[A] WinXP security 2012 virus: eliminated, but now Windows Update doesn't work

OTL part 1

OTL logfile created on: 1/31/2012 7:27:12 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Rion\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 635.09 Mb Available Physical Memory | 62.05% Memory free
929.73 Mb Paging File | 659.62 Mb Available in Paging File | 70.95% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17.07 Gb Total Space | 5.68 Gb Free Space | 33.27% Space Free | Partition Type: FAT32
Drive D: | 34.24 Gb Total Space | 15.05 Gb Free Space | 43.97% Space Free | Partition Type: NTFS
Drive E: | 8.53 Gb Total Space | 3.55 Gb Free Space | 41.56% Space Free | Partition Type: FAT32
Drive F: | 159.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: RIONXP | User Name: Rion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/31 07:23:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rion\Desktop\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 17:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/12/20 17:12:36 | 000,131,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
PRC - [2003/05/14 18:33:52 | 000,045,056 | ---- | M] () -- C:\WINDOWS\shicoxp.exe
PRC - [1998/02/05 12:16:18 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\NILaunch.exe


========== Modules (No Company Name) ==========

MOD - [2006/10/22 12:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
MOD - [2003/05/14 18:33:52 | 000,045,056 | ---- | M] () -- C:\WINDOWS\shicoxp.exe
MOD - [1998/02/05 12:16:18 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\NILaunch.exe
MOD - [1998/02/05 12:16:18 | 000,018,432 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\jDocPrc.dll
MOD - [1997/09/09 11:48:50 | 000,139,776 | ---- | M] () -- C:\WINDOWS\system32\APPLE_NT.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/07/21 14:34:34 | 000,185,089 | ---- | M] (Avira GmbH) [On_Demand | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:24 | 000,108,289 | ---- | M] (Avira GmbH) [On_Demand | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2001/10/25 07:57:54 | 000,040,960 | ---- | M] (Dantz Development Corporation) [On_Demand | Stopped] -- C:\Program Files\Dantz\Retrospect\retrorun.exe -- (RetroLauncher)


========== Driver Services (SafeList) ==========

DRV - [2012/01/12 20:56:50 | 000,024,064 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/07/09 13:18:56 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2010/01/26 15:45:28 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:26 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:08 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:06 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/13 11:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2005/04/13 12:34:02 | 000,414,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2005/04/13 12:32:42 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2004/08/10 23:39:38 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2003/05/09 15:55:02 | 000,089,749 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SI3112r.sys -- (SI3112r)
DRV - [2003/02/18 05:51:00 | 000,007,888 | ---- | M] (C. Ghisler & Co.) [Kernel | On_Demand | Stopped] -- C:\totalcmd\CGLPTNT.SYS -- (cglptnt)
DRV - [2003/02/12 12:37:48 | 000,009,600 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2002/12/13 16:06:40 | 000,129,875 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2002/10/22 18:40:44 | 000,007,560 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2002/09/22 19:37:00 | 000,080,896 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2002/09/08 18:59:00 | 000,108,220 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NVCAP.SYS -- (nvcap) nVidia WDM Video Capture (universal)
DRV - [2002/09/08 18:59:00 | 000,015,968 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NVTUNEP.SYS -- (nvTUNEP)
DRV - [2002/09/08 18:59:00 | 000,013,776 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NVTVSND.SYS -- (nvtvSND)
DRV - [2002/09/08 18:59:00 | 000,010,366 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NVXBAR.SYS -- (NVXBAR)
DRV - [2002/09/05 20:24:00 | 000,013,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2002/08/13 06:27:22 | 000,074,338 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90Xbc5.SYS -- (EL90Xbc)
DRV - [2002/06/27 19:12:54 | 000,434,176 | ---- | M] (ahead software) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\bsudf.sys -- (BsUDF)
DRV - [2002/06/05 09:07:00 | 000,009,344 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\bsstor.sys -- (BsStor)
DRV - [2002/04/18 18:15:46 | 000,013,780 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/11/30 17:08:10 | 000,015,360 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 12:12:20 | 000,032,840 | ---- | M] (NETGEAR Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ngrpci.sys -- (ngrpci)
DRV - [2000/04/11 10:30:50 | 000,004,000 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hmonitor.sys -- (hmonitor)
DRV - [1997/04/22 10:16:00 | 000,006,272 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-789336058-287218729-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-789336058-287218729-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-789336058-287218729-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-789336058-287218729-682003330-1003\..\URLSearchHook: {38542454-dfb6-44f5-b052-d4e071a3d073} - SOFTWARE\Classes\CLSID\{38542454-dfb6-44f5-b052-d4e071a3d073}\InprocServer32 File not found
IE - HKU\S-1-5-21-789336058-287218729-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-287218729-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3C73834E-DA76-454C-A825-60E2F0939228}:1.9.1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Documents and Settings\Rion\Local Settings\Application Data\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3C73834E-DA76-454C-A825-60E2F0939228}: C:\Documents and Settings\Rion\Local Settings\Application Data\{3C73834E-DA76-454C-A825-60E2F0939228} [2011/07/10 17:15:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2007/11/21 21:42:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2007/11/21 21:42:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.12\extensions\\Components: C:\Program Files\Thunderbird\components [2006/03/24 23:21:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.12\extensions\\Plugins: C:\Program Files\Thunderbird\plugins [2006/03/24 23:21:14 | 000,000,000 | ---D | M]

[2008/08/26 23:20:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rion\Application Data\Mozilla\Extensions
[2010/01/30 20:20:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rion\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2007/11/21 21:42:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rion\Application Data\Mozilla\Firefox\Profiles\6mo1uipe.default\extensions
[2010/04/29 22:30:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rion\Application Data\Mozilla\Firefox\Profiles\6mo1uipe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007/11/21 21:42:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/10 17:15:56 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\RION\LOCAL SETTINGS\APPLICATION DATA\{3C73834E-DA76-454C-A825-60E2F0939228}
[2008/11/25 14:52:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2009/03/23 12:56:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\My Program Files\TechSmith\SnagIt6\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Elf 1.12 Toolbar) - {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files\Elf_1.12\prxtbElf0.dll File not found
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Elf 1.12 Toolbar) - {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files\Elf_1.12\prxtbElf0.dll File not found
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\My Program Files\TechSmith\SnagIt6\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-789336058-287218729-682003330-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-789336058-287218729-682003330-1003\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-789336058-287218729-682003330-1003\..\Toolbar\WebBrowser: (Elf 1.12 Toolbar) - {38542454-DFB6-44F5-B052-D4E071A3D073} - C:\Program Files\Elf_1.12\prxtbElf0.dll File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader80\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Anvshell] C:\WINDOWS\aAnvshell.exe File not found
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\aavgnt.exe" /min File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Net-It Launcher] C:\WINDOWS\system32\NILaunch.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTune.exe (NVIDIA)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [shicoxp] C:\WINDOWS\shicoxp.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [Xerox PanelMgr] C:\WINDOWS\Xerox\PanelMgr\ssmmgr.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Rion\Start Menu\Programs\Startup\Shortcut to TOTALCMD.lnk = C:\totalcmd\TOTALCMD.EXE (C. Ghisler & Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-287218729-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-287218729-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-789336058-287218729-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-789336058-287218729-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Rion\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37856.9063425926 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: HushEncryptionEngine https://mailserver5.hushmail.com/shared/HushEncryptionEngine.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02F255B2-5684-465A-BEF7-B0FB7A43B4D0}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\System32\inetcomm.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\RIVETS.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\RIVETS.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/08/15 15:39:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2003/07/20 12:15:10 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/11/02 14:04:58 | 000,000,046 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{302fca80-6e36-11dc-a4b8-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{302fca80-6e36-11dc-a4b8-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{302fca80-6e36-11dc-a4b8-806d6172696f}\Shell\AutoRun\command - "" = F:\Programs\Nu2Menu\nu2menu.exe -- [2006/02/07 13:00:46 | 000,084,992 | R--- | M] (Nu2 Productions)
O33 - MountPoints2\{769375ea-1a2b-11e0-9fb2-002654106f4b}\Shell - "" = AutoRun
O33 - MountPoints2\{769375ea-1a2b-11e0-9fb2-002654106f4b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{769375ea-1a2b-11e0-9fb2-002654106f4b}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

OTL part 2

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.asv2 - asusasv2.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/31 07:23:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rion\Desktop\OTL.exe
[2012/01/27 10:15:54 | 000,000,000 | --SD | C] -- C:\Buttly
[2012/01/27 10:15:03 | 004,391,956 | R--- | C] (Swearware) -- C:\Documents and Settings\Rion\Desktop\Buttly.exe
[2012/01/27 09:52:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/27 09:37:31 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Rion\Desktop\tdsskiller.exe
[2012/01/27 09:14:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2012/01/27 09:14:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2012/01/27 04:08:47 | 000,000,000 | R--D | C] -- C:\My Videos
[2012/01/27 04:08:47 | 000,000,000 | R--D | C] -- C:\My Music
[2012/01/25 04:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PE Builder
[2012/01/25 04:16:16 | 000,000,000 | ---D | C] -- C:\pebuilder3110a
[2012/01/18 23:47:08 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2012/01/18 15:38:34 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Documents and Settings\Rion\Desktop\boot_cleaner.exe
[2012/01/18 01:43:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rion\My Documents\My Videos
[2012/01/18 01:11:14 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Rion\Desktop\dds.scr
[2012/01/13 11:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rion\regbackup
[2012/01/13 10:38:09 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2012/01/13 10:38:09 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2012/01/13 10:37:55 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2012/01/13 10:37:54 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2012/01/13 10:37:31 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2012/01/13 10:37:31 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2012/01/13 10:37:27 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2012/01/13 10:37:20 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2012/01/13 10:37:11 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2012/01/13 10:37:10 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2012/01/13 10:37:10 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2012/01/13 10:37:08 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2012/01/13 10:37:07 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2012/01/13 10:37:07 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2012/01/13 10:37:06 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2012/01/13 10:37:01 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2012/01/13 10:36:59 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2012/01/13 10:36:58 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2012/01/13 10:36:58 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2012/01/13 10:36:52 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2012/01/13 10:36:49 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2012/01/13 10:36:48 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2012/01/13 10:36:47 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2012/01/13 10:36:44 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2012/01/13 10:36:43 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2012/01/13 10:36:43 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2012/01/13 10:36:43 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2012/01/13 10:36:42 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2012/01/13 10:36:42 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2012/01/13 10:36:36 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2012/01/13 10:36:35 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2012/01/13 10:36:35 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2012/01/13 10:36:33 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2012/01/13 10:36:32 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2012/01/13 10:36:32 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2012/01/13 10:36:28 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2012/01/13 10:36:28 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2012/01/13 10:36:21 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2012/01/13 10:36:21 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2012/01/13 10:36:21 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2012/01/13 10:36:20 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2012/01/13 10:36:18 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2012/01/13 10:36:13 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2012/01/13 10:36:07 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2012/01/13 10:36:06 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2012/01/13 10:36:06 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2012/01/13 10:36:06 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2012/01/13 10:36:05 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2012/01/13 10:20:26 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2012/01/13 10:20:26 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2012/01/13 10:20:25 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2012/01/13 10:20:24 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2012/01/13 10:20:17 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2012/01/13 10:20:16 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2012/01/13 10:20:16 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2012/01/13 10:20:16 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2012/01/13 10:20:09 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2012/01/13 10:20:08 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2012/01/13 10:20:08 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2012/01/13 10:20:05 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2012/01/13 10:20:05 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2012/01/13 10:20:05 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2012/01/13 10:20:05 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2012/01/13 10:20:04 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2012/01/13 10:20:04 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2012/01/13 10:20:04 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2012/01/13 10:20:03 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2012/01/13 10:20:03 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2012/01/13 10:20:02 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2012/01/13 10:20:02 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2012/01/13 10:19:45 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2012/01/13 10:19:44 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2012/01/13 10:19:39 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2012/01/13 10:19:36 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2012/01/13 10:19:36 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2012/01/13 10:19:35 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2012/01/13 10:19:29 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2012/01/13 10:19:28 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2012/01/13 10:19:22 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2012/01/13 10:19:22 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2012/01/13 10:19:22 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2012/01/13 10:19:17 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2012/01/13 10:19:01 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2012/01/13 10:19:00 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2012/01/13 10:18:58 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2012/01/13 10:18:58 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2012/01/13 10:18:53 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2012/01/13 10:18:53 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2012/01/13 10:18:53 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2012/01/13 10:18:52 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2012/01/13 10:18:42 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2012/01/13 10:18:38 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2012/01/13 10:18:37 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2012/01/13 10:18:35 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2012/01/13 10:18:32 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2012/01/13 10:18:32 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2012/01/13 10:18:30 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2012/01/13 10:18:29 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2012/01/13 10:18:29 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2012/01/13 10:18:29 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2012/01/13 10:18:28 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2012/01/13 10:18:28 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2012/01/13 10:18:27 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2012/01/13 10:18:27 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2012/01/13 10:18:26 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2012/01/13 10:18:26 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2012/01/13 10:18:26 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2012/01/13 10:18:01 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2012/01/13 10:17:47 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2012/01/13 10:17:41 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2012/01/13 10:17:41 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2012/01/13 10:17:40 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2012/01/13 10:17:40 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2012/01/13 10:17:39 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2012/01/13 10:17:39 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2012/01/13 10:17:36 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2012/01/13 10:17:36 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2012/01/13 10:17:35 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2012/01/13 10:17:35 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2012/01/13 10:17:34 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2012/01/13 10:17:33 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2012/01/13 10:17:09 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2012/01/13 10:16:52 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2012/01/13 10:16:29 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2012/01/13 10:16:28 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2012/01/13 10:16:22 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2012/01/13 10:16:21 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2012/01/13 10:16:21 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2012/01/13 10:16:17 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2012/01/13 10:16:10 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2012/01/13 10:16:10 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2012/01/13 10:16:07 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2012/01/13 10:16:07 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2012/01/13 10:16:06 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2012/01/13 10:16:06 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2012/01/13 10:16:01 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2012/01/13 10:16:00 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2012/01/13 10:16:00 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2012/01/13 10:15:35 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2012/01/13 10:15:32 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2012/01/13 10:15:28 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2012/01/13 10:15:27 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2012/01/13 10:15:27 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2012/01/13 10:15:26 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2012/01/13 10:15:25 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2012/01/13 10:15:25 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2012/01/13 10:15:25 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2012/01/13 10:15:24 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2012/01/13 10:15:17 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2012/01/13 10:15:17 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2012/01/13 10:15:16 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2012/01/13 10:15:07 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2012/01/13 10:15:07 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2012/01/13 10:15:07 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2012/01/13 10:15:06 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2012/01/13 10:15:06 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2012/01/13 10:15:06 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2012/01/13 10:15:05 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2012/01/13 10:15:05 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2012/01/13 10:15:02 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2012/01/13 10:14:54 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2012/01/13 10:14:50 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2012/01/13 10:14:45 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2012/01/13 10:14:45 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2012/01/13 10:14:45 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2012/01/13 10:14:44 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2012/01/13 10:14:44 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2012/01/13 10:14:42 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2012/01/13 10:14:42 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2012/01/13 10:14:42 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2012/01/13 10:14:41 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2012/01/13 10:14:41 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2012/01/13 10:14:40 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys

OTL part 3

[2012/01/13 10:11:33 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2012/01/13 10:11:33 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2012/01/13 10:11:33 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2012/01/13 10:11:32 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2012/01/13 10:11:32 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2012/01/13 10:11:32 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2012/01/13 10:11:31 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2012/01/13 10:11:31 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2012/01/13 10:11:30 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2012/01/13 10:11:30 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2012/01/13 10:11:29 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2012/01/13 10:11:29 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2012/01/13 10:11:28 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2012/01/13 10:11:28 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2012/01/13 10:11:27 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2012/01/13 10:11:27 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2012/01/13 10:11:27 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2012/01/13 10:11:26 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2012/01/13 10:11:24 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2012/01/13 10:11:21 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2012/01/13 10:11:21 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2012/01/13 10:11:20 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2012/01/13 10:11:20 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2012/01/13 10:11:19 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2012/01/13 10:11:19 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2012/01/13 10:11:19 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2012/01/13 10:11:06 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2012/01/13 10:11:02 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2012/01/13 10:10:54 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2012/01/13 10:10:53 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2012/01/13 10:10:53 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2012/01/13 10:10:52 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2012/01/13 10:10:52 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2012/01/13 10:10:50 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2012/01/13 10:10:48 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2012/01/13 10:10:48 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2012/01/13 10:10:47 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2012/01/13 10:10:46 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2012/01/13 10:10:46 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2012/01/13 03:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rion\Application Data\SpeedMaxPc
[2012/01/13 03:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rion\Application Data\DriverCure
[2012/01/13 03:32:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2012/01/10 03:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rion\Local Settings\Application Data\SanctionedMedia
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/31 07:27:02 | 000,004,345 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2012/01/31 07:23:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rion\Desktop\OTL.exe
[2012/01/31 03:43:42 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/31 03:43:28 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/01/31 03:43:24 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012/01/31 03:43:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/31 03:16:02 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/30 00:42:44 | 000,079,346 | -H-- | M] () -- C:\TREEINFO.WC
[2012/01/28 08:39:48 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2012/01/27 10:15:02 | 004,391,956 | R--- | M] (Swearware) -- C:\Documents and Settings\Rion\Desktop\Buttly.exe
[2012/01/27 09:37:40 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Rion\Desktop\tdsskiller.exe
[2012/01/27 09:14:54 | 000,000,328 | ---- | M] () -- C:\Boot.bak
[2012/01/25 05:39:46 | 000,002,170 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/25 04:16:20 | 000,000,437 | ---- | M] () -- C:\Documents and Settings\Rion\Desktop\PE Builder.lnk
[2012/01/25 03:22:54 | 000,000,047 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/01/18 06:11:30 | 000,516,606 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/18 06:11:30 | 000,098,008 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/18 01:10:50 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Rion\Desktop\dds.scr
[2012/01/12 20:56:50 | 000,024,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/01/12 19:10:04 | 000,008,581 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\5f5e9b90
[2012/01/12 19:10:04 | 000,008,578 | ---- | M] () -- C:\Documents and Settings\Rion\Application Data\32f0799f
[2012/01/12 19:10:04 | 000,008,526 | ---- | M] () -- C:\Documents and Settings\Rion\Local Settings\Application Data\95b84d65
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/25 16:12:52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/25 16:12:52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/25 04:16:18 | 000,000,437 | ---- | C] () -- C:\Documents and Settings\Rion\Desktop\PE Builder.lnk
[2012/01/25 03:22:53 | 000,000,047 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/01/13 10:38:08 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2012/01/13 10:38:08 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2012/01/13 10:19:19 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2012/01/13 10:19:18 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2012/01/13 10:18:05 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2012/01/13 10:16:29 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2012/01/13 10:16:29 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2012/01/13 10:16:28 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2012/01/13 10:16:27 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2012/01/13 10:16:27 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2012/01/13 10:15:27 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2012/01/13 10:15:26 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2012/01/13 10:15:26 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2012/01/13 10:11:15 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2012/01/13 10:11:14 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2012/01/13 10:11:14 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2012/01/13 10:11:14 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2012/01/13 10:11:13 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2012/01/13 10:11:13 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2012/01/13 10:11:13 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2012/01/13 10:11:12 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2012/01/13 10:11:12 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2012/01/13 10:11:08 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2012/01/12 20:56:49 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/01/12 18:59:55 | 000,008,581 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\5f5e9b90
[2012/01/12 18:59:55 | 000,008,578 | ---- | C] () -- C:\Documents and Settings\Rion\Application Data\32f0799f
[2012/01/12 18:59:55 | 000,008,526 | ---- | C] () -- C:\Documents and Settings\Rion\Local Settings\Application Data\95b84d65
[2011/08/30 05:25:25 | 000,141,152 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/10 17:15:57 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Pgoxafonut.dat
[2011/07/10 17:15:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Nvorog.bin
[2010/06/14 16:40:17 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP PrecisionScan Pro.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/12 20:04:52 | 000,004,342 | ---- | C] () -- C:\WINDOWS\scad3.INI
[2009/03/23 12:51:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/03/23 12:51:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/03/23 12:51:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/12/26 16:39:55 | 000,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2008/12/26 16:34:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2008/12/26 16:34:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2008/09/26 15:46:30 | 000,004,199 | ---- | C] () -- C:\WINDOWS\ALWPU.INI
[2008/09/26 15:45:43 | 000,177,664 | ---- | C] () -- C:\WINDOWS\System32\APPLE_UI.DLL
[2008/09/26 15:45:43 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\APPLE_NT.DLL
[2008/07/28 15:39:20 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2007/12/29 00:22:11 | 000,003,147 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/24 18:05:38 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Rion\Application Data\WavCodec.wff
[2007/11/23 00:38:28 | 000,139,008 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2007/11/14 03:00:15 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\afcddb4_d.dll
[2007/10/29 02:08:42 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/17 19:08:45 | 000,454,656 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2006/10/22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 12:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/22 12:22:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/24 23:21:23 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallThunderbird.exe
[2005/08/24 02:30:01 | 000,000,104 | ---- | C] () -- C:\WINDOWS\nTune.INI
[2005/08/24 02:29:56 | 000,000,113 | ---- | C] () -- C:\WINDOWS\NVProfileManager.INI
[2005/08/24 02:27:25 | 000,000,119 | ---- | C] () -- C:\WINDOWS\NVPerformance.INI
[2005/08/17 18:33:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2005/03/09 22:10:46 | 000,000,041 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/01/20 08:34:48 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2004/10/01 15:20:43 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/19 00:25:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2004/09/11 18:10:55 | 000,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/09/10 15:08:23 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2004/06/28 02:20:09 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2004/03/07 16:10:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2004/02/10 17:43:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SfwIFmt.dll
[2004/02/10 17:43:08 | 000,000,772 | ---- | C] () -- C:\WINDOWS\PODW.INI
[2003/12/30 23:20:21 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2003/12/30 23:11:42 | 000,000,274 | ---- | C] () -- C:\WINDOWS\pcstudio.ini
[2003/11/05 16:36:15 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003/10/30 02:44:23 | 000,000,363 | ---- | C] () -- C:\WINDOWS\CoverDes.INI
[2003/10/27 12:03:27 | 000,001,232 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/10/13 21:47:15 | 000,030,720 | ---- | C] () -- C:\WINDOWS\PerlGlob.exe
[2003/10/13 21:47:15 | 000,013,158 | ---- | C] () -- C:\WINDOWS\System32\CW16XFR.EXE
[2003/10/11 22:17:46 | 000,004,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\hmonitor.sys
[2003/10/02 23:51:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\MJUninstall.exe
[2003/09/18 17:44:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2003/09/18 17:44:07 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2003/09/18 17:44:07 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2003/09/18 17:43:39 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2003/09/18 17:43:38 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2003/09/18 17:43:35 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2003/08/29 00:42:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2003/08/24 23:52:31 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/08/23 22:26:28 | 000,001,125 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2003/08/22 01:34:57 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/08/22 01:34:32 | 000,095,440 | ---- | C] () -- C:\WINDOWS\NSUninst.exe
[2003/08/22 01:34:27 | 000,095,440 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
[2003/08/22 01:34:26 | 000,016,723 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2003/08/22 01:17:03 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Rion\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/08/20 13:52:23 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\NILaunch.exe
[2003/08/20 13:52:16 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Approach.ini
[2003/08/15 21:50:08 | 000,159,788 | ---- | C] () -- C:\WINDOWS\DelKey.exe
[2003/08/15 21:50:08 | 000,090,149 | ---- | C] () -- C:\WINDOWS\Delvid.exe
[2003/08/15 21:50:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\shicoxp.exe
[2003/08/15 21:50:08 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\caili.exe
[2003/08/15 16:09:17 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\anvcinst.dll
[2003/08/15 16:09:11 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2003/08/15 16:05:54 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2003/08/15 16:05:54 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2003/08/15 16:05:53 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003/08/15 16:05:32 | 000,020,480 | ---- | C] () -- C:\WINDOWS\ANVUNIS.exe
[2003/08/15 16:05:32 | 000,000,578 | ---- | C] () -- C:\WINDOWS\Anvshell.ini
[2003/08/15 15:55:42 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\jedih2rx.bin
[2003/08/15 15:55:42 | 000,000,122 | ---- | C] () -- C:\WINDOWS\System32\drivers\ramsed.bin
[2003/08/15 15:54:26 | 000,003,429 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2003/08/15 15:54:25 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2003/08/15 15:52:22 | 000,004,345 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2003/08/15 15:42:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/08/15 15:36:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/08/15 15:29:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/08/15 15:28:49 | 000,241,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/08/29 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 12:00:00 | 000,516,606 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 12:00:00 | 000,098,008 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 12:00:00 | 000,018,543 | ---- | C] () -- C:\WINDOWS\System32\dtiqtc.dll
[2002/08/29 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2002/08/29 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/08/31 09:36:18 | 000,064,378 | ---- | C] () -- C:\WINDOWS\System32\Hphex.bin
[2001/03/27 04:39:33 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HPNVRamStrings.dll
[1999/03/10 18:23:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1998/06/11 14:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[1998/06/11 14:08:04 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1998/03/18 18:23:00 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\nsqlc32.dll
[1998/01/13 18:23:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
[1997/11/14 18:23:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1997/05/13 18:23:00 | 000,000,153 | ---- | C] () -- C:\WINDOWS\acroread.ini
[1994/07/25 18:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994/04/07 18:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf13.ini

========== LOP Check ==========

[2004/05/26 18:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/08/21 16:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2007/09/18 20:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2007/10/30 16:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2007/11/24 06:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/01/23 14:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/02/02 18:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
[2009/04/17 03:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCB Artist
[2012/01/13 03:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2003/08/30 00:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\NovaStor
[2005/09/07 00:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\Netscape
[2006/03/24 23:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\Thunderbird
[2007/05/07 05:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\Nvu
[2007/06/01 04:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\Viewpoint
[2007/11/05 02:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\Uniblue
[2010/01/28 00:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\OpenOffice.org
[2010/03/31 20:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\Elluminate
[2010/12/28 09:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\PriceGong
[2011/08/30 02:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\Charles Schwab
[2012/01/13 03:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\SpeedMaxPc
[2012/01/13 03:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\DriverCure
[2012/01/31 03:43:24 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

OTL part 4

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/04/14 00:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2008/04/13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2012/01/28 08:39:48 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2003/08/15 15:39:36 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2003/08/15 15:39:36 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2003/08/15 15:39:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2003/08/15 15:39:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/01/30 00:42:44 | 000,079,346 | -H-- | M] () -- C:\TREEINFO.WC
[2011/01/11 16:27:14 | 000,000,000 | ---- | M] () -- C:\CLDMA.LOG
[2011/04/12 08:39:46 | 000,000,000 | ---- | M] () -- C:\Log.txt
[2009/01/23 12:45:14 | 000,001,148 | ---- | M] () -- C:\net_save.dna
[2012/01/27 09:14:54 | 000,000,328 | ---- | M] () -- C:\Boot.bak
[2008/04/14 00:02:08 | 000,260,288 | RHS- | M] () -- C:\cmldr
[2012/01/13 12:42:10 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2012/01/30 00:11:42 | 000,058,814 | ---- | M] () -- C:\Win-Files.txt
[2012/01/30 00:12:00 | 000,000,000 | ---- | M] () -- C:\RootKit.log
[2003/10/26 01:44:20 | 000,000,199 | ---- | M] () -- C:\UnInstall.dat
[2003/11/06 17:16:48 | 000,000,185 | ---- | M] () -- C:\Setup.log

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2003/08/15 15:39:18 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[1998/02/05 12:16:18 | 000,018,432 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\jDocPrc.dll
[2008/07/06 03:50:04 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2003/08/15 15:27:50 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
[2003/08/15 15:27:50 | 000,626,688 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2003/08/15 15:27:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/08/18 18:51:08 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/03/23 04:22:10 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Rion\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2003/08/15 15:46:00 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Rion\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Documents and Settings\Rion\Desktop\boot_cleaner.exe
[2012/01/27 09:37:40 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Rion\Desktop\tdsskiller.exe
[2012/01/27 10:15:02 | 004,391,956 | R--- | M] (Swearware) -- C:\Documents and Settings\Rion\Desktop\Buttly.exe
[2012/01/31 07:23:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rion\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2004/10/01 16:42:16 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Rion\Favorites\Desktop.ini
[2012/01/29 09:26:42 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\Rion\Favorites\NtUser.dat
[2012/01/29 09:26:56 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Rion\Favorites\NtUser.dat.LOG

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/01/31 07:15:14 | 001,212,416 | ---- | M] () -- C:\Documents and Settings\Rion\Cookies\index.dat
[2009/03/23 02:49:24 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Rion\Cookies\desktop.ini
[2012/01/29 09:26:42 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\Rion\Cookies\NtUser.dat
[2012/01/29 09:26:56 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Rion\Cookies\NtUser.dat.LOG

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/13 17:12:38 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2002/08/29 05:00:00 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/08/29 05:00:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/08/29 05:00:00 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002/08/29 05:00:00 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/08/20 12:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2002/08/20 15:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2002/08/20 12:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2002/08/20 12:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2004/07/17 11:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm
[2008/04/13 17:12:28 | 001,695,232 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/04/13 10:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 17:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2008/05/02 07:01:50 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< MD5 for: AGP440.SYS >
[2004/10/01 16:26:40 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/18 18:42:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/10/01 16:26:40 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/08/18 18:42:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 12:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/10/01 16:26:40 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/18 18:42:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/10/01 16:26:40 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/08/18 18:42:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/29 12:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\ATAPI.SYS
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DXGTHK.SYS >
[2002/08/29 04:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) MD5=A73F5D6705B1D820C19B18782E176EFD -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\DXGTHK.SYS
[2002/08/29 12:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) MD5=A73F5D6705B1D820C19B18782E176EFD -- C:\WINDOWS\system32\dllcache\dxgthk.sys
[2002/08/29 12:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) MD5=A73F5D6705B1D820C19B18782E176EFD -- C:\WINDOWS\system32\drivers\dxgthk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 17:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\pebuilder3110a\BartPE\I386\EXPLORER.EXE
[2008/04/13 17:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 17:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 17:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: NETBT.SYS >
[2008/04/14 00:51:02 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\NETBT.SYS
[2008/04/13 12:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008/04/13 12:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\dllcache\netbt.sys
[2008/04/13 12:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\NETLOGON.DLL
[2008/04/13 17:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 17:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\SCECLI.DLL
[2008/04/13 17:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 17:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\SVCHOST.EXE
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TCPIP.SYS >
[2008/04/14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\TCPIP.SYS
[2008/04/13 12:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 04:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 04:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\USERINIT.EXE
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/13 11:41:02 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 11:41:02 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\dllcache\volsnap.sys
[2008/04/13 11:41:02 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\WINLOGON.EXE
[2008/04/13 17:12:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 17:12:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINSRV.DLL >
[2008/04/14 05:42:10 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=1618F36D4F7F6CCCEB3EE44BA95BE85C -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\WINSRV.DLL
[2008/04/13 17:12:10 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=1618F36D4F7F6CCCEB3EE44BA95BE85C -- C:\WINDOWS\ServicePackFiles\i386\winsrv.dll
[2011/11/25 13:57:20 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=8C7DCA4B158BF16894120786A7A5F366 -- C:\WINDOWS\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\sp3gdr\winsrv.dll
[2011/11/25 13:57:20 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=8C7DCA4B158BF16894120786A7A5F366 -- C:\WINDOWS\system32\dllcache\winsrv.dll
[2011/11/25 13:57:20 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=8C7DCA4B158BF16894120786A7A5F366 -- C:\WINDOWS\system32\winsrv.dll
[2011/11/25 13:56:26 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=B23423313519C522E0E73BA170D3CE71 -- C:\WINDOWS\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\sp3qfe\winsrv.dll

< End of report >

Extras.txt

OTL Extras logfile created on: 1/31/2012 7:27:12 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Rion\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 635.09 Mb Available Physical Memory | 62.05% Memory free
929.73 Mb Paging File | 659.62 Mb Available in Paging File | 70.95% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17.07 Gb Total Space | 5.68 Gb Free Space | 33.27% Space Free | Partition Type: FAT32
Drive D: | 34.24 Gb Total Space | 15.05 Gb Free Space | 43.97% Space Free | Partition Type: NTFS
Drive E: | 8.53 Gb Total Space | 3.55 Gb Free Space | 41.56% Space Free | Partition Type: FAT32
Drive F: | 159.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: RIONXP | User Name: Rion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with ACDSee] -- "C:\My Program Files\ACDSee32\ACDSee32.exe" "%1" (ACD Systems, Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\System32\ftp.exe" = C:\WINDOWS\System32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\WINDOWS\System32\mmc.exe" = C:\WINDOWS\System32\mmc.exe:*isabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Palm\HOTSYNC.EXE" = C:\Program Files\Palm\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application -- (Palm, Inc.)
"E:\RC40 Scale\RC40 Rate Update.exe" = E:\RC40 Scale\RC40 Rate Update.exe:*:Enabled:RC40 Scale -- (CompanionLink Software, Inc.)
"C:\Program Files\Schwab\SSPro\SSPro.exe" = C:\Program Files\Schwab\SSPro\SSPro.exe:*:Enabled:StreetSmart Pro® -- (Charles Schwab & Co., Inc.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Java\JRE6\BIN\javaw.exe" = C:\Program Files\Java\JRE6\BIN\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Rion\Local Settings\Application Data\Google\Google Earth\client\googleearth.exe" = C:\Documents and Settings\Rion\Local Settings\Application Data\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0345CF70-FA00-4F4E-A218-0FA494F465A4}" = LightScribe Template Designs - Business Pack 1
"{22DAFE84-E618-11D3-B2A7-080009FB4A19}" = HP PrecisionScan Pro 3.0
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{2CDB2DCD-1153-4ED4-9D0A-606231CEFE9A}" = LightScribe Template Designs - Art Pack 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{47BD9F34-BBB7-4CFF-BE29-2D5D8E2F0385}" = PCB Artist
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{48963B63-7A10-49D6-8B08-61E6132453D0}" = ViewSonic Monitor Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{664708B3-C730-11D5-ADE7-00B0D07D157A}" = StreetSmart Pro
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD XP
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7141AD74-0C90-4369-A4C0-15BD0BD57C1D}" = Net-It Now! Uninstaller
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7DBBC522-F642-4D6C-A03F-22E49EB63437}" = Palm Desktop
"{82F248C6-D392-11D5-9EA2-0050BAE317E1}" = PowerDirector Pro Disc Wizard
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A14F19F4-2E19-4CA5-83AB-FC9EE3FEA1E0}" = NovaBACKUP
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B6C766E9-B26D-4D54-A22B-A52B069C6C14}" = LightScribe Template Designs - Special Occasion Pack 1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF736FF-8133-42F3-8E18-BDFE293B87FF}" = LightScribe Template Designs - Holiday Pack 1
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1
"{E9B65E73-A050-413C-89BA-80EE1875870D}" = Retrospect 5.6
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{FAC20C98-35F4-49E9-B4E3-6A4FB2E9686C}" = LightScribe Template Labeler
"{FAFD21CB-7882-4ED2-8270-508F564221A8}" = ATECH FLASH PRO-IX Driver (Rev1.00)
"2A17D76A9A2D2CD672A7F1A1B0C763731AC8D607" = Windows Driver Package - MARS (MR97310_USB_DUAL_CAMERA) Image (12/03/2002 1.2.9.0)
"7-Zip" = 7-Zip 9.20
"ACDSee 32" = ACDSee 32
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AppleLaserWriterSoftware202" = Apple LaserWriter Software
"ASUS Probe V2.19.07" = ASUS Probe V2.19.07
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Codewright51" = Codewright 5.1
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Compton's Interactive Encyclopedia 2000" = Compton's Interactive Encyclopedia 2000
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"DVD Identifier_is1" = DVD Identifier
"EZ-PC" = AutoXray EZ-PC (remove only)
"HijackThis" = HijackThis 2.0.2
"HP PhotoSmart C200 Camera Software" = HP PhotoSmart C200 Photo Imaging Software
"HP PhotoSmart Photo Printing Software" = HP PhotoSmart Photo Printing Software
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InCD!UninstallKey" = InCD (Ahead Software)
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"IrfanView" = IrfanView (remove only)
"Java Web Start" = Java Web Start
"Karen's Cookie Viewer" = Karen's Cookie Viewer
"Learn Electronics Part 1" = Twisted Pair Computer Based Training Learn Electronics Part 1 5.03
"LTspice IV" = LTspice IV
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Media Jukebox 8.0" = Media Jukebox 8.0
"MediaShow" = Medi@Show
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"MovieConverterV3" = Movie Converter V3 (remove only)
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"Mozilla Thunderbird (3.1.12)" = Mozilla Thunderbird (3.1.12)
"Netscape (7.1)" = Netscape (7.1)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PE Builder_is1" = PE Builder 3.1.10a
"PhotoWorks" = PhotoWorks v2.41
"RC40 Scale" = RC40 Scale
"SeaTools Enterprise" = SeaTools Enterprise
"SmartSuite V99.0" = Lotus SmartSuite Release 9.5
"SnagIt6" = SnagIt 6
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"Xerox Phaser 3124" = Xerox Phaser 3124
"Yahoo! Photos Drag-Drop Uploader 1v7" = Yahoo! Photos Easy Upload Tool 1v7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-789336058-287218729-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Smad" = SanctionedMedia

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/19/2012 5:41:02 PM | Computer Name = RIONXP | Source = ESENT | ID = 482
Description = wuauclt (3272) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
at offset 237568 (0x000000000003a000) for 4096 (0x00001000) bytes failed with system
error 1117 (0x0000045d): "The request could not be performed because of an I/O
device error. ". The write operation will fail with error -1022 (0xfffffc02).
If this error persists then the file may be damaged and may need to be restored
from a previous backup.

Error - 1/19/2012 7:27:32 PM | Computer Name = RIONXP | Source = ESENT | ID = 482
Description = wuauclt (1964) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
at offset 102400 (0x0000000000019000) for 4096 (0x00001000) bytes failed with system
error 1117 (0x0000045d): "The request could not be performed because of an I/O
device error. ". The write operation will fail with error -1022 (0xfffffc02).
If this error persists then the file may be damaged and may need to be restored
from a previous backup.

Error - 1/19/2012 7:28:32 PM | Computer Name = RIONXP | Source = ESENT | ID = 482
Description = wuauclt (1964) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
at offset 28672 (0x0000000000007000) for 4096 (0x00001000) bytes failed with system
error 1117 (0x0000045d): "The request could not be performed because of an I/O
device error. ". The write operation will fail with error -1022 (0xfffffc02).
If this error persists then the file may be damaged and may need to be restored
from a previous backup.

Error - 1/19/2012 7:34:17 PM | Computer Name = RIONXP | Source = ESENT | ID = 482
Description = wuauclt (2812) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
at offset 0 (0x0000000000000000) for 8192 (0x00002000) bytes failed with system
error 1117 (0x0000045d): "The request could not be performed because of an I/O
device error. ". The write operation will fail with error -1022 (0xfffffc02).
If this error persists then the file may be damaged and may need to be restored
from a previous backup.

Error - 1/19/2012 7:35:17 PM | Computer Name = RIONXP | Source = ESENT | ID = 439
Description = wuauclt (2812) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb.
Error -1022.

Error - 1/19/2012 7:37:17 PM | Computer Name = RIONXP | Source = ESENT | ID = 482
Description = wuauclt (2260) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\res2.log"
at offset 0 (0x0000000000000000) for 131072 (0x00020000) bytes failed with system
error 1117 (0x0000045d): "The request could not be performed because of an I/O
device error. ". The write operation will fail with error -1022 (0xfffffc02).
If this error persists then the file may be damaged and may need to be restored
from a previous backup.

Error - 1/19/2012 7:38:02 PM | Computer Name = RIONXP | Source = ESENT | ID = 428
Description = wuauclt (2260) The database engine is rejecting update operations
due to low free disk space on the log disk.

Error - 1/19/2012 7:46:17 PM | Computer Name = RIONXP | Source = ESENT | ID = 481
Description = wuauclt (2260) An attempt to read from the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
at offset 299008 (0x0000000000049000) for 4096 (0x00001000) bytes failed with system
error 1117 (0x0000045d): "The request could not be performed because of an I/O
device error. ". The read operation will fail with error -1022 (0xfffffc02). If
this error persists then the file may be damaged and may need to be restored from
a previous backup.

Error - 1/19/2012 8:58:34 PM | Computer Name = RIONXP | Source = ESENT | ID = 481
Description = wuauclt (2632) An attempt to read from the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
at offset 45056 (0x000000000000b000) for 4096 (0x00001000) bytes failed with system
error 1117 (0x0000045d): "The request could not be performed because of an I/O
device error. ". The read operation will fail with error -1022 (0xfffffc02). If
this error persists then the file may be damaged and may need to be restored from
a previous backup.

Error - 1/19/2012 9:08:19 PM | Computer Name = RIONXP | Source = ESENT | ID = 482
Description = wuauclt (616) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
at offset 73728 (0x0000000000012000) for 4096 (0x00001000) bytes failed with system
error 1117 (0x0000045d): "The request could not be performed because of an I/O
device error. ". The write operation will fail with error -1022 (0xfffffc02).
If this error persists then the file may be damaged and may need to be restored
from a previous backup.

[ System Events ]
Error - 1/30/2012 2:00:47 AM | Computer Name = RIONXP | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 1/30/2012 2:00:53 AM | Computer Name = RIONXP | Source = Service Control Manager | ID = 7000
Description = The NetBEUI Protocol service failed to start due to the following
error: %%2

Error - 1/30/2012 4:26:43 AM | Computer Name = RIONXP | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 1/30/2012 4:26:49 AM | Computer Name = RIONXP | Source = Service Control Manager | ID = 7000
Description = The NetBEUI Protocol service failed to start due to the following
error: %%2

Error - 1/31/2012 7:08:27 AM | Computer Name = RIONXP | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 1/31/2012 7:08:33 AM | Computer Name = RIONXP | Source = Service Control Manager | ID = 7000
Description = The NetBEUI Protocol service failed to start due to the following
error: %%2

Error - 1/31/2012 7:17:39 AM | Computer Name = RIONXP | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 1/31/2012 7:17:43 AM | Computer Name = RIONXP | Source = Service Control Manager | ID = 7000
Description = The NetBEUI Protocol service failed to start due to the following
error: %%2

Error - 1/31/2012 7:43:30 AM | Computer Name = RIONXP | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 1/31/2012 7:43:35 AM | Computer Name = RIONXP | Source = Service Control Manager | ID = 7000
Description = The NetBEUI Protocol service failed to start due to the following
error: %%2


< End of report >

Neither Nilaunch.exe nor shicoxp.exe had any detections. the numbers were something like 0/42 and 0/23.

I DID remove the viewpoint media player.

Avira is still installed. If you go back to my first post (something like 2 weeks ago!), I believe that I did indicate that I used it to eliminate the virus initially. It is still functioning, but only when I start it. That is, it is not constantly monitoring anything. It is the free version and I do scans once a week or so.

Going back to ComboFix, even though it did not complete, I DID find a log file in its directory, mbr.log:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SEAGATE_ rev.0003 -> Harddisk0\DR0 -> \Device\Scsi\adpu160m1Port2Path0Target2Lun0

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
error: Read The request could not be performed because of an I/O device error.

I noticed that the I/O error corresponds to a SCSI error in the event logs. I looked that up online, decoded the error and found this:

[xxxxx0ce] Scatter/gather limit exceeded
An I/O request packet from the system contained a Scatter/Gather element list
that contained more elements than are supported by the miniport.
Scatter/Gather is a list of data segments that define the entire data transfer.
Scatter/Gather is a means to improve total data throughput. This error
might be caused by a component external to the miniport driver, such as
the operating system or an ASPI application.

thanks again!

Do you have to have a straight yes or no?