Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Lost Internet, Touchpad, and Keyboard - Believe it is zero access

Started by brogdog44 , Jun 06 2012 11:50 PM

  • Please log in to reply

#1
brogdog44
Posted 06 June 2012 - 11:50 PM

brogdog44

    New Member

  • Member
  • Pip
  • 2 posts
This is my brother's computer, so forgive me for not knowing exactly what happened, but I do know i removed a very annoying malware about 2-3 months ago, and now all of the sudden the system has become a mess.

I have lost internet (there's no netsh and ipconfig capabilities in cmd.exe), the drivers for the keyboard and touchpad are uninstalled every reboot (I can install them to get functionality back until I boot down and up), Avast gives error code 10050 and says it can't protect me, and Malwarebytes can't complete scans. I did remove quite a few files with Avast bootscan after I rkill'd to get virus scanning back, and basically everytime I use rkill to momentarily stop the malware Avast starts letting me know of malware and viruses on my computer.

Ready and always up late to try and fix this [bleep] computer. Everything I've read points to zeroaccess/rootkit/registry virus or malware

Edited by brogdog44, 06 June 2012 - 11:50 PM.

  • 0

Advertisements

#2
brogdog44
Posted 07 June 2012 - 12:18 AM

brogdog44

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
And here's my OTL report:

OTL logfile created on: 6/7/2012 12:55:49 AM - Run 2
OTL by OldTimer - Version 3.2.46.2 Folder = C:\Documents and Settings\Zach\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 220.49 Mb Available Physical Memory | 21.57% Memory free
2.40 Gb Paging File | 1.72 Gb Available in Paging File | 71.62% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.74 Gb Total Space | 1.45 Gb Free Space | 1.32% Space Free | Partition Type: NTFS
Drive D: | 7.45 Gb Total Space | 7.04 Gb Free Space | 94.53% Space Free | Partition Type: FAT32

Computer Name: ZACHS-COMPUTER | User Name: Zach | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/06 22:51:16 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zach\Desktop\OTL.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/12/24 17:50:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/06/01 19:00:52 | 001,778,480 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009/11/24 16:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 16:47:39 | 000,159,280 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
PRC - [2009/11/24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/06/30 11:00:02 | 002,836,376 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2008/08/26 15:58:18 | 001,017,648 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2008/08/26 15:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/08/26 15:58:10 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/07/03 13:17:46 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 17:12:30 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/03 19:28:08 | 001,392,640 | R--- | M] (PalmSource, Inc) -- C:\Program Files\Palm\Hotsync.exe
PRC - [2007/10/08 14:18:04 | 000,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/10/08 14:15:50 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/10/08 14:13:36 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/10/08 14:09:26 | 000,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/09/01 11:01:42 | 000,671,744 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2006/07/19 12:03:56 | 000,094,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/14 22:40:40 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/14 22:34:30 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/14 22:34:03 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/02/05 11:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/10/08 14:03:22 | 000,245,760 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007/05/17 14:42:26 | 001,167,360 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2005/03/05 09:16:58 | 000,003,452 | ---- | M] () -- C:\Program Files\Alwil Software\Avast4\aswMonVD.dll
MOD - [2004/01/09 02:13:58 | 000,380,928 | ---- | M] () -- C:\WINDOWS\system32\actskin4.ocx


========== Win32 Services (SafeList) ==========

SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/06/01 19:00:52 | 001,778,480 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009/11/24 16:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 16:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 16:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 16:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/08/26 15:58:12 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/07/29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/06/26 10:25:28 | 000,031,592 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/04/13 17:12:38 | 000,073,216 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2008/04/13 17:12:36 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\emupia.dll -- (oraclewebassistant)
SRV - [2008/04/13 17:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/13 17:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/13 17:12:14 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/13 17:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/13 17:11:57 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/13 17:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - [2008/04/13 17:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2007/10/08 14:15:50 | 000,356,352 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\sthda.sys -- (STHDA)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\redbook.sys -- (redbook)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\netbt.sys -- (NetBT)
DRV - File not found [File_System | System | Stopped] -- system32\DRIVERS\mrxsmb.sys -- (MRxSmb)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HPZius12.sys -- (HPZius12)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HPZipr12.sys -- (HPZipr12)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HPZid412.sys -- (HPZid412)
DRV - File not found [File_System | System | Stopped] -- System32\DRIVERS\cmdguard.sys -- (cmdGuard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cercsr6)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwmodem.sys -- (btwmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwhid.sys -- (btwhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btkrnl.sys -- (BTKRNL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (.i8042prt)
DRV - [2012/06/07 00:09:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/06/07 00:05:25 | 000,014,080 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/06/01 19:00:24 | 000,087,824 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2010/06/01 19:00:22 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009/11/24 16:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 16:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 16:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 16:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 16:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 16:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/13 12:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 11:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 11:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 11:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2007/12/04 18:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/09/26 06:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/08/27 11:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/11/21 04:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 19:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/09/01 12:32:50 | 000,003,712 | ---- | M] (Logitech Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2006/07/19 12:29:08 | 000,027,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2006/07/19 12:28:56 | 000,071,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2006/07/19 12:28:04 | 000,036,736 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2006/07/19 12:27:26 | 000,013,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/05/23 22:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2005/05/25 17:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2005/01/10 18:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/01/10 18:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2004/08/10 04:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/10 04:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL)
DRV - [2004/08/10 04:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/02/04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://biola.blackbo.../webapps/login/
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...onType=&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:4.5
FF - prefs.js..keyword.URL: "http://search.freeca...&type=59779&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Zach\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Zach\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Zach\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Zach\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Zach\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/02 14:18:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/29 09:59:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/09 10:08:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/02 14:18:26 | 000,000,000 | ---D | M]

[2008/06/29 15:54:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zach\Application Data\Mozilla\Extensions
[2012/03/08 01:40:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\vnvo0iqo.default\extensions
[2009/07/06 22:42:12 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\vnvo0iqo.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2012/03/08 01:40:20 | 000,000,000 | ---D | M] (AOL Messaging Toolbar) -- C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\vnvo0iqo.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2008/06/29 16:03:22 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\vnvo0iqo.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2008/07/15 17:23:02 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\vnvo0iqo.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2011/11/20 02:18:00 | 000,000,000 | ---D | M] (Yontoo) -- C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\vnvo0iqo.default\extensions\[email protected]
[2009/09/12 08:06:00 | 000,000,310 | ---- | M] () -- C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\vnvo0iqo.default\searchplugins\aim-search.xml
[2010/07/31 22:11:42 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\vnvo0iqo.default\searchplugins\search-the-web.xml
[2011/10/09 10:08:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/06 19:54:59 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/10/09 10:08:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/01/07 02:01:21 | 000,634,964 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ZACH\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VNVO0IQO.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/10/09 10:07:50 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/09/06 08:59:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/29 09:59:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/09 10:07:48 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [EM_EXEC] C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\Zach\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Zach\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AIM Search - c:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1214781944562 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Zach\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Zach\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/29 14:43:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/04 11:57:10 | 000,000,125 | -H-- | M] () - D:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{14e4174c-a0f0-11de-8ecc-0015c5b1e062}\Shell - "" = AutoRun
O33 - MountPoints2\{14e4174c-a0f0-11de-8ecc-0015c5b1e062}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{14e4174c-a0f0-11de-8ecc-0015c5b1e062}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{194e1406-1235-11e0-a9a0-0015c5b1e062}\Shell - "" = AutoRun
O33 - MountPoints2\{194e1406-1235-11e0-a9a0-0015c5b1e062}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{194e1406-1235-11e0-a9a0-0015c5b1e062}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{1f52a57e-86a5-11dd-a06b-0015c5b1e062}\Shell - "" = AutoRun
O33 - MountPoints2\{1f52a57e-86a5-11dd-a06b-0015c5b1e062}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1f52a57e-86a5-11dd-a06b-0015c5b1e062}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{46cbdf15-0717-11df-8f01-0015c5b1e062}\Shell - "" = AutoRun
O33 - MountPoints2\{46cbdf15-0717-11df-8f01-0015c5b1e062}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{46cbdf15-0717-11df-8f01-0015c5b1e062}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{97fb566d-1999-11e1-aa32-0015c5b1e062}\Shell - "" = AutoRun
O33 - MountPoints2\{97fb566d-1999-11e1-aa32-0015c5b1e062}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{97fb566d-1999-11e1-aa32-0015c5b1e062}\Shell\AutoRun\command - "" = E:\iStudio.exe
O33 - MountPoints2\{9d3e9d20-210e-11e0-a9a6-0015c5b1e062}\Shell - "" = AutoRun
O33 - MountPoints2\{9d3e9d20-210e-11e0-a9a6-0015c5b1e062}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9d3e9d20-210e-11e0-a9a6-0015c5b1e062}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{ae44fecc-011b-11df-8ef7-0015c5b1e062}\Shell - "" = AutoRun
O33 - MountPoints2\{ae44fecc-011b-11df-8ef7-0015c5b1e062}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ae44fecc-011b-11df-8ef7-0015c5b1e062}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{b31f55f1-4077-11e0-a9b9-0015c5b1e062}\Shell - "" = AutoRun
O33 - MountPoints2\{b31f55f1-4077-11e0-a9b9-0015c5b1e062}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b31f55f1-4077-11e0-a9b9-0015c5b1e062}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/07 00:55:08 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Zach\Desktop\OTL.exe
[2012/06/07 00:12:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Desktop\net stuffa
[2012/06/07 00:11:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/06/07 00:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Desktop\RK_Quarantine
[2012/06/07 00:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/06/07 00:04:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/06/07 00:04:08 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Zach\Desktop\erunt-setup.exe
[2012/06/06 21:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Local Settings\Application Data\SupportSoft
[2012/06/06 21:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2012/06/06 21:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Support Center
[2012/06/06 21:31:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2012/06/06 21:31:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/06/06 21:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
[2012/06/06 21:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2012/06/06 21:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Dell
[2012/06/06 21:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Line Detect
[2012/06/06 21:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2012/06/06 21:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Broadcom
[2012/06/06 21:16:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2012/06/06 20:07:53 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2012/06/06 19:55:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Intel PROSet Wireless
[2012/06/06 19:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2012/06/06 19:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2012/06/06 19:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Application Data\Intel
[2012/06/06 19:41:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2012/06/06 19:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/06 19:30:44 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[39 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\Zach\My Documents\*.tmp files -> C:\Documents and Settings\Zach\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/07 01:01:16 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1715567821-682003330-1003UA.job
[2012/06/07 00:57:08 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-57989841-1715567821-682003330-1003UA.job
[2012/06/07 00:34:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/06/07 00:22:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2012/06/07 00:09:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/06/07 00:05:25 | 000,014,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/06/07 00:04:48 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Zach\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/06/07 00:04:40 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\NTREGOPT.lnk
[2012/06/07 00:04:40 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\ERUNT.lnk
[2012/06/07 00:03:22 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/06 23:53:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/06 23:53:15 | 1072,103,424 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/06 23:03:34 | 114,819,072 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\VIPRERescue12015.exe
[2012/06/06 22:51:16 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zach\Desktop\OTL.exe
[2012/06/06 22:07:12 | 000,004,096 | -H-- | M] () -- C:\WINDOWS\System32\._Netsh.exe
[2012/06/06 22:07:00 | 000,757,752 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\Netsh.exe
[2012/06/06 22:05:24 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1715567821-682003330-1003Core.job
[2012/06/06 21:58:00 | 001,516,032 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\RogueKiller.exe
[2012/06/06 21:55:28 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Zach\Desktop\erunt-setup.exe
[2012/06/06 21:34:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2012/06/06 21:31:19 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk
[2012/06/06 21:25:50 | 000,000,493 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2012/06/06 21:23:24 | 000,000,424 | RH-- | M] () -- C:\WINDOWS\ctfile.rfc
[2012/06/06 21:21:13 | 000,013,984 | ---- | M] () -- C:\WINDOWS\AegisP.inf
[2012/06/06 21:21:13 | 000,010,640 | ---- | M] () -- C:\WINDOWS\AegisP.cat
[2012/06/06 20:22:04 | 000,000,338 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\My Documents.lnk
[2012/06/06 20:09:20 | 000,022,729 | ---- | M] () -- C:\newkey
[2012/06/06 20:09:20 | 000,022,729 | ---- | M] () -- C:\newfile.enc
[2012/06/06 19:54:56 | 000,460,302 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/06 19:54:56 | 000,079,038 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/06 19:53:40 | 001,012,656 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\rkill.exe
[2012/06/06 19:41:38 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/06/06 19:40:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/06 19:26:54 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[39 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\Zach\My Documents\*.tmp files -> C:\Documents and Settings\Zach\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/07 01:09:52 | 114,819,072 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\VIPRERescue12015.exe
[2012/06/07 00:11:45 | 000,757,752 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\Netsh.exe
[2012/06/07 00:10:26 | 000,004,096 | -H-- | C] () -- C:\WINDOWS\System32\._Netsh.exe
[2012/06/07 00:05:25 | 000,014,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/06/07 00:04:48 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Zach\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/06/07 00:04:40 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\NTREGOPT.lnk
[2012/06/07 00:04:40 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\ERUNT.lnk
[2012/06/07 00:04:25 | 001,012,656 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\rkill.exe
[2012/06/07 00:04:12 | 001,516,032 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\RogueKiller.exe
[2012/06/06 21:31:19 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk
[2012/06/06 21:25:50 | 000,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2012/06/06 21:23:17 | 004,174,814 | ---- | C] () -- C:\WINDOWS\System32\ct4mgm.sf2
[2012/06/06 21:23:17 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\default4.sfm
[2012/06/06 21:23:14 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2012/06/06 21:23:14 | 000,000,424 | RH-- | C] () -- C:\WINDOWS\ctfile.rfc
[2012/06/06 20:22:04 | 000,000,338 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\My Documents.lnk
[2012/06/06 20:09:20 | 000,022,729 | ---- | C] () -- C:\newkey
[2012/06/06 20:09:20 | 000,022,729 | ---- | C] () -- C:\newfile.enc
[2012/06/06 19:54:56 | 000,013,984 | ---- | C] () -- C:\WINDOWS\AegisP.inf
[2012/06/06 19:54:56 | 000,010,640 | ---- | C] () -- C:\WINDOWS\AegisP.cat
[2012/06/06 19:51:30 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/06 19:41:31 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/06 19:36:57 | 1072,103,424 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/06 19:34:15 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/06/06 19:26:54 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/26 14:57:32 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\6bkTHs.dat
[2012/01/01 19:14:08 | 000,014,486 | -HS- | C] () -- C:\Documents and Settings\Zach\Local Settings\Application Data\125hyn05i275tj63h6gdh6x206313a45c4302
[2012/01/01 19:14:08 | 000,014,486 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\125hyn05i275tj63h6gdh6x206313a45c4302
[2011/02/13 20:01:07 | 000,038,437 | ---- | C] () -- C:\Documents and Settings\Zach\Application Data\Comma Separated Values (DOS).ADR
[2010/12/25 02:48:03 | 000,037,856 | ---- | C] () -- C:\Documents and Settings\Zach\Application Data\Comma Separated Values (Windows).ADR
[2010/08/02 14:03:11 | 000,215,012 | ---- | C] () -- C:\WINDOWS\hpoins35.dat
[2010/08/02 14:03:10 | 000,001,069 | ---- | C] () -- C:\WINDOWS\hpomdl35.dat

========== LOP Check ==========

[2008/06/29 17:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/05/10 13:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2008/06/29 14:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2008/06/30 12:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008/09/16 09:44:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirstClass
[2011/01/14 15:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2008/07/03 10:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaWidget
[2009/07/31 19:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/05/30 22:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
[2012/06/06 21:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2012/06/06 21:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/06/06 21:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/11/20 02:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/06/07 00:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/06 15:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Print Shop
[2010/06/05 22:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008/06/29 18:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach\Application Data\acccore
[2010/01/23 13:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach\Application Data\AnvSoft
[2008/07/03 10:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach\Application Data\BSD
[2008/08/25 23:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach\Application Data\CiscoCAA
[2009/08/11 11:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach\Application Data\eBookPro6
[2008/06/30 12:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach\Application Data\ESET
[2009/09/15 14:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach\Application Data\GetRightToGo
[2011/01/14 15:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach\Application Data\HotSync
[2011/03/31 19:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach\Application Data\LimeWire
[2008/10/12 22:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach\Application Data\Netscape
[2010/11/07 14:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Zach\Application Data\Smilebox
[2012/02/26 13:22:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2012/03/18 18:22:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2012/06/07 00:22:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2012/03/04 07:22:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2012/02/26 13:22:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/06/07 00:34:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2012/03/04 06:34:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2012/03/04 07:34:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2012/03/04 11:56:56 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2012/03/12 08:34:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2012/02/26 14:57:31 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2012/03/17 10:34:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2012/03/17 11:34:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2012/02/26 14:57:31 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2012/04/06 13:34:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2012/04/06 14:34:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2012/03/04 02:34:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2012/03/18 15:34:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2012/03/18 16:34:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2012/03/18 17:34:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2012/03/18 18:34:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2012/03/18 19:34:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2012/03/12 20:34:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2012/06/06 21:34:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2012/03/19 22:34:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2012/03/19 23:34:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2012/03/04 03:34:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2012/03/04 04:34:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2012/03/04 05:34:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2012/03/18 18:57:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-57989841-1715567821-682003330-1003Core.job
[2012/06/07 00:57:08 | 000,000,994 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-57989841-1715567821-682003330-1003UA.job
[2012/03/18 18:12:43 | 000,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB1379$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 23040 bytes -> C:\WINDOWS\System32\autochk(4).exe:BAK
@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP