/25 22:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At93.job
[2012/02/26 00:41:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At94.job
[2012/02/25 20:46:17 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At95.job
[2012/02/26 01:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At96.job
[2012/02/26 02:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At97.job
[2012/02/26 03:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At98.job
[2012/02/26 04:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\At99.job
[2009/04/05 18:00:15 | 000,000,434 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job
[2012/02/02 12:34:04 | 000,000,922 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-793404001-1316298628-3179757127-1006Core.job
[2012/02/26 11:34:10 | 000,000,974 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-793404001-1316298628-3179757127-1006UA.job
[2012/02/26 10:20:17 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7B66FA72-A2CA-408C-B65A-FC2B1EA6AAB8}.job

< c:\ipsec.sys /s /md5 >
[2004/08/04 05:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- c:\i386\ipsec.sys
[3 c:\i386\*.tmp files -> c:\i386\*.tmp -> ]
[2004/08/04 05:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- c:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
[2008/04/13 13:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- c:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008/04/13 13:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- c:\WINDOWS\system32\dllcache\ipsec.sys
[2012/02/25 22:38:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- c:\WINDOWS\system32\drivers\ipsec.sys
[1 c:\WINDOWS\system32\drivers\*.tmp files -> c:\WINDOWS\system32\drivers\*.tmp -> ]

< End of report >


OTL Extras logfile created on: 2/26/2012 5:07:55 PM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = E:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.97 Mb Total Physical Memory | 446.32 Mb Available Physical Memory | 49.93% Memory free
2.11 Gb Paging File | 1.75 Gb Available in Paging File | 82.79% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 75.02 Gb Free Space | 69.08% Space Free | Partition Type: NTFS
Drive E: | 982.72 Mb Total Space | 15.64 Mb Free Space | 1.59% Space Free | Partition Type: FAT

Computer Name: JOEY | User Name: Joey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-793404001-1316298628-3179757127-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe" = C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Enabled:MediaManager9 Module -- (Sonic Solutions)
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1E0F4BDA-15AA-44FE-8CA1-C1722E64F4F5}" = MAGIX Screenshare
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{2221B713-71B1-489A-938C-42C81660CDC1}" = Xara Photo & Graphic Designer 6
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 26
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CA45E8F-6CA8-49C3-810C-9C2EA21C5EC4}" = MAGIX Photo Manager 10
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4D4996C4-4CF0-2E85-3CF2-566E773D6C58}" = my Picturetown Uploader
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{598420E8-E9F9-4FAE-9B6C-599FDF2F611A}" = BlackBerry App World Browser Plugin
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Driver
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{75CDF2CA-5F89-4BC8-9556-CF70782CBD17}" = Motorola Phone Tools
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{854CABD8-0A0D-4C0D-945D-E0E5C9EA5FB2}" = MAGIX PhotoStory on CD & DVD 10
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine
"{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}" = TTS Wrapper
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A617F4DD-8EC0-4E39-A88E-D1A5F958D9E7}" = MAGIX Speed burnR (MSI)
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C82185E8-C27B-4EF4-2007-4444BC2C2B6D}" = Microsoft Streets & Trips 2007 with GPS Locator
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D1574240-058F-49B9-878E-DEBEF804C5EF}" = MAGIX Photo Manager 10 Deluxe
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}" = Virtual Earth 3D (Beta)
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EF40BAC3-372B-46F4-A32D-B37CF4217CE7}" = ATI Catalyst Control Center
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"America Online us" = America Online (Choose which version to remove)
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"ATI Display Driver" = ATI Display Driver
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.mypicturetown.myptuploader.F9C4985A082C78528AFA4529A49FFE7D3454A64B.1" = my Picturetown Uploader
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"MAGIX_MSI_Digital_Foto_Maker_10" = MAGIX Photo Manager 10 Deluxe
"MAGIX_MSI_Foto_Grafik_Designer_6" = Xara Photo & Graphic Designer 6
"MAGIX_MSI_Foto_Manager_10" = MAGIX Photo Manager 10
"MAGIX_MSI_Fotos_auf_CD_DVD_10" = MAGIX PhotoStory on CD & DVD 10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Masque Casino Games II" = Masque Casino Games II
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MySpaceIM" = MySpaceIM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Oregon Trail II" = Oregon Trail II
"Picasa 3" = Picasa 3
"RealFlightG3Pro" = RealFlight G3 R/C Simulator
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-793404001-1316298628-3179757127-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

< End of report >
  • 0

#4
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


Download the latest version of ComboFix from here. Make sure you have it saved to the Desktop.

As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Having said the above, follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Once it's installed, click Yes to continue.

When done, paste the contents of the resultant log in your next reply.
  • 0

#5
Tpacholik

Tpacholik

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
The laptop will not connect to the internet and I can not install the Windows recovery console. I would rather re-format and reinstall XP at this point.
  • 0

#6
Tpacholik

Tpacholik

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Can you help me with the reformat and reinstall?
  • 0

#7
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Sure, if that's your choice, we'll do it together.

Do you have a Windows XP Home Edition CD?
  • 0

#8
Tpacholik

Tpacholik

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
xp professional version 2002
  • 0

#9
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Fair enough. This means it'll be a Windows XP Pro installation this time. So use the product key that comes with the CD when it's needed.

Also, don't backup any file/folder you don't need. Only backup your personal files, such as your documents, pictures, videos, music, and so on. We don't want your fresh installation to be reinfected because of unnecessary files. ;)

To format and reinstall, please follow the instructions here.

If you need help with the instructions, do let me know and I'll help you out as best I can.

Edited by Amlak, 29 February 2012 - 04:43 PM.

  • 0

#10
Tpacholik

Tpacholik

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I have completed the reinstall. I connect to the internet via a wireless router but it is telling me there is no connection. What do i need to do now? Do i need to install the cd for the wireless router?
  • 0

#11
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Well done on reinstalling Windows. What you're missing now are some needed drivers. Yes, do give that CD a go. And if it doesn't work out, let me know the model and make of your computer so I can help find the needed drivers for you.
  • 0

#12
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Subject to no further problems :)

I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your computer now appears clean :thumbsup:

Make sure your Java is up to date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#13
NeonFx

NeonFx

    Malware Removal Dude

  • Expert
  • 3,797 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP