Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to boot, BSOD as windows loads


  • This topic is locked This topic is locked
32 replies to this topic

#1 xxmattnxx

xxmattnxx

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 25 August 2010 - 06:18 PM

I see the BSOD as the computer trys to load my system. The computer starts up I see my background and I see the mouse pointer which hangs for a few minutes then the screen goes blue. To start, here are my hijack this postings and the last log from mbam. Where should I go from here?


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4447

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

8/18/2010 10:06:14 PM
mbam-log-2010-08-18 (22-06-14).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 215189
Time elapsed: 1 hour(s), 49 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Avenger\fcinit.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\d0V0Wu.com (Malware.Generic) -> Quarantined and deleted successfully.






****************************************************************

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:44:41 PM, on 8/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
C:\program files\mcafee.com\agent\mcagent .exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
F:\malwarekit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAGE~1.EXE
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\RunOnce: [DelayShred] "C:\Program Files\McAfee.com\Shredder\SHRED32.EXE" /q C:\DOCUME~1\ANTHON~1\LOCALS~1\TEMPOR~1\Content.SH! C:\PROGRA~1\McAfee.com\Shredder\Centenu.SH! C:\DOCUME~1\ANTHON~1\LOCALS~1\History\History.SH! C:\PROGRA~1\McAfee.com\Shredder\Central.SH! C:\PROGRA~1\McAfee.com\Shredder\Shred32.SH! C:\DOCUME~1\ANTHON~1\LOCALS~1\TEMPOR~1\ANTIPH~1.SH! C:\DOCUME~1\ANTHON~1\LOCALS~1\TEMPOR~1\CONTEN~1.SH!
O4 - HKUS\S-1-5-18\..\Run: [rmaeljkg] C:\Documents and Settings\NetworkService\Local Settings\Application Data\lqipfeqqu\awkerjttssd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Mfaracol] rundll32.exe "C:\WINDOWS\kclmsct.dll",Startup (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [pygkeukq] C:\Documents and Settings\NetworkService\Local Settings\Application Data\kxovsrfja\xmycqqishdw.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [rmaeljkg] C:\Documents and Settings\NetworkService\Local Settings\Application Data\lqipfeqqu\awkerjttssd.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://*.mcafeehelp.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...139/mcfscan.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11954 bytes






thanks in advance, you all do amazing work.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:51 AM

Posted 30 August 2010 - 07:05 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 xxmattnxx

xxmattnxx
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:05:51 AM

Posted 31 August 2010 - 01:44 AM

I'm still here. Ready for instructions smile.gif

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:51 AM

Posted 31 August 2010 - 06:29 PM

We need to try and get into the machine without going via the operating system. This takes some time and is the most difficult of operations that I ask users to do. Please let me know if you are not sure of any of the steps.

Let's try to boot your computer using the Ultimate Boot CD for Windows (UBCD4win).

Please print this guide for future reference!

You will need a blank CD, a clean computer and a flash drive.

Please follow the steps below and let me know if you were successful. If you were unable to create the UBCD4win, please tell me what error messages you got and/or what steps you got hung up on.

1. Download and Run Ultimate Boot CD for Windows
  • Save it to your Desktop.
  • Double-Click on the UBCD4Win.EXE that you just downloaded to your desktop.
  • Follow all of the instructions/prompts that come up.
    NOTES:
    • Do not install to a folder with spaces in it's name.
    • Your Anti-Virus may report viruses or trojans when you extract UBCD4Win, these are "False-Positives." Read HERE for information regarding the files that normally trigger AV software.
2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive
  • Double-Click on UBCD4WinBuilder.exe located in your C:\ubcd4win folder.
  • Click "I agree" to the Builders License.
  • Click NO to Search for Windows Installation Files
  • Make the following selections from the Main Screen that pops up:
    • Builder
      • Source:(path to Windows installation files)
        • Enter the path to the drive where your XP CD is located.
        • You can click on the "..." button on the right to navigate to the path as well.
      • Custom: (include files and folders from this directory)
        • No information is necessary, leave blank.
      • Output: (C:\ubcd4win\BartPE)
        • Keep the default BartPE
    • Media output
      • Choose Create ISO image
      • Do not choose Burn to CD/DVD


        Please note: If your XP install disc is SP1 then please .....
        1. Disable- DComLaunch Service
        2. Enable- LargeIDE Fix

          This can be done by pressing the "Plugin" button and checking or unchecking the appropriate selections

      Also note: If you have a Dell XP install disc you will need to follow the instructions here
      http://www.ubcd4win.com/faq.htm#dell

    3. Click on the "Build" button
    • You will see the Windows EULA message. Click on I Agree
    • You will now see the Build Screen. Let it run it's course
    • When the Build is finished you can click close, then exit


    4. Burn your ISO file to CD
    • Please see HERE on how to burn an ISO to CD.

    ==========

    Next........

    From your clean computer..

    Please download OTLPE.zip and save it to a flash drive.
    http://oldtimer.geekstogo.com/OTLPE.zip
    http://www.itxassociates.com/OT-Tools/OTLPE.zip

    Double click and unzip OTLPE.zip to its own folder on your flash drive. Name it OTLPE <-- Important!!

    ==========

    Plug your flash drive into your sick computer now and do as instructed below..

    ==========

    1. Restart Your sick Computer Using the UBCD4Win Disc That You Have Created
    • Insert the UBCD4Win disc in to one of your CD/DVD drives.
    • Restart your computer.
      • The computer should choose to boot from the UBCD4Win CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.
    • In the window that pops up select Launch The Ultimate Boot CD For Windows and press Enter.
      • It may take a little longer for the Desktop to appear than it does when you start your computer normally. Just let the process run itself until the desktop appears.
    • Once the desktop appears, you will receive a message asking: Do you want to start Network support?
      • Click on Yes if you want to use the PE environment to get online post your log and reply by way of an Ethernet connection.
    • You should now have a desktop that looks like this:

    ==========

    Single click My computer from your UBCD4W desktop to navigate to the OTLPE folder that you saved to your flash drive.

    Open the OTLPE folder and double click Start.bat.
    • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
    • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
    • OTLPE should now start

      Change the following settings
      • Change Services, Drivers, Standard and Extra Registry to All

    • Copy and Paste the following code into the textbox. Do not include the word "Code"

      CODE
      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      activex
      drivers32
      %ALLUSERSPROFILE%\Application Data\*.
      %ALLUSERSPROFILE%\Application Data\*.exe /s
      %APPDATA%\*.
      %APPDATA%\*.exe /s
      %SYSTEMDRIVE%\*.exe
      /md5start
      userinit.exe
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      /md5stop
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\system32\drivers\*.sys /90
      CREATERESTOREPOINT

    • Push
    • A report will open. Save that log to your flash drive. Copy and Paste that report in your next reply.

    =========

    With your next post please provide:

    * OTLPE.txt
    Posted Image
    m0le is a proud member of UNITE

    #5 m0le

    m0le

      Can U Dig It?


    • Malware Response Team
    • 34,527 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:London, UK
    • Local time:09:51 AM

    Posted 03 September 2010 - 09:00 PM

    Hi,

    Are you still there? Are you having problems with the instructions?
    Posted Image
    m0le is a proud member of UNITE

    #6 m0le

    m0le

      Can U Dig It?


    • Malware Response Team
    • 34,527 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:London, UK
    • Local time:09:51 AM

    Posted 05 September 2010 - 05:02 AM

    This topic has been closed.

    If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

    Everyone else please begin a New Topic.
    Posted Image
    m0le is a proud member of UNITE

    #7 m0le

    m0le

      Can U Dig It?


    • Malware Response Team
    • 34,527 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:London, UK
    • Local time:09:51 AM

    Posted 12 September 2010 - 06:20 PM

    Reopened at user's request

    -----------------------------------------

    Post the log please
    Posted Image
    m0le is a proud member of UNITE

    #8 xxmattnxx

    xxmattnxx
    • Topic Starter

    • Members
    • 52 posts
    • OFFLINE
    •  
    • Local time:05:51 AM

    Posted 12 September 2010 - 06:53 PM

    OTL logfile created on: 9/12/2010 5:01:43 PM - Run
    OTLPE by OldTimer - Version 3.1.40.0 Folder = D:\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    510.00 Mb Total Physical Memory | 238.00 Mb Available Physical Memory | 47.00% Memory free
    461.00 Mb Paging File | 274.00 Mb Available in Paging File | 59.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 108.59 Gb Total Space | 85.15 Gb Free Space | 78.41% Space Free | Partition Type: NTFS
    Drive D: | 7.48 Gb Total Space | 3.90 Gb Free Space | 52.12% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive X: | 641.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: MININT-JVC
    Current User Name: SYSTEM
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard
    Using ControlSet: ControlSet001

    ========== Win32 Services (All) ==========

    SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2009/07/13 20:02:50 | 000,542,496 | ---- | M] (Apple Inc.) [On_Demand] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
    SRV - [2009/07/09 18:22:18 | 000,144,712 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2009/06/10 06:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
    SRV - [2009/02/09 12:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs) Remote Procedure Call (RPC)
    SRV - [2009/02/09 12:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\rpcss.dll -- (DcomLaunch)
    SRV - [2009/02/06 11:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
    SRV - [2009/02/06 11:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
    SRV - [2008/12/12 17:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
    SRV - [2008/11/28 16:08:13 | 000,138,168 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
    SRV - [2008/07/18 15:02:00 | 000,611,664 | ---- | M] (Lavasoft) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
    SRV - [2008/07/07 20:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\es.dll -- (EventSystem)
    SRV - [2008/06/20 17:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) Network Location Awareness (NLA)
    SRV - [2008/04/14 00:12:40 | 000,126,464 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
    SRV - [2008/04/14 00:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
    SRV - [2008/04/14 00:12:38 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\ups.exe -- (UPS)
    SRV - [2008/04/14 00:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
    SRV - [2008/04/14 00:12:35 | 000,089,600 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
    SRV - [2008/04/14 00:12:34 | 000,141,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)
    SRV - [2008/04/14 00:12:33 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\scardsvr.exe -- (SCardSvr)
    SRV - [2008/04/14 00:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
    SRV - [2008/04/14 00:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
    SRV - [2008/04/14 00:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
    SRV - [2008/04/14 00:12:27 | 000,006,144 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\msdtc.exe -- (MSDTC)
    SRV - [2008/04/14 00:12:25 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc)
    SRV - [2008/04/14 00:12:24 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\locator.exe -- (RpcLocator) Remote Procedure Call (RPC)
    SRV - [2008/04/14 00:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
    SRV - [2008/04/14 00:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
    SRV - [2008/04/14 00:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
    SRV - [2008/04/14 00:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\lsass.exe -- (NtLmSsp)
    SRV - [2008/04/14 00:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
    SRV - [2008/04/14 00:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
    SRV - [2008/04/14 00:12:21 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\fxssvc.exe -- (Fax)
    SRV - [2008/04/14 00:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
    SRV - [2008/04/14 00:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
    SRV - [2008/04/14 00:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp)
    SRV - [2008/04/14 00:12:14 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
    SRV - [2008/04/14 00:12:14 | 000,005,632 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
    SRV - [2008/04/14 00:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\alg.exe -- (ALG)
    SRV - [2008/04/14 00:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
    SRV - [2008/04/14 00:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\xmlprov.dll -- (xmlprov)
    SRV - [2008/04/14 00:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
    SRV - [2008/04/14 00:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
    SRV - [2008/04/14 00:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
    SRV - [2008/04/14 00:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) Windows Image Acquisition (WIA)
    SRV - [2008/04/14 00:12:08 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\upnphost.dll -- (upnphost)
    SRV - [2008/04/14 00:12:08 | 000,175,104 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\w32time.dll -- (w32time)
    SRV - [2008/04/14 00:12:08 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\webclnt.dll -- (WebClient)
    SRV - [2008/04/14 00:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
    SRV - [2008/04/14 00:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
    SRV - [2008/04/14 00:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
    SRV - [2008/04/14 00:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
    SRV - [2008/04/14 00:12:07 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
    SRV - [2008/04/14 00:12:07 | 000,090,112 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\trkwks.dll -- (TrkWks)
    SRV - [2008/04/14 00:12:07 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\ssdpsrv.dll -- (SSDPSRV)
    SRV - [2008/04/14 00:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
    SRV - [2008/04/14 00:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
    SRV - [2008/04/14 00:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
    SRV - [2008/04/14 00:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
    SRV - [2008/04/14 00:12:05 | 000,039,424 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\sens.dll -- (SENS)
    SRV - [2008/04/14 00:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
    SRV - [2008/04/14 00:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
    SRV - [2008/04/14 00:12:03 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\qagentrt.dll -- (napagent)
    SRV - [2008/04/14 00:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
    SRV - [2008/04/14 00:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
    SRV - [2008/04/14 00:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
    SRV - [2008/04/14 00:12:02 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
    SRV - [2008/04/14 00:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\netman.dll -- (Netman)
    SRV - [2008/04/14 00:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
    SRV - [2008/04/14 00:11:57 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
    SRV - [2008/04/14 00:11:56 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\kmsvc.dll -- (hkmsvc)
    SRV - [2008/04/14 00:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
    SRV - [2008/04/14 00:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
    SRV - [2008/04/14 00:11:53 | 000,023,040 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\ersvc.dll -- (ERSvc)
    SRV - [2008/04/14 00:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
    SRV - [2008/04/14 00:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
    SRV - [2008/04/14 00:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
    SRV - [2008/04/14 00:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
    SRV - [2008/04/14 00:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
    SRV - [2008/04/14 00:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
    SRV - [2008/04/14 00:11:50 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\browser.dll -- (Browser)
    SRV - [2008/04/14 00:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
    SRV - [2008/04/14 00:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
    SRV - [2007/03/07 21:47:46 | 000,076,848 | ---- | M] () [On_Demand] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
    SRV - [2006/06/22 04:58:34 | 000,822,424 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
    SRV - [2005/12/07 21:05:34 | 002,066,072 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
    SRV - [2005/12/07 21:05:12 | 000,053,248 | ---- | M] (GEAR Software) [Auto] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
    SRV - [2005/11/11 22:43:04 | 000,548,864 | ---- | M] (McAfee Corporation) [Auto] -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe -- (MpfService)
    SRV - [2005/10/28 12:41:52 | 000,491,520 | ---- | M] ( ) [On_Demand] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)
    SRV - [2005/10/14 01:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) [Auto] -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe -- (McDetect.exe)
    SRV - [2005/08/24 22:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) [Auto] -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe)
    SRV - [2005/08/10 17:22:02 | 000,221,184 | ---- | M] (McAfee Inc.) [Auto] -- c:\Program Files\McAfee.com\VSO\McShield.exe -- (McShield)
    SRV - [2005/07/13 00:10:18 | 000,963,072 | ---- | M] (McAfee Inc.) [Auto] -- C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe -- (MskService)
    SRV - [2005/07/02 01:22:50 | 000,245,760 | ---- | M] (McAfee, Inc) [On_Demand] -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe)
    SRV - [2005/03/30 22:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
    SRV - [2005/01/28 18:44:28 | 000,038,912 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)
    SRV - [2005/01/28 18:44:28 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\MsPMSNSv.dll -- (WmdmPmSN)
    SRV - [2004/12/13 20:30:10 | 000,165,488 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
    SRV - [2004/12/13 20:30:08 | 000,079,472 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
    SRV - [2004/12/13 20:30:04 | 000,198,256 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
    SRV - [2004/08/04 10:00:00 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\rsvp.exe -- (RSVP)
    SRV - [2004/07/15 06:49:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
    SRV - [2003/12/17 18:59:48 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
    SRV - [2003/07/28 18:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


    ========== Driver Services (All) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - File not found [Kernel | Disabled] -- -- (Simbad)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | Boot] -- C:\WINDOWS\System32\drivers\gcfhy.sys -- (lekiwci)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand] -- C:\DOCUME~1\ANTHON~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand] -- -- (bvrp_pci)
    DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
    DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
    DRV - [2010/08/19 01:47:13 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
    DRV - [2010/07/30 13:54:18 | 000,082,944 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\zwuyvfqia7.sys -- (zwuyvfqia7)
    DRV - [2010/02/24 13:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
    DRV - [2009/12/31 16:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
    DRV - [2009/10/20 16:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
    DRV - [2009/07/09 18:16:16 | 000,039,424 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
    DRV - [2009/06/24 11:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
    DRV - [2009/03/19 22:32:48 | 000,023,400 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GearAspiWDM)
    DRV - [2008/08/14 10:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
    DRV - [2008/06/20 11:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
    DRV - [2008/04/14 00:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\RDPWD.sys -- (RDPWD)
    DRV - [2008/04/14 00:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\TDTCP.sys -- (TDTCP)
    DRV - [2008/04/14 00:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
    DRV - [2008/04/14 00:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\TDPIPE.sys -- (TDPIPE)
    DRV - [2008/04/13 19:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
    DRV - [2008/04/13 19:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
    DRV - [2008/04/13 19:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
    DRV - [2008/04/13 19:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
    DRV - [2008/04/13 19:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
    DRV - [2008/04/13 19:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
    DRV - [2008/04/13 19:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
    DRV - [2008/04/13 19:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
    DRV - [2008/04/13 19:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
    DRV - [2008/04/13 19:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
    DRV - [2008/04/13 19:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
    DRV - [2008/04/13 19:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
    DRV - [2008/04/13 19:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
    DRV - [2008/04/13 19:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
    DRV - [2008/04/13 19:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
    DRV - [2008/04/13 19:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\Modem.sys -- (Modem)
    DRV - [2008/04/13 18:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
    DRV - [2008/04/13 18:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
    DRV - [2008/04/13 18:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
    DRV - [2008/04/13 18:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
    DRV - [2008/04/13 18:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
    DRV - [2008/04/13 18:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
    DRV - [2008/04/13 18:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
    DRV - [2008/04/13 18:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
    DRV - [2008/04/13 18:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
    DRV - [2008/04/13 18:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
    DRV - [2008/04/13 18:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
    DRV - [2008/04/13 18:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
    DRV - [2008/04/13 18:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
    DRV - [2008/04/13 18:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
    DRV - [2008/04/13 18:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
    DRV - [2008/04/13 18:45:39 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
    DRV - [2008/04/13 18:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR)
    DRV - [2008/04/13 18:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
    DRV - [2008/04/13 18:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
    DRV - [2008/04/13 18:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
    DRV - [2008/04/13 18:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
    DRV - [2008/04/13 18:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
    DRV - [2008/04/13 18:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
    DRV - [2008/04/13 18:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
    DRV - [2008/04/13 18:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
    DRV - [2008/04/13 18:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
    DRV - [2008/04/13 18:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
    DRV - [2008/04/13 18:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
    DRV - [2008/04/13 18:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
    DRV - [2008/04/13 18:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
    DRV - [2008/04/13 18:41:22 | 000,018,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\i2omp.sys -- (i2omp)
    DRV - [2008/04/13 18:41:22 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\i2omgmt.sys -- (i2omgmt)
    DRV - [2008/04/13 18:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
    DRV - [2008/04/13 18:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
    DRV - [2008/04/13 18:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
    DRV - [2008/04/13 18:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\Sfloppy.sys -- (Sfloppy)
    DRV - [2008/04/13 18:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
    DRV - [2008/04/13 18:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
    DRV - [2008/04/13 18:40:31 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\viaide.sys -- (ViaIde)
    DRV - [2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
    DRV - [2008/04/13 18:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde)
    DRV - [2008/04/13 18:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
    DRV - [2008/04/13 18:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
    DRV - [2008/04/13 18:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
    DRV - [2008/04/13 18:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
    DRV - [2008/04/13 18:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
    DRV - [2008/04/13 18:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
    DRV - [2008/04/13 18:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
    DRV - [2008/04/13 18:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
    DRV - [2008/04/13 18:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
    DRV - [2008/04/13 18:39:48 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
    DRV - [2008/04/13 18:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
    DRV - [2008/04/13 18:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
    DRV - [2008/04/13 18:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
    DRV - [2008/04/13 18:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
    DRV - [2008/04/13 18:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
    DRV - [2008/04/13 18:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
    DRV - [2008/04/13 18:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
    DRV - [2008/04/13 18:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
    DRV - [2008/04/13 18:36:40 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\viaagp.sys -- (viaagp)
    DRV - [2008/04/13 18:36:39 | 000,044,928 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\agpCPQ.sys -- (agpCPQ)
    DRV - [2008/04/13 18:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 18:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/04/13 18:36:38 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\alim1541.sys -- (alim1541)
    DRV - [2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\agp440.sys -- (agp440)
    DRV - [2008/04/13 18:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
    DRV - [2008/04/13 18:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\Fips.sys -- (Fips)
    DRV - [2008/04/13 18:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
    DRV - [2008/04/13 18:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
    DRV - [2008/04/13 18:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
    DRV - [2008/04/13 18:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
    DRV - [2008/04/13 18:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
    DRV - [2008/04/13 18:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
    DRV - [2008/04/13 18:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
    DRV - [2008/04/13 16:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
    DRV - [2007/11/13 10:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
    DRV - [2007/02/25 18:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2006/10/05 22:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand] -- C:\Program Files\DellSupport\GTAction\triggers\dsproct.sys -- (DSproct)
    DRV - [2006/06/22 04:58:34 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
    DRV - [2006/06/22 04:55:15 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\ASCTRM.sys -- (ASCTRM)
    DRV - [2005/12/07 21:05:26 | 000,144,880 | ---- | M] (StorageCraft) [File_System | Boot] -- C:\WINDOWS\System32\drivers\SymSnap.sys -- (SymSnap)
    DRV - [2005/12/07 21:05:24 | 000,056,240 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\V2IMount.sys -- (V2IMount)
    DRV - [2005/11/11 22:43:52 | 000,080,640 | ---- | M] (McAfee) [Kernel | System] -- C:\WINDOWS\system32\drivers\MpFirewall.sys -- (MPFIREWL)
    DRV - [2005/09/12 08:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB)
    DRV - [2005/09/08 10:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\dlaudfam.sys -- (DLAUDFAM)
    DRV - [2005/09/08 10:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\dlaudf_m.sys -- (DLAUDF_M)
    DRV - [2005/09/08 10:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\dlaifs_m.sys -- (DLAIFS_M)
    DRV - [2005/09/08 10:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\dlaboiom.sys -- (DLABOIOM)
    DRV - [2005/09/08 10:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\dlaopiom.sys -- (DLAOPIOM)
    DRV - [2005/09/08 10:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\dlapoolm.sys -- (DLAPoolM)
    DRV - [2005/09/08 10:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\dladresn.sys -- (DLADResN)
    DRV - [2005/08/25 17:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2005/08/25 17:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
    DRV - [2005/08/12 10:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (DRVNDDM)
    DRV - [2005/08/10 17:22:10 | 000,114,464 | ---- | M] (McAfee Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)
    DRV - [2005/06/16 20:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
    DRV - [2005/04/25 07:03:00 | 000,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
    DRV - [2005/04/06 00:46:28 | 000,830,684 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
    DRV - [2005/03/31 14:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System] -- C:\WINDOWS\system32\drivers\exportit.sys -- (Exportit)
    DRV - [2005/03/31 13:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dcptp.sys -- (DcPTP)
    DRV - [2005/03/31 13:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dclps.sys -- (DcLps)
    DRV - [2005/03/31 13:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\dcfs2k.sys -- (DCFS2K)
    DRV - [2005/03/31 13:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dcfpoint.sys -- (DcFpoint)
    DRV - [2005/03/22 22:08:40 | 000,260,224 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
    DRV - [2004/09/17 19:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
    DRV - [2004/08/04 10:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
    DRV - [2004/08/04 10:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - [2004/08/04 10:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\Cdaudio.sys -- (Cdaudio)
    DRV - [2004/08/04 10:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
    DRV - [2004/08/04 10:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
    DRV - [2004/08/04 10:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
    DRV - [2004/08/04 10:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (WS2IFSL)
    DRV - [2004/08/04 10:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
    DRV - [2004/08/04 10:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
    DRV - [2004/08/04 10:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\System32\drivers\fs_rec.sys -- (Fs_Rec)
    DRV - [2004/08/04 10:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
    DRV - [2004/08/04 10:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
    DRV - [2004/08/04 10:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
    DRV - [2004/08/04 10:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
    DRV - [2004/08/04 10:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
    DRV - [2004/08/04 10:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
    DRV - [2004/08/04 10:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\System32\winsock.dll -- (Winsock)
    DRV - [2004/08/04 03:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2004/02/11 01:49:14 | 000,154,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
    DRV - [2003/11/18 02:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hsfhwbs2.sys -- (HSFHWBS2)
    DRV - [2003/11/18 02:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hsf_cnxt.sys -- (winachsf)
    DRV - [2003/11/18 02:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hsf_dp.sys -- (HSF_DP)
    DRV - [2003/04/09 23:48:08 | 000,011,043 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
    DRV - [2001/08/17 19:07:44 | 000,025,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\hpn.sys -- (hpn)
    DRV - [2001/08/17 19:07:44 | 000,020,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dpti2o.sys -- (dpti2o)
    DRV - [2001/08/17 19:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 19:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 19:07:42 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\perc2hib.sys -- (perc2hib)
    DRV - [2001/08/17 19:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 19:07:40 | 000,027,296 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\perc2.sys -- (perc2)
    DRV - [2001/08/17 19:07:38 | 000,056,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aic78xx.sys -- (aic78xx)
    DRV - [2001/08/17 19:07:36 | 000,055,168 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aic78u2.sys -- (aic78u2)
    DRV - [2001/08/17 19:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 19:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 19:07:32 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\adpu160m.sys -- (adpu160m)
    DRV - [2001/08/17 18:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
    DRV - [2001/08/17 18:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\modemcsa.sys -- (MODEMCSA)
    DRV - [2001/08/17 18:52:50 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
    DRV - [2001/08/17 18:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 18:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 18:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 18:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 18:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 18:52:16 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1240.sys -- (ql1240)
    DRV - [2001/08/17 18:52:16 | 000,033,152 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql10wnt.sys -- (Ql10wnt)
    DRV - [2001/08/17 18:52:16 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac960nt.sys -- (dac960nt)
    DRV - [2001/08/17 18:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 18:52:08 | 000,016,000 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ini910u.sys -- (ini910u)
    DRV - [2001/08/17 18:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
    DRV - [2001/08/17 18:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cbidf2k.sys -- (cbidf)
    DRV - [2001/08/17 18:52:06 | 000,014,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cpqarray.sys -- (Cpqarray)
    DRV - [2001/08/17 18:52:06 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys -- (cd20xrnt)
    DRV - [2001/08/17 18:52:04 | 000,022,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3350p.sys -- (asc3350p)
    DRV - [2001/08/17 18:52:04 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amsint.sys -- (amsint)
    DRV - [2001/08/17 18:52:02 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aha154x.sys -- (Aha154x)
    DRV - [2001/08/17 18:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 18:52:00 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS -- (abp480n5)
    DRV - [2001/08/17 18:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 18:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 18:51:56 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\toside.sys -- (TosIde)
    DRV - [2001/08/17 18:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
    DRV - [2001/08/17 18:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
    DRV - [2001/08/17 18:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
    IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us


    IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
    IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

    IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
    IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-inc/en/s...html?channel=us
    IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us
    IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
    IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\anthony_condas_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
    IE - HKU\anthony_condas_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKU\anthony_condas_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
    IE - HKU\anthony_condas_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\anthony_condas_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKU\anthony_condas_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
    IE - HKU\anthony_condas_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKU\anthony_condas_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
    IE - HKU\anthony_condas_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    IE - HKU\anthony_condas_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\anthony_condas_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local





    [2010/08/18 14:17:34 | 000,002,074 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

    O1 HOSTS File: ([2010/08/25 21:23:34 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (McBrwHelper Class) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\Program Files\McAfee.com\MPS\McBrHlpr.dll (McAfee, Inc.)
    O2 - BHO: (McAfee Privacy Service Popup Blocker) - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\Program Files\McAfee.com\MPS\PopupKiller.dll (McAfee, Inc.)
    O2 - BHO: (McAfee AntiPhishing Filter) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\Program Files\McAfee\SpamKiller\McApfBHO.dll (McAfee, Inc.)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKU\anthony_condas_ON_C\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKU\anthony_condas_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O3 - HKU\anthony_condas_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O3 - HKU\anthony_condas_ON_C\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKU\anthony_condas_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe ()
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe ()
    O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
    O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe ()
    O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
    O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ()
    O4 - HKLM..\Run: [EEventManager] C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe ()
    O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
    O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
    O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe ()
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe File not found
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe ()
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mb5656 .exe ()
    O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe ()
    O4 - HKLM..\Run: [MCUpdateExe] C:\Program Files\McAfee.com\Agent\McUpdate.exe ()
    O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe ()
    O4 - HKLM..\Run: [MPSExe] c:\Program Files\McAfee.com\MPS\mscifapp.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [MSKAGENTEXE] C:\Program Files\McAfee\SpamKiller\MSKAGE~1 .exe (McAfee Inc.)
    O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [Norton Ghost 10.0] C:\Program Files\Norton Ghost\Agent\GhostTray.exe ()
    O4 - HKLM..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe File not found
    O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask .exe (Apple Inc.)
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe ()
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe ()
    O4 - HKLM..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe ()
    O4 - HKLM..\Run: [VSOCheckTask] C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe ()
    O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe ()
    O4 - HKU\Administrator_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe ()
    O4 - HKU\anthony_condas_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    O4 - HKU\anthony_condas_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe ()
    O4 - HKU\anthony_condas_ON_C..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe ()
    O4 - HKU\anthony_condas_ON_C..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe ()
    O4 - HKU\anthony_condas_ON_C..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe ()
    O4 - HKU\anthony_condas_ON_C..\RunOnce: [DelayShred] C:\Program Files\McAfee.com\Shredder\SHRED32.EXE (McAfee, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
    O4 - Startup: C:\Documents and Settings\anthony condas\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\anthony_condas_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
    O9 - Extra 'Tools' menuitem : McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\Program Files\McAfee\SpamKiller\McApfBHO.dll (McAfee, Inc.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\System32\mclsp.dll (McAfee, Inc.)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...139/mcfscan.cab (McFreeScan Class)
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
    O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O24 - Desktop Components:0 (My Current Home Page) - About:Home
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/10 18:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2004/11/02 22:05:00 | 000,000,046 | R--- | M] () - X:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O36 - AppCertDlls: dvdplpr - (C:\WINDOWS\fcinit.dll) - C:\WINDOWS\fcinit.dll File not found
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found

    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 0
    MsConfig - State: "startup" - 0

    SafeBootMin: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
    SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: klmdb.sys - Driver
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vds - Service
    SafeBootMin: vga.sys - Driver
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    SafeBootNet: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
    SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: klmdb.sys - Driver
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: sermouse.sys - Driver
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vga.sys - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
    ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
    ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
    ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
    ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
    ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
    ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/08/25 21:19:17 | 000,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
    [2010/08/25 21:07:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
    [2010/08/25 21:06:59 | 000,000,000 | ---D | C] -- C:\SDFix
    [2010/08/19 01:59:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2010/08/19 01:28:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
    [2010/08/18 22:20:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\PrivacIE
    [2010/08/18 22:18:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\kxovsrfja
    [2010/08/18 22:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2010/08/18 22:17:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\My Documents
    [2010/08/15 05:55:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\anthony condas\Application Data\Malwarebytes
    [2010/08/15 05:53:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/08/15 05:53:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/08/15 05:53:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2006/06/29 04:42:32 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
    [2006/06/29 04:42:29 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
    [2006/06/29 04:42:29 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
    [2006/06/29 04:42:29 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
    [2006/06/29 04:42:28 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
    [2006/06/29 04:42:28 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll
    [2006/06/29 04:42:27 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
    [2006/06/29 04:42:27 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
    [2006/06/29 04:42:27 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\Documents and Settings\anthony condas\My Documents\*.tmp files -> C:\Documents and Settings\anthony condas\My Documents\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/09/12 22:34:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/09/12 22:33:40 | 000,126,592 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
    [2010/09/12 22:32:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/09/12 22:32:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/09/12 22:32:26 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
    [2010/08/26 01:23:40 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At264.job
    [2010/08/26 01:23:40 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At263.job
    [2010/08/26 01:23:40 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At262.job
    [2010/08/26 01:23:40 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At261.job
    [2010/08/26 01:23:40 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At260.job
    [2010/08/26 01:23:34 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At259.job
    [2010/08/26 01:23:30 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At258.job
    [2010/08/26 01:23:30 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At257.job
    [2010/08/26 01:23:30 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At256.job
    [2010/08/26 01:23:30 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At255.job
    [2010/08/26 01:23:30 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At254.job
    [2010/08/26 01:23:30 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At253.job
    [2010/08/26 01:23:30 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At252.job
    [2010/08/26 01:23:30 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At251.job
    [2010/08/26 01:23:30 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At250.job
    [2010/08/26 01:23:30 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At249.job
    [2010/08/26 01:23:30 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At248.job
    [2010/08/26 01:23:27 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At247.job
    [2010/08/26 01:23:27 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At246.job
    [2010/08/26 01:23:20 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At245.job
    [2010/08/26 01:23:20 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At244.job
    [2010/08/26 01:23:17 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At243.job
    [2010/08/26 01:23:17 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At242.job
    [2010/08/26 01:23:17 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At241.job
    [2010/08/26 01:19:04 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
    [2010/08/26 01:19:04 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
    [2010/08/26 01:18:49 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\anthony condas\ntuser.ini
    [2010/08/26 01:18:48 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\anthony condas\ntuser.dat
    [2010/08/25 21:23:34 | 000,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
    [2010/08/25 21:19:17 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
    [2010/08/25 20:48:05 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At240.job
    [2010/08/25 20:48:03 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At239.job
    [2010/08/25 20:48:03 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At238.job
    [2010/08/25 20:48:03 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At237.job
    [2010/08/25 20:48:03 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At236.job
    [2010/08/25 20:47:59 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At235.job
    [2010/08/25 20:47:59 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At234.job
    [2010/08/25 20:47:59 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At233.job
    [2010/08/25 20:47:58 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At232.job
    [2010/08/25 20:47:53 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At231.job
    [2010/08/25 20:47:53 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At230.job
    [2010/08/25 20:47:52 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At229.job
    [2010/08/25 20:47:52 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At228.job
    [2010/08/25 20:47:52 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At227.job
    [2010/08/25 20:47:52 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At226.job
    [2010/08/25 20:47:51 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At225.job
    [2010/08/25 20:47:51 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At224.job
    [2010/08/25 20:47:51 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At223.job
    [2010/08/25 20:47:47 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At222.job
    [2010/08/25 20:47:46 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At221.job
    [2010/08/25 20:47:46 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At220.job
    [2010/08/25 20:47:42 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At219.job
    [2010/08/25 20:47:42 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At218.job
    [2010/08/25 20:47:42 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At217.job
    [2010/08/19 01:32:26 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At92.job
    [2010/08/19 01:32:22 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
    [2010/08/19 01:32:21 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
    [2010/08/19 01:32:15 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
    [2010/08/19 01:32:14 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At212.job
    [2010/08/19 01:32:09 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At188.job
    [2010/08/19 01:32:08 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\At164.job
    [2010/08/19 01:32:08 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\At140.job
    [2010/08/19 01:32:07 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At116.job
    [2010/08/19 01:24:53 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At216.job
    [2010/08/19 01:24:53 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At215.job
    [2010/08/19 01:24:51 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At214.job
    [2010/08/19 01:24:50 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At213.job
    [2010/08/19 01:24:45 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At211.job
    [2010/08/19 01:24:44 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At210.job
    [2010/08/19 01:24:40 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At209.job
    [2010/08/19 01:24:38 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At208.job
    [2010/08/19 01:24:37 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At207.job
    [2010/08/19 01:24:37 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At206.job
    [2010/08/19 01:24:37 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At205.job
    [2010/08/19 01:24:37 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At204.job
    [2010/08/19 01:24:37 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At203.job
    [2010/08/19 01:24:37 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At202.job
    [2010/08/19 01:24:37 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At201.job
    [2010/08/19 01:24:37 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At200.job
    [2010/08/19 01:24:35 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At199.job
    [2010/08/19 01:24:32 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At198.job
    [2010/08/19 01:24:31 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At197.job
    [2010/08/19 01:24:28 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At196.job
    [2010/08/19 01:24:26 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At195.job
    [2010/08/19 01:24:26 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At194.job
    [2010/08/19 01:24:26 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At193.job
    [2010/08/18 22:26:39 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\anthony condas\Desktop\rkilll.com
    [2010/08/18 22:18:09 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
    [2010/08/15 06:14:15 | 000,000,444 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2010/08/15 05:31:43 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At87.job
    [2010/08/15 05:31:42 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
    [2010/08/15 05:31:42 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
    [2010/08/15 05:31:41 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At183.job
    [2010/08/15 05:31:40 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\At159.job
    [2010/08/15 05:31:40 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
    [2010/08/15 05:31:39 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\At135.job
    [2010/08/15 05:31:38 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At111.job
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\Documents and Settings\anthony condas\My Documents\*.tmp files -> C:\Documents and Settings\anthony condas\My Documents\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/08/26 01:23:40 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At264.job
    [2010/08/26 01:23:40 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At263.job
    [2010/08/26 01:23:40 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At262.job
    [2010/08/26 01:23:39 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At261.job
    [2010/08/26 01:23:34 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At260.job
    [2010/08/26 01:23:32 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At259.job
    [2010/08/26 01:23:30 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At258.job
    [2010/08/26 01:23:30 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At257.job
    [2010/08/26 01:23:29 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At256.job
    [2010/08/26 01:23:29 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At255.job
    [2010/08/26 01:23:29 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At254.job
    [2010/08/26 01:23:29 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At253.job
    [2010/08/26 01:23:29 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At252.job
    [2010/08/26 01:23:29 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At251.job
    [2010/08/26 01:23:29 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At250.job
    [2010/08/26 01:23:29 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At249.job
    [2010/08/26 01:23:26 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At248.job
    [2010/08/26 01:23:26 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At247.job
    [2010/08/26 01:23:20 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At246.job
    [2010/08/26 01:23:19 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At245.job
    [2010/08/26 01:23:18 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At244.job
    [2010/08/26 01:23:15 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At243.job
    [2010/08/26 01:23:14 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At242.job
    [2010/08/26 01:23:08 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At241.job
    [2010/08/26 01:22:58 | 000,036,868 | ---- | C] () -- C:\WINDOWS\Fonts\d0V0Wu.com
    [2010/08/26 01:19:27 | 534,827,008 | -HS- | C] () -- C:\hiberfil.sys
    [2010/08/25 20:48:04 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At240.job
    [2010/08/25 20:48:02 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At239.job
    [2010/08/25 20:48:02 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At238.job
    [2010/08/25 20:48:02 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At237.job
    [2010/08/25 20:47:59 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At236.job
    [2010/08/25 20:47:59 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At235.job
    [2010/08/25 20:47:58 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At234.job
    [2010/08/25 20:47:58 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At233.job
    [2010/08/25 20:47:53 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At232.job
    [2010/08/25 20:47:53 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At231.job
    [2010/08/25 20:47:53 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At230.job
    [2010/08/25 20:47:52 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At229.job
    [2010/08/25 20:47:52 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At228.job
    [2010/08/25 20:47:52 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At227.job
    [2010/08/25 20:47:51 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At226.job
    [2010/08/25 20:47:51 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At225.job
    [2010/08/25 20:47:51 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At224.job
    [2010/08/25 20:47:47 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At223.job
    [2010/08/25 20:47:46 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At222.job
    [2010/08/25 20:47:45 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At221.job
    [2010/08/25 20:47:42 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At220.job
    [2010/08/25 20:47:41 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At219.job
    [2010/08/25 20:47:41 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At218.job
    [2010/08/25 20:47:37 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At217.job
    [2010/08/19 01:24:53 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At216.job
    [2010/08/19 01:24:50 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At215.job
    [2010/08/19 01:24:50 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At214.job
    [2010/08/19 01:24:49 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At213.job
    [2010/08/19 01:24:45 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At212.job
    [2010/08/19 01:24:44 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At211.job
    [2010/08/19 01:24:40 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At210.job
    [2010/08/19 01:24:38 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At209.job
    [2010/08/19 01:24:37 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At208.job
    [2010/08/19 01:24:37 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At207.job
    [2010/08/19 01:24:36 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At206.job
    [2010/08/19 01:24:36 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At205.job
    [2010/08/19 01:24:36 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At204.job
    [2010/08/19 01:24:36 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At203.job
    [2010/08/19 01:24:36 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At202.job
    [2010/08/19 01:24:35 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At201.job
    [2010/08/19 01:24:35 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At200.job
    [2010/08/19 01:24:33 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At199.job
    [2010/08/19 01:24:31 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At198.job
    [2010/08/19 01:24:29 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At197.job
    [2010/08/19 01:24:27 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At196.job
    [2010/08/19 01:24:25 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At195.job
    [2010/08/19 01:24:24 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At194.job
    [2010/08/19 01:24:21 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\At193.job
    [2010/08/18 22:28:32 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\anthony condas\Desktop\rkilll.com
    [2010/08/18 22:18:09 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
    [2010/08/15 06:14:15 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2010/07/31 22:13:53 | 000,036,868 | ---- | C] () -- C:\Documents and Settings\anthony condas\Local Settings\Application Data\d0V0Wu.exe
    [2010/07/31 08:16:56 | 000,036,868 | ---- | C] () -- C:\Documents and Settings\anthony condas\d0V0Wu.com
    [2010/07/31 02:27:11 | 000,036,868 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\d0V0Wu.com
    [2010/07/31 00:27:12 | 000,036,868 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\d0V0Wu.exe
    [2010/07/31 00:07:56 | 000,036,868 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\d0V0Wu.exe
    [2010/07/30 13:52:07 | 000,082,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\zwuyvfqia7.sys
    [2009/10/12 03:27:01 | 000,000,047 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
    [2008/10/06 04:04:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/09/23 04:07:43 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
    [2008/09/23 04:03:06 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2008/09/23 03:54:01 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PERFV500P.ini
    [2008/09/12 06:17:40 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\anthony condas\webct_upload_applet.properties
    [2007/05/20 18:03:00 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
    [2007/05/20 18:02:59 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
    [2007/05/20 18:02:59 | 000,176,128 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
    [2006/10/27 03:23:59 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\2FD907F2D5.sys
    [2006/10/24 14:51:36 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2006/07/21 06:43:21 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\anthony condas\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/07/21 05:12:44 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\anthony condas\Local Settings\Application Data\fusioncache.dat
    [2006/07/20 02:12:56 | 004,718,592 | ---- | C] () -- C:\Documents and Settings\anthony condas\ntuser.dat
    [2006/07/12 00:39:06 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\anthony condas\Application Data\PFP120JPR.{PB
    [2006/07/12 00:39:06 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\anthony condas\Application Data\PFP120JCM.{PB
    [2006/07/12 00:38:53 | 000,005,018 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2006/07/12 00:38:53 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\D5F207D92F.sys
    [2006/07/01 19:33:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2006/06/29 04:42:31 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
    [2006/06/29 04:42:31 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
    [2006/06/29 04:42:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
    [2006/06/29 04:42:25 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
    [2006/06/29 04:42:25 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
    [2006/06/29 04:42:24 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
    [2006/06/29 04:42:21 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
    [2006/06/29 04:42:21 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
    [2006/06/29 04:42:20 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
    [2006/06/29 04:42:16 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
    [2006/06/29 04:16:41 | 000,016,384 | -H-- | C] () -- C:\Documents and Settings\anthony condas\ntuser.dat.LOG
    [2006/06/29 04:16:41 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\anthony condas\ntuser.ini
    [2006/06/22 05:12:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/06/22 05:04:38 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/06/22 04:58:45 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
    [2006/06/22 04:39:05 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat
    [2006/06/22 04:39:05 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
    [2006/06/22 04:33:06 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
    [2006/06/22 04:33:04 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/11/10 13:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/08/11 01:08:13 | 000,233,472 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
    [2004/08/11 01:08:13 | 000,233,472 | ---- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
    [2004/08/10 18:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/10 18:08:14 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
    [2004/08/10 18:08:14 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
    [2004/08/10 18:08:13 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
    [2004/08/10 18:08:13 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
    [2004/08/10 18:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2003/01/07 21:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2000/09/08 23:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

    ========== LOP Check ==========

    [2008/10/06 03:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anthony condas\Application Data\EPSON
    [2007/12/27 05:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anthony condas\Application Data\Leadertech
    [2010/08/02 06:32:03 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
    [2010/08/02 15:32:01 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
    [2010/08/02 09:32:02 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At100.job
    [2010/08/02 10:32:08 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At101.job
    [2010/08/02 11:32:02 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At102.job
    [2010/08/02 12:32:02 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At103.job
    [2010/08/02 13:32:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At104.job
    [2010/08/02 14:32:07 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At105.job
    [2010/08/02 15:32:06 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At106.job
    [2010/08/02 16:32:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At107.job
    [2010/08/02 17:32:02 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At108.job
    [2010/08/02 18:32:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At109.job
    [2010/08/02 16:32:06 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
    [2010/08/02 19:32:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At110.job
    [2010/08/15 05:31:38 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At111.job
    [2010/08/01 21:32:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At112.job
    [2010/08/01 22:32:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At113.job
    [2010/08/01 23:32:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At114.job
    [2010/08/02 00:32:12 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At115.job
    [2010/08/19 01:32:07 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At116.job
    [2010/08/02 02:32:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At117.job
    [2010/08/02 03:32:09 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At118.job
    [2010/08/02 04:32:01 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At119.job
    [2010/08/02 17:32:07 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
    [2010/08/02 05:32:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At120.job
    [2010/08/02 06:32:09 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At121.job
    [2010/08/02 07:32:09 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At122.job
    [2010/08/02 08:32:01 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At123.job
    [2010/08/02 09:32:07 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At124.job
    [2010/08/02 10:32:02 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At125.job
    [2010/08/02 11:32:07 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At126.job
    [2010/08/02 12:32:07 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At127.job
    [2010/08/02 13:32:06 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At128.job
    [2010/08/02 14:32:02 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At129.job
    [2010/08/02 18:32:06 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
    [2010/08/02 15:32:11 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At130.job
    [2010/08/02 16:32:11 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At131.job
    [2010/08/02 17:32:12 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At132.job
    [2010/08/02 18:32:06 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At133.job
    [2010/08/02 19:32:06 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At134.job
    [2010/08/15 05:31:39 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At135.job
    [2010/08/01 21:32:05 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At136.job
    [2010/08/01 22:32:05 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At137.job
    [2010/08/01 23:32:06 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At138.job
    [2010/08/02 00:32:17 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At139.job
    [2010/08/02 19:32:06 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
    [2010/08/19 01:32:08 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At140.job
    [2010/08/02 02:32:06 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At141.job
    [2010/08/02 03:32:14 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At142.job
    [2010/08/02 04:32:08 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At143.job
    [2010/08/02 05:32:09 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At144.job
    [2010/08/02 06:32:14 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At145.job
    [2010/08/02 07:32:14 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At146.job
    [2010/08/02 08:32:06 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At147.job
    [2010/08/02 09:32:12 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At148.job
    [2010/08/02 10:32:13 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At149.job
    [2010/08/15 05:31:40 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
    [2010/08/02 11:32:12 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At150.job
    [2010/08/02 12:32:12 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At151.job
    [2010/08/02 13:32:11 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At152.job
    [2010/08/02 14:32:12 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At153.job
    [2010/08/02 15:32:11 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At154.job
    [2010/08/02 16:32:11 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At155.job
    [2010/08/02 17:32:12 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At156.job
    [2010/08/02 18:32:12 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At157.job
    [2010/08/02 19:32:12 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At158.job
    [2010/08/15 05:31:40 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At159.job
    [2010/08/01 21:32:10 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
    [2010/08/01 21:32:10 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At160.job
    [2010/08/01 22:32:10 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At161.job
    [2010/08/01 23:32:11 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At162.job
    [2010/08/02 00:32:05 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At163.job
    [2010/08/19 01:32:08 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At164.job
    [2010/08/02 02:32:11 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At165.job
    [2010/08/02 03:32:19 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At166.job
    [2010/08/02 04:32:13 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At167.job
    [2010/08/02 05:32:15 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\At168.job
    [2010/08/02 06:32:18 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At169.job
    [2010/08/01 22:32:10 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
    [2010/08/02 07:32:03 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At170.job
    [2010/08/02 08:32:11 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At171.job
    [2010/08/02 09:32:17 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At172.job
    [2010/08/02 10:32:18 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At173.job
    [2010/08/02 11:32:17 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At174.job
    [2010/08/02 12:32:17 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At175.job
    [2010/08/02 13:32:16 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At176.job
    [2010/08/02 14:32:17 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At177.job
    [2010/08/02 15:32:17 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At178.job
    [2010/08/02 16:32:17 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At179.job
    [2010/08/01 23:32:16 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
    [2010/08/02 17:32:18 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At180.job
    [2010/08/02 18:32:17 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At181.job
    [2010/08/02 19:32:19 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At182.job
    [2010/08/15 05:31:41 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At183.job
    [2010/08/01 21:32:16 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At184.job
    [2010/08/01 22:32:16 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At185.job
    [2010/08/01 23:32:21 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At186.job
    [2010/08/02 00:32:22 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At187.job
    [2010/08/19 01:32:09 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At188.job
    [2010/08/02 02:32:16 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At189.job
    [2010/08/02 00:32:27 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
    [2010/08/02 03:32:19 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At190.job
    [2010/08/02 04:32:19 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At191.job
    [2010/08/02 05:32:20 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At192.job
    [2010/08/19 01:24:26 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At193.job
    [2010/08/19 01:24:26 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At194.job
    [2010/08/19 01:24:26 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At195.job
    [2010/08/19 01:24:28 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At196.job
    [2010/08/19 01:24:31 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At197.job
    [2010/08/19 01:24:32 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At198.job
    [2010/08/19 01:24:35 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At199.job
    [2010/08/02 07:32:19 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
    [2010/08/19 01:32:15 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
    [2010/08/19 01:24:37 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At200.job
    [2010/08/19 01:24:37 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At201.job
    [2010/08/19 01:24:37 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At202.job
    [2010/08/19 01:24:37 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At203.job
    [2010/08/19 01:24:37 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At204.job
    [2010/08/19 01:24:37 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At205.job
    [2010/08/19 01:24:37 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At206.job
    [2010/08/19 01:24:37 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At207.job
    [2010/08/19 01:24:38 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At208.job
    [2010/08/19 01:24:40 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At209.job
    [2010/08/02 02:32:16 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
    [2010/08/19 01:24:44 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At210.job
    [2010/08/19 01:24:45 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At211.job
    [2010/08/19 01:32:14 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At212.job
    [2010/08/19 01:24:50 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At213.job
    [2010/08/19 01:24:51 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At214.job
    [2010/08/19 01:24:53 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At215.job
    [2010/08/19 01:24:53 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At216.job
    [2010/08/25 20:47:42 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At217.job
    [2010/08/25 20:47:42 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At218.job
    [2010/08/25 20:47:42 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At219.job
    [2010/08/02 03:32:26 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
    [2010/08/25 20:47:46 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At220.job
    [2010/08/25 20:47:46 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At221.job
    [2010/08/25 20:47:47 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At222.job
    [2010/08/25 20:47:51 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At223.job
    [2010/08/25 20:47:51 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At224.job
    [2010/08/25 20:47:51 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At225.job
    [2010/08/25 20:47:52 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At226.job
    [2010/08/25 20:47:52 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At227.job
    [2010/08/25 20:47:52 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At228.job
    [2010/08/25 20:47:52 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At229.job
    [2010/08/02 04:32:24 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
    [2010/08/25 20:47:53 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At230.job
    [2010/08/25 20:47:53 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At231.job
    [2010/08/25 20:47:58 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At232.job
    [2010/08/25 20:47:59 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At233.job
    [2010/08/25 20:47:59 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At234.job
    [2010/08/25 20:47:59 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At235.job
    [2010/08/25 20:48:03 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At236.job
    [2010/08/25 20:48:03 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At237.job
    [2010/08/25 20:48:03 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At238.job
    [2010/08/25 20:48:03 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At239.job
    [2010/08/02 05:32:25 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
    [2010/08/25 20:48:05 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At240.job
    [2010/08/26 01:23:17 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At241.job
    [2010/08/26 01:23:17 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At242.job
    [2010/08/26 01:23:17 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At243.job
    [2010/08/26 01:23:20 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At244.job
    [2010/08/26 01:23:20 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At245.job
    [2010/08/26 01:23:27 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At246.job
    [2010/08/26 01:23:27 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At247.job
    [2010/08/26 01:23:30 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At248.job
    [2010/08/26 01:23:30 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At249.job
    [2010/08/02 06:32:24 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
    [2010/08/26 01:23:30 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At250.job
    [2010/08/26 01:23:30 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At251.job
    [2010/08/26 01:23:30 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At252.job
    [2010/08/26 01:23:30 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At253.job
    [2010/08/26 01:23:30 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At254.job
    [2010/08/26 01:23:30 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At255.job
    [2010/08/26 01:23:30 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At256.job
    [2010/08/26 01:23:30 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At257.job
    [2010/08/26 01:23:30 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At258.job
    [2010/08/26 01:23:34 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At259.job
    [2010/08/02 07:32:24 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
    [2010/08/26 01:23:40 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At260.job
    [2010/08/26 01:23:40 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At261.job
    [2010/08/26 01:23:40 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At262.job
    [2010/08/26 01:23:40 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At263.job
    [2010/08/26 01:23:40 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At264.job
    [2010/08/02 08:32:16 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
    [2010/08/02 09:32:22 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
    [2010/08/02 10:32:23 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
    [2010/08/02 08:32:21 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
    [2010/08/02 11:32:22 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
    [2010/08/02 12:32:22 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
    [2010/08/02 13:32:21 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
    [2010/08/02 14:32:17 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
    [2010/08/02 15:32:22 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
    [2010/08/02 16:32:22 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
    [2010/08/02 17:32:23 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
    [2010/08/02 18:32:22 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
    [2010/08/02 19:32:24 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
    [2010/08/15 05:31:42 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
    [2010/08/02 09:32:27 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
    [2010/08/01 21:32:21 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
    [2010/08/01 22:32:21 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
    [2010/08/01 23:32:26 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
    [2010/08/02 00:32:32 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
    [2010/08/19 01:32:21 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
    [2010/08/02 02:32:23 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
    [2010/08/02 03:32:31 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
    [2010/08/02 04:32:30 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
    [2010/08/02 05:32:30 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
    [2010/08/02 06:32:24 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
    [2010/08/02 10:32:28 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
    [2010/08/02 07:32:29 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
    [2010/08/02 08:32:26 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
    [2010/08/02 09:32:32 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
    [2010/08/02 10:32:28 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
    [2010/08/02 11:32:27 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
    [2010/08/02 12:32:22 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
    [2010/08/02 13:32:21 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
    [2010/08/02 14:32:24 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
    [2010/08/02 15:32:27 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
    [2010/08/02 16:32:27 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
    [2010/08/02 11:32:27 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
    [2010/08/02 17:32:28 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
    [2010/08/02 18:32:27 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
    [2010/08/02 19:32:29 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
    [2010/08/15 05:31:42 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
    [2010/08/01 21:32:26 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
    [2010/08/01 22:32:26 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
    [2010/08/01 23:32:26 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
    [2010/08/02 00:32:32 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
    [2010/08/19 01:32:22 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
    [2010/08/02 02:32:28 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
    [2010/08/02 12:32:30 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
    [2010/08/02 03:32:37 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
    [2010/08/02 04:32:30 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
    [2010/08/02 05:32:30 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
    [2010/08/02 06:32:31 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At73.job
    [2010/08/02 07:32:29 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At74.job
    [2010/08/02 08:32:26 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At75.job
    [2010/08/02 09:32:37 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At76.job
    [2010/08/02 10:32:35 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At77.job
    [2010/08/02 11:32:34 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At78.job
    [2010/08/02 12:32:35 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At79.job
    [2010/08/02 13:32:28 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
    [2010/08/02 13:32:33 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At80.job
    [2010/08/02 14:32:29 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At81.job
    [2010/08/02 15:32:32 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At82.job
    [2010/08/02 16:32:32 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At83.job
    [2010/08/02 17:32:33 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At84.job
    [2010/08/02 18:32:32 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At85.job
    [2010/08/02 19:32:34 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At86.job
    [2010/08/15 05:31:43 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At87.job
    [2010/08/01 21:32:31 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At88.job
    [2010/08/01 22:32:31 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At89.job
    [2010/08/02 14:32:34 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
    [2010/08/01 23:32:33 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At90.job
    [2010/08/02 00:32:40 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At91.job
    [2010/08/19 01:32:26 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At92.job
    [2010/08/02 02:32:33 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At93.job
    [2010/08/02 03:32:42 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At94.job
    [2010/08/02 04:32:37 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At95.job
    [2010/08/02 05:32:38 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At96.job
    [2010/08/02 06:32:36 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At97.job
    [2010/08/02 07:32:36 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At98.job
    [2010/08/02 08:32:33 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\At99.job
    [2010/08/01 23:00:02 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
    [2010/08/01 17:47:21 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job

    ========== Purity Check ==========



    ========== Custom Scans ==========



    Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

    Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

    Invalid Environment Variable: %APPDATA%\*.

    Invalid Environment Variable: %APPDATA%\*.exe

    < %SYSTEMDRIVE%\*.exe >
    [2006/06/29 05:17:30 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe


    < MD5 for: AGP440.SYS >
    [2004/08/04 10:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
    [2004/08/04 10:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2008/08/25 00:32:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2008/08/25 00:32:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
    [2004/08/04 04:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
    [2004/08/04 04:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2004/08/04 10:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
    [2004/08/04 10:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2008/08/25 00:32:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2008/08/25 00:32:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2004/08/04 03:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
    [2004/08/04 03:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    [2004/08/04 03:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
    [2004/08/04 10:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
    [2004/08/04 10:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

    < MD5 for: NETLOGON.DLL >
    [2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
    [2004/08/04 10:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
    [2004/08/04 10:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2004/08/04 10:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
    [2004/08/04 10:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
    [2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

    < MD5 for: USERINIT.EXE >
    [2004/08/04 10:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
    [2004/08/04 10:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
    [2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
    [2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2004/08/10 17:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2004/08/10 17:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2004/08/10 17:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2008/06/20 17:46:57 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
    [2010/05/06 10:41:49 | 011,076,096 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
    [2010/05/06 10:41:50 | 001,985,536 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
    [2008/04/14 00:12:00 | 000,274,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
    [2008/04/14 00:12:02 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
    [2008/06/17 19:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\drivers\*.sys /90 >
    [2010/08/19 01:47:13 | 000,037,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\isapnp.sys
    [2010/07/30 13:54:18 | 000,082,944 | ---- | M] () -- C:\WINDOWS\system32\drivers\zwuyvfqia7.sys

    < CREATERESTOREPOINT >
    < End of report >


    #9 m0le

    m0le

      Can U Dig It?


    • Malware Response Team
    • 34,527 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:London, UK
    • Local time:09:51 AM

    Posted 12 September 2010 - 07:12 PM

    Open OTL

    Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    DRV - [2010/07/30 13:54:18 | 000,082,944 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\zwuyvfqia7.sys -- (zwuyvfqia7)
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
    O36 - AppCertDlls: dvdplpr - (C:\WINDOWS\fcinit.dll) - C:\WINDOWS\fcinit.dll File not found
    [2010/08/18 22:18:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\kxovsrfja
    [2010/07/31 22:13:53 | 000,036,868 | ---- | C] () -- C:\Documents and Settings\anthony condas\Local Settings\Application Data\d0V0Wu.exe
    [2010/07/31 08:16:56 | 000,036,868 | ---- | C] () -- C:\Documents and Settings\anthony condas\d0V0Wu.com
    [2010/07/31 02:27:11 | 000,036,868 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\d0V0Wu.com
    [2010/07/31 00:27:12 | 000,036,868 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\d0V0Wu.exe
    [2010/07/31 00:07:56 | 000,036,868 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\d0V0Wu.exe
    [2010/07/30 13:52:07 | 000,082,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\zwuyvfqia7.sys
    :Files
    C:\WINDOWS\tasks\At*.job
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
    ""=""%1" %*"


    Then click the Run Fix button at the top

    Let the program run unhindered.

    When done it will say "Fix Complete press ok to open the log"
    Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

    Please run OTL again (scan only) and post the log.
    Posted Image
    m0le is a proud member of UNITE

    #10 xxmattnxx

    xxmattnxx
    • Topic Starter

    • Members
    • 52 posts
    • OFFLINE
    •  
    • Local time:05:51 AM

    Posted 12 September 2010 - 08:55 PM

    After I clicked run fixed it processed a few files then said one of them couldn't be moved but then gave me the option to finish moving some of hte files after a reboot. I selected ok, but the computer didn't do anything. So i just reset just as normal but I couldn't find that log as I dont have a C:\_olt directory anywhere to be found. I am running the other scan right now and will post immediately after its done

    #11 xxmattnxx

    xxmattnxx
    • Topic Starter

    • Members
    • 52 posts
    • OFFLINE
    •  
    • Local time:05:51 AM

    Posted 12 September 2010 - 09:39 PM

    I ran the scan again, but it never generated a log for me to post. What should I do now?

    #12 m0le

    m0le

      Can U Dig It?


    • Malware Response Team
    • 34,527 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:London, UK
    • Local time:09:51 AM

    Posted 13 September 2010 - 03:40 PM

    We've given OTL a lot to do here. Let's try it one more time.

    Please rerun OTL with the following script
    CODE
    :OTL
    DRV - [2010/07/30 13:54:18 | 000,082,944 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\zwuyvfqia7.sys -- (zwuyvfqia7)
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
    [2010/08/18 22:18:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\kxovsrfja
    [2010/07/31 22:13:53 | 000,036,868 | ---- | C] () -- C:\Documents and Settings\anthony condas\Local Settings\Application Data\d0V0Wu.exe
    [2010/07/31 08:16:56 | 000,036,868 | ---- | C] () -- C:\Documents and Settings\anthony condas\d0V0Wu.com
    [2010/07/31 02:27:11 | 000,036,868 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\d0V0Wu.com
    [2010/07/31 00:27:12 | 000,036,868 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\d0V0Wu.exe
    [2010/07/31 00:07:56 | 000,036,868 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\d0V0Wu.exe
    [2010/07/30 13:52:07 | 000,082,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\zwuyvfqia7.sys
    :Files
    C:\WINDOWS\tasks\At*.job
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
    ""=""%1" %*"

    Posted Image
    m0le is a proud member of UNITE

    #13 xxmattnxx

    xxmattnxx
    • Topic Starter

    • Members
    • 52 posts
    • OFFLINE
    •  
    • Local time:05:51 AM

    Posted 14 September 2010 - 08:55 PM

    Here is the new log. THanks for sticking by me on this one

    [codebox]========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\zwuyvfqia7 deleted successfully.
    C:\WINDOWS\system32\drivers\zwuyvfqia7.sys moved successfully.
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\kxovsrfja folder moved successfully.
    C:\Documents and Settings\anthony condas\Local Settings\Application Data\d0V0Wu.exe moved successfully.
    C:\Documents and Settings\anthony condas\d0V0Wu.com moved successfully.
    C:\WINDOWS\system32\config\systemprofile\d0V0Wu.com moved successfully.
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\d0V0Wu.exe moved successfully.
    C:\Documents and Settings\LocalService\Local Settings\Application Data\d0V0Wu.exe moved successfully.
    File C:\WINDOWS\System32\drivers\zwuyvfqia7.sys not found.
    ========== FILES ==========
    C:\WINDOWS\tasks\At1.job moved successfully.
    C:\WINDOWS\tasks\At10.job moved successfully.
    C:\WINDOWS\tasks\At100.job moved successfully.
    C:\WINDOWS\tasks\At101.job moved successfully.
    C:\WINDOWS\tasks\At102.job moved successfully.
    C:\WINDOWS\tasks\At103.job moved successfully.
    C:\WINDOWS\tasks\At104.job moved successfully.
    C:\WINDOWS\tasks\At105.job moved successfully.
    C:\WINDOWS\tasks\At106.job moved successfully.
    C:\WINDOWS\tasks\At107.job moved successfully.
    C:\WINDOWS\tasks\At108.job moved successfully.
    C:\WINDOWS\tasks\At109.job moved successfully.
    C:\WINDOWS\tasks\At11.job moved successfully.
    C:\WINDOWS\tasks\At110.job moved successfully.
    C:\WINDOWS\tasks\At111.job moved successfully.
    C:\WINDOWS\tasks\At112.job moved successfully.
    C:\WINDOWS\tasks\At113.job moved successfully.
    C:\WINDOWS\tasks\At114.job moved successfully.
    C:\WINDOWS\tasks\At115.job moved successfully.
    C:\WINDOWS\tasks\At116.job moved successfully.
    C:\WINDOWS\tasks\At117.job moved successfully.
    C:\WINDOWS\tasks\At118.job moved successfully.
    C:\WINDOWS\tasks\At119.job moved successfully.
    C:\WINDOWS\tasks\At12.job moved successfully.
    C:\WINDOWS\tasks\At120.job moved successfully.
    C:\WINDOWS\tasks\At121.job moved successfully.
    C:\WINDOWS\tasks\At122.job moved successfully.
    C:\WINDOWS\tasks\At123.job moved successfully.
    C:\WINDOWS\tasks\At124.job moved successfully.
    C:\WINDOWS\tasks\At125.job moved successfully.
    C:\WINDOWS\tasks\At126.job moved successfully.
    C:\WINDOWS\tasks\At127.job moved successfully.
    C:\WINDOWS\tasks\At128.job moved successfully.
    C:\WINDOWS\tasks\At129.job moved successfully.
    C:\WINDOWS\tasks\At13.job moved successfully.
    C:\WINDOWS\tasks\At130.job moved successfully.
    C:\WINDOWS\tasks\At131.job moved successfully.
    C:\WINDOWS\tasks\At132.job moved successfully.
    C:\WINDOWS\tasks\At133.job moved successfully.
    C:\WINDOWS\tasks\At134.job moved successfully.
    C:\WINDOWS\tasks\At135.job moved successfully.
    C:\WINDOWS\tasks\At136.job moved successfully.
    C:\WINDOWS\tasks\At137.job moved successfully.
    C:\WINDOWS\tasks\At138.job moved successfully.
    C:\WINDOWS\tasks\At139.job moved successfully.
    C:\WINDOWS\tasks\At14.job moved successfully.
    C:\WINDOWS\tasks\At140.job moved successfully.
    C:\WINDOWS\tasks\At141.job moved successfully.
    C:\WINDOWS\tasks\At142.job moved successfully.
    C:\WINDOWS\tasks\At143.job moved successfully.
    C:\WINDOWS\tasks\At144.job moved successfully.
    C:\WINDOWS\tasks\At145.job moved successfully.
    C:\WINDOWS\tasks\At146.job moved successfully.
    C:\WINDOWS\tasks\At147.job moved successfully.
    C:\WINDOWS\tasks\At148.job moved successfully.
    C:\WINDOWS\tasks\At149.job moved successfully.
    C:\WINDOWS\tasks\At15.job moved successfully.
    C:\WINDOWS\tasks\At150.job moved successfully.
    C:\WINDOWS\tasks\At151.job moved successfully.
    C:\WINDOWS\tasks\At152.job moved successfully.
    C:\WINDOWS\tasks\At153.job moved successfully.
    C:\WINDOWS\tasks\At154.job moved successfully.
    C:\WINDOWS\tasks\At155.job moved successfully.
    C:\WINDOWS\tasks\At156.job moved successfully.
    C:\WINDOWS\tasks\At157.job moved successfully.
    C:\WINDOWS\tasks\At158.job moved successfully.
    C:\WINDOWS\tasks\At159.job moved successfully.
    C:\WINDOWS\tasks\At16.job moved successfully.
    C:\WINDOWS\tasks\At160.job moved successfully.
    C:\WINDOWS\tasks\At161.job moved successfully.
    C:\WINDOWS\tasks\At162.job moved successfully.
    C:\WINDOWS\tasks\At163.job moved successfully.
    C:\WINDOWS\tasks\At164.job moved successfully.
    C:\WINDOWS\tasks\At165.job moved successfully.
    C:\WINDOWS\tasks\At166.job moved successfully.
    C:\WINDOWS\tasks\At167.job moved successfully.
    C:\WINDOWS\tasks\At168.job moved successfully.
    C:\WINDOWS\tasks\At169.job moved successfully.
    C:\WINDOWS\tasks\At17.job moved successfully.
    C:\WINDOWS\tasks\At170.job moved successfully.
    C:\WINDOWS\tasks\At171.job moved successfully.
    C:\WINDOWS\tasks\At172.job moved successfully.
    C:\WINDOWS\tasks\At173.job moved successfully.
    C:\WINDOWS\tasks\At174.job moved successfully.
    C:\WINDOWS\tasks\At175.job moved successfully.
    C:\WINDOWS\tasks\At176.job moved successfully.
    C:\WINDOWS\tasks\At177.job moved successfully.
    C:\WINDOWS\tasks\At178.job moved successfully.
    C:\WINDOWS\tasks\At179.job moved successfully.
    C:\WINDOWS\tasks\At18.job moved successfully.
    C:\WINDOWS\tasks\At180.job moved successfully.
    C:\WINDOWS\tasks\At181.job moved successfully.
    C:\WINDOWS\tasks\At182.job moved successfully.
    C:\WINDOWS\tasks\At183.job moved successfully.
    C:\WINDOWS\tasks\At184.job moved successfully.
    C:\WINDOWS\tasks\At185.job moved successfully.
    C:\WINDOWS\tasks\At186.job moved successfully.
    C:\WINDOWS\tasks\At187.job moved successfully.
    C:\WINDOWS\tasks\At188.job moved successfully.
    C:\WINDOWS\tasks\At189.job moved successfully.
    C:\WINDOWS\tasks\At19.job moved successfully.
    C:\WINDOWS\tasks\At190.job moved successfully.
    C:\WINDOWS\tasks\At191.job moved successfully.
    C:\WINDOWS\tasks\At192.job moved successfully.
    C:\WINDOWS\tasks\At193.job moved successfully.
    C:\WINDOWS\tasks\At194.job moved successfully.
    C:\WINDOWS\tasks\At195.job moved successfully.
    C:\WINDOWS\tasks\At196.job moved successfully.
    C:\WINDOWS\tasks\At197.job moved successfully.
    C:\WINDOWS\tasks\At198.job moved successfully.
    C:\WINDOWS\tasks\At199.job moved successfully.
    C:\WINDOWS\tasks\At2.job moved successfully.
    C:\WINDOWS\tasks\At20.job moved successfully.
    C:\WINDOWS\tasks\At200.job moved successfully.
    C:\WINDOWS\tasks\At201.job moved successfully.
    C:\WINDOWS\tasks\At202.job moved successfully.
    C:\WINDOWS\tasks\At203.job moved successfully.
    C:\WINDOWS\tasks\At204.job moved successfully.
    C:\WINDOWS\tasks\At205.job moved successfully.
    C:\WINDOWS\tasks\At206.job moved successfully.
    C:\WINDOWS\tasks\At207.job moved successfully.
    C:\WINDOWS\tasks\At208.job moved successfully.
    C:\WINDOWS\tasks\At209.job moved successfully.
    C:\WINDOWS\tasks\At21.job moved successfully.
    C:\WINDOWS\tasks\At210.job moved successfully.
    C:\WINDOWS\tasks\At211.job moved successfully.
    C:\WINDOWS\tasks\At212.job moved successfully.
    C:\WINDOWS\tasks\At213.job moved successfully.
    C:\WINDOWS\tasks\At214.job moved successfully.
    C:\WINDOWS\tasks\At215.job moved successfully.
    C:\WINDOWS\tasks\At216.job moved successfully.
    C:\WINDOWS\tasks\At217.job moved successfully.
    C:\WINDOWS\tasks\At218.job moved successfully.
    C:\WINDOWS\tasks\At219.job moved successfully.
    C:\WINDOWS\tasks\At22.job moved successfully.
    C:\WINDOWS\tasks\At220.job moved successfully.
    C:\WINDOWS\tasks\At221.job moved successfully.
    C:\WINDOWS\tasks\At222.job moved successfully.
    C:\WINDOWS\tasks\At223.job moved successfully.
    C:\WINDOWS\tasks\At224.job moved successfully.
    C:\WINDOWS\tasks\At225.job moved successfully.
    C:\WINDOWS\tasks\At226.job moved successfully.
    C:\WINDOWS\tasks\At227.job moved successfully.
    C:\WINDOWS\tasks\At228.job moved successfully.
    C:\WINDOWS\tasks\At229.job moved successfully.
    C:\WINDOWS\tasks\At23.job moved successfully.
    C:\WINDOWS\tasks\At230.job moved successfully.
    C:\WINDOWS\tasks\At231.job moved successfully.
    C:\WINDOWS\tasks\At232.job moved successfully.
    C:\WINDOWS\tasks\At233.job moved successfully.
    C:\WINDOWS\tasks\At234.job moved successfully.
    C:\WINDOWS\tasks\At235.job moved successfully.
    C:\WINDOWS\tasks\At236.job moved successfully.
    C:\WINDOWS\tasks\At237.job moved successfully.
    C:\WINDOWS\tasks\At238.job moved successfully.
    C:\WINDOWS\tasks\At239.job moved successfully.
    C:\WINDOWS\tasks\At24.job moved successfully.
    C:\WINDOWS\tasks\At240.job moved successfully.
    C:\WINDOWS\tasks\At241.job moved successfully.
    C:\WINDOWS\tasks\At242.job moved successfully.
    C:\WINDOWS\tasks\At243.job moved successfully.
    C:\WINDOWS\tasks\At244.job moved successfully.
    C:\WINDOWS\tasks\At245.job moved successfully.
    C:\WINDOWS\tasks\At246.job moved successfully.
    C:\WINDOWS\tasks\At247.job moved successfully.
    C:\WINDOWS\tasks\At248.job moved successfully.
    C:\WINDOWS\tasks\At249.job moved successfully.
    C:\WINDOWS\tasks\At25.job moved successfully.
    C:\WINDOWS\tasks\At250.job moved successfully.
    C:\WINDOWS\tasks\At251.job moved successfully.
    C:\WINDOWS\tasks\At252.job moved successfully.
    C:\WINDOWS\tasks\At253.job moved successfully.
    C:\WINDOWS\tasks\At254.job moved successfully.
    C:\WINDOWS\tasks\At255.job moved successfully.
    C:\WINDOWS\tasks\At256.job moved successfully.
    C:\WINDOWS\tasks\At257.job moved successfully.
    C:\WINDOWS\tasks\At258.job moved successfully.
    C:\WINDOWS\tasks\At259.job moved successfully.
    C:\WINDOWS\tasks\At26.job moved successfully.
    C:\WINDOWS\tasks\At260.job moved successfully.
    C:\WINDOWS\tasks\At261.job moved successfully.
    C:\WINDOWS\tasks\At262.job moved successfully.
    C:\WINDOWS\tasks\At263.job moved successfully.
    C:\WINDOWS\tasks\At264.job moved successfully.
    C:\WINDOWS\tasks\At27.job moved successfully.
    C:\WINDOWS\tasks\At28.job moved successfully.
    C:\WINDOWS\tasks\At29.job moved successfully.
    C:\WINDOWS\tasks\At3.job moved successfully.
    C:\WINDOWS\tasks\At30.job moved successfully.
    C:\WINDOWS\tasks\At31.job moved successfully.
    C:\WINDOWS\tasks\At32.job moved successfully.
    C:\WINDOWS\tasks\At33.job moved successfully.
    C:\WINDOWS\tasks\At34.job moved successfully.
    C:\WINDOWS\tasks\At35.job moved successfully.
    C:\WINDOWS\tasks\At36.job moved successfully.
    C:\WINDOWS\tasks\At37.job moved successfully.
    C:\WINDOWS\tasks\At38.job moved successfully.
    C:\WINDOWS\tasks\At39.job moved successfully.
    C:\WINDOWS\tasks\At4.job moved successfully.
    C:\WINDOWS\tasks\At40.job moved successfully.
    C:\WINDOWS\tasks\At41.job moved successfully.
    C:\WINDOWS\tasks\At42.job moved successfully.
    C:\WINDOWS\tasks\At43.job moved successfully.
    C:\WINDOWS\tasks\At44.job moved successfully.
    C:\WINDOWS\tasks\At45.job moved successfully.
    C:\WINDOWS\tasks\At46.job moved successfully.
    C:\WINDOWS\tasks\At47.job moved successfully.
    C:\WINDOWS\tasks\At48.job moved successfully.
    C:\WINDOWS\tasks\At49.job moved successfully.
    C:\WINDOWS\tasks\At5.job moved successfully.
    C:\WINDOWS\tasks\At50.job moved successfully.
    C:\WINDOWS\tasks\At51.job moved successfully.
    C:\WINDOWS\tasks\At52.job moved successfully.
    C:\WINDOWS\tasks\At53.job moved successfully.
    C:\WINDOWS\tasks\At54.job moved successfully.
    C:\WINDOWS\tasks\At55.job moved successfully.
    C:\WINDOWS\tasks\At56.job moved successfully.
    C:\WINDOWS\tasks\At57.job moved successfully.
    C:\WINDOWS\tasks\At58.job moved successfully.
    C:\WINDOWS\tasks\At59.job moved successfully.
    C:\WINDOWS\tasks\At6.job moved successfully.
    C:\WINDOWS\tasks\At60.job moved successfully.
    C:\WINDOWS\tasks\At61.job moved successfully.
    C:\WINDOWS\tasks\At62.job moved successfully.
    C:\WINDOWS\tasks\At63.job moved successfully.
    C:\WINDOWS\tasks\At64.job moved successfully.
    C:\WINDOWS\tasks\At65.job moved successfully.
    C:\WINDOWS\tasks\At66.job moved successfully.
    C:\WINDOWS\tasks\At67.job moved successfully.
    C:\WINDOWS\tasks\At68.job moved successfully.
    C:\WINDOWS\tasks\At69.job moved successfully.
    C:\WINDOWS\tasks\At7.job moved successfully.
    C:\WINDOWS\tasks\At70.job moved successfully.
    C:\WINDOWS\tasks\At71.job moved successfully.
    C:\WINDOWS\tasks\At72.job moved successfully.
    C:\WINDOWS\tasks\At73.job moved successfully.
    C:\WINDOWS\tasks\At74.job moved successfully.
    C:\WINDOWS\tasks\At75.job moved successfully.
    C:\WINDOWS\tasks\At76.job moved successfully.
    C:\WINDOWS\tasks\At77.job moved successfully.
    C:\WINDOWS\tasks\At78.job moved successfully.
    C:\WINDOWS\tasks\At79.job moved successfully.
    C:\WINDOWS\tasks\At8.job moved successfully.
    C:\WINDOWS\tasks\At80.job moved successfully.
    C:\WINDOWS\tasks\At81.job moved successfully.
    C:\WINDOWS\tasks\At82.job moved successfully.
    C:\WINDOWS\tasks\At83.job moved successfully.
    C:\WINDOWS\tasks\At84.job moved successfully.
    C:\WINDOWS\tasks\At85.job moved successfully.
    C:\WINDOWS\tasks\At86.job moved successfully.
    C:\WINDOWS\tasks\At87.job moved successfully.
    C:\WINDOWS\tasks\At88.job moved successfully.
    C:\WINDOWS\tasks\At89.job moved successfully.
    C:\WINDOWS\tasks\At9.job moved successfully.
    C:\WINDOWS\tasks\At90.job moved successfully.
    C:\WINDOWS\tasks\At91.job moved successfully.
    C:\WINDOWS\tasks\At92.job moved successfully.
    C:\WINDOWS\tasks\At93.job moved successfully.
    C:\WINDOWS\tasks\At94.job moved successfully.
    C:\WINDOWS\tasks\At95.job moved successfully.
    C:\WINDOWS\tasks\At96.job moved successfully.
    C:\WINDOWS\tasks\At97.job moved successfully.
    C:\WINDOWS\tasks\At98.job moved successfully.
    C:\WINDOWS\tasks\At99.job moved successfully.
    ========== REGISTRY ==========
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

    OTLPE by OldTimer - Version 3.1.40.0 log created on 09142010_094457
    [/codebox]

    #14 m0le

    m0le

      Can U Dig It?


    • Malware Response Team
    • 34,527 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:London, UK
    • Local time:09:51 AM

    Posted 15 September 2010 - 02:25 PM

    Looks good. Please run OTL (Scan only) and post that log.
    Posted Image
    m0le is a proud member of UNITE

    #15 xxmattnxx

    xxmattnxx
    • Topic Starter

    • Members
    • 52 posts
    • OFFLINE
    •  
    • Local time:05:51 AM

    Posted 15 September 2010 - 02:31 PM

    Do I just press scan or do I follow the original steps above likei did with the first one?




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users