[A] WinXP security 2012 virus: eliminated, but now Windows Update doesn't work

Inactive
By Bobbyrae
Jan 13, 2012
Topic Status:
Not open for further replies.
  1. I looked at other threads here regarding that virus and have followed some of the instructions and have outputs from various scanners...

    First, I had to boot into safe mode with a console window, where I could get AVG antivirus to run. That found 8 infections:

    Avira AntiVir Personal
    Report file date: Thursday, January 12, 2012 19:52

    Scanning for 3019400 virus strains and unwanted programs.

    Licensee : Avira AntiVir Personal - Free Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Save mode

    Starting the file scan:

    Begin scan in 'C:\'
    C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-49426e41
    [DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
    C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-24461839
    [DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
    C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-6bbb7397
    [DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
    C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-74a2f8ff
    [DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
    C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-1ad45421
    [DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
    C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-6ecff47f
    [DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
    C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\59\6b62f07b-6b424f34
    [0] Archive type: ZIP
    --> morale.class
    [DETECTION] Contains recognition pattern of the EXP/2011-3544.AJ exploit
    C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\60\5abff83c-1ebc27be
    [0] Archive type: ZIP
    --> xmltree/umbro.class
    [DETECTION] Contains recognition pattern of the EXP/2010-0840.AW exploit
    Begin scan in 'D:\'
    Begin scan in 'E:\'​


    Then I got back into Windows in a normal mode and was able to run MalwareBytes to find another infection:

    Registry Values Detected: 1
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Smad (Trojan.Agent) -> Data: "C:\Documents and Settings\Rion\Local Settings\Application Data\SanctionedMedia\Smad\Smad.exe" -> Quarantined and deleted successfully.

    Registry Data Items Detected: 1
    HKCR\.exe| (Hijacked.exeFile) -> Bad: (mdaw) Good: (exefile) -> Quarantined and repaired successfully.​


    Note that the full log files are attached and I am only dumping in the parts about infections.

    Then I ran FSS, which didn't give any problems. And Then I finally ran ESET, which oddly did find 3 infections, but they were all in the same temp directory, so I have deleted the named files.

    While the system seems to operating just as it did before, there is ONE NOTABLE exception, and that is that Windows Update does not work. It became clear because the problem started with that red shield down in the system tray telling me that I was "at risk", and I am still in that position, but only because update will not work.

    I went into the registry and found that the service for WinUpdate had been removed, found the reg entry online and entered it back in there. I also added in some entries for LEGACY_WUAUSERV, but am still at a point where it will not run. I have improved things to the point where Windows THINKS update is set and will not complain, but the service will not actually start. I get the following message:

    [​IMG]
    By bobbyrae at 2012-01-13

    Now, I have checked and doubled-checked, and triple-checked the spelling of the strings in the registery and cannot see any problems, so I think there may be another entry that got messed up or perhaps another DLL is involved and got deleted?

    Here's what I added:

    Key Name: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv
    Class Name: <NO CLASS>
    Last Write Time: 1/13/2012 - 11:08 AM
    Value 0
    Name: DisplayName
    Type: REG_SZ
    Data: Automatic Update Service
    Value 1
    Name: ImagePath
    Type: REG_EXPAND_SZ
    Data: %SystemRoot%\System32\svchost.exe -k netsvcs
    Value 2
    Name: Description
    Type: REG_SZ
    Data: Retreives Updates From Microsoft Automatically as needed
    Value 3
    Name: ObjectName
    Type: REG_SZ
    Data: LocalSystem
    Value 4
    Name: ErrorControl
    Type: REG_DWORD
    Data: 0x1
    Value 5
    Name: Start
    Type: REG_DWORD
    Data: 0x2
    Value 6
    Name: Type
    Type: REG_DWORD
    Data: 0x20
    Value 7
    Name: RT_ServiceSidType
    Type: REG_DWORD
    Data: 0x1
    Value 8
    Name: PreshutdownTimeout
    Type: REG_DWORD
    Data: 0x36ee80
    Value 9
    Name: DelayedAutoStart
    Type: REG_DWORD
    Data: 0x1

    Key Name: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv\Parameters
    Class Name: <NO CLASS>
    Last Write Time: 1/13/2012 - 8:42 AM
    Value 0
    Name: ServiceDll
    Type: REG_SZ
    Data: %SYSTEMROOT%\system32\wuauserv.dll

    Key Name: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv\Security
    Class Name: <NO CLASS>
    Last Write Time: 1/13/2012 - 6:21 AM
    Value 0
    Name: Security
    Type: REG_BINARY
    Data:
    00000000 01 00 14 80 90 00 00 00 - 9c 00 00 00 14 00 00 00 ................
    .....
    000000a0 00 00 00 05 12 00 00 00 - ........

    Key Name: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv\Enum
    Class Name: <NO CLASS>
    Last Write Time: 1/13/2012 - 11:08 AM
    Value 0
    Name: 0
    Type: REG_SZ
    Data: Root\LEGACY_WUAUSERV\0000
    Value 1
    Name: Count
    Type: REG_DWORD
    Data: 0x1
    Value 2
    Name: NextInstance
    Type: REG_DWORD
    Data: 0x1

    Attached Files:

  2. Bobbyrae

    Bobbyrae Newcomer, in training Topic Starter Posts: 25

    forgot to mention...

    I also ran RKILL....

    It didn't stop any processes.
  3. Broni

    Broni Malware Annihilator Posts: 46,172   +251

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  4. Bobbyrae

    Bobbyrae Newcomer, in training Topic Starter Posts: 25

    Here are some logs

    Avira scan results:

    Avira AntiVir Personal
    Report file date: Thursday, January 12, 2012 19:52

    Scanning for 3019400 virus strains and unwanted programs.

    Licensee : Avira AntiVir Personal - Free Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Save mode
    Username : Rion
    Computer name : RIONXP

    Version information:
    BUILD.DAT : 9.0.0.429 21701 Bytes 10/6/2010 10:04:00
    AVSCAN.EXE : 9.0.3.10 466689 Bytes 11/19/2009 17:07:00
    AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 19:58:26
    LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 20:35:50
    LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 19:58:54
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:07:00
    VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 23:30:20
    VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 08:08:28
    VBASE003.VDF : 7.11.19.171 2048 Bytes 12/20/2011 08:08:28
    VBASE004.VDF : 7.11.19.172 2048 Bytes 12/20/2011 08:08:28
    VBASE005.VDF : 7.11.19.173 2048 Bytes 12/20/2011 08:08:28
    VBASE006.VDF : 7.11.19.174 2048 Bytes 12/20/2011 08:08:28
    VBASE007.VDF : 7.11.19.175 2048 Bytes 12/20/2011 08:08:28
    VBASE008.VDF : 7.11.19.176 2048 Bytes 12/20/2011 08:08:28
    VBASE009.VDF : 7.11.19.177 2048 Bytes 12/20/2011 08:08:30
    VBASE010.VDF : 7.11.19.178 2048 Bytes 12/20/2011 08:08:30
    VBASE011.VDF : 7.11.19.179 2048 Bytes 12/20/2011 08:08:30
    VBASE012.VDF : 7.11.19.180 2048 Bytes 12/20/2011 08:08:30
    VBASE013.VDF : 7.11.19.217 182784 Bytes 12/22/2011 08:08:30
    VBASE014.VDF : 7.11.19.255 148480 Bytes 12/24/2011 08:08:30
    VBASE015.VDF : 7.11.20.29 164352 Bytes 12/27/2011 08:08:32
    VBASE016.VDF : 7.11.20.70 180224 Bytes 12/29/2011 08:08:32
    VBASE017.VDF : 7.11.20.102 240640 Bytes 1/2/2012 08:08:34
    VBASE018.VDF : 7.11.20.103 2048 Bytes 1/2/2012 08:08:34
    VBASE019.VDF : 7.11.20.104 2048 Bytes 1/2/2012 08:08:34
    VBASE020.VDF : 7.11.20.105 2048 Bytes 1/2/2012 08:08:34
    VBASE021.VDF : 7.11.20.106 2048 Bytes 1/2/2012 08:08:34
    VBASE022.VDF : 7.11.20.107 2048 Bytes 1/2/2012 08:08:34
    VBASE023.VDF : 7.11.20.108 2048 Bytes 1/2/2012 08:08:34
    VBASE024.VDF : 7.11.20.109 2048 Bytes 1/2/2012 08:08:34
    VBASE025.VDF : 7.11.20.110 2048 Bytes 1/2/2012 08:08:34
    VBASE026.VDF : 7.11.20.111 2048 Bytes 1/2/2012 08:08:34
    VBASE027.VDF : 7.11.20.112 2048 Bytes 1/2/2012 08:08:34
    VBASE028.VDF : 7.11.20.113 2048 Bytes 1/2/2012 08:08:36
    VBASE029.VDF : 7.11.20.114 2048 Bytes 1/2/2012 08:08:36
    VBASE030.VDF : 7.11.20.115 2048 Bytes 1/2/2012 08:08:36
    VBASE031.VDF : 7.11.20.137 157696 Bytes 1/4/2012 08:08:36
    Engineversion : 8.2.8.18
    AEVDF.DLL : 8.1.2.2 106868 Bytes 1/4/2012 08:08:56
    AESCRIPT.DLL : 8.1.3.95 479612 Bytes 1/4/2012 08:08:54
    AESCN.DLL : 8.1.7.2 127349 Bytes 1/12/2011 23:30:20
    AESBX.DLL : 8.2.4.5 434549 Bytes 1/4/2012 08:08:58
    AERDL.DLL : 8.1.9.15 639348 Bytes 9/10/2011 05:52:58
    AEPACK.DLL : 8.2.15.1 770423 Bytes 1/4/2012 08:08:52
    AEOFFICE.DLL : 8.1.2.25 201084 Bytes 1/4/2012 08:08:48
    AEHEUR.DLL : 8.1.3.14 4260216 Bytes 1/4/2012 08:08:46
    AEHELP.DLL : 8.1.18.0 254327 Bytes 1/4/2012 08:08:38
    AEGEN.DLL : 8.1.5.17 405877 Bytes 1/4/2012 08:08:38
    AEEMU.DLL : 8.1.3.0 393589 Bytes 1/12/2011 23:30:20
    AECORE.DLL : 8.1.24.3 201079 Bytes 1/4/2012 08:08:36
    AEBB.DLL : 8.1.1.0 53618 Bytes 6/20/2010 01:03:40
    AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 17:48:00
    AVPREF.DLL : 9.0.3.0 44289 Bytes 11/19/2009 17:07:00
    AVREP.DLL : 10.0.0.9 174120 Bytes 6/10/2011 15:00:22
    AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 19:32:10
    AVARKT.DLL : 9.0.0.3 292609 Bytes 3/25/2009 00:05:42
    AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 19:37:10
    SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/29/2009 00:03:50
    SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 17:21:34
    NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 19:32:12
    RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/16/2009 00:40:00
    RCTEXT.DLL : 9.0.73.0 86785 Bytes 11/19/2009 17:07:00

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:, D:, E:,
    Process scan........................: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium
    Deviating risk categories...........: -DIAL,-ADSPY,-ADWARE,-BDC,-HIDDENEXT,-PHISH,

    Start of the scan: Thursday, January 12, 2012 19:52

    Starting search for hidden objects.
    The driver could not be initialized.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'cmd.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    11 processes with 11 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    Master boot sector HD2
    [INFO] No virus was found!
    Master boot sector HD3
    [INFO] No virus was found!
    Master boot sector HD4
    [INFO] No virus was found!
    Master boot sector HD5
    [INFO] No virus was found!
    Master boot sector HD6
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!
    Boot sector 'E:\'
    [INFO] No virus was found!

    Starting to scan executable files (registry).
    The registry was scanned ( '65' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-49426e41
    [DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
    C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-24461839
    [DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
    C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-6bbb7397
    [DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
    C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-74a2f8ff
    [DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
    C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-1ad45421
    [DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
    C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-6ecff47f
    [DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
    C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\59\6b62f07b-6b424f34
    [0] Archive type: ZIP
    --> morale.class
    [DETECTION] Contains recognition pattern of the EXP/2011-3544.AJ exploit
    C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\60\5abff83c-1ebc27be
    [0] Archive type: ZIP
    --> xmltree/umbro.class
    [DETECTION] Contains recognition pattern of the EXP/2010-0840.AW exploit
    Begin scan in 'D:\'
    Begin scan in 'E:\'

    Beginning disinfection:
    C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-49426e41
    [DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
    [NOTE] The file was moved to '4f71b8fd.qua'!
    C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-24461839
    [DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
    [NOTE] The file was moved to '4e71ac36.qua'!
    C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-6bbb7397
    [DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
    [NOTE] The file was moved to '4cfe0ede.qua'!
    C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-74a2f8ff
    [DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
    [NOTE] The file was moved to '4ce10516.qua'!
    C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-1ad45421
    [DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
    [NOTE] The file was moved to '4ce07d4e.qua'!
    C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-6ecff47f
    [DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
    [NOTE] The file was moved to '4ce37586.qua'!
    C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\59\6b62f07b-6b424f34
    [NOTE] The file was moved to '4f45b8f9.qua'!
    C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\60\5abff83c-1ebc27be
    [NOTE] The file was moved to '4f71b8f8.qua'!


    End of the scan: Thursday, January 12, 2012 20:52
    Used time: 56:39 Minute(s)

    The scan has been done completely.

    10996 Scanned directories
    437175 Files were scanned
    8 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    8 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    437167 Files not concerned
    3299 Archives were scanned
    0 Warnings
    8 Notes​

    MalwareBytes scan results:

    Malwarebytes Anti-Malware (PRO) 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.13.01

    Windows XP Service Pack 3 x86 FAT32
    Internet Explorer 7.0.5730.13
    :: RIONXP [administrator]

    Protection: Disabled

    1/12/2012 8:59:24 PM
    mbam-log-2012-01-12 (20-59-24).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 175641
    Time elapsed: 3 minute(s), 25 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Smad (Trojan.Agent) -> Data: "C:\Documents and Settings\Rion\Local Settings\Application Data\SanctionedMedia\Smad\Smad.exe" -> Quarantined and deleted successfully.

    Registry Data Items Detected: 1
    HKCR\.exe| (Hijacked.exeFile) -> Bad: (mdaw) Good: (exefile) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)​

    FSS scan results:


    Farbar Service Scanner
    Ran by Rion (administrator) on 13-01-2012 at 12:21:44
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.

    BITS Service is not running. Checking service configuration:
    The start type of BITS service is set to Demand. The default start type is Auto.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    Bridge(9) BridgeMP(8) Gpc(3) IPSec(5) Nbf(10) NetBT(6) PSched(7) Tcpip(4)
    0x0B000000050000000100000002000000030000000400000056000000060000000700000008000000090000000A000000
    IpSec Tag value is correct.

    **** End of log ****​

    RKill results:

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 01/13/2012 at 12:42:01.
    Operating System: Microsoft Windows XP

    Processes terminated by Rkill or while it was running:

    Rkill completed on 01/13/2012 at 12:42:08.​

    ESET scan results:

    C:\Documents and Settings\Rion\Local Settings\temp\mwaexosncr.exe a variant of MSIL/Kryptik.L trojan
    C:\Documents and Settings\Rion\Local Settings\temp\0.8668838161782961fdrgs.exe Win32/Adware.XPAntiSpyware.AD application
    C:\Documents and Settings\Rion\Local Settings\temp\0.943536852582801golda.exe Win32/Adware.XPAntiSpyware.AD application


    I have deleted everything in C:\Documents and Settings\Rion\Local Settings\temp. The only problem right now is that the Update Service will not start. If you can give me a way to start it via command line, that would be great.


    Thanks a lot!
  5. Bobbyrae

    Bobbyrae Newcomer, in training Topic Starter Posts: 25

    just answered my own question!

    I just figured out that it would be

    C:> net start wuauserv

    but it just gives that same error message about not being able to find the file. I don't know which file because we have already verified that wuauserv.dll is there.
  6. Bobbyrae

    Bobbyrae Newcomer, in training Topic Starter Posts: 25

    Gmer, D.D.S.

    GMER log file:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-01-18 01:36:41
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\adpu160m1Port2Path0Target0Lun0 SEAGATE_ rev.0003
    Running: uu6swnwt.exe; Driver: C:\DOCUME~1\Rion\LOCALS~1\Temp\uxtdrpog.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF7728A0C]
    .text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF6C84360, 0x24BB1D, 0xE8000020]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----​


    I ran DDS (twice), but it would not complete. I don't know why. MalwareBytes was turned off and so was the browser and everything else. The Console window opened, it seemed to be working. It said max 3 minutes. I waited over 10 minutes, but still no popups. And it was impossible to kill the process or even shut down the computer at that point, so I had to hit the reset button. I think you should warn folks about this!

    Thanks!
  7. Broni

    Broni Malware Annihilator Posts: 46,172   +251

    [​IMG]

    Do NOT any other scans than those I ask for.
    ================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===============================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  8. Bobbyrae

    Bobbyrae Newcomer, in training Topic Starter Posts: 25

    problems with SCSI

    Broni,

    Regarding the "other" unrequested scans... the latest ones I have posted I believed to be required per the 5 step procedure outlined in this forum. It sounds like we are to do those initially. If not, I misunderstood. But yes, in my very first post I did some extra scans. Sorry.

    Now...

    aswMBR is running incredibly slowly on my system. It went for *4* hours and still was not done. I stopped it and compared the timestamps to other listings here in the forum and it should take about 1/2 hour. So then I ran bootCleaner and it gave me this message:

    [​IMG]

    which tells me that probably every time I see really slow execution on these programs it is because of something like this. Except that the other programs weren't designed to do the right thing!

    So tonight I will start aswMBR before I go to bed and hopefully 8 hours will be enough for it.

    Good News: using regsvr32 on my DLL's got windows update service going again.
    Bad News: boot_cleaner did find a bootkit on my boot drive. I will post the results tomorrow if I can.

    Thanks!
  9. Broni

    Broni Malware Annihilator Posts: 46,172   +251

    No problem :)
  10. Bobbyrae

    Bobbyrae Newcomer, in training Topic Starter Posts: 25

    awsMBR

    duplicate.....
  11. Bobbyrae

    Bobbyrae Newcomer, in training Topic Starter Posts: 25

    awsMBR

    I am sorry this took so long, but I have been waiting for a response at the AVAST website support forum. I was hoping for some clue as to make that program work correctly. Since I have NOT gotten any helpful responses, I will just enter the log I got from a partial run. As you can see, it ran for 15 hours and did not complete.

    aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-19 02:18:03
    -----------------------------
    02:18:03.984 OS Version: Windows 5.1.2600 Service Pack 3
    02:18:03.984 Number of processors: 1 586 0x801
    02:18:03.984 ComputerName: RIONXP UserName: Rion
    02:18:04.328 Initialize success
    02:18:12.093 AVAST engine defs: 12011801
    02:18:30.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\adpu160m1Port2Path0Target0Lun0
    02:18:30.859 Disk 0 Vendor: SEAGATE_ 0003 Size: 17501MB BusType: 1
    02:18:31.375 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\adpu160m1Port2Path0Target1Lun0
    02:18:31.375 Disk 1 Vendor: QUANTUM_ UCH0 Size: 8759MB BusType: 1
    02:18:31.375 Disk 2 \Device\Harddisk2\DR2 -> \Device\Scsi\adpu160m1Port2Path0Target2Lun0
    02:18:31.375 Disk 2 Vendor: FUJITSU_ 0104 Size: 35068MB BusType: 1
    02:18:31.375 Device \Driver\adpu160m -> DriverStartIo SCSIPORT.SYS f73c440e
    02:18:31.406 Disk 0 MBR read successfully
    02:18:31.406 Disk 0 MBR scan
    02:18:31.421 Disk 0 Windows XP default MBR code
    02:18:31.437 Disk 0 Partition 1 80 (A) 0C FAT32 LBA MSDOS5.0 17492 MB offset 63
    02:18:31.453 Disk 0 scanning sectors +35824950
    02:18:31.468 Disk 0 scanning C:\WINDOWS\system32\drivers
    02:57:49.187 Service scanning
    02:57:50.343 Modules scanning
    03:32:05.765 Disk 0 trace - called modules:
    03:32:05.765 ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll adpu160m.sys
    03:32:05.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f0e918]
    03:32:05.781 3 CLASSPNP.SYS[f750ffd7] -> nt!IofCallDriver -> \Device\Scsi\adpu160m1Port2Path0Target0Lun0[0x86fd6a38]
    03:32:06.328 AVAST engine scan C:\WINDOWS
    03:44:38.890 AVAST engine scan C:\WINDOWS\system32
    16:42:33.781 AVAST engine scan C:\WINDOWS\system32\drivers
    17:21:50.796 AVAST engine scan C:\Documents and Settings\Rion
    17:38:51.125 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
    17:38:51.140 The log file has been saved successfully to "C:\aswMBR.txt"

    ------------------------------------

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    ATA_Read(): DeviceIoControl() ERROR 1

    Size Device Name MBR Status
    --------------------------------------------
    17 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
     
  12. Broni

    Broni Malware Annihilator Posts: 46,172   +251

    Please download and run ListParts by Farbar (for 32-bit system)

    Please download and run ListParts64 by Farbar (for 64-bit system)

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
  13. Bobbyrae

    Bobbyrae Newcomer, in training Topic Starter Posts: 25

    listParts results

    ListParts by Farbar
    Ran by Rion on 25-01-2012 at 05:31:11
    Windows XP (X86)
    Running From: D:\FSS
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 45%
    Total physical RAM: 1023.48 MB
    Available physical RAM: 562.08 MB
    Total Pagefile: 929.73 MB
    Available Pagefile: 607.62 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 2003.66 MB

    ======================= Partitions =========================

    2 Drive c: () (Fixed) (Total:17.07 GB) (Free:4.05 GB) FAT32 ==>[Drive with boot components (Windows XP)]
    3 Drive d: () (Fixed) (Total:34.24 GB) (Free:15.45 GB) NTFS
    4 Drive e: () (Fixed) (Total:8.53 GB) (Free:4.17 GB) FAT32

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 17 GB 0 B
    Disk 1 Online 9 GB 0 B
    Disk 2 Online 34 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 17 GB 32 KB

    Disk: 0
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C FAT32 Partition 17 GB Healthy System (partition with boot components)

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Extended 9 GB 8033 KB
    Partition 2 Logical 9 GB 8064 KB

    Disk: 1
    Partition 2
    Type : 0B
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E FAT32 Partition 9 GB Healthy

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 34 GB 32 KB

    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 D NTFS Partition 34 GB Healthy


    ****** End Of Log ******
  14. Broni

    Broni Malware Annihilator Posts: 46,172   +251

    Download the FixTDSS.exe

    Save the file to your Windows desktop.
    Close all running programs.
    If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
    Double-click the FixTDSS.exe file to start the removal tool.
    Click Start to begin the process, and then allow the tool to run.
    OK any security prompts.
    Restart the computer when prompted by the tool.
    After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
    If you are running Windows XP, re-enable System Restore.
  15. Bobbyrae

    Bobbyrae Newcomer, in training Topic Starter Posts: 25

    Good News!

    The result was:

    Backdoor. Tidserv has not been found on your computer.


    Or is this bad news? Meaning that there must be some other rootkit?

    Thanks again!
  16. Broni

    Broni Malware Annihilator Posts: 46,172   +251

    That's fine. We're just checking....

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  17. Bobbyrae

    Bobbyrae Newcomer, in training Topic Starter Posts: 25

    ComboFix ran but would not complete

    As I previously experienced with DDS and awsMBR, CF starts up and seems to be humming along, but then after some time it kinda goes to sleep.

    That is, the window is still there, the clock is going, but NOTHING is happening. So I tried it in safe mode and got the same results. Then I made sure that mbamservice was disabled and tried AGAIN in normal mode, but it went for 5 HOURS and then I had to press the reset button. There were some directories and files created, but no log file. It appears that the activity stopped shortly after initiating CF.

    So... does this count as "not running" and I should try the renaming approach?

    I want you to know this is very frustrating (i.e. cure is worse than the disease!) and if you are convinced I have a virus I would like to know what you are thinking, please.
  18. Broni

    Broni Malware Annihilator Posts: 46,172   +251

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  19. Bobbyrae

    Bobbyrae Newcomer, in training Topic Starter Posts: 25

    Are you ignoring my questions?

    I asked you a couple of question in my previous post. Did you not notice?

    TDSSKILLER found nothing. It did not reboot or ask me any questions. Here is the log:

    09:38:09.0984 2176 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
    09:38:10.0406 2176 ============================================================
    09:38:10.0406 2176 Current date / time: 2012/01/27 09:38:10.0406
    09:38:10.0406 2176 SystemInfo:
    09:38:10.0406 2176
    09:38:10.0406 2176 OS Version: 5.1.2600 ServicePack: 3.0
    09:38:10.0406 2176 Product type: Workstation
    09:38:10.0406 2176 ComputerName: RIONXP
    09:38:10.0406 2176 UserName: Rion
    09:38:10.0406 2176 Windows directory: C:\WINDOWS
    09:38:10.0406 2176 System windows directory: C:\WINDOWS
    09:38:10.0406 2176 Processor architecture: Intel x86
    09:38:10.0406 2176 Number of processors: 1
    09:38:10.0406 2176 Page size: 0x1000
    09:38:10.0406 2176 Boot type: Normal boot
    09:38:10.0406 2176 ============================================================
    09:38:11.0453 2176 Drive \Device\Harddisk0\DR0 - Size: 0x445DCCC00 (17.09 Gb), SectorSize: 0x200, Cylinders: 0x8B7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
    09:38:11.0468 2176 Drive \Device\Harddisk1\DR1 - Size: 0x223745400 (8.55 Gb), SectorSize: 0x200, Cylinders: 0x45C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
    09:38:11.0468 2176 Drive \Device\Harddisk2\DR2 - Size: 0x88FC1D000 (34.25 Gb), SectorSize: 0x200, Cylinders: 0x1176, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
    09:38:11.0515 2176 Initialize success
    09:38:23.0031 1672 ============================================================
    09:38:23.0031 1672 Scan started
    09:38:23.0031 1672 Mode: Manual;
    09:38:23.0031 1672 ============================================================
    09:38:23.0453 1672 Abiosdsk - ok
    09:38:23.0593 1672 abp480n5 - ok
    09:38:23.0765 1672 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    09:38:23.0843 1672 ACPI - ok
    09:38:23.0906 1672 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    09:38:23.0906 1672 ACPIEC - ok
    09:38:24.0000 1672 adpu160m (7cc7974b9c504992e08af6dbeeeaf3bf) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    09:38:24.0000 1672 adpu160m - ok
    09:38:24.0140 1672 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    09:38:24.0156 1672 aec - ok
    09:38:24.0234 1672 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    09:38:24.0437 1672 AFD - ok
    09:38:24.0593 1672 Aha154x - ok
    09:38:24.0734 1672 aic78u2 - ok
    09:38:24.0906 1672 aic78xx - ok
    09:38:25.0078 1672 AliIde - ok
    09:38:25.0187 1672 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
    09:38:25.0187 1672 AmdK7 - ok
    09:38:25.0265 1672 AMDPCI - ok
    09:38:25.0421 1672 amsint - ok
    09:38:25.0515 1672 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    09:38:25.0531 1672 Arp1394 - ok
    09:38:25.0671 1672 asc - ok
    09:38:25.0843 1672 asc3350p - ok
    09:38:26.0000 1672 asc3550 - ok
    09:38:26.0171 1672 aslm75 (71356a1370739e25375a1d17b6ae318f) C:\WINDOWS\system32\drivers\aslm75.sys
    09:38:26.0171 1672 aslm75 - ok
    09:38:26.0265 1672 Aspi32 (835af6b53390729622fb8a937cdc99ce) C:\WINDOWS\system32\drivers\aspi32.sys
    09:38:26.0265 1672 Aspi32 - ok
    09:38:26.0328 1672 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    09:38:26.0328 1672 AsyncMac - ok
    09:38:26.0406 1672 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    09:38:26.0406 1672 atapi - ok
    09:38:26.0562 1672 Atdisk - ok
    09:38:26.0640 1672 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    09:38:26.0640 1672 Atmarpc - ok
    09:38:26.0750 1672 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    09:38:26.0750 1672 audstub - ok
    09:38:26.0812 1672 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    09:38:26.0812 1672 avgio - ok
    09:38:26.0984 1672 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    09:38:27.0000 1672 avgntflt - ok
    09:38:27.0156 1672 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\WINDOWS\system32\DRIVERS\avipbb.sys
    09:38:27.0156 1672 avipbb - ok
    09:38:27.0203 1672 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    09:38:27.0203 1672 Beep - ok
    09:38:27.0296 1672 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
    09:38:27.0296 1672 Bridge - ok
    09:38:27.0312 1672 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
    09:38:27.0328 1672 BridgeMP - ok
    09:38:27.0453 1672 BsStor (d6d0f3860f022a12e888965f8237cbd9) C:\WINDOWS\system32\DRIVERS\bsstor.sys
    09:38:27.0453 1672 BsStor - ok
    09:38:27.0500 1672 BsUDF (9fb5b0b0b3a7bbf8ef21831acaea1d35) C:\WINDOWS\system32\drivers\BsUDF.sys
    09:38:27.0515 1672 BsUDF - ok
    09:38:27.0593 1672 catchme - ok
    09:38:27.0640 1672 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    09:38:27.0640 1672 cbidf2k - ok
    09:38:27.0703 1672 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    09:38:27.0703 1672 CCDECODE - ok
    09:38:27.0875 1672 cd20xrnt - ok
    09:38:27.0921 1672 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    09:38:27.0921 1672 Cdaudio - ok
    09:38:28.0000 1672 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    09:38:28.0000 1672 Cdfs - ok
    09:38:28.0078 1672 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    09:38:28.0078 1672 Cdrom - ok
    09:38:28.0125 1672 cglptnt (c8b5858aebb4782ae16533297ef1f9be) C:\totalcmd\cglptnt.sys
    09:38:28.0125 1672 cglptnt - ok
    09:38:28.0265 1672 Changer - ok
    09:38:28.0437 1672 CmdIde - ok
    09:38:28.0609 1672 Cpqarray - ok
    09:38:28.0765 1672 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\WINDOWS\system32\drivers\cpuz134_x32.sys
    09:38:28.0765 1672 cpuz134 - ok
    09:38:28.0937 1672 dac2w2k - ok
    09:38:29.0093 1672 dac960nt - ok
    09:38:29.0234 1672 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
    09:38:29.0234 1672 DgiVecp - ok
    09:38:29.0265 1672 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    09:38:29.0265 1672 Disk - ok
    09:38:29.0406 1672 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    09:38:29.0484 1672 dmboot - ok
    09:38:29.0640 1672 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    09:38:29.0640 1672 dmio - ok
    09:38:29.0656 1672 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    09:38:29.0671 1672 dmload - ok
    09:38:29.0765 1672 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    09:38:29.0765 1672 DMusic - ok
    09:38:29.0937 1672 dpti2o - ok
    09:38:30.0015 1672 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    09:38:30.0015 1672 drmkaud - ok
    09:38:30.0156 1672 EIO (1438427631a46b759c0d1cb5f6268fd7) C:\WINDOWS\system32\drivers\EIO.sys
    09:38:30.0171 1672 EIO - ok
    09:38:30.0328 1672 EL90Xbc (b61eaf446adf55cc0d0d5c5bbd3d1cae) C:\WINDOWS\system32\DRIVERS\el90Xbc5.SYS
    09:38:30.0328 1672 EL90Xbc - ok
    09:38:30.0406 1672 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    09:38:30.0421 1672 Fastfat - ok
    09:38:30.0453 1672 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    09:38:30.0453 1672 Fdc - ok
    09:38:30.0546 1672 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    09:38:30.0546 1672 Fips - ok
    09:38:30.0625 1672 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    09:38:30.0625 1672 Flpydisk - ok
    09:38:30.0750 1672 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    09:38:30.0765 1672 FltMgr - ok
    09:38:30.0812 1672 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    09:38:30.0812 1672 Fs_Rec - ok
    09:38:30.0859 1672 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    09:38:30.0875 1672 Ftdisk - ok
    09:38:30.0937 1672 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
    09:38:30.0937 1672 gameenum - ok
    09:38:31.0015 1672 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    09:38:31.0015 1672 Gpc - ok
    09:38:31.0187 1672 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    09:38:31.0187 1672 HidUsb - ok
    09:38:31.0343 1672 hmonitor (b8edd78f9f888cf1b70c9e6c3be4a8e6) C:\WINDOWS\system32\drivers\hmonitor.sys
    09:38:31.0343 1672 hmonitor - ok
    09:38:31.0500 1672 hpn - ok
    09:38:31.0562 1672 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    09:38:31.0562 1672 HTTP - ok
    09:38:31.0734 1672 i2omgmt - ok
    09:38:31.0890 1672 i2omp - ok
    09:38:31.0953 1672 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    09:38:31.0953 1672 i8042prt - ok
    09:38:32.0062 1672 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    09:38:32.0062 1672 Imapi - ok
    09:38:32.0234 1672 ini910u - ok
    09:38:32.0390 1672 IntelIde - ok
    09:38:32.0484 1672 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    09:38:32.0500 1672 ip6fw - ok
    09:38:32.0546 1672 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    09:38:32.0546 1672 IpFilterDriver - ok
    09:38:32.0562 1672 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    09:38:32.0562 1672 IpInIp - ok
    09:38:32.0656 1672 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    09:38:32.0671 1672 IpNat - ok
    09:38:32.0750 1672 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    09:38:32.0750 1672 IPSec - ok
    09:38:32.0796 1672 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    09:38:32.0796 1672 IRENUM - ok
    09:38:32.0906 1672 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    09:38:32.0906 1672 isapnp - ok
    09:38:32.0968 1672 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    09:38:32.0968 1672 Kbdclass - ok
    09:38:33.0140 1672 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    09:38:33.0140 1672 kbdhid - ok
    09:38:33.0171 1672 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    09:38:33.0187 1672 kmixer - ok
    09:38:33.0328 1672 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    09:38:33.0328 1672 KSecDD - ok
    09:38:33.0500 1672 lbrtfdc - ok
    09:38:33.0687 1672 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) C:\WINDOWS\system32\drivers\mbamchameleon.sys
    09:38:33.0703 1672 mbamchameleon - ok
    09:38:33.0750 1672 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
    09:38:33.0765 1672 MBAMProtector - ok
    09:38:33.0843 1672 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    09:38:33.0843 1672 mnmdd - ok
    09:38:33.0875 1672 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    09:38:33.0875 1672 Modem - ok
    09:38:33.0921 1672 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    09:38:33.0921 1672 Mouclass - ok
    09:38:34.0078 1672 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    09:38:34.0078 1672 mouhid - ok
    09:38:34.0140 1672 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    09:38:34.0140 1672 MountMgr - ok
    09:38:34.0187 1672 MR97310_USB_DUAL_CAMERA (1aae79a4176a957bf2bb679812f04655) C:\WINDOWS\system32\DRIVERS\mr97310c.sys
    09:38:34.0187 1672 MR97310_USB_DUAL_CAMERA - ok
    09:38:34.0343 1672 mraid35x - ok
    09:38:34.0453 1672 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    09:38:34.0453 1672 MRxDAV - ok
    09:38:34.0531 1672 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    09:38:34.0531 1672 MRxSmb - ok
    09:38:34.0640 1672 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    09:38:34.0640 1672 Msfs - ok
    09:38:34.0734 1672 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    09:38:34.0734 1672 MSKSSRV - ok
    09:38:34.0812 1672 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    09:38:34.0812 1672 MSPCLOCK - ok
    09:38:34.0890 1672 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    09:38:34.0890 1672 MSPQM - ok
    09:38:35.0000 1672 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    09:38:35.0000 1672 mssmbios - ok
    09:38:35.0078 1672 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    09:38:35.0093 1672 MSTEE - ok
    09:38:35.0171 1672 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
    09:38:35.0171 1672 ms_mpu401 - ok
    09:38:35.0328 1672 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    09:38:35.0343 1672 Mup - ok
    09:38:35.0421 1672 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    09:38:35.0421 1672 NABTSFEC - ok
    09:38:35.0578 1672 Nbf - ok
    09:38:35.0625 1672 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    09:38:35.0671 1672 NDIS - ok
    09:38:35.0750 1672 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    09:38:35.0750 1672 NdisIP - ok
    09:38:35.0843 1672 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    09:38:35.0843 1672 NdisTapi - ok
    09:38:35.0906 1672 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    09:38:35.0906 1672 Ndisuio - ok
    09:38:35.0953 1672 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    09:38:35.0953 1672 NdisWan - ok
    09:38:36.0031 1672 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    09:38:36.0031 1672 NDProxy - ok
    09:38:36.0093 1672 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    09:38:36.0109 1672 NetBIOS - ok
    09:38:36.0218 1672 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    09:38:36.0218 1672 NetBT - ok
    09:38:36.0390 1672 ngrpci (bdfa550022facf2a922213065924f529) C:\WINDOWS\system32\DRIVERS\ngrpci.sys
    09:38:36.0390 1672 ngrpci - ok
    09:38:36.0437 1672 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    09:38:36.0437 1672 NIC1394 - ok
    09:38:36.0593 1672 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    09:38:36.0593 1672 Npfs - ok
    09:38:36.0703 1672 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    09:38:36.0734 1672 Ntfs - ok
    09:38:36.0781 1672 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    09:38:36.0781 1672 Null - ok
    09:38:37.0109 1672 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    09:38:37.0234 1672 nv - ok
    09:38:37.0281 1672 nvax (fb8595ef3ceb81f0da3f6f211b2df932) C:\WINDOWS\system32\drivers\nvax.sys
    09:38:37.0296 1672 nvax - ok
    09:38:37.0437 1672 nvcap (9fef02bef7a8d25af5a1915b58ea8216) C:\WINDOWS\system32\DRIVERS\nvcap.sys
    09:38:37.0453 1672 nvcap - ok
    09:38:37.0562 1672 NVENET (fbe448efa5484a256528e1d02b959bbc) C:\WINDOWS\system32\DRIVERS\NVENET.sys
    09:38:37.0562 1672 NVENET - ok
    09:38:37.0671 1672 nvnforce (d2315cd3053fc3b4250dc2dbd0ac49e4) C:\WINDOWS\system32\drivers\nvapu.sys
    09:38:37.0734 1672 nvnforce - ok
    09:38:37.0921 1672 nvTUNEP (1e92265bd0b1e8e04fa56c63c5abf420) C:\WINDOWS\system32\DRIVERS\nvtunep.sys
    09:38:37.0921 1672 nvTUNEP - ok
    09:38:38.0062 1672 nvtvSND (83e5248921a767dda38173ebd5c7de6d) C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys
    09:38:38.0078 1672 nvtvSND - ok
    09:38:38.0203 1672 NVXBAR (6f3a4728f6eb3384531b305fc58964f6) C:\WINDOWS\system32\DRIVERS\NVxbar.sys
    09:38:38.0218 1672 NVXBAR - ok
    09:38:38.0343 1672 nv_agp (db36442c20793c53b4128eb85f9a3d32) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
    09:38:38.0343 1672 nv_agp - ok
    09:38:38.0390 1672 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    09:38:38.0390 1672 NwlnkFlt - ok
    09:38:38.0437 1672 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    09:38:38.0437 1672 NwlnkFwd - ok
    09:38:38.0515 1672 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    09:38:38.0515 1672 ohci1394 - ok
    09:38:38.0562 1672 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    09:38:38.0562 1672 Parport - ok
    09:38:38.0625 1672 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    09:38:38.0625 1672 PartMgr - ok
    09:38:38.0671 1672 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    09:38:38.0671 1672 ParVdm - ok
    09:38:38.0765 1672 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    09:38:38.0765 1672 PCI - ok
    09:38:38.0937 1672 PCIDump - ok
    09:38:39.0062 1672 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    09:38:39.0062 1672 PCIIde - ok
    09:38:39.0187 1672 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    09:38:39.0203 1672 Pcmcia - ok
    09:38:39.0359 1672 PDCOMP - ok
    09:38:39.0500 1672 PDFRAME - ok
    09:38:39.0656 1672 PDRELI - ok
    09:38:39.0796 1672 PDRFRAME - ok
    09:38:39.0968 1672 perc2 - ok
    09:38:40.0125 1672 perc2hib - ok
    09:38:40.0296 1672 pfc (c4aa89518e8a2934eaf503c9587ff157) C:\WINDOWS\system32\drivers\pfc.sys
    09:38:40.0296 1672 pfc - ok
    09:38:40.0375 1672 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    09:38:40.0375 1672 PptpMiniport - ok
    09:38:40.0406 1672 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    09:38:40.0421 1672 PSched - ok
    09:38:40.0453 1672 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    09:38:40.0453 1672 Ptilink - ok
    09:38:40.0625 1672 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
    09:38:40.0625 1672 PxHelp20 - ok
    09:38:40.0781 1672 ql1080 - ok
    09:38:40.0953 1672 Ql10wnt - ok
    09:38:41.0093 1672 ql12160 - ok
    09:38:41.0250 1672 ql1240 - ok
    09:38:41.0406 1672 ql1280 - ok
    09:38:41.0437 1672 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    09:38:41.0437 1672 RasAcd - ok
    09:38:41.0515 1672 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    09:38:41.0515 1672 Rasl2tp - ok
    09:38:41.0578 1672 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    09:38:41.0578 1672 RasPppoe - ok
    09:38:41.0609 1672 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    09:38:41.0609 1672 Raspti - ok
    09:38:41.0671 1672 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    09:38:41.0687 1672 Rdbss - ok
    09:38:41.0718 1672 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    09:38:41.0718 1672 RDPCDD - ok
    09:38:41.0750 1672 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    09:38:41.0750 1672 rdpdr - ok
    09:38:41.0859 1672 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    09:38:41.0859 1672 RDPWD - ok
    09:38:41.0937 1672 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    09:38:41.0953 1672 redbook - ok
    09:38:42.0015 1672 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
    09:38:42.0015 1672 sbp2port - ok
    09:38:42.0187 1672 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    09:38:42.0187 1672 Secdrv - ok
    09:38:42.0250 1672 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    09:38:42.0265 1672 serenum - ok
    09:38:42.0312 1672 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    09:38:42.0312 1672 Serial - ok
    09:38:42.0375 1672 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    09:38:42.0375 1672 Sfloppy - ok
    09:38:42.0578 1672 SI3112r (8fd2a1128f8f2fd340c096719ad10246) C:\WINDOWS\system32\DRIVERS\SI3112r.sys
    09:38:42.0578 1672 SI3112r - ok
    09:38:42.0734 1672 SiFilter (e393a2822fdbb3ec3648fd64e54cdda0) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
    09:38:42.0734 1672 SiFilter - ok
    09:38:42.0906 1672 Simbad - ok
    09:38:42.0937 1672 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    09:38:42.0953 1672 SLIP - ok
    09:38:43.0125 1672 Sparrow - ok
    09:38:43.0156 1672 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    09:38:43.0156 1672 splitter - ok
    09:38:43.0250 1672 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    09:38:43.0250 1672 sr - ok
    09:38:43.0375 1672 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    09:38:43.0390 1672 Srv - ok
    09:38:43.0562 1672 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    09:38:43.0562 1672 ssmdrv - ok
    09:38:43.0640 1672 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    09:38:43.0640 1672 streamip - ok
    09:38:43.0750 1672 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    09:38:43.0750 1672 swenum - ok
    09:38:43.0921 1672 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    09:38:43.0921 1672 swmidi - ok
    09:38:44.0093 1672 symc810 - ok
    09:38:44.0234 1672 symc8xx - ok
    09:38:44.0390 1672 sym_hi - ok
    09:38:44.0546 1672 sym_u3 - ok
    09:38:44.0687 1672 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    09:38:44.0703 1672 sysaudio - ok
    09:38:44.0890 1672 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    09:38:44.0890 1672 Tcpip - ok
    09:38:45.0046 1672 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    09:38:45.0046 1672 TDPIPE - ok
    09:38:45.0203 1672 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    09:38:45.0203 1672 TDTCP - ok
    09:38:45.0359 1672 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    09:38:45.0359 1672 TermDD - ok
    09:38:45.0515 1672 TosIde - ok
    09:38:45.0671 1672 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    09:38:45.0671 1672 Udfs - ok
    09:38:45.0828 1672 ultra - ok
    09:38:45.0984 1672 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    09:38:46.0000 1672 Update - ok
    09:38:46.0187 1672 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    09:38:46.0187 1672 usbccgp - ok
    09:38:46.0281 1672 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    09:38:46.0281 1672 usbehci - ok
    09:38:46.0421 1672 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    09:38:46.0421 1672 usbhub - ok
    09:38:46.0562 1672 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    09:38:46.0562 1672 usbohci - ok
    09:38:46.0703 1672 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    09:38:46.0703 1672 usbprint - ok
    09:38:46.0859 1672 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    09:38:46.0859 1672 usbscan - ok
    09:38:47.0000 1672 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    09:38:47.0000 1672 usbstor - ok
    09:38:47.0140 1672 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    09:38:47.0140 1672 VgaSave - ok
    09:38:47.0312 1672 ViaIde - ok
    09:38:47.0453 1672 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    09:38:47.0453 1672 VolSnap - ok
    09:38:47.0578 1672 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    09:38:47.0593 1672 Wanarp - ok
    09:38:47.0734 1672 WDICA - ok
    09:38:47.0890 1672 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    09:38:47.0890 1672 wdmaud - ok
    09:38:48.0000 1672 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    09:38:48.0000 1672 WS2IFSL - ok
    09:38:48.0140 1672 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    09:38:48.0140 1672 WSTCODEC - ok
    09:38:48.0203 1672 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    09:38:48.0296 1672 \Device\Harddisk0\DR0 - ok
    09:38:48.0312 1672 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    09:38:48.0312 1672 \Device\Harddisk1\DR1 - ok
    09:38:48.0328 1672 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
    09:38:48.0328 1672 \Device\Harddisk2\DR2 - ok
    09:38:48.0343 1672 Boot (0x1200) (1693b67b2ec4f58521c55f6a9688e66e) \Device\Harddisk0\DR0\Partition0
    09:38:48.0343 1672 \Device\Harddisk0\DR0\Partition0 - ok
    09:38:48.0343 1672 Boot (0x1200) (eb8cc40d7a608cb96fa68d7a566a5863) \Device\Harddisk1\DR1\Partition0
    09:38:48.0343 1672 \Device\Harddisk1\DR1\Partition0 - ok
    09:38:48.0359 1672 Boot (0x1200) (fcde296b24aae22d68050477b4aaab6d) \Device\Harddisk2\DR2\Partition0
    09:38:48.0359 1672 \Device\Harddisk2\DR2\Partition0 - ok
    09:38:48.0375 1672 ============================================================
    09:38:48.0375 1672 Scan finished
    09:38:48.0375 1672 ============================================================
    09:38:48.0390 4080 Detected object count: 0
    09:38:48.0390 4080 Actual detected object count: 0​
  20. Broni

    Broni Malware Annihilator Posts: 46,172   +251

    When I have some answers you'll be first to know.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    userinit.exe
    explorer.exe
    volsnap.sys
    winlogon.exe
    nvraid.sys
    consrv.dll
    winsrv.dll
    svchost.exe
    tcpip.sys
    netbt.sys
    dxgthk.sys
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  21. Bobbyrae

    Bobbyrae Newcomer, in training Topic Starter Posts: 25

    OTL part 1

    OTL logfile created on: 1/31/2012 7:27:12 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Rion\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1023.48 Mb Total Physical Memory | 635.09 Mb Available Physical Memory | 62.05% Memory free
    929.73 Mb Paging File | 659.62 Mb Available in Paging File | 70.95% Paging File free
    Paging file location(s): [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 17.07 Gb Total Space | 5.68 Gb Free Space | 33.27% Space Free | Partition Type: FAT32
    Drive D: | 34.24 Gb Total Space | 15.05 Gb Free Space | 43.97% Space Free | Partition Type: NTFS
    Drive E: | 8.53 Gb Total Space | 3.55 Gb Free Space | 41.56% Space Free | Partition Type: FAT32
    Drive F: | 159.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: RIONXP | User Name: Rion | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/01/31 07:23:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rion\Desktop\OTL.exe
    PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
    PRC - [2008/04/13 17:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2004/12/20 17:12:36 | 000,131,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
    PRC - [2003/05/14 18:33:52 | 000,045,056 | ---- | M] () -- C:\WINDOWS\shicoxp.exe
    PRC - [1998/02/05 12:16:18 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\NILaunch.exe


    ========== Modules (No Company Name) ==========

    MOD - [2006/10/22 12:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
    MOD - [2003/05/14 18:33:52 | 000,045,056 | ---- | M] () -- C:\WINDOWS\shicoxp.exe
    MOD - [1998/02/05 12:16:18 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\NILaunch.exe
    MOD - [1998/02/05 12:16:18 | 000,018,432 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\jDocPrc.dll
    MOD - [1997/09/09 11:48:50 | 000,139,776 | ---- | M] () -- C:\WINDOWS\system32\APPLE_NT.DLL


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
    SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2009/07/21 14:34:34 | 000,185,089 | ---- | M] (Avira GmbH) [On_Demand | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2009/05/13 16:48:24 | 000,108,289 | ---- | M] (Avira GmbH) [On_Demand | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
    SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
    SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
    SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
    SRV - [2001/10/25 07:57:54 | 000,040,960 | ---- | M] (Dantz Development Corporation) [On_Demand | Stopped] -- C:\Program Files\Dantz\Retrospect\retrorun.exe -- (RetroLauncher)


    ========== Driver Services (SafeList) ==========

    DRV - [2012/01/12 20:56:50 | 000,024,064 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
    DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2010/07/09 13:18:56 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134)
    DRV - [2010/01/26 15:45:28 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2009/05/11 10:12:26 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2009/03/30 10:33:08 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2009/02/13 12:35:06 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2008/04/13 11:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2005/04/13 12:34:02 | 000,414,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
    DRV - [2005/04/13 12:32:42 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
    DRV - [2004/08/10 23:39:38 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
    DRV - [2003/05/09 15:55:02 | 000,089,749 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SI3112r.sys -- (SI3112r)
    DRV - [2003/02/18 05:51:00 | 000,007,888 | ---- | M] (C. Ghisler & Co.) [Kernel | On_Demand | Stopped] -- C:\totalcmd\CGLPTNT.SYS -- (cglptnt)
    DRV - [2003/02/12 12:37:48 | 000,009,600 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys -- (SiFilter)
    DRV - [2002/12/13 16:06:40 | 000,129,875 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
    DRV - [2002/10/22 18:40:44 | 000,007,560 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
    DRV - [2002/09/22 19:37:00 | 000,080,896 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
    DRV - [2002/09/08 18:59:00 | 000,108,220 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NVCAP.SYS -- (nvcap) nVidia WDM Video Capture (universal)
    DRV - [2002/09/08 18:59:00 | 000,015,968 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NVTUNEP.SYS -- (nvTUNEP)
    DRV - [2002/09/08 18:59:00 | 000,013,776 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NVTVSND.SYS -- (nvtvSND)
    DRV - [2002/09/08 18:59:00 | 000,010,366 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NVXBAR.SYS -- (NVXBAR)
    DRV - [2002/09/05 20:24:00 | 000,013,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
    DRV - [2002/08/13 06:27:22 | 000,074,338 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90Xbc5.SYS -- (EL90Xbc)
    DRV - [2002/06/27 19:12:54 | 000,434,176 | ---- | M] (ahead software) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\bsudf.sys -- (BsUDF)
    DRV - [2002/06/05 09:07:00 | 000,009,344 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\bsstor.sys -- (BsStor)
    DRV - [2002/04/18 18:15:46 | 000,013,780 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
    DRV - [2001/11/30 17:08:10 | 000,015,360 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
    DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
    DRV - [2001/08/17 12:12:20 | 000,032,840 | ---- | M] (NETGEAR Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ngrpci.sys -- (ngrpci)
    DRV - [2000/04/11 10:30:50 | 000,004,000 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hmonitor.sys -- (hmonitor)
    DRV - [1997/04/22 10:16:00 | 000,006,272 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-789336058-287218729-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-789336058-287218729-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-789336058-287218729-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-789336058-287218729-682003330-1003\..\URLSearchHook: {38542454-dfb6-44f5-b052-d4e071a3d073} - SOFTWARE\Classes\CLSID\{38542454-dfb6-44f5-b052-d4e071a3d073}\InprocServer32 File not found
    IE - HKU\S-1-5-21-789336058-287218729-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-789336058-287218729-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "about:blank"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {3C73834E-DA76-454C-A825-60E2F0939228}:1.9.1

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
    FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Documents and Settings\Rion\Local Settings\Application Data\Google\Google Earth\plugin\npgeplugin.dll (Google)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3C73834E-DA76-454C-A825-60E2F0939228}: C:\Documents and Settings\Rion\Local Settings\Application Data\{3C73834E-DA76-454C-A825-60E2F0939228} [2011/07/10 17:15:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2007/11/21 21:42:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2007/11/21 21:42:14 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.12\extensions\\Components: C:\Program Files\Thunderbird\components [2006/03/24 23:21:16 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.12\extensions\\Plugins: C:\Program Files\Thunderbird\plugins [2006/03/24 23:21:14 | 000,000,000 | ---D | M]

    [2008/08/26 23:20:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rion\Application Data\Mozilla\Extensions
    [2010/01/30 20:20:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rion\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2007/11/21 21:42:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rion\Application Data\Mozilla\Firefox\Profiles\6mo1uipe.default\extensions
    [2010/04/29 22:30:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rion\Application Data\Mozilla\Firefox\Profiles\6mo1uipe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2007/11/21 21:42:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/07/10 17:15:56 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\RION\LOCAL SETTINGS\APPLICATION DATA\{3C73834E-DA76-454C-A825-60E2F0939228}
    [2008/11/25 14:52:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

    O1 HOSTS File: ([2009/03/23 12:56:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\My Program Files\TechSmith\SnagIt6\SnagItBHO.dll (TechSmith Corporation)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Elf 1.12 Toolbar) - {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files\Elf_1.12\prxtbElf0.dll File not found
    O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Elf 1.12 Toolbar) - {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files\Elf_1.12\prxtbElf0.dll File not found
    O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\My Program Files\TechSmith\SnagIt6\SnagItIEAddin.dll (TechSmith Corporation)
    O3 - HKU\S-1-5-21-789336058-287218729-682003330-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-789336058-287218729-682003330-1003\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-789336058-287218729-682003330-1003\..\Toolbar\WebBrowser: (Elf 1.12 Toolbar) - {38542454-DFB6-44F5-B052-D4E071A3D073} - C:\Program Files\Elf_1.12\prxtbElf0.dll File not found
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader80\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Anvshell] C:\WINDOWS\aAnvshell.exe File not found
    O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\aavgnt.exe" /min File not found
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [Net-It Launcher] C:\WINDOWS\system32\NILaunch.exe ()
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTune.exe (NVIDIA)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [shicoxp] C:\WINDOWS\shicoxp.exe ()
    O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
    O4 - HKLM..\Run: [Xerox PanelMgr] C:\WINDOWS\Xerox\PanelMgr\ssmmgr.exe ()
    O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\Rion\Start Menu\Programs\Startup\Shortcut to TOTALCMD.lnk = C:\totalcmd\TOTALCMD.EXE (C. Ghisler & Co.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-789336058-287218729-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-789336058-287218729-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-789336058-287218729-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-789336058-287218729-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Rion\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37856.9063425926 (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: HushEncryptionEngine https://mailserver5.hushmail.com/shared/HushEncryptionEngine.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02F255B2-5684-465A-BEF7-B0FB7A43B4D0}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\System32\inetcomm.dll File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\RIVETS.BMP
    O24 - Desktop BackupWallPaper: C:\WINDOWS\RIVETS.BMP
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2003/08/15 15:39:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
    O32 - AutoRun File - [2003/07/20 12:15:10 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
    O32 - AutoRun File - [2004/11/02 14:04:58 | 000,000,046 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
    O33 - MountPoints2\{302fca80-6e36-11dc-a4b8-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{302fca80-6e36-11dc-a4b8-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{302fca80-6e36-11dc-a4b8-806d6172696f}\Shell\AutoRun\command - "" = F:\Programs\Nu2Menu\nu2menu.exe -- [2006/02/07 13:00:46 | 000,084,992 | R--- | M] (Nu2 Productions)
    O33 - MountPoints2\{769375ea-1a2b-11e0-9fb2-002654106f4b}\Shell - "" = AutoRun
    O33 - MountPoints2\{769375ea-1a2b-11e0-9fb2-002654106f4b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{769375ea-1a2b-11e0-9fb2-002654106f4b}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
    O33 - MountPoints2\H\Shell - "" = AutoRun
    O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
  22. Bobbyrae

    Bobbyrae Newcomer, in training Topic Starter Posts: 25

    OTL part 2

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.asv2 - asusasv2.dll File not found
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/31 07:23:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rion\Desktop\OTL.exe
    [2012/01/27 10:15:54 | 000,000,000 | --SD | C] -- C:\Buttly
    [2012/01/27 10:15:03 | 004,391,956 | R--- | C] (Swearware) -- C:\Documents and Settings\Rion\Desktop\Buttly.exe
    [2012/01/27 09:52:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/01/27 09:37:31 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Rion\Desktop\tdsskiller.exe
    [2012/01/27 09:14:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
    [2012/01/27 09:14:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
    [2012/01/27 04:08:47 | 000,000,000 | R--D | C] -- C:\My Videos
    [2012/01/27 04:08:47 | 000,000,000 | R--D | C] -- C:\My Music
    [2012/01/25 04:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PE Builder
    [2012/01/25 04:16:16 | 000,000,000 | ---D | C] -- C:\pebuilder3110a
    [2012/01/18 23:47:08 | 000,000,000 | ---D | C] -- C:\spoolerlogs
    [2012/01/18 15:38:34 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Documents and Settings\Rion\Desktop\boot_cleaner.exe
    [2012/01/18 01:43:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rion\My Documents\My Videos
    [2012/01/18 01:11:14 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Rion\Desktop\dds.scr
    [2012/01/13 11:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rion\regbackup
    [2012/01/13 10:38:09 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
    [2012/01/13 10:38:09 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
    [2012/01/13 10:37:55 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
    [2012/01/13 10:37:54 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
    [2012/01/13 10:37:31 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
    [2012/01/13 10:37:31 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
    [2012/01/13 10:37:27 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
    [2012/01/13 10:37:20 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
    [2012/01/13 10:37:11 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
    [2012/01/13 10:37:10 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
    [2012/01/13 10:37:10 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
    [2012/01/13 10:37:08 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
    [2012/01/13 10:37:07 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
    [2012/01/13 10:37:07 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
    [2012/01/13 10:37:06 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
    [2012/01/13 10:37:01 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
    [2012/01/13 10:36:59 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
    [2012/01/13 10:36:58 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
    [2012/01/13 10:36:58 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
    [2012/01/13 10:36:52 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
    [2012/01/13 10:36:49 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
    [2012/01/13 10:36:48 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
    [2012/01/13 10:36:47 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
    [2012/01/13 10:36:44 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
    [2012/01/13 10:36:43 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
    [2012/01/13 10:36:43 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
    [2012/01/13 10:36:43 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
    [2012/01/13 10:36:42 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
    [2012/01/13 10:36:42 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
    [2012/01/13 10:36:36 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
    [2012/01/13 10:36:35 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
    [2012/01/13 10:36:35 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
    [2012/01/13 10:36:33 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
    [2012/01/13 10:36:32 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
    [2012/01/13 10:36:32 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
    [2012/01/13 10:36:28 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
    [2012/01/13 10:36:28 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
    [2012/01/13 10:36:21 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
    [2012/01/13 10:36:21 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
    [2012/01/13 10:36:21 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
    [2012/01/13 10:36:20 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
    [2012/01/13 10:36:18 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
    [2012/01/13 10:36:13 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
    [2012/01/13 10:36:07 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
    [2012/01/13 10:36:06 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
    [2012/01/13 10:36:06 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
    [2012/01/13 10:36:06 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
    [2012/01/13 10:36:05 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
    [2012/01/13 10:20:26 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
    [2012/01/13 10:20:26 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
    [2012/01/13 10:20:25 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
    [2012/01/13 10:20:24 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
    [2012/01/13 10:20:17 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
    [2012/01/13 10:20:16 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
    [2012/01/13 10:20:16 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
    [2012/01/13 10:20:16 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
    [2012/01/13 10:20:09 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
    [2012/01/13 10:20:08 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
    [2012/01/13 10:20:08 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
    [2012/01/13 10:20:05 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
    [2012/01/13 10:20:05 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
    [2012/01/13 10:20:05 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
    [2012/01/13 10:20:05 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
    [2012/01/13 10:20:04 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
    [2012/01/13 10:20:04 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
    [2012/01/13 10:20:04 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
    [2012/01/13 10:20:03 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
    [2012/01/13 10:20:03 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
    [2012/01/13 10:20:02 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
    [2012/01/13 10:20:02 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
    [2012/01/13 10:19:45 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
    [2012/01/13 10:19:44 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
    [2012/01/13 10:19:39 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
    [2012/01/13 10:19:36 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
    [2012/01/13 10:19:36 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
    [2012/01/13 10:19:35 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
    [2012/01/13 10:19:29 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
    [2012/01/13 10:19:28 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
    [2012/01/13 10:19:22 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
    [2012/01/13 10:19:22 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
    [2012/01/13 10:19:22 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
    [2012/01/13 10:19:17 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
    [2012/01/13 10:19:01 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
    [2012/01/13 10:19:00 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
    [2012/01/13 10:18:58 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
    [2012/01/13 10:18:58 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
    [2012/01/13 10:18:53 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
    [2012/01/13 10:18:53 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
    [2012/01/13 10:18:53 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
    [2012/01/13 10:18:52 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
    [2012/01/13 10:18:42 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
    [2012/01/13 10:18:38 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
    [2012/01/13 10:18:37 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
    [2012/01/13 10:18:35 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
    [2012/01/13 10:18:32 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
    [2012/01/13 10:18:32 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
    [2012/01/13 10:18:30 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
    [2012/01/13 10:18:29 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
    [2012/01/13 10:18:29 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
    [2012/01/13 10:18:29 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
    [2012/01/13 10:18:28 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
    [2012/01/13 10:18:28 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
    [2012/01/13 10:18:27 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
    [2012/01/13 10:18:27 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
    [2012/01/13 10:18:26 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
    [2012/01/13 10:18:26 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
    [2012/01/13 10:18:26 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
    [2012/01/13 10:18:01 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
    [2012/01/13 10:17:47 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
    [2012/01/13 10:17:41 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
    [2012/01/13 10:17:41 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
    [2012/01/13 10:17:40 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
    [2012/01/13 10:17:40 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
    [2012/01/13 10:17:39 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
    [2012/01/13 10:17:39 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
    [2012/01/13 10:17:36 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
    [2012/01/13 10:17:36 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
    [2012/01/13 10:17:35 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
    [2012/01/13 10:17:35 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
    [2012/01/13 10:17:34 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
    [2012/01/13 10:17:33 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
    [2012/01/13 10:17:09 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
    [2012/01/13 10:16:52 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
    [2012/01/13 10:16:29 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
    [2012/01/13 10:16:28 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
    [2012/01/13 10:16:22 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
    [2012/01/13 10:16:21 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
    [2012/01/13 10:16:21 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
    [2012/01/13 10:16:17 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
    [2012/01/13 10:16:10 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
    [2012/01/13 10:16:10 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
    [2012/01/13 10:16:07 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
    [2012/01/13 10:16:07 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
    [2012/01/13 10:16:06 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
    [2012/01/13 10:16:06 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
    [2012/01/13 10:16:01 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
    [2012/01/13 10:16:00 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
    [2012/01/13 10:16:00 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
    [2012/01/13 10:15:35 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
    [2012/01/13 10:15:32 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
    [2012/01/13 10:15:28 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
    [2012/01/13 10:15:27 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
    [2012/01/13 10:15:27 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
    [2012/01/13 10:15:26 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
    [2012/01/13 10:15:25 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
    [2012/01/13 10:15:25 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
    [2012/01/13 10:15:25 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
    [2012/01/13 10:15:24 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
    [2012/01/13 10:15:17 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
    [2012/01/13 10:15:17 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
    [2012/01/13 10:15:16 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
    [2012/01/13 10:15:07 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
    [2012/01/13 10:15:07 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
    [2012/01/13 10:15:07 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
    [2012/01/13 10:15:06 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
    [2012/01/13 10:15:06 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
    [2012/01/13 10:15:06 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
    [2012/01/13 10:15:05 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
    [2012/01/13 10:15:05 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
    [2012/01/13 10:15:02 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
    [2012/01/13 10:14:54 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
    [2012/01/13 10:14:50 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
    [2012/01/13 10:14:45 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
    [2012/01/13 10:14:45 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
    [2012/01/13 10:14:45 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
    [2012/01/13 10:14:44 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
    [2012/01/13 10:14:44 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
    [2012/01/13 10:14:42 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
    [2012/01/13 10:14:42 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
    [2012/01/13 10:14:42 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
    [2012/01/13 10:14:41 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
    [2012/01/13 10:14:41 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
    [2012/01/13 10:14:40 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
  23. Bobbyrae

    Bobbyrae Newcomer, in training Topic Starter Posts: 25

    OTL part 3

    [2012/01/13 10:11:33 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
    [2012/01/13 10:11:33 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
    [2012/01/13 10:11:33 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
    [2012/01/13 10:11:32 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
    [2012/01/13 10:11:32 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
    [2012/01/13 10:11:32 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
    [2012/01/13 10:11:31 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
    [2012/01/13 10:11:31 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
    [2012/01/13 10:11:30 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
    [2012/01/13 10:11:30 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
    [2012/01/13 10:11:29 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
    [2012/01/13 10:11:29 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
    [2012/01/13 10:11:28 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
    [2012/01/13 10:11:28 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
    [2012/01/13 10:11:27 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
    [2012/01/13 10:11:27 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
    [2012/01/13 10:11:27 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
    [2012/01/13 10:11:26 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
    [2012/01/13 10:11:24 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
    [2012/01/13 10:11:21 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
    [2012/01/13 10:11:21 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
    [2012/01/13 10:11:20 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
    [2012/01/13 10:11:20 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
    [2012/01/13 10:11:19 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
    [2012/01/13 10:11:19 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
    [2012/01/13 10:11:19 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
    [2012/01/13 10:11:06 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
    [2012/01/13 10:11:02 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
    [2012/01/13 10:10:54 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
    [2012/01/13 10:10:53 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
    [2012/01/13 10:10:53 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
    [2012/01/13 10:10:52 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
    [2012/01/13 10:10:52 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
    [2012/01/13 10:10:50 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
    [2012/01/13 10:10:48 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
    [2012/01/13 10:10:48 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
    [2012/01/13 10:10:47 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
    [2012/01/13 10:10:46 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
    [2012/01/13 10:10:46 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
    [2012/01/13 03:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rion\Application Data\SpeedMaxPc
    [2012/01/13 03:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rion\Application Data\DriverCure
    [2012/01/13 03:32:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
    [2012/01/10 03:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rion\Local Settings\Application Data\SanctionedMedia
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/01/31 07:27:02 | 000,004,345 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
    [2012/01/31 07:23:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rion\Desktop\OTL.exe
    [2012/01/31 03:43:42 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/01/31 03:43:28 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2012/01/31 03:43:24 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
    [2012/01/31 03:43:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/01/31 03:16:02 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/30 00:42:44 | 000,079,346 | -H-- | M] () -- C:\TREEINFO.WC
    [2012/01/28 08:39:48 | 000,000,328 | RHS- | M] () -- C:\boot.ini
    [2012/01/27 10:15:02 | 004,391,956 | R--- | M] (Swearware) -- C:\Documents and Settings\Rion\Desktop\Buttly.exe
    [2012/01/27 09:37:40 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Rion\Desktop\tdsskiller.exe
    [2012/01/27 09:14:54 | 000,000,328 | ---- | M] () -- C:\Boot.bak
    [2012/01/25 05:39:46 | 000,002,170 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/01/25 04:16:20 | 000,000,437 | ---- | M] () -- C:\Documents and Settings\Rion\Desktop\PE Builder.lnk
    [2012/01/25 03:22:54 | 000,000,047 | ---- | M] () -- C:\WINDOWS\wininit.ini
    [2012/01/18 06:11:30 | 000,516,606 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/01/18 06:11:30 | 000,098,008 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/01/18 01:10:50 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Rion\Desktop\dds.scr
    [2012/01/12 20:56:50 | 000,024,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2012/01/12 19:10:04 | 000,008,581 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\5f5e9b90
    [2012/01/12 19:10:04 | 000,008,578 | ---- | M] () -- C:\Documents and Settings\Rion\Application Data\32f0799f
    [2012/01/12 19:10:04 | 000,008,526 | ---- | M] () -- C:\Documents and Settings\Rion\Local Settings\Application Data\95b84d65
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/01/25 16:12:52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/01/25 16:12:52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/01/25 04:16:18 | 000,000,437 | ---- | C] () -- C:\Documents and Settings\Rion\Desktop\PE Builder.lnk
    [2012/01/25 03:22:53 | 000,000,047 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2012/01/13 10:38:08 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
    [2012/01/13 10:38:08 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
    [2012/01/13 10:19:19 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
    [2012/01/13 10:19:18 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
    [2012/01/13 10:18:05 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
    [2012/01/13 10:16:29 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
    [2012/01/13 10:16:29 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
    [2012/01/13 10:16:28 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
    [2012/01/13 10:16:27 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
    [2012/01/13 10:16:27 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
    [2012/01/13 10:15:27 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
    [2012/01/13 10:15:26 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
    [2012/01/13 10:15:26 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
    [2012/01/13 10:11:15 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
    [2012/01/13 10:11:14 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
    [2012/01/13 10:11:14 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
    [2012/01/13 10:11:14 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
    [2012/01/13 10:11:13 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
    [2012/01/13 10:11:13 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
    [2012/01/13 10:11:13 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
    [2012/01/13 10:11:12 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
    [2012/01/13 10:11:12 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
    [2012/01/13 10:11:08 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
    [2012/01/12 20:56:49 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2012/01/12 18:59:55 | 000,008,581 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\5f5e9b90
    [2012/01/12 18:59:55 | 000,008,578 | ---- | C] () -- C:\Documents and Settings\Rion\Application Data\32f0799f
    [2012/01/12 18:59:55 | 000,008,526 | ---- | C] () -- C:\Documents and Settings\Rion\Local Settings\Application Data\95b84d65
    [2011/08/30 05:25:25 | 000,141,152 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2011/07/10 17:15:57 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Pgoxafonut.dat
    [2011/07/10 17:15:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Nvorog.bin
    [2010/06/14 16:40:17 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP PrecisionScan Pro.INI
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
    [2009/06/12 20:04:52 | 000,004,342 | ---- | C] () -- C:\WINDOWS\scad3.INI
    [2009/03/23 12:51:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2009/03/23 12:51:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2009/03/23 12:51:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2008/12/26 16:39:55 | 000,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
    [2008/12/26 16:34:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
    [2008/12/26 16:34:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
    [2008/09/26 15:46:30 | 000,004,199 | ---- | C] () -- C:\WINDOWS\ALWPU.INI
    [2008/09/26 15:45:43 | 000,177,664 | ---- | C] () -- C:\WINDOWS\System32\APPLE_UI.DLL
    [2008/09/26 15:45:43 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\APPLE_NT.DLL
    [2008/07/28 15:39:20 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
    [2007/12/29 00:22:11 | 000,003,147 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2007/11/24 18:05:38 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Rion\Application Data\WavCodec.wff
    [2007/11/23 00:38:28 | 000,139,008 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
    [2007/11/14 03:00:15 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\afcddb4_d.dll
    [2007/10/29 02:08:42 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2007/09/17 19:08:45 | 000,454,656 | ---- | C] () -- C:\WINDOWS\ssndii.exe
    [2006/10/22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2006/10/22 12:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
    [2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2006/10/22 12:22:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
    [2006/10/22 12:22:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
    [2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [2006/03/24 23:21:23 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallThunderbird.exe
    [2005/08/24 02:30:01 | 000,000,104 | ---- | C] () -- C:\WINDOWS\nTune.INI
    [2005/08/24 02:29:56 | 000,000,113 | ---- | C] () -- C:\WINDOWS\NVProfileManager.INI
    [2005/08/24 02:27:25 | 000,000,119 | ---- | C] () -- C:\WINDOWS\NVPerformance.INI
    [2005/08/17 18:33:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
    [2005/03/09 22:10:46 | 000,000,041 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
    [2005/01/20 08:34:48 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
    [2004/10/01 15:20:43 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/09/19 00:25:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
    [2004/09/11 18:10:55 | 000,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2004/09/10 15:08:23 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
    [2004/06/28 02:20:09 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
    [2004/03/07 16:10:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
    [2004/02/10 17:43:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SfwIFmt.dll
    [2004/02/10 17:43:08 | 000,000,772 | ---- | C] () -- C:\WINDOWS\PODW.INI
    [2003/12/30 23:20:21 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
    [2003/12/30 23:11:42 | 000,000,274 | ---- | C] () -- C:\WINDOWS\pcstudio.ini
    [2003/11/05 16:36:15 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
    [2003/10/30 02:44:23 | 000,000,363 | ---- | C] () -- C:\WINDOWS\CoverDes.INI
    [2003/10/27 12:03:27 | 000,001,232 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2003/10/13 21:47:15 | 000,030,720 | ---- | C] () -- C:\WINDOWS\PerlGlob.exe
    [2003/10/13 21:47:15 | 000,013,158 | ---- | C] () -- C:\WINDOWS\System32\CW16XFR.EXE
    [2003/10/11 22:17:46 | 000,004,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\hmonitor.sys
    [2003/10/02 23:51:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\MJUninstall.exe
    [2003/09/18 17:44:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
    [2003/09/18 17:44:07 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
    [2003/09/18 17:44:07 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
    [2003/09/18 17:43:39 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
    [2003/09/18 17:43:38 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
    [2003/09/18 17:43:35 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
    [2003/08/29 00:42:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
    [2003/08/24 23:52:31 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
    [2003/08/23 22:26:28 | 000,001,125 | ---- | C] () -- C:\WINDOWS\Winamp.ini
    [2003/08/22 01:34:57 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2003/08/22 01:34:32 | 000,095,440 | ---- | C] () -- C:\WINDOWS\NSUninst.exe
    [2003/08/22 01:34:27 | 000,095,440 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
    [2003/08/22 01:34:26 | 000,016,723 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2003/08/22 01:17:03 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Rion\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2003/08/20 13:52:23 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\NILaunch.exe
    [2003/08/20 13:52:16 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Approach.ini
    [2003/08/15 21:50:08 | 000,159,788 | ---- | C] () -- C:\WINDOWS\DelKey.exe
    [2003/08/15 21:50:08 | 000,090,149 | ---- | C] () -- C:\WINDOWS\Delvid.exe
    [2003/08/15 21:50:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\shicoxp.exe
    [2003/08/15 21:50:08 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\caili.exe
    [2003/08/15 16:09:17 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\anvcinst.dll
    [2003/08/15 16:09:11 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
    [2003/08/15 16:05:54 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
    [2003/08/15 16:05:54 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2003/08/15 16:05:53 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2003/08/15 16:05:32 | 000,020,480 | ---- | C] () -- C:\WINDOWS\ANVUNIS.exe
    [2003/08/15 16:05:32 | 000,000,578 | ---- | C] () -- C:\WINDOWS\Anvshell.ini
    [2003/08/15 15:55:42 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\jedih2rx.bin
    [2003/08/15 15:55:42 | 000,000,122 | ---- | C] () -- C:\WINDOWS\System32\drivers\ramsed.bin
    [2003/08/15 15:54:26 | 000,003,429 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
    [2003/08/15 15:54:25 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    [2003/08/15 15:52:22 | 000,004,345 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
    [2003/08/15 15:42:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2003/08/15 15:36:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2003/08/15 15:29:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2003/08/15 15:28:49 | 000,241,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2002/08/29 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2002/08/29 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2002/08/29 12:00:00 | 000,516,606 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2002/08/29 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2002/08/29 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2002/08/29 12:00:00 | 000,098,008 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2002/08/29 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2002/08/29 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2002/08/29 12:00:00 | 000,018,543 | ---- | C] () -- C:\WINDOWS\System32\dtiqtc.dll
    [2002/08/29 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2002/08/29 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2002/08/29 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2001/08/31 09:36:18 | 000,064,378 | ---- | C] () -- C:\WINDOWS\System32\Hphex.bin
    [2001/03/27 04:39:33 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HPNVRamStrings.dll
    [1999/03/10 18:23:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
    [1998/06/11 14:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
    [1998/06/11 14:08:04 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
    [1998/03/18 18:23:00 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\nsqlc32.dll
    [1998/01/13 18:23:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
    [1997/11/14 18:23:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
    [1997/05/13 18:23:00 | 000,000,153 | ---- | C] () -- C:\WINDOWS\acroread.ini
    [1994/07/25 18:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
    [1994/04/07 18:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf13.ini

    ========== LOP Check ==========

    [2004/05/26 18:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2007/08/21 16:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
    [2007/09/18 20:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2007/10/30 16:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
    [2007/11/24 06:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2009/01/23 14:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2009/02/02 18:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
    [2009/04/17 03:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCB Artist
    [2012/01/13 03:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
    [2003/08/30 00:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\NovaStor
    [2005/09/07 00:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\Netscape
    [2006/03/24 23:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\Thunderbird
    [2007/05/07 05:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\Nvu
    [2007/06/01 04:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\Viewpoint
    [2007/11/05 02:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\Uniblue
    [2010/01/28 00:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\OpenOffice.org
    [2010/03/31 20:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\Elluminate
    [2010/12/28 09:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\PriceGong
    [2011/08/30 02:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\Charles Schwab
    [2012/01/13 03:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\SpeedMaxPc
    [2012/01/13 03:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\DriverCure
    [2012/01/31 03:43:24 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
  24. Bobbyrae

    Bobbyrae Newcomer, in training Topic Starter Posts: 25

    OTL part 4

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2008/04/14 00:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2008/04/13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2012/01/28 08:39:48 | 000,000,328 | RHS- | M] () -- C:\boot.ini
    [2003/08/15 15:39:36 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2003/08/15 15:39:36 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2003/08/15 15:39:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2003/08/15 15:39:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2012/01/30 00:42:44 | 000,079,346 | -H-- | M] () -- C:\TREEINFO.WC
    [2011/01/11 16:27:14 | 000,000,000 | ---- | M] () -- C:\CLDMA.LOG
    [2011/04/12 08:39:46 | 000,000,000 | ---- | M] () -- C:\Log.txt
    [2009/01/23 12:45:14 | 000,001,148 | ---- | M] () -- C:\net_save.dna
    [2012/01/27 09:14:54 | 000,000,328 | ---- | M] () -- C:\Boot.bak
    [2008/04/14 00:02:08 | 000,260,288 | RHS- | M] () -- C:\cmldr
    [2012/01/13 12:42:10 | 000,000,359 | ---- | M] () -- C:\rkill.log
    [2012/01/30 00:11:42 | 000,058,814 | ---- | M] () -- C:\Win-Files.txt
    [2012/01/30 00:12:00 | 000,000,000 | ---- | M] () -- C:\RootKit.log
    [2003/10/26 01:44:20 | 000,000,199 | ---- | M] () -- C:\UnInstall.dat
    [2003/11/06 17:16:48 | 000,000,185 | ---- | M] () -- C:\Setup.log

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2003/08/15 15:39:18 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [1998/02/05 12:16:18 | 000,018,432 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\jDocPrc.dll
    [2008/07/06 03:50:04 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    [2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2003/08/15 15:27:50 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
    [2003/08/15 15:27:50 | 000,626,688 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2003/08/15 15:27:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/08/18 18:51:08 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/03/23 04:22:10 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Rion\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2003/08/15 15:46:00 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Rion\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Documents and Settings\Rion\Desktop\boot_cleaner.exe
    [2012/01/27 09:37:40 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Rion\Desktop\tdsskiller.exe
    [2012/01/27 10:15:02 | 004,391,956 | R--- | M] (Swearware) -- C:\Documents and Settings\Rion\Desktop\Buttly.exe
    [2012/01/31 07:23:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rion\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2004/10/01 16:42:16 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Rion\Favorites\Desktop.ini
    [2012/01/29 09:26:42 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\Rion\Favorites\NtUser.dat
    [2012/01/29 09:26:56 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Rion\Favorites\NtUser.dat.LOG

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2012/01/31 07:15:14 | 001,212,416 | ---- | M] () -- C:\Documents and Settings\Rion\Cookies\index.dat
    [2009/03/23 02:49:24 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Rion\Cookies\desktop.ini
    [2012/01/29 09:26:42 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\Rion\Cookies\NtUser.dat
    [2012/01/29 09:26:56 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Rion\Cookies\NtUser.dat.LOG

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2008/04/13 17:12:38 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2002/08/29 05:00:00 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2002/08/29 05:00:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2002/08/29 05:00:00 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2002/08/29 05:00:00 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2002/08/20 12:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2002/08/20 15:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
    [2002/08/20 12:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
    [2002/08/20 12:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2004/07/17 11:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm
    [2008/04/13 17:12:28 | 001,695,232 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2008/04/13 10:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 17:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2008/05/02 07:01:50 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < MD5 for: AGP440.SYS >
    [2004/10/01 16:26:40 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2008/08/18 18:42:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2004/10/01 16:26:40 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
    [2008/08/18 18:42:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
    [2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2002/08/29 12:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
    [2004/10/01 16:26:40 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2008/08/18 18:42:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2004/10/01 16:26:40 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
    [2008/08/18 18:42:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2002/08/29 12:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
    [2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\ATAPI.SYS
    [2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
    [2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

    < MD5 for: DXGTHK.SYS >
    [2002/08/29 04:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) MD5=A73F5D6705B1D820C19B18782E176EFD -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\DXGTHK.SYS
    [2002/08/29 12:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) MD5=A73F5D6705B1D820C19B18782E176EFD -- C:\WINDOWS\system32\dllcache\dxgthk.sys
    [2002/08/29 12:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) MD5=A73F5D6705B1D820C19B18782E176EFD -- C:\WINDOWS\system32\drivers\dxgthk.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/13 17:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/13 17:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
    [2008/04/13 17:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

    < MD5 for: EXPLORER.EXE >
    [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\pebuilder3110a\BartPE\I386\EXPLORER.EXE
    [2008/04/13 17:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
    [2008/04/13 17:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    [2008/04/13 17:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

    < MD5 for: NETBT.SYS >
    [2008/04/14 00:51:02 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\NETBT.SYS
    [2008/04/13 12:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
    [2008/04/13 12:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\dllcache\netbt.sys
    [2008/04/13 12:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys

    < MD5 for: NETLOGON.DLL >
    [2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\NETLOGON.DLL
    [2008/04/13 17:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/13 17:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
    [2008/04/13 17:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\SCECLI.DLL
    [2008/04/13 17:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/13 17:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
    [2008/04/13 17:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

    < MD5 for: SVCHOST.EXE >
    [2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\SVCHOST.EXE
    [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
    [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
    [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
    [2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

    < MD5 for: TCPIP.SYS >
    [2008/04/14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\TCPIP.SYS
    [2008/04/13 12:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
    [2008/06/20 04:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
    [2008/06/20 04:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys

    < MD5 for: USERINIT.EXE >
    [2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
    [2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
    [2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\USERINIT.EXE
    [2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

    < MD5 for: VOLSNAP.SYS >
    [2008/04/13 11:41:02 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
    [2008/04/13 11:41:02 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\dllcache\volsnap.sys
    [2008/04/13 11:41:02 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys

    < MD5 for: WINLOGON.EXE >
    [2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\WINLOGON.EXE
    [2008/04/13 17:12:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    [2008/04/13 17:12:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
    [2008/04/13 17:12:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

    < MD5 for: WINSRV.DLL >
    [2008/04/14 05:42:10 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=1618F36D4F7F6CCCEB3EE44BA95BE85C -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\WINSRV.DLL
    [2008/04/13 17:12:10 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=1618F36D4F7F6CCCEB3EE44BA95BE85C -- C:\WINDOWS\ServicePackFiles\i386\winsrv.dll
    [2011/11/25 13:57:20 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=8C7DCA4B158BF16894120786A7A5F366 -- C:\WINDOWS\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\sp3gdr\winsrv.dll
    [2011/11/25 13:57:20 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=8C7DCA4B158BF16894120786A7A5F366 -- C:\WINDOWS\system32\dllcache\winsrv.dll
    [2011/11/25 13:57:20 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=8C7DCA4B158BF16894120786A7A5F366 -- C:\WINDOWS\system32\winsrv.dll
    [2011/11/25 13:56:26 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=B23423313519C522E0E73BA170D3CE71 -- C:\WINDOWS\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\sp3qfe\winsrv.dll

    < End of report >
  25. Bobbyrae

    Bobbyrae Newcomer, in training Topic Starter Posts: 25

    Extras.txt

    OTL Extras logfile created on: 1/31/2012 7:27:12 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Rion\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1023.48 Mb Total Physical Memory | 635.09 Mb Available Physical Memory | 62.05% Memory free
    929.73 Mb Paging File | 659.62 Mb Available in Paging File | 70.95% Paging File free
    Paging file location(s): [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 17.07 Gb Total Space | 5.68 Gb Free Space | 33.27% Space Free | Partition Type: FAT32
    Drive D: | 34.24 Gb Total Space | 15.05 Gb Free Space | 43.97% Space Free | Partition Type: NTFS
    Drive E: | 8.53 Gb Total Space | 3.55 Gb Free Space | 41.56% Space Free | Partition Type: FAT32
    Drive F: | 159.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: RIONXP | User Name: Rion | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Browse with ACDSee] -- "C:\My Program Files\ACDSee32\ACDSee32.exe" "%1" (ACD Systems, Ltd.)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\System32\ftp.exe" = C:\WINDOWS\System32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
    "C:\WINDOWS\System32\mmc.exe" = C:\WINDOWS\System32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
    "C:\Program Files\Palm\HOTSYNC.EXE" = C:\Program Files\Palm\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application -- (Palm, Inc.)
    "E:\RC40 Scale\RC40 Rate Update.exe" = E:\RC40 Scale\RC40 Rate Update.exe:*:Enabled:RC40 Scale -- (CompanionLink Software, Inc.)
    "C:\Program Files\Schwab\SSPro\SSPro.exe" = C:\Program Files\Schwab\SSPro\SSPro.exe:*:Enabled:StreetSmart Pro® -- (Charles Schwab & Co., Inc.)
    "C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
    "C:\Program Files\Java\JRE6\BIN\javaw.exe" = C:\Program Files\Java\JRE6\BIN\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Documents and Settings\Rion\Local Settings\Application Data\Google\Google Earth\client\googleearth.exe" = C:\Documents and Settings\Rion\Local Settings\Application Data\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0345CF70-FA00-4F4E-A218-0FA494F465A4}" = LightScribe Template Designs - Business Pack 1
    "{22DAFE84-E618-11D3-B2A7-080009FB4A19}" = HP PrecisionScan Pro 3.0
    "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 18
    "{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
    "{2CDB2DCD-1153-4ED4-9D0A-606231CEFE9A}" = LightScribe Template Designs - Art Pack 1
    "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{47BD9F34-BBB7-4CFF-BE29-2D5D8E2F0385}" = PCB Artist
    "{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
    "{48963B63-7A10-49D6-8B08-61E6132453D0}" = ViewSonic Monitor Drivers
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{664708B3-C730-11D5-ADE7-00B0D07D157A}" = StreetSmart Pro
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD XP
    "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7141AD74-0C90-4369-A4C0-15BD0BD57C1D}" = Net-It Now! Uninstaller
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
    "{7DBBC522-F642-4D6C-A03F-22E49EB63437}" = Palm Desktop
    "{82F248C6-D392-11D5-9EA2-0050BAE317E1}" = PowerDirector Pro Disc Wizard
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A14F19F4-2E19-4CA5-83AB-FC9EE3FEA1E0}" = NovaBACKUP
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero
    "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
    "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
    "{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
    "{B6C766E9-B26D-4D54-A22B-A52B069C6C14}" = LightScribe Template Designs - Special Occasion Pack 1
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEF736FF-8133-42F3-8E18-BDFE293B87FF}" = LightScribe Template Designs - Holiday Pack 1
    "{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
    "{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1
    "{E9B65E73-A050-413C-89BA-80EE1875870D}" = Retrospect 5.6
    "{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
    "{FAC20C98-35F4-49E9-B4E3-6A4FB2E9686C}" = LightScribe Template Labeler
    "{FAFD21CB-7882-4ED2-8270-508F564221A8}" = ATECH FLASH PRO-IX Driver (Rev1.00)
    "2A17D76A9A2D2CD672A7F1A1B0C763731AC8D607" = Windows Driver Package - MARS (MR97310_USB_DUAL_CAMERA) Image (12/03/2002 1.2.9.0)
    "7-Zip" = 7-Zip 9.20
    "ACDSee 32" = ACDSee 32
    "Adobe Acrobat 5.0" = Adobe Acrobat 5.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AppleLaserWriterSoftware202" = Apple LaserWriter Software
    "ASUS Probe V2.19.07" = ASUS Probe V2.19.07
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "Codewright51" = Codewright 5.1
    "ComcastHSI" = Comcast High-Speed Internet Install Wizard
    "Compton's Interactive Encyclopedia 2000" = Compton's Interactive Encyclopedia 2000
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
    "DVD Identifier_is1" = DVD Identifier
    "EZ-PC" = AutoXray EZ-PC (remove only)
    "HijackThis" = HijackThis 2.0.2
    "HP PhotoSmart C200 Camera Software" = HP PhotoSmart C200 Photo Imaging Software
    "HP PhotoSmart Photo Printing Software" = HP PhotoSmart Photo Printing Software
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "InCD!UninstallKey" = InCD (Ahead Software)
    "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
    "IrfanView" = IrfanView (remove only)
    "Java Web Start" = Java Web Start
    "Karen's Cookie Viewer" = Karen's Cookie Viewer
    "Learn Electronics Part 1" = Twisted Pair Computer Based Training Learn Electronics Part 1 5.03
    "LTspice IV" = LTspice IV
    "Macromedia Shockwave Player" = Macromedia Shockwave Player
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Media Jukebox 8.0" = Media Jukebox 8.0
    "MediaShow" = Medi@Show
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
    "MovieConverterV3" = Movie Converter V3 (remove only)
    "Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
    "Mozilla Thunderbird (3.1.12)" = Mozilla Thunderbird (3.1.12)
    "Netscape (7.1)" = Netscape (7.1)
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "PE Builder_is1" = PE Builder 3.1.10a
    "PhotoWorks" = PhotoWorks v2.41
    "RC40 Scale" = RC40 Scale
    "SeaTools Enterprise" = SeaTools Enterprise
    "SmartSuite V99.0" = Lotus SmartSuite Release 9.5
    "SnagIt6" = SnagIt 6
    "ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
    "VLC media player" = VideoLAN VLC media player 0.8.6f
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinZip" = WinZip
    "Xerox Phaser 3124" = Xerox Phaser 3124
    "Yahoo! Photos Drag-Drop Uploader 1v7" = Yahoo! Photos Easy Upload Tool 1v7

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-789336058-287218729-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Smad" = SanctionedMedia

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/19/2012 5:41:02 PM | Computer Name = RIONXP | Source = ESENT | ID = 482
    Description = wuauclt (3272) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
    at offset 237568 (0x000000000003a000) for 4096 (0x00001000) bytes failed with system
    error 1117 (0x0000045d): "The request could not be performed because of an I/O
    device error. ". The write operation will fail with error -1022 (0xfffffc02).
    If this error persists then the file may be damaged and may need to be restored
    from a previous backup.

    Error - 1/19/2012 7:27:32 PM | Computer Name = RIONXP | Source = ESENT | ID = 482
    Description = wuauclt (1964) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
    at offset 102400 (0x0000000000019000) for 4096 (0x00001000) bytes failed with system
    error 1117 (0x0000045d): "The request could not be performed because of an I/O
    device error. ". The write operation will fail with error -1022 (0xfffffc02).
    If this error persists then the file may be damaged and may need to be restored
    from a previous backup.

    Error - 1/19/2012 7:28:32 PM | Computer Name = RIONXP | Source = ESENT | ID = 482
    Description = wuauclt (1964) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
    at offset 28672 (0x0000000000007000) for 4096 (0x00001000) bytes failed with system
    error 1117 (0x0000045d): "The request could not be performed because of an I/O
    device error. ". The write operation will fail with error -1022 (0xfffffc02).
    If this error persists then the file may be damaged and may need to be restored
    from a previous backup.

    Error - 1/19/2012 7:34:17 PM | Computer Name = RIONXP | Source = ESENT | ID = 482
    Description = wuauclt (2812) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
    at offset 0 (0x0000000000000000) for 8192 (0x00002000) bytes failed with system
    error 1117 (0x0000045d): "The request could not be performed because of an I/O
    device error. ". The write operation will fail with error -1022 (0xfffffc02).
    If this error persists then the file may be damaged and may need to be restored
    from a previous backup.

    Error - 1/19/2012 7:35:17 PM | Computer Name = RIONXP | Source = ESENT | ID = 439
    Description = wuauclt (2812) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb.
    Error -1022.

    Error - 1/19/2012 7:37:17 PM | Computer Name = RIONXP | Source = ESENT | ID = 482
    Description = wuauclt (2260) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\res2.log"
    at offset 0 (0x0000000000000000) for 131072 (0x00020000) bytes failed with system
    error 1117 (0x0000045d): "The request could not be performed because of an I/O
    device error. ". The write operation will fail with error -1022 (0xfffffc02).
    If this error persists then the file may be damaged and may need to be restored
    from a previous backup.

    Error - 1/19/2012 7:38:02 PM | Computer Name = RIONXP | Source = ESENT | ID = 428
    Description = wuauclt (2260) The database engine is rejecting update operations
    due to low free disk space on the log disk.

    Error - 1/19/2012 7:46:17 PM | Computer Name = RIONXP | Source = ESENT | ID = 481
    Description = wuauclt (2260) An attempt to read from the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
    at offset 299008 (0x0000000000049000) for 4096 (0x00001000) bytes failed with system
    error 1117 (0x0000045d): "The request could not be performed because of an I/O
    device error. ". The read operation will fail with error -1022 (0xfffffc02). If
    this error persists then the file may be damaged and may need to be restored from
    a previous backup.

    Error - 1/19/2012 8:58:34 PM | Computer Name = RIONXP | Source = ESENT | ID = 481
    Description = wuauclt (2632) An attempt to read from the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
    at offset 45056 (0x000000000000b000) for 4096 (0x00001000) bytes failed with system
    error 1117 (0x0000045d): "The request could not be performed because of an I/O
    device error. ". The read operation will fail with error -1022 (0xfffffc02). If
    this error persists then the file may be damaged and may need to be restored from
    a previous backup.

    Error - 1/19/2012 9:08:19 PM | Computer Name = RIONXP | Source = ESENT | ID = 482
    Description = wuauclt (616) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
    at offset 73728 (0x0000000000012000) for 4096 (0x00001000) bytes failed with system
    error 1117 (0x0000045d): "The request could not be performed because of an I/O
    device error. ". The write operation will fail with error -1022 (0xfffffc02).
    If this error persists then the file may be damaged and may need to be restored
    from a previous backup.

    [ System Events ]
    Error - 1/30/2012 2:00:47 AM | Computer Name = RIONXP | Source = NETLOGON | ID = 3095
    Description = This computer is configured as a member of a workgroup, not as a member
    of a domain. The Netlogon service does not need to run in this configuration.

    Error - 1/30/2012 2:00:53 AM | Computer Name = RIONXP | Source = Service Control Manager | ID = 7000
    Description = The NetBEUI Protocol service failed to start due to the following
    error: %%2

    Error - 1/30/2012 4:26:43 AM | Computer Name = RIONXP | Source = NETLOGON | ID = 3095
    Description = This computer is configured as a member of a workgroup, not as a member
    of a domain. The Netlogon service does not need to run in this configuration.

    Error - 1/30/2012 4:26:49 AM | Computer Name = RIONXP | Source = Service Control Manager | ID = 7000
    Description = The NetBEUI Protocol service failed to start due to the following
    error: %%2

    Error - 1/31/2012 7:08:27 AM | Computer Name = RIONXP | Source = NETLOGON | ID = 3095
    Description = This computer is configured as a member of a workgroup, not as a member
    of a domain. The Netlogon service does not need to run in this configuration.

    Error - 1/31/2012 7:08:33 AM | Computer Name = RIONXP | Source = Service Control Manager | ID = 7000
    Description = The NetBEUI Protocol service failed to start due to the following
    error: %%2

    Error - 1/31/2012 7:17:39 AM | Computer Name = RIONXP | Source = NETLOGON | ID = 3095
    Description = This computer is configured as a member of a workgroup, not as a member
    of a domain. The Netlogon service does not need to run in this configuration.

    Error - 1/31/2012 7:17:43 AM | Computer Name = RIONXP | Source = Service Control Manager | ID = 7000
    Description = The NetBEUI Protocol service failed to start due to the following
    error: %%2

    Error - 1/31/2012 7:43:30 AM | Computer Name = RIONXP | Source = NETLOGON | ID = 3095
    Description = This computer is configured as a member of a workgroup, not as a member
    of a domain. The Netlogon service does not need to run in this configuration.

    Error - 1/31/2012 7:43:35 AM | Computer Name = RIONXP | Source = Service Control Manager | ID = 7000
    Description = The NetBEUI Protocol service failed to start due to the following
    error: %%2


    < End of report >
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.