Trojan Horse Generic 27.athl and trojan horse Generic26.apiz infection

hello my computer is very sick it has been like this for a couple months and i quit using it for awhile because of family stuff but would now like to you use it and clean it any help would be aprecitated thank you. the infection names are in the title and the first one is infecting C:\Program Files\Online Services\EarthLink\InstallEarthlink.exe and the second one is infecting C:\Windows\system32\Gi2E1s.com

OTL logfile created on: 5/24/2012 1:46:31 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Owner\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 53.17% Memory free
6.21 Gb Paging File | 4.75 Gb Available in Paging File | 76.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.08 Gb Total Space | 193.03 Gb Free Space | 67.47% Space Free | Partition Type: NTFS
Drive D: | 12.01 Gb Total Space | 1.90 Gb Free Space | 15.79% Space Free | Partition Type: NTFS

Computer Name: ARJXBPYTXN | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/24 13:46:11 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2012/03/31 15:59:58 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/02/13 21:19:20 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.EXE
PRC - [2011/12/13 22:36:31 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/10/23 10:24:05 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG8\AVG8\avgtray.exe
PRC - [2009/08/28 11:56:25 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG8\AVG8\avgrsx.exe
PRC - [2009/08/28 11:56:24 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG8\AVG8\avgcsrvx.exe
PRC - [2009/08/28 11:56:20 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG8\AVG8\avgnsx.exe
PRC - [2009/08/28 11:56:15 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG8\AVG8\avgemc.exe
PRC - [2009/08/28 11:56:04 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG8\AVG8\avgwdsvc.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/19 02:33:35 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
PRC - [2007/09/15 03:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/08/17 08:27:00 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/07/25 01:02:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/25 01:02:42 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/01/17 08:34:18 | 000,634,880 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/22 23:55:03 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MOD - [2012/02/22 23:54:59 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\0ef893bbf33d38a1f7a63b9cee2dabfe\System.Transactions.ni.dll
MOD - [2012/02/22 23:54:58 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a333ad288c1a4bbbba8f61249202bc1a\System.EnterpriseServices.ni.dll
MOD - [2012/02/22 23:54:58 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a333ad288c1a4bbbba8f61249202bc1a\System.EnterpriseServices.Wrapper.dll
MOD - [2012/02/22 23:54:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012/02/22 23:48:05 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012/02/22 23:47:20 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll
MOD - [2012/02/22 23:46:55 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll
MOD - [2012/02/22 23:46:24 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\029217106fa24787ff7a61b754f8ebf7\System.Data.ni.dll
MOD - [2012/02/22 23:45:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll
MOD - [2012/02/22 23:45:50 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\56df3488472318c59d0a08ed10a065d3\PresentationFramework.ni.dll
MOD - [2012/02/22 23:45:15 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3951e0a359c004cd6ba268ff78ac62aa\PresentationCore.ni.dll
MOD - [2012/02/22 23:44:34 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll
MOD - [2012/02/22 23:44:14 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/24 19:35:49 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2010/11/04 22:04:16 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2009/04/11 01:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/04/10 21:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/03/29 23:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/29 23:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2007/10/01 19:11:02 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2007/10/01 19:11:00 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2007/10/01 19:10:50 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2007/10/01 19:10:28 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2007/10/01 19:10:20 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2007/10/01 19:10:20 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2007/10/01 19:10:20 | 000,006,144 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2007/09/30 21:34:52 | 000,345,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007/09/30 21:34:42 | 000,255,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007/09/30 21:34:42 | 000,120,208 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007/09/30 21:34:42 | 000,038,184 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2007/08/14 15:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/13 21:19:20 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/13 21:19:20 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.362.0\BBSvc.EXE -- (BBSvc)
SRV - [2009/08/28 11:56:15 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG8\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/28 11:56:04 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG8\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\CoachAud.dll -- (zpsc)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\cfgwzsvc.dll -- (Xyz777s)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\btcsrusb.dll -- (wlluc48)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\mssmbios.dll -- (vxd)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\x10nets.dll -- (vnxservice)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\clisvc.dll -- (vmnetadapter)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\appdrv.dll -- (VAIOMediaPlatform-VideoServer-HTTP)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\nisum.dll -- (VAIOMediaPlatform-MusicServer-HTTP)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\rnadiagreceiver.dll -- (UxTuneUp)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\fsbwsys.dll -- (transactional)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\rca.dll -- (tdrpman174)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\tandpl.dll -- (symantecantibotdriver)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\alerter.dll -- (sonicwall_netextender)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\Video3D.dll -- (snareiis)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\ZTEusbmdm6k.dll -- (se58obex)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\flashcomadmin.dll -- (SE2Cbus)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\parport.dll -- (sdhelper)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\qcdonner.dll -- (s24eventmonitor)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\{eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc}.dll -- (RR2Vbi)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\elnkservice.dll -- (rapapp)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\ultra66.dll -- (pwkntmon)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\DSXUSB.dll -- (psdistributionagent)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\resourcemanagermail.dll -- (pdfcreatormessages)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\s125bus.dll -- (orbpvr)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\HssSrv.dll -- (oracleorahome811cman)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\Evian.dll -- (nvstor32)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\retrowdsvc.dll -- (NSNDIS5)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\HFACSVC.dll -- (NAL)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\de_serv.dll -- (MSFWHLPR)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\slapd-config52.dll -- (mohfilt)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\mrpostman.dll -- (lvselsus)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\wmp54gssvc.dll -- (lvpr2mon)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\rollbackclientservice.dll -- (igfx)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\vulfnths.dll -- (ibmcicstransactiongateway)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\slimsvc.dll -- (HPFXBULK)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\lfsfilt.dll -- (hclinetd)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\TMBUS.dll -- (F700iat)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\PQNTDrv.dll -- (epson_pm_rpcv4_01)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\Invoker.dll -- (enethusb)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\tga.dll -- (DSI_SiUSBXp_3_1)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\atierecord.dll -- (dlcf_device)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\kpfwsvc.dll -- (DgiVecp)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\z800obex.dll -- (CVPNDRVA)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\digisptiservice.dll -- (citrixxteserver)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\zpjobq.dll -- (captureservice)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\FGDSCSI.dll -- (caili)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\wm.dll -- (bdselfpr)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\s7oppitx.dll -- (AYDrvNT_ALYAC)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\asp.net.dll -- (avfilter)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\sbpci.dll -- (ASFWHide)
SRV - [2008/01/19 02:33:32 | 000,005,632 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\tmlisten.dll -- (anydvd)
SRV - [2007/08/31 14:15:06 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) [On_Demand | Stopped] -- C:\Program Files\Vongo\VongoService.exe -- (Vongo Service)
SRV - [2007/07/25 01:02:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/03/05 12:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/10/03 06:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/08/28 11:56:25 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/28 11:56:24 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/05/25 21:07:45 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/04/11 12:59:30 | 000,041,216 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Capt9051.sys -- (SQTECH9051)
DRV - [2007/09/17 18:17:36 | 000,098,816 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/07/11 12:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/28 10:09:56 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 00:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 16:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 18:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/17 08:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{2EB0099A-73A8-4524-94E8-4129AA76060E}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{7DE94659-AF72-403C-8167-EC9A9F125D4E}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...kyp&ocid=skydhp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{2EB0099A-73A8-4524-94E8-4129AA76060E}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS340
IE - HKCU\..\SearchScopes\{7DE94659-AF72-403C-8167-EC9A9F125D4E}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/21 16:02:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/21 16:02:50 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.112\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.112\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\13.0.782.112\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2008/12/02 16:54:40 | 000,257,752 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 8959 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG8\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG8\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} http://notes05.ntc.edu/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7FF2B18-DBC5-42BE-8CF5-2AEB8A7CB7AD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D14D2ACC-4E9C-4D99-B873-F6FF47AC6A55}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG8\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DfLogon: DllName - (LogonDll.dll) - File not found
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/25 23:52:25 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/24 10:30:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/05/24 10:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/24 10:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/24 10:19:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/05/24 10:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012/05/24 10:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/24 10:14:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2012/05/24 13:45:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At28.job
[2012/05/24 13:45:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At27.job
[2012/05/24 13:37:19 | 000,077,259 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/05/24 13:37:18 | 000,077,259 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/05/24 13:37:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/24 13:25:40 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At25.job
[2012/05/24 13:25:39 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/24 13:25:39 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At26.job
[2012/05/24 12:13:35 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/24 12:13:35 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/24 12:08:27 | 000,000,162 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/05/24 12:07:34 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/24 12:07:03 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/24 12:07:03 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/24 12:06:48 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/24 11:39:27 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At22.job
[2012/05/24 11:39:27 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At21.job
[2012/05/24 10:30:43 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/24 10:20:11 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/05/24 10:16:51 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/24 10:14:11 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/24 10:08:48 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd

========== Files Created - No Company Name ==========

[2012/05/24 10:30:43 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/24 10:20:11 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/12 11:39:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\6xih3p.dat
[2012/01/12 11:38:47 | 000,029,184 | ---- | C] () -- C:\Windows\System32\Gi2E1s.com
[2011/05/02 20:50:39 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/10/14 08:48:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== LOP Check ==========

[2008/12/25 12:20:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Batman
[2010/09/29 14:41:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\click
[2012/04/02 03:00:31 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2012/04/02 04:44:59 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2012/04/02 19:42:32 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2012/04/02 19:42:32 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2012/04/02 19:42:32 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2012/04/02 19:42:32 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2012/04/02 19:42:32 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2012/04/02 19:42:32 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2012/04/02 19:42:33 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2012/04/02 19:42:33 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2012/04/02 19:42:33 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2012/04/02 03:00:31 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2012/04/02 19:42:33 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2012/05/24 11:39:27 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2012/05/24 11:39:27 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2012/04/02 19:42:34 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2012/04/02 19:42:34 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2012/05/24 13:25:40 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2012/05/24 13:25:39 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2012/05/24 13:45:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2012/05/24 13:45:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2012/04/02 19:42:35 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2012/04/02 03:00:31 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2012/04/02 19:42:35 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2012/04/02 19:42:35 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2012/04/02 19:42:35 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2012/04/13 16:45:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2012/04/13 16:45:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2012/04/02 19:42:36 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2012/04/02 19:42:36 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2012/04/02 19:42:36 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2012/04/02 19:42:36 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2012/04/02 19:45:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2012/04/02 03:00:31 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2012/04/02 19:45:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2012/04/02 20:45:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2012/04/02 20:45:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2012/04/02 03:00:31 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2012/04/02 03:00:31 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2012/04/02 03:00:31 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2012/04/02 03:00:31 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2012/04/02 03:00:31 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2012/04/02 03:00:31 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2012/04/02 03:00:31 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2012/04/02 03:00:31 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2012/04/02 03:44:59 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2012/04/02 03:44:59 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2012/04/02 04:44:59 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2012/05/24 11:42:33 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB62280$] -> Error: Cannot create file handle -> Unknown point type

< End of report >

Trojan Horse Generic 27.athl and trojan horse Generic26.apiz infection

#1
bugzbunny

Posted 24 May 2012 - 01:21 PM

Advertisements

#2
Nedklaw

Posted 24 May 2012 - 01:30 PM

#3
Nedklaw

Posted 26 May 2012 - 05:09 PM

#4
Elise

Posted 31 May 2012 - 11:36 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Trojan Horse Generic 27.athl and trojan horse Generic26.apiz infection

#1 bugzbunny Posted 24 May 2012 - 01:21 PM

Advertisements

#2 Nedklaw Posted 24 May 2012 - 01:30 PM

#3 Nedklaw Posted 26 May 2012 - 05:09 PM

#4 Elise Posted 31 May 2012 - 11:36 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Sign In

#1
bugzbunny

Posted 24 May 2012 - 01:21 PM

#2
Nedklaw

Posted 24 May 2012 - 01:30 PM

#3
Nedklaw

Posted 26 May 2012 - 05:09 PM

#4
Elise

Posted 31 May 2012 - 11:36 PM