Inactive [A] WinXP security 2012 virus: eliminated, but now Windows Update doesn't work

Status
Not open for further replies.
Bobbyrae

Bobbyrae

Posts: 25   +0
I looked at other threads here regarding that virus and have followed some of the instructions and have outputs from various scanners...

First, I had to boot into safe mode with a console window, where I could get AVG antivirus to run. That found 8 infections:

Avira AntiVir Personal
Report file date: Thursday, January 12, 2012 19:52

Scanning for 3019400 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Save mode

Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-49426e41
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-24461839
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-6bbb7397
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-74a2f8ff
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-1ad45421
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-6ecff47f
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\59\6b62f07b-6b424f34
[0] Archive type: ZIP
--> morale.class
[DETECTION] Contains recognition pattern of the EXP/2011-3544.AJ exploit
C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\60\5abff83c-1ebc27be
[0] Archive type: ZIP
--> xmltree/umbro.class
[DETECTION] Contains recognition pattern of the EXP/2010-0840.AW exploit
Begin scan in 'D:\'
Begin scan in 'E:\'​

Then I got back into Windows in a normal mode and was able to run MalwareBytes to find another infection:

Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Smad (Trojan.Agent) -> Data: "C:\Documents and Settings\Rion\Local Settings\Application Data\SanctionedMedia\Smad\Smad.exe" -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCR\.exe| (Hijacked.exeFile) -> Bad: (mdaw) Good: (exefile) -> Quarantined and repaired successfully.​

Note that the full log files are attached and I am only dumping in the parts about infections.

Then I ran FSS, which didn't give any problems. And Then I finally ran ESET, which oddly did find 3 infections, but they were all in the same temp directory, so I have deleted the named files.

While the system seems to operating just as it did before, there is ONE NOTABLE exception, and that is that Windows Update does not work. It became clear because the problem started with that red shield down in the system tray telling me that I was "at risk", and I am still in that position, but only because update will not work.

I went into the registry and found that the service for WinUpdate had been removed, found the reg entry online and entered it back in there. I also added in some entries for LEGACY_WUAUSERV, but am still at a point where it will not run. I have improved things to the point where Windows THINKS update is set and will not complain, but the service will not actually start. I get the following message:

servmsg.jpg

By bobbyrae at 2012-01-13

Now, I have checked and doubled-checked, and triple-checked the spelling of the strings in the registery and cannot see any problems, so I think there may be another entry that got messed up or perhaps another DLL is involved and got deleted?

Here's what I added:

Key Name: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv
Class Name: <NO CLASS>
Last Write Time: 1/13/2012 - 11:08 AM
Value 0
Name: DisplayName
Type: REG_SZ
Data: Automatic Update Service
Value 1
Name: ImagePath
Type: REG_EXPAND_SZ
Data: %SystemRoot%\System32\svchost.exe -k netsvcs
Value 2
Name: Description
Type: REG_SZ
Data: Retreives Updates From Microsoft Automatically as needed
Value 3
Name: ObjectName
Type: REG_SZ
Data: LocalSystem
Value 4
Name: ErrorControl
Type: REG_DWORD
Data: 0x1
Value 5
Name: Start
Type: REG_DWORD
Data: 0x2
Value 6
Name: Type
Type: REG_DWORD
Data: 0x20
Value 7
Name: RT_ServiceSidType
Type: REG_DWORD
Data: 0x1
Value 8
Name: PreshutdownTimeout
Type: REG_DWORD
Data: 0x36ee80
Value 9
Name: DelayedAutoStart
Type: REG_DWORD
Data: 0x1

Key Name: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv\Parameters
Class Name: <NO CLASS>
Last Write Time: 1/13/2012 - 8:42 AM
Value 0
Name: ServiceDll
Type: REG_SZ
Data: %SYSTEMROOT%\system32\wuauserv.dll

Key Name: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv\Security
Class Name: <NO CLASS>
Last Write Time: 1/13/2012 - 6:21 AM
Value 0
Name: Security
Type: REG_BINARY
Data:
00000000 01 00 14 80 90 00 00 00 - 9c 00 00 00 14 00 00 00 ................
.....
000000a0 00 00 00 05 12 00 00 00 - ........

Key Name: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv\Enum
Class Name: <NO CLASS>
Last Write Time: 1/13/2012 - 11:08 AM
Value 0
Name: 0
Type: REG_SZ
Data: Root\LEGACY_WUAUSERV\0000
Value 1
Name: Count
Type: REG_DWORD
Data: 0x1
Value 2
Name: NextInstance
Type: REG_DWORD
Data: 0x1
 

Attachments

  • AVSCAN-20120112.txt
    21.7 KB · Views: 1
  • mbam-log-2012-01-12.txt
    2.4 KB · Views: 0
  • FSS1.txt
    2.3 KB · Views: 0
  • eset.txt
    345 bytes · Views: 0
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Here are some logs

Avira scan results:

Avira AntiVir Personal
Report file date: Thursday, January 12, 2012 19:52

Scanning for 3019400 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Save mode
Username : Rion
Computer name : RIONXP

Version information:
BUILD.DAT : 9.0.0.429 21701 Bytes 10/6/2010 10:04:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 11/19/2009 17:07:00
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 19:58:26
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 20:35:50
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 19:58:54
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:07:00
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 23:30:20
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 08:08:28
VBASE003.VDF : 7.11.19.171 2048 Bytes 12/20/2011 08:08:28
VBASE004.VDF : 7.11.19.172 2048 Bytes 12/20/2011 08:08:28
VBASE005.VDF : 7.11.19.173 2048 Bytes 12/20/2011 08:08:28
VBASE006.VDF : 7.11.19.174 2048 Bytes 12/20/2011 08:08:28
VBASE007.VDF : 7.11.19.175 2048 Bytes 12/20/2011 08:08:28
VBASE008.VDF : 7.11.19.176 2048 Bytes 12/20/2011 08:08:28
VBASE009.VDF : 7.11.19.177 2048 Bytes 12/20/2011 08:08:30
VBASE010.VDF : 7.11.19.178 2048 Bytes 12/20/2011 08:08:30
VBASE011.VDF : 7.11.19.179 2048 Bytes 12/20/2011 08:08:30
VBASE012.VDF : 7.11.19.180 2048 Bytes 12/20/2011 08:08:30
VBASE013.VDF : 7.11.19.217 182784 Bytes 12/22/2011 08:08:30
VBASE014.VDF : 7.11.19.255 148480 Bytes 12/24/2011 08:08:30
VBASE015.VDF : 7.11.20.29 164352 Bytes 12/27/2011 08:08:32
VBASE016.VDF : 7.11.20.70 180224 Bytes 12/29/2011 08:08:32
VBASE017.VDF : 7.11.20.102 240640 Bytes 1/2/2012 08:08:34
VBASE018.VDF : 7.11.20.103 2048 Bytes 1/2/2012 08:08:34
VBASE019.VDF : 7.11.20.104 2048 Bytes 1/2/2012 08:08:34
VBASE020.VDF : 7.11.20.105 2048 Bytes 1/2/2012 08:08:34
VBASE021.VDF : 7.11.20.106 2048 Bytes 1/2/2012 08:08:34
VBASE022.VDF : 7.11.20.107 2048 Bytes 1/2/2012 08:08:34
VBASE023.VDF : 7.11.20.108 2048 Bytes 1/2/2012 08:08:34
VBASE024.VDF : 7.11.20.109 2048 Bytes 1/2/2012 08:08:34
VBASE025.VDF : 7.11.20.110 2048 Bytes 1/2/2012 08:08:34
VBASE026.VDF : 7.11.20.111 2048 Bytes 1/2/2012 08:08:34
VBASE027.VDF : 7.11.20.112 2048 Bytes 1/2/2012 08:08:34
VBASE028.VDF : 7.11.20.113 2048 Bytes 1/2/2012 08:08:36
VBASE029.VDF : 7.11.20.114 2048 Bytes 1/2/2012 08:08:36
VBASE030.VDF : 7.11.20.115 2048 Bytes 1/2/2012 08:08:36
VBASE031.VDF : 7.11.20.137 157696 Bytes 1/4/2012 08:08:36
Engineversion : 8.2.8.18
AEVDF.DLL : 8.1.2.2 106868 Bytes 1/4/2012 08:08:56
AESCRIPT.DLL : 8.1.3.95 479612 Bytes 1/4/2012 08:08:54
AESCN.DLL : 8.1.7.2 127349 Bytes 1/12/2011 23:30:20
AESBX.DLL : 8.2.4.5 434549 Bytes 1/4/2012 08:08:58
AERDL.DLL : 8.1.9.15 639348 Bytes 9/10/2011 05:52:58
AEPACK.DLL : 8.2.15.1 770423 Bytes 1/4/2012 08:08:52
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 1/4/2012 08:08:48
AEHEUR.DLL : 8.1.3.14 4260216 Bytes 1/4/2012 08:08:46
AEHELP.DLL : 8.1.18.0 254327 Bytes 1/4/2012 08:08:38
AEGEN.DLL : 8.1.5.17 405877 Bytes 1/4/2012 08:08:38
AEEMU.DLL : 8.1.3.0 393589 Bytes 1/12/2011 23:30:20
AECORE.DLL : 8.1.24.3 201079 Bytes 1/4/2012 08:08:36
AEBB.DLL : 8.1.1.0 53618 Bytes 6/20/2010 01:03:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 17:48:00
AVPREF.DLL : 9.0.3.0 44289 Bytes 11/19/2009 17:07:00
AVREP.DLL : 10.0.0.9 174120 Bytes 6/10/2011 15:00:22
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 19:32:10
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/25/2009 00:05:42
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 19:37:10
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/29/2009 00:03:50
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 17:21:34
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 19:32:12
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/16/2009 00:40:00
RCTEXT.DLL : 9.0.73.0 86785 Bytes 11/19/2009 17:07:00

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: -DIAL,-ADSPY,-ADWARE,-BDC,-HIDDENEXT,-PHISH,

Start of the scan: Thursday, January 12, 2012 19:52

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'cmd.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!
Master boot sector HD6
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '65' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-49426e41
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-24461839
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-6bbb7397
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-74a2f8ff
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-1ad45421
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-6ecff47f
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\59\6b62f07b-6b424f34
[0] Archive type: ZIP
--> morale.class
[DETECTION] Contains recognition pattern of the EXP/2011-3544.AJ exploit
C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\60\5abff83c-1ebc27be
[0] Archive type: ZIP
--> xmltree/umbro.class
[DETECTION] Contains recognition pattern of the EXP/2010-0840.AW exploit
Begin scan in 'D:\'
Begin scan in 'E:\'

Beginning disinfection:
C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-49426e41
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
[NOTE] The file was moved to '4f71b8fd.qua'!
C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-24461839
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
[NOTE] The file was moved to '4e71ac36.qua'!
C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-6bbb7397
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
[NOTE] The file was moved to '4cfe0ede.qua'!
C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-74a2f8ff
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
[NOTE] The file was moved to '4ce10516.qua'!
C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-1ad45421
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
[NOTE] The file was moved to '4ce07d4e.qua'!
C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\3\2fb8ab03-6ecff47f
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.CE exploit
[NOTE] The file was moved to '4ce37586.qua'!
C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\59\6b62f07b-6b424f34
[NOTE] The file was moved to '4f45b8f9.qua'!
C:\Documents and Settings\Rion\Application Data\Sun\Java\Deployment\cache\6.0\60\5abff83c-1ebc27be
[NOTE] The file was moved to '4f71b8f8.qua'!


End of the scan: Thursday, January 12, 2012 20:52
Used time: 56:39 Minute(s)

The scan has been done completely.

10996 Scanned directories
437175 Files were scanned
8 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
8 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
437167 Files not concerned
3299 Archives were scanned
0 Warnings
8 Notes​

MalwareBytes scan results:

Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.13.01

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 7.0.5730.13
:: RIONXP [administrator]

Protection: Disabled

1/12/2012 8:59:24 PM
mbam-log-2012-01-12 (20-59-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 175641
Time elapsed: 3 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Smad (Trojan.Agent) -> Data: "C:\Documents and Settings\Rion\Local Settings\Application Data\SanctionedMedia\Smad\Smad.exe" -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCR\.exe| (Hijacked.exeFile) -> Bad: (mdaw) Good: (exefile) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)​

FSS scan results:


Farbar Service Scanner
Ran by Rion (administrator) on 13-01-2012 at 12:21:44
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Bridge(9) BridgeMP(8) Gpc(3) IPSec(5) Nbf(10) NetBT(6) PSched(7) Tcpip(4)
0x0B000000050000000100000002000000030000000400000056000000060000000700000008000000090000000A000000
IpSec Tag value is correct.

**** End of log ****​

RKill results:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 01/13/2012 at 12:42:01.
Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

Rkill completed on 01/13/2012 at 12:42:08.​

ESET scan results:

C:\Documents and Settings\Rion\Local Settings\temp\mwaexosncr.exe a variant of MSIL/Kryptik.L trojan
C:\Documents and Settings\Rion\Local Settings\temp\0.8668838161782961fdrgs.exe Win32/Adware.XPAntiSpyware.AD application
C:\Documents and Settings\Rion\Local Settings\temp\0.943536852582801golda.exe Win32/Adware.XPAntiSpyware.AD application


I have deleted everything in C:\Documents and Settings\Rion\Local Settings\temp. The only problem right now is that the Update Service will not start. If you can give me a way to start it via command line, that would be great.


Thanks a lot!
 
just answered my own question!

Bobbyrae said:
If you can give me a way to start it via command line, that would be great.

Thanks a lot!
Click to expand...

I just figured out that it would be

C:> net start wuauserv

but it just gives that same error message about not being able to find the file. I don't know which file because we have already verified that wuauserv.dll is there.
 
Gmer, D.D.S.

GMER log file:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-18 01:36:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\adpu160m1Port2Path0Target0Lun0 SEAGATE_ rev.0003
Running: uu6swnwt.exe; Driver: C:\DOCUME~1\Rion\LOCALS~1\Temp\uxtdrpog.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF7728A0C]
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF6C84360, 0x24BB1D, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----​


I ran DDS (twice), but it would not complete. I don't know why. MalwareBytes was turned off and so was the browser and everything else. The Console window opened, it seemed to be working. It said max 3 minutes. I waited over 10 minutes, but still no popups. And it was impossible to kill the process or even shut down the computer at that point, so I had to hit the reset button. I think you should warn folks about this!

Thanks!
 
p4494882.gif


Do NOT any other scans than those I ask for.
Please refrain from running tools or applying updates other than those I suggest.
Click to expand...

================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===============================================================

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
problems with SCSI

Broni,

Regarding the "other" unrequested scans... the latest ones I have posted I believed to be required per the 5 step procedure outlined in this forum. It sounds like we are to do those initially. If not, I misunderstood. But yes, in my very first post I did some extra scans. Sorry.

Now...

aswMBR is running incredibly slowly on my system. It went for *4* hours and still was not done. I stopped it and compared the timestamps to other listings here in the forum and it should take about 1/2 hour. So then I ran bootCleaner and it gave me this message:

scaled.php


which tells me that probably every time I see really slow execution on these programs it is because of something like this. Except that the other programs weren't designed to do the right thing!

So tonight I will start aswMBR before I go to bed and hopefully 8 hours will be enough for it.

Good News: using regsvr32 on my DLL's got windows update service going again.
Bad News: boot_cleaner did find a bootkit on my boot drive. I will post the results tomorrow if I can.

Thanks!
 
awsMBR

I am sorry this took so long, but I have been waiting for a response at the AVAST website support forum. I was hoping for some clue as to make that program work correctly. Since I have NOT gotten any helpful responses, I will just enter the log I got from a partial run. As you can see, it ran for 15 hours and did not complete.

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-19 02:18:03
-----------------------------
02:18:03.984 OS Version: Windows 5.1.2600 Service Pack 3
02:18:03.984 Number of processors: 1 586 0x801
02:18:03.984 ComputerName: RIONXP UserName: Rion
02:18:04.328 Initialize success
02:18:12.093 AVAST engine defs: 12011801
02:18:30.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\adpu160m1Port2Path0Target0Lun0
02:18:30.859 Disk 0 Vendor: SEAGATE_ 0003 Size: 17501MB BusType: 1
02:18:31.375 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\adpu160m1Port2Path0Target1Lun0
02:18:31.375 Disk 1 Vendor: QUANTUM_ UCH0 Size: 8759MB BusType: 1
02:18:31.375 Disk 2 \Device\Harddisk2\DR2 -> \Device\Scsi\adpu160m1Port2Path0Target2Lun0
02:18:31.375 Disk 2 Vendor: FUJITSU_ 0104 Size: 35068MB BusType: 1
02:18:31.375 Device \Driver\adpu160m -> DriverStartIo SCSIPORT.SYS f73c440e
02:18:31.406 Disk 0 MBR read successfully
02:18:31.406 Disk 0 MBR scan
02:18:31.421 Disk 0 Windows XP default MBR code
02:18:31.437 Disk 0 Partition 1 80 (A) 0C FAT32 LBA MSDOS5.0 17492 MB offset 63
02:18:31.453 Disk 0 scanning sectors +35824950
02:18:31.468 Disk 0 scanning C:\WINDOWS\system32\drivers
02:57:49.187 Service scanning
02:57:50.343 Modules scanning
03:32:05.765 Disk 0 trace - called modules:
03:32:05.765 ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll adpu160m.sys
03:32:05.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f0e918]
03:32:05.781 3 CLASSPNP.SYS[f750ffd7] -> nt!IofCallDriver -> \Device\Scsi\adpu160m1Port2Path0Target0Lun0[0x86fd6a38]
03:32:06.328 AVAST engine scan C:\WINDOWS
03:44:38.890 AVAST engine scan C:\WINDOWS\system32
16:42:33.781 AVAST engine scan C:\WINDOWS\system32\drivers
17:21:50.796 AVAST engine scan C:\Documents and Settings\Rion
17:38:51.125 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
17:38:51.140 The log file has been saved successfully to "C:\aswMBR.txt"

------------------------------------

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
ATA_Read(): DeviceIoControl() ERROR 1

Size Device Name MBR Status
--------------------------------------------
17 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...
 
listParts results

ListParts by Farbar
Ran by Rion on 25-01-2012 at 05:31:11
Windows XP (X86)
Running From: D:\FSS
************************************************************

========================= Memory info ======================

Percentage of memory in use: 45%
Total physical RAM: 1023.48 MB
Available physical RAM: 562.08 MB
Total Pagefile: 929.73 MB
Available Pagefile: 607.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 2003.66 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:17.07 GB) (Free:4.05 GB) FAT32 ==>[Drive with boot components (Windows XP)]
3 Drive d: () (Fixed) (Total:34.24 GB) (Free:15.45 GB) NTFS
4 Drive e: () (Fixed) (Total:8.53 GB) (Free:4.17 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 17 GB 0 B
Disk 1 Online 9 GB 0 B
Disk 2 Online 34 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 17 GB 32 KB

Disk: 0
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C FAT32 Partition 17 GB Healthy System (partition with boot components)

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Extended 9 GB 8033 KB
Partition 2 Logical 9 GB 8064 KB

Disk: 1
Partition 2
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E FAT32 Partition 9 GB Healthy

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 34 GB 32 KB

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D NTFS Partition 34 GB Healthy


****** End Of Log ******
 
Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
OK any security prompts.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.
 
Good News!

The result was:

Backdoor. Tidserv has not been found on your computer.


Or is this bad news? Meaning that there must be some other rootkit?

Thanks again!
 
That's fine. We're just checking....

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix ran but would not complete

As I previously experienced with DDS and awsMBR, CF starts up and seems to be humming along, but then after some time it kinda goes to sleep.

That is, the window is still there, the clock is going, but NOTHING is happening. So I tried it in safe mode and got the same results. Then I made sure that mbamservice was disabled and tried AGAIN in normal mode, but it went for 5 HOURS and then I had to press the reset button. There were some directories and files created, but no log file. It appears that the activity stopped shortly after initiating CF.

So... does this count as "not running" and I should try the renaming approach?

I want you to know this is very frustrating (i.e. cure is worse than the disease!) and if you are convinced I have a virus I would like to know what you are thinking, please.
 
Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Are you ignoring my questions?

I asked you a couple of question in my previous post. Did you not notice?

TDSSKILLER found nothing. It did not reboot or ask me any questions. Here is the log:

09:38:09.0984 2176 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
09:38:10.0406 2176 ============================================================
09:38:10.0406 2176 Current date / time: 2012/01/27 09:38:10.0406
09:38:10.0406 2176 SystemInfo:
09:38:10.0406 2176
09:38:10.0406 2176 OS Version: 5.1.2600 ServicePack: 3.0
09:38:10.0406 2176 Product type: Workstation
09:38:10.0406 2176 ComputerName: RIONXP
09:38:10.0406 2176 UserName: Rion
09:38:10.0406 2176 Windows directory: C:\WINDOWS
09:38:10.0406 2176 System windows directory: C:\WINDOWS
09:38:10.0406 2176 Processor architecture: Intel x86
09:38:10.0406 2176 Number of processors: 1
09:38:10.0406 2176 Page size: 0x1000
09:38:10.0406 2176 Boot type: Normal boot
09:38:10.0406 2176 ============================================================
09:38:11.0453 2176 Drive \Device\Harddisk0\DR0 - Size: 0x445DCCC00 (17.09 Gb), SectorSize: 0x200, Cylinders: 0x8B7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
09:38:11.0468 2176 Drive \Device\Harddisk1\DR1 - Size: 0x223745400 (8.55 Gb), SectorSize: 0x200, Cylinders: 0x45C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
09:38:11.0468 2176 Drive \Device\Harddisk2\DR2 - Size: 0x88FC1D000 (34.25 Gb), SectorSize: 0x200, Cylinders: 0x1176, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
09:38:11.0515 2176 Initialize success
09:38:23.0031 1672 ============================================================
09:38:23.0031 1672 Scan started
09:38:23.0031 1672 Mode: Manual;
09:38:23.0031 1672 ============================================================
09:38:23.0453 1672 Abiosdsk - ok
09:38:23.0593 1672 abp480n5 - ok
09:38:23.0765 1672 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:38:23.0843 1672 ACPI - ok
09:38:23.0906 1672 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:38:23.0906 1672 ACPIEC - ok
09:38:24.0000 1672 adpu160m (7cc7974b9c504992e08af6dbeeeaf3bf) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:38:24.0000 1672 adpu160m - ok
09:38:24.0140 1672 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:38:24.0156 1672 aec - ok
09:38:24.0234 1672 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:38:24.0437 1672 AFD - ok
09:38:24.0593 1672 Aha154x - ok
09:38:24.0734 1672 aic78u2 - ok
09:38:24.0906 1672 aic78xx - ok
09:38:25.0078 1672 AliIde - ok
09:38:25.0187 1672 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
09:38:25.0187 1672 AmdK7 - ok
09:38:25.0265 1672 AMDPCI - ok
09:38:25.0421 1672 amsint - ok
09:38:25.0515 1672 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:38:25.0531 1672 Arp1394 - ok
09:38:25.0671 1672 asc - ok
09:38:25.0843 1672 asc3350p - ok
09:38:26.0000 1672 asc3550 - ok
09:38:26.0171 1672 aslm75 (71356a1370739e25375a1d17b6ae318f) C:\WINDOWS\system32\drivers\aslm75.sys
09:38:26.0171 1672 aslm75 - ok
09:38:26.0265 1672 Aspi32 (835af6b53390729622fb8a937cdc99ce) C:\WINDOWS\system32\drivers\aspi32.sys
09:38:26.0265 1672 Aspi32 - ok
09:38:26.0328 1672 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:38:26.0328 1672 AsyncMac - ok
09:38:26.0406 1672 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:38:26.0406 1672 atapi - ok
09:38:26.0562 1672 Atdisk - ok
09:38:26.0640 1672 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:38:26.0640 1672 Atmarpc - ok
09:38:26.0750 1672 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:38:26.0750 1672 audstub - ok
09:38:26.0812 1672 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
09:38:26.0812 1672 avgio - ok
09:38:26.0984 1672 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
09:38:27.0000 1672 avgntflt - ok
09:38:27.0156 1672 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\WINDOWS\system32\DRIVERS\avipbb.sys
09:38:27.0156 1672 avipbb - ok
09:38:27.0203 1672 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:38:27.0203 1672 Beep - ok
09:38:27.0296 1672 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
09:38:27.0296 1672 Bridge - ok
09:38:27.0312 1672 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
09:38:27.0328 1672 BridgeMP - ok
09:38:27.0453 1672 BsStor (d6d0f3860f022a12e888965f8237cbd9) C:\WINDOWS\system32\DRIVERS\bsstor.sys
09:38:27.0453 1672 BsStor - ok
09:38:27.0500 1672 BsUDF (9fb5b0b0b3a7bbf8ef21831acaea1d35) C:\WINDOWS\system32\drivers\BsUDF.sys
09:38:27.0515 1672 BsUDF - ok
09:38:27.0593 1672 catchme - ok
09:38:27.0640 1672 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:38:27.0640 1672 cbidf2k - ok
09:38:27.0703 1672 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:38:27.0703 1672 CCDECODE - ok
09:38:27.0875 1672 cd20xrnt - ok
09:38:27.0921 1672 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:38:27.0921 1672 Cdaudio - ok
09:38:28.0000 1672 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:38:28.0000 1672 Cdfs - ok
09:38:28.0078 1672 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:38:28.0078 1672 Cdrom - ok
09:38:28.0125 1672 cglptnt (c8b5858aebb4782ae16533297ef1f9be) C:\totalcmd\cglptnt.sys
09:38:28.0125 1672 cglptnt - ok
09:38:28.0265 1672 Changer - ok
09:38:28.0437 1672 CmdIde - ok
09:38:28.0609 1672 Cpqarray - ok
09:38:28.0765 1672 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\WINDOWS\system32\drivers\cpuz134_x32.sys
09:38:28.0765 1672 cpuz134 - ok
09:38:28.0937 1672 dac2w2k - ok
09:38:29.0093 1672 dac960nt - ok
09:38:29.0234 1672 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
09:38:29.0234 1672 DgiVecp - ok
09:38:29.0265 1672 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:38:29.0265 1672 Disk - ok
09:38:29.0406 1672 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:38:29.0484 1672 dmboot - ok
09:38:29.0640 1672 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:38:29.0640 1672 dmio - ok
09:38:29.0656 1672 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:38:29.0671 1672 dmload - ok
09:38:29.0765 1672 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:38:29.0765 1672 DMusic - ok
09:38:29.0937 1672 dpti2o - ok
09:38:30.0015 1672 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:38:30.0015 1672 drmkaud - ok
09:38:30.0156 1672 EIO (1438427631a46b759c0d1cb5f6268fd7) C:\WINDOWS\system32\drivers\EIO.sys
09:38:30.0171 1672 EIO - ok
09:38:30.0328 1672 EL90Xbc (b61eaf446adf55cc0d0d5c5bbd3d1cae) C:\WINDOWS\system32\DRIVERS\el90Xbc5.SYS
09:38:30.0328 1672 EL90Xbc - ok
09:38:30.0406 1672 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:38:30.0421 1672 Fastfat - ok
09:38:30.0453 1672 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:38:30.0453 1672 Fdc - ok
09:38:30.0546 1672 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:38:30.0546 1672 Fips - ok
09:38:30.0625 1672 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:38:30.0625 1672 Flpydisk - ok
09:38:30.0750 1672 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:38:30.0765 1672 FltMgr - ok
09:38:30.0812 1672 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:38:30.0812 1672 Fs_Rec - ok
09:38:30.0859 1672 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:38:30.0875 1672 Ftdisk - ok
09:38:30.0937 1672 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
09:38:30.0937 1672 gameenum - ok
09:38:31.0015 1672 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:38:31.0015 1672 Gpc - ok
09:38:31.0187 1672 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:38:31.0187 1672 HidUsb - ok
09:38:31.0343 1672 hmonitor (b8edd78f9f888cf1b70c9e6c3be4a8e6) C:\WINDOWS\system32\drivers\hmonitor.sys
09:38:31.0343 1672 hmonitor - ok
09:38:31.0500 1672 hpn - ok
09:38:31.0562 1672 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:38:31.0562 1672 HTTP - ok
09:38:31.0734 1672 i2omgmt - ok
09:38:31.0890 1672 i2omp - ok
09:38:31.0953 1672 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:38:31.0953 1672 i8042prt - ok
09:38:32.0062 1672 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:38:32.0062 1672 Imapi - ok
09:38:32.0234 1672 ini910u - ok
09:38:32.0390 1672 IntelIde - ok
09:38:32.0484 1672 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:38:32.0500 1672 ip6fw - ok
09:38:32.0546 1672 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:38:32.0546 1672 IpFilterDriver - ok
09:38:32.0562 1672 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:38:32.0562 1672 IpInIp - ok
09:38:32.0656 1672 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:38:32.0671 1672 IpNat - ok
09:38:32.0750 1672 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:38:32.0750 1672 IPSec - ok
09:38:32.0796 1672 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:38:32.0796 1672 IRENUM - ok
09:38:32.0906 1672 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:38:32.0906 1672 isapnp - ok
09:38:32.0968 1672 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:38:32.0968 1672 Kbdclass - ok
09:38:33.0140 1672 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:38:33.0140 1672 kbdhid - ok
09:38:33.0171 1672 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:38:33.0187 1672 kmixer - ok
09:38:33.0328 1672 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:38:33.0328 1672 KSecDD - ok
09:38:33.0500 1672 lbrtfdc - ok
09:38:33.0687 1672 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) C:\WINDOWS\system32\drivers\mbamchameleon.sys
09:38:33.0703 1672 mbamchameleon - ok
09:38:33.0750 1672 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
09:38:33.0765 1672 MBAMProtector - ok
09:38:33.0843 1672 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:38:33.0843 1672 mnmdd - ok
09:38:33.0875 1672 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:38:33.0875 1672 Modem - ok
09:38:33.0921 1672 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:38:33.0921 1672 Mouclass - ok
09:38:34.0078 1672 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:38:34.0078 1672 mouhid - ok
09:38:34.0140 1672 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:38:34.0140 1672 MountMgr - ok
09:38:34.0187 1672 MR97310_USB_DUAL_CAMERA (1aae79a4176a957bf2bb679812f04655) C:\WINDOWS\system32\DRIVERS\mr97310c.sys
09:38:34.0187 1672 MR97310_USB_DUAL_CAMERA - ok
09:38:34.0343 1672 mraid35x - ok
09:38:34.0453 1672 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:38:34.0453 1672 MRxDAV - ok
09:38:34.0531 1672 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:38:34.0531 1672 MRxSmb - ok
09:38:34.0640 1672 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:38:34.0640 1672 Msfs - ok
09:38:34.0734 1672 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:38:34.0734 1672 MSKSSRV - ok
09:38:34.0812 1672 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:38:34.0812 1672 MSPCLOCK - ok
09:38:34.0890 1672 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:38:34.0890 1672 MSPQM - ok
09:38:35.0000 1672 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:38:35.0000 1672 mssmbios - ok
09:38:35.0078 1672 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:38:35.0093 1672 MSTEE - ok
09:38:35.0171 1672 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
09:38:35.0171 1672 ms_mpu401 - ok
09:38:35.0328 1672 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:38:35.0343 1672 Mup - ok
09:38:35.0421 1672 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:38:35.0421 1672 NABTSFEC - ok
09:38:35.0578 1672 Nbf - ok
09:38:35.0625 1672 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:38:35.0671 1672 NDIS - ok
09:38:35.0750 1672 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:38:35.0750 1672 NdisIP - ok
09:38:35.0843 1672 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:38:35.0843 1672 NdisTapi - ok
09:38:35.0906 1672 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:38:35.0906 1672 Ndisuio - ok
09:38:35.0953 1672 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:38:35.0953 1672 NdisWan - ok
09:38:36.0031 1672 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:38:36.0031 1672 NDProxy - ok
09:38:36.0093 1672 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:38:36.0109 1672 NetBIOS - ok
09:38:36.0218 1672 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:38:36.0218 1672 NetBT - ok
09:38:36.0390 1672 ngrpci (bdfa550022facf2a922213065924f529) C:\WINDOWS\system32\DRIVERS\ngrpci.sys
09:38:36.0390 1672 ngrpci - ok
09:38:36.0437 1672 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:38:36.0437 1672 NIC1394 - ok
09:38:36.0593 1672 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:38:36.0593 1672 Npfs - ok
09:38:36.0703 1672 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:38:36.0734 1672 Ntfs - ok
09:38:36.0781 1672 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:38:36.0781 1672 Null - ok
09:38:37.0109 1672 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:38:37.0234 1672 nv - ok
09:38:37.0281 1672 nvax (fb8595ef3ceb81f0da3f6f211b2df932) C:\WINDOWS\system32\drivers\nvax.sys
09:38:37.0296 1672 nvax - ok
09:38:37.0437 1672 nvcap (9fef02bef7a8d25af5a1915b58ea8216) C:\WINDOWS\system32\DRIVERS\nvcap.sys
09:38:37.0453 1672 nvcap - ok
09:38:37.0562 1672 NVENET (fbe448efa5484a256528e1d02b959bbc) C:\WINDOWS\system32\DRIVERS\NVENET.sys
09:38:37.0562 1672 NVENET - ok
09:38:37.0671 1672 nvnforce (d2315cd3053fc3b4250dc2dbd0ac49e4) C:\WINDOWS\system32\drivers\nvapu.sys
09:38:37.0734 1672 nvnforce - ok
09:38:37.0921 1672 nvTUNEP (1e92265bd0b1e8e04fa56c63c5abf420) C:\WINDOWS\system32\DRIVERS\nvtunep.sys
09:38:37.0921 1672 nvTUNEP - ok
09:38:38.0062 1672 nvtvSND (83e5248921a767dda38173ebd5c7de6d) C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys
09:38:38.0078 1672 nvtvSND - ok
09:38:38.0203 1672 NVXBAR (6f3a4728f6eb3384531b305fc58964f6) C:\WINDOWS\system32\DRIVERS\NVxbar.sys
09:38:38.0218 1672 NVXBAR - ok
09:38:38.0343 1672 nv_agp (db36442c20793c53b4128eb85f9a3d32) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
09:38:38.0343 1672 nv_agp - ok
09:38:38.0390 1672 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:38:38.0390 1672 NwlnkFlt - ok
09:38:38.0437 1672 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:38:38.0437 1672 NwlnkFwd - ok
09:38:38.0515 1672 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:38:38.0515 1672 ohci1394 - ok
09:38:38.0562 1672 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:38:38.0562 1672 Parport - ok
09:38:38.0625 1672 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:38:38.0625 1672 PartMgr - ok
09:38:38.0671 1672 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:38:38.0671 1672 ParVdm - ok
09:38:38.0765 1672 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:38:38.0765 1672 PCI - ok
09:38:38.0937 1672 PCIDump - ok
09:38:39.0062 1672 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:38:39.0062 1672 PCIIde - ok
09:38:39.0187 1672 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:38:39.0203 1672 Pcmcia - ok
09:38:39.0359 1672 PDCOMP - ok
09:38:39.0500 1672 PDFRAME - ok
09:38:39.0656 1672 PDRELI - ok
09:38:39.0796 1672 PDRFRAME - ok
09:38:39.0968 1672 perc2 - ok
09:38:40.0125 1672 perc2hib - ok
09:38:40.0296 1672 pfc (c4aa89518e8a2934eaf503c9587ff157) C:\WINDOWS\system32\drivers\pfc.sys
09:38:40.0296 1672 pfc - ok
09:38:40.0375 1672 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:38:40.0375 1672 PptpMiniport - ok
09:38:40.0406 1672 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:38:40.0421 1672 PSched - ok
09:38:40.0453 1672 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:38:40.0453 1672 Ptilink - ok
09:38:40.0625 1672 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
09:38:40.0625 1672 PxHelp20 - ok
09:38:40.0781 1672 ql1080 - ok
09:38:40.0953 1672 Ql10wnt - ok
09:38:41.0093 1672 ql12160 - ok
09:38:41.0250 1672 ql1240 - ok
09:38:41.0406 1672 ql1280 - ok
09:38:41.0437 1672 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:38:41.0437 1672 RasAcd - ok
09:38:41.0515 1672 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:38:41.0515 1672 Rasl2tp - ok
09:38:41.0578 1672 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:38:41.0578 1672 RasPppoe - ok
09:38:41.0609 1672 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:38:41.0609 1672 Raspti - ok
09:38:41.0671 1672 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:38:41.0687 1672 Rdbss - ok
09:38:41.0718 1672 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:38:41.0718 1672 RDPCDD - ok
09:38:41.0750 1672 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:38:41.0750 1672 rdpdr - ok
09:38:41.0859 1672 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:38:41.0859 1672 RDPWD - ok
09:38:41.0937 1672 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:38:41.0953 1672 redbook - ok
09:38:42.0015 1672 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
09:38:42.0015 1672 sbp2port - ok
09:38:42.0187 1672 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:38:42.0187 1672 Secdrv - ok
09:38:42.0250 1672 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:38:42.0265 1672 serenum - ok
09:38:42.0312 1672 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:38:42.0312 1672 Serial - ok
09:38:42.0375 1672 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:38:42.0375 1672 Sfloppy - ok
09:38:42.0578 1672 SI3112r (8fd2a1128f8f2fd340c096719ad10246) C:\WINDOWS\system32\DRIVERS\SI3112r.sys
09:38:42.0578 1672 SI3112r - ok
09:38:42.0734 1672 SiFilter (e393a2822fdbb3ec3648fd64e54cdda0) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
09:38:42.0734 1672 SiFilter - ok
09:38:42.0906 1672 Simbad - ok
09:38:42.0937 1672 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:38:42.0953 1672 SLIP - ok
09:38:43.0125 1672 Sparrow - ok
09:38:43.0156 1672 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:38:43.0156 1672 splitter - ok
09:38:43.0250 1672 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:38:43.0250 1672 sr - ok
09:38:43.0375 1672 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:38:43.0390 1672 Srv - ok
09:38:43.0562 1672 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
09:38:43.0562 1672 ssmdrv - ok
09:38:43.0640 1672 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:38:43.0640 1672 streamip - ok
09:38:43.0750 1672 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:38:43.0750 1672 swenum - ok
09:38:43.0921 1672 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:38:43.0921 1672 swmidi - ok
09:38:44.0093 1672 symc810 - ok
09:38:44.0234 1672 symc8xx - ok
09:38:44.0390 1672 sym_hi - ok
09:38:44.0546 1672 sym_u3 - ok
09:38:44.0687 1672 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:38:44.0703 1672 sysaudio - ok
09:38:44.0890 1672 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:38:44.0890 1672 Tcpip - ok
09:38:45.0046 1672 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:38:45.0046 1672 TDPIPE - ok
09:38:45.0203 1672 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:38:45.0203 1672 TDTCP - ok
09:38:45.0359 1672 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:38:45.0359 1672 TermDD - ok
09:38:45.0515 1672 TosIde - ok
09:38:45.0671 1672 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:38:45.0671 1672 Udfs - ok
09:38:45.0828 1672 ultra - ok
09:38:45.0984 1672 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:38:46.0000 1672 Update - ok
09:38:46.0187 1672 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:38:46.0187 1672 usbccgp - ok
09:38:46.0281 1672 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:38:46.0281 1672 usbehci - ok
09:38:46.0421 1672 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:38:46.0421 1672 usbhub - ok
09:38:46.0562 1672 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
09:38:46.0562 1672 usbohci - ok
09:38:46.0703 1672 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:38:46.0703 1672 usbprint - ok
09:38:46.0859 1672 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:38:46.0859 1672 usbscan - ok
09:38:47.0000 1672 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:38:47.0000 1672 usbstor - ok
09:38:47.0140 1672 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:38:47.0140 1672 VgaSave - ok
09:38:47.0312 1672 ViaIde - ok
09:38:47.0453 1672 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:38:47.0453 1672 VolSnap - ok
09:38:47.0578 1672 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:38:47.0593 1672 Wanarp - ok
09:38:47.0734 1672 WDICA - ok
09:38:47.0890 1672 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:38:47.0890 1672 wdmaud - ok
09:38:48.0000 1672 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:38:48.0000 1672 WS2IFSL - ok
09:38:48.0140 1672 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:38:48.0140 1672 WSTCODEC - ok
09:38:48.0203 1672 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:38:48.0296 1672 \Device\Harddisk0\DR0 - ok
09:38:48.0312 1672 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
09:38:48.0312 1672 \Device\Harddisk1\DR1 - ok
09:38:48.0328 1672 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
09:38:48.0328 1672 \Device\Harddisk2\DR2 - ok
09:38:48.0343 1672 Boot (0x1200) (1693b67b2ec4f58521c55f6a9688e66e) \Device\Harddisk0\DR0\Partition0
09:38:48.0343 1672 \Device\Harddisk0\DR0\Partition0 - ok
09:38:48.0343 1672 Boot (0x1200) (eb8cc40d7a608cb96fa68d7a566a5863) \Device\Harddisk1\DR1\Partition0
09:38:48.0343 1672 \Device\Harddisk1\DR1\Partition0 - ok
09:38:48.0359 1672 Boot (0x1200) (fcde296b24aae22d68050477b4aaab6d) \Device\Harddisk2\DR2\Partition0
09:38:48.0359 1672 \Device\Harddisk2\DR2\Partition0 - ok
09:38:48.0375 1672 ============================================================
09:38:48.0375 1672 Scan finished
09:38:48.0375 1672 ============================================================
09:38:48.0390 4080 Detected object count: 0
09:38:48.0390 4080 Actual detected object count: 0​
 
I asked you a couple of question in my previous post. Did you not notice?
Click to expand...
When I have some answers you'll be first to know.

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
userinit.exe
explorer.exe
volsnap.sys
winlogon.exe
nvraid.sys
consrv.dll
winsrv.dll
svchost.exe
tcpip.sys
netbt.sys
dxgthk.sys
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL part 1

OTL logfile created on: 1/31/2012 7:27:12 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Rion\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 635.09 Mb Available Physical Memory | 62.05% Memory free
929.73 Mb Paging File | 659.62 Mb Available in Paging File | 70.95% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17.07 Gb Total Space | 5.68 Gb Free Space | 33.27% Space Free | Partition Type: FAT32
Drive D: | 34.24 Gb Total Space | 15.05 Gb Free Space | 43.97% Space Free | Partition Type: NTFS
Drive E: | 8.53 Gb Total Space | 3.55 Gb Free Space | 41.56% Space Free | Partition Type: FAT32
Drive F: | 159.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: RIONXP | User Name: Rion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/31 07:23:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rion\Desktop\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 17:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/12/20 17:12:36 | 000,131,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
PRC - [2003/05/14 18:33:52 | 000,045,056 | ---- | M] () -- C:\WINDOWS\shicoxp.exe
PRC - [1998/02/05 12:16:18 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\NILaunch.exe


========== Modules (No Company Name) ==========

MOD - [2006/10/22 12:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
MOD - [2003/05/14 18:33:52 | 000,045,056 | ---- | M] () -- C:\WINDOWS\shicoxp.exe
MOD - [1998/02/05 12:16:18 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\NILaunch.exe
MOD - [1998/02/05 12:16:18 | 000,018,432 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\jDocPrc.dll
MOD - [1997/09/09 11:48:50 | 000,139,776 | ---- | M] () -- C:\WINDOWS\system32\APPLE_NT.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/07/21 14:34:34 | 000,185,089 | ---- | M] (Avira GmbH) [On_Demand | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:24 | 000,108,289 | ---- | M] (Avira GmbH) [On_Demand | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2001/10/25 07:57:54 | 000,040,960 | ---- | M] (Dantz Development Corporation) [On_Demand | Stopped] -- C:\Program Files\Dantz\Retrospect\retrorun.exe -- (RetroLauncher)


========== Driver Services (SafeList) ==========

DRV - [2012/01/12 20:56:50 | 000,024,064 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/07/09 13:18:56 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2010/01/26 15:45:28 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:26 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:08 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:06 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/13 11:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2005/04/13 12:34:02 | 000,414,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2005/04/13 12:32:42 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2004/08/10 23:39:38 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2003/05/09 15:55:02 | 000,089,749 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SI3112r.sys -- (SI3112r)
DRV - [2003/02/18 05:51:00 | 000,007,888 | ---- | M] (C. Ghisler & Co.) [Kernel | On_Demand | Stopped] -- C:\totalcmd\CGLPTNT.SYS -- (cglptnt)
DRV - [2003/02/12 12:37:48 | 000,009,600 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2002/12/13 16:06:40 | 000,129,875 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2002/10/22 18:40:44 | 000,007,560 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2002/09/22 19:37:00 | 000,080,896 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2002/09/08 18:59:00 | 000,108,220 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NVCAP.SYS -- (nvcap) nVidia WDM Video Capture (universal)
DRV - [2002/09/08 18:59:00 | 000,015,968 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NVTUNEP.SYS -- (nvTUNEP)
DRV - [2002/09/08 18:59:00 | 000,013,776 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NVTVSND.SYS -- (nvtvSND)
DRV - [2002/09/08 18:59:00 | 000,010,366 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NVXBAR.SYS -- (NVXBAR)
DRV - [2002/09/05 20:24:00 | 000,013,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2002/08/13 06:27:22 | 000,074,338 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90Xbc5.SYS -- (EL90Xbc)
DRV - [2002/06/27 19:12:54 | 000,434,176 | ---- | M] (ahead software) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\bsudf.sys -- (BsUDF)
DRV - [2002/06/05 09:07:00 | 000,009,344 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\bsstor.sys -- (BsStor)
DRV - [2002/04/18 18:15:46 | 000,013,780 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/11/30 17:08:10 | 000,015,360 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 12:12:20 | 000,032,840 | ---- | M] (NETGEAR Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ngrpci.sys -- (ngrpci)
DRV - [2000/04/11 10:30:50 | 000,004,000 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hmonitor.sys -- (hmonitor)
DRV - [1997/04/22 10:16:00 | 000,006,272 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-789336058-287218729-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-789336058-287218729-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-789336058-287218729-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-789336058-287218729-682003330-1003\..\URLSearchHook: {38542454-dfb6-44f5-b052-d4e071a3d073} - SOFTWARE\Classes\CLSID\{38542454-dfb6-44f5-b052-d4e071a3d073}\InprocServer32 File not found
IE - HKU\S-1-5-21-789336058-287218729-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-287218729-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3C73834E-DA76-454C-A825-60E2F0939228}:1.9.1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Documents and Settings\Rion\Local Settings\Application Data\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3C73834E-DA76-454C-A825-60E2F0939228}: C:\Documents and Settings\Rion\Local Settings\Application Data\{3C73834E-DA76-454C-A825-60E2F0939228} [2011/07/10 17:15:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2007/11/21 21:42:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2007/11/21 21:42:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.12\extensions\\Components: C:\Program Files\Thunderbird\components [2006/03/24 23:21:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.12\extensions\\Plugins: C:\Program Files\Thunderbird\plugins [2006/03/24 23:21:14 | 000,000,000 | ---D | M]

[2008/08/26 23:20:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rion\Application Data\Mozilla\Extensions
[2010/01/30 20:20:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rion\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2007/11/21 21:42:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rion\Application Data\Mozilla\Firefox\Profiles\6mo1uipe.default\extensions
[2010/04/29 22:30:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rion\Application Data\Mozilla\Firefox\Profiles\6mo1uipe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007/11/21 21:42:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/10 17:15:56 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\RION\LOCAL SETTINGS\APPLICATION DATA\{3C73834E-DA76-454C-A825-60E2F0939228}
[2008/11/25 14:52:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2009/03/23 12:56:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\My Program Files\TechSmith\SnagIt6\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Elf 1.12 Toolbar) - {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files\Elf_1.12\prxtbElf0.dll File not found
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Elf 1.12 Toolbar) - {38542454-dfb6-44f5-b052-d4e071a3d073} - C:\Program Files\Elf_1.12\prxtbElf0.dll File not found
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\My Program Files\TechSmith\SnagIt6\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-789336058-287218729-682003330-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-789336058-287218729-682003330-1003\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-789336058-287218729-682003330-1003\..\Toolbar\WebBrowser: (Elf 1.12 Toolbar) - {38542454-DFB6-44F5-B052-D4E071A3D073} - C:\Program Files\Elf_1.12\prxtbElf0.dll File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader80\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Anvshell] C:\WINDOWS\aAnvshell.exe File not found
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\aavgnt.exe" /min File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Net-It Launcher] C:\WINDOWS\system32\NILaunch.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTune.exe (NVIDIA)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [shicoxp] C:\WINDOWS\shicoxp.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [Xerox PanelMgr] C:\WINDOWS\Xerox\PanelMgr\ssmmgr.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Rion\Start Menu\Programs\Startup\Shortcut to TOTALCMD.lnk = C:\totalcmd\TOTALCMD.EXE (C. Ghisler & Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-287218729-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-287218729-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-789336058-287218729-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-789336058-287218729-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Rion\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37856.9063425926 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: HushEncryptionEngine https://mailserver5.hushmail.com/shared/HushEncryptionEngine.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02F255B2-5684-465A-BEF7-B0FB7A43B4D0}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\System32\inetcomm.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\RIVETS.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\RIVETS.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/08/15 15:39:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2003/07/20 12:15:10 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/11/02 14:04:58 | 000,000,046 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{302fca80-6e36-11dc-a4b8-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{302fca80-6e36-11dc-a4b8-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{302fca80-6e36-11dc-a4b8-806d6172696f}\Shell\AutoRun\command - "" = F:\Programs\Nu2Menu\nu2menu.exe -- [2006/02/07 13:00:46 | 000,084,992 | R--- | M] (Nu2 Productions)
O33 - MountPoints2\{769375ea-1a2b-11e0-9fb2-002654106f4b}\Shell - "" = AutoRun
O33 - MountPoints2\{769375ea-1a2b-11e0-9fb2-002654106f4b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{769375ea-1a2b-11e0-9fb2-002654106f4b}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
OTL part 2

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.asv2 - asusasv2.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/31 07:23:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rion\Desktop\OTL.exe
[2012/01/27 10:15:54 | 000,000,000 | --SD | C] -- C:\Buttly
[2012/01/27 10:15:03 | 004,391,956 | R--- | C] (Swearware) -- C:\Documents and Settings\Rion\Desktop\Buttly.exe
[2012/01/27 09:52:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/27 09:37:31 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Rion\Desktop\tdsskiller.exe
[2012/01/27 09:14:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2012/01/27 09:14:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2012/01/27 04:08:47 | 000,000,000 | R--D | C] -- C:\My Videos
[2012/01/27 04:08:47 | 000,000,000 | R--D | C] -- C:\My Music
[2012/01/25 04:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PE Builder
[2012/01/25 04:16:16 | 000,000,000 | ---D | C] -- C:\pebuilder3110a
[2012/01/18 23:47:08 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2012/01/18 15:38:34 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Documents and Settings\Rion\Desktop\boot_cleaner.exe
[2012/01/18 01:43:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rion\My Documents\My Videos
[2012/01/18 01:11:14 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Rion\Desktop\dds.scr
[2012/01/13 11:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rion\regbackup
[2012/01/13 10:38:09 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2012/01/13 10:38:09 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2012/01/13 10:37:55 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2012/01/13 10:37:54 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2012/01/13 10:37:31 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2012/01/13 10:37:31 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2012/01/13 10:37:27 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2012/01/13 10:37:20 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2012/01/13 10:37:11 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2012/01/13 10:37:10 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2012/01/13 10:37:10 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2012/01/13 10:37:08 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2012/01/13 10:37:07 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2012/01/13 10:37:07 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2012/01/13 10:37:06 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2012/01/13 10:37:01 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2012/01/13 10:36:59 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2012/01/13 10:36:58 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2012/01/13 10:36:58 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2012/01/13 10:36:52 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2012/01/13 10:36:49 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2012/01/13 10:36:48 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2012/01/13 10:36:47 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2012/01/13 10:36:44 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2012/01/13 10:36:43 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2012/01/13 10:36:43 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2012/01/13 10:36:43 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2012/01/13 10:36:42 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2012/01/13 10:36:42 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2012/01/13 10:36:36 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2012/01/13 10:36:35 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2012/01/13 10:36:35 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2012/01/13 10:36:33 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2012/01/13 10:36:32 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2012/01/13 10:36:32 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2012/01/13 10:36:28 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2012/01/13 10:36:28 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2012/01/13 10:36:21 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2012/01/13 10:36:21 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2012/01/13 10:36:21 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2012/01/13 10:36:20 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2012/01/13 10:36:18 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2012/01/13 10:36:13 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2012/01/13 10:36:07 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2012/01/13 10:36:06 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2012/01/13 10:36:06 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2012/01/13 10:36:06 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2012/01/13 10:36:05 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2012/01/13 10:20:26 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2012/01/13 10:20:26 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2012/01/13 10:20:25 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2012/01/13 10:20:24 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2012/01/13 10:20:17 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2012/01/13 10:20:16 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2012/01/13 10:20:16 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2012/01/13 10:20:16 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2012/01/13 10:20:09 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2012/01/13 10:20:08 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2012/01/13 10:20:08 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2012/01/13 10:20:05 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2012/01/13 10:20:05 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2012/01/13 10:20:05 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2012/01/13 10:20:05 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2012/01/13 10:20:04 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2012/01/13 10:20:04 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2012/01/13 10:20:04 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2012/01/13 10:20:03 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2012/01/13 10:20:03 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2012/01/13 10:20:02 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2012/01/13 10:20:02 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2012/01/13 10:19:45 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2012/01/13 10:19:44 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2012/01/13 10:19:39 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2012/01/13 10:19:36 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2012/01/13 10:19:36 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2012/01/13 10:19:35 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2012/01/13 10:19:29 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2012/01/13 10:19:28 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2012/01/13 10:19:22 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2012/01/13 10:19:22 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2012/01/13 10:19:22 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2012/01/13 10:19:17 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2012/01/13 10:19:01 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2012/01/13 10:19:00 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2012/01/13 10:18:58 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2012/01/13 10:18:58 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2012/01/13 10:18:53 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2012/01/13 10:18:53 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2012/01/13 10:18:53 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2012/01/13 10:18:52 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2012/01/13 10:18:42 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2012/01/13 10:18:38 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2012/01/13 10:18:37 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2012/01/13 10:18:35 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2012/01/13 10:18:32 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2012/01/13 10:18:32 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2012/01/13 10:18:30 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2012/01/13 10:18:29 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2012/01/13 10:18:29 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2012/01/13 10:18:29 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2012/01/13 10:18:28 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2012/01/13 10:18:28 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2012/01/13 10:18:27 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2012/01/13 10:18:27 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2012/01/13 10:18:26 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2012/01/13 10:18:26 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2012/01/13 10:18:26 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2012/01/13 10:18:01 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2012/01/13 10:17:47 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2012/01/13 10:17:41 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2012/01/13 10:17:41 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2012/01/13 10:17:40 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2012/01/13 10:17:40 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2012/01/13 10:17:39 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2012/01/13 10:17:39 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2012/01/13 10:17:36 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2012/01/13 10:17:36 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2012/01/13 10:17:35 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2012/01/13 10:17:35 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2012/01/13 10:17:34 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2012/01/13 10:17:33 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2012/01/13 10:17:09 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2012/01/13 10:16:52 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2012/01/13 10:16:29 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2012/01/13 10:16:28 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2012/01/13 10:16:22 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2012/01/13 10:16:21 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2012/01/13 10:16:21 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2012/01/13 10:16:17 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2012/01/13 10:16:10 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2012/01/13 10:16:10 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2012/01/13 10:16:07 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2012/01/13 10:16:07 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2012/01/13 10:16:06 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2012/01/13 10:16:06 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2012/01/13 10:16:01 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2012/01/13 10:16:00 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2012/01/13 10:16:00 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2012/01/13 10:15:35 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2012/01/13 10:15:32 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2012/01/13 10:15:28 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2012/01/13 10:15:27 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2012/01/13 10:15:27 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2012/01/13 10:15:26 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2012/01/13 10:15:25 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2012/01/13 10:15:25 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2012/01/13 10:15:25 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2012/01/13 10:15:24 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2012/01/13 10:15:17 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2012/01/13 10:15:17 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2012/01/13 10:15:16 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2012/01/13 10:15:07 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2012/01/13 10:15:07 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2012/01/13 10:15:07 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2012/01/13 10:15:06 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2012/01/13 10:15:06 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2012/01/13 10:15:06 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2012/01/13 10:15:05 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2012/01/13 10:15:05 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2012/01/13 10:15:02 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2012/01/13 10:14:54 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2012/01/13 10:14:50 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2012/01/13 10:14:45 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2012/01/13 10:14:45 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2012/01/13 10:14:45 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2012/01/13 10:14:44 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2012/01/13 10:14:44 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2012/01/13 10:14:42 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2012/01/13 10:14:42 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2012/01/13 10:14:42 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2012/01/13 10:14:41 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2012/01/13 10:14:41 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2012/01/13 10:14:40 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
 
OTL part 3

[2012/01/13 10:11:33 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2012/01/13 10:11:33 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2012/01/13 10:11:33 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2012/01/13 10:11:32 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2012/01/13 10:11:32 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2012/01/13 10:11:32 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2012/01/13 10:11:31 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2012/01/13 10:11:31 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2012/01/13 10:11:30 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2012/01/13 10:11:30 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2012/01/13 10:11:29 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2012/01/13 10:11:29 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2012/01/13 10:11:28 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2012/01/13 10:11:28 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2012/01/13 10:11:27 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2012/01/13 10:11:27 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2012/01/13 10:11:27 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2012/01/13 10:11:26 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2012/01/13 10:11:24 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2012/01/13 10:11:21 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2012/01/13 10:11:21 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2012/01/13 10:11:20 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2012/01/13 10:11:20 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2012/01/13 10:11:19 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2012/01/13 10:11:19 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2012/01/13 10:11:19 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2012/01/13 10:11:06 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2012/01/13 10:11:02 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2012/01/13 10:10:54 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2012/01/13 10:10:53 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2012/01/13 10:10:53 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2012/01/13 10:10:52 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2012/01/13 10:10:52 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2012/01/13 10:10:50 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2012/01/13 10:10:48 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2012/01/13 10:10:48 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2012/01/13 10:10:47 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2012/01/13 10:10:46 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2012/01/13 10:10:46 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2012/01/13 03:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rion\Application Data\SpeedMaxPc
[2012/01/13 03:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rion\Application Data\DriverCure
[2012/01/13 03:32:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2012/01/10 03:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rion\Local Settings\Application Data\SanctionedMedia
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/31 07:27:02 | 000,004,345 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2012/01/31 07:23:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rion\Desktop\OTL.exe
[2012/01/31 03:43:42 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/31 03:43:28 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/01/31 03:43:24 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012/01/31 03:43:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/31 03:16:02 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/30 00:42:44 | 000,079,346 | -H-- | M] () -- C:\TREEINFO.WC
[2012/01/28 08:39:48 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2012/01/27 10:15:02 | 004,391,956 | R--- | M] (Swearware) -- C:\Documents and Settings\Rion\Desktop\Buttly.exe
[2012/01/27 09:37:40 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Rion\Desktop\tdsskiller.exe
[2012/01/27 09:14:54 | 000,000,328 | ---- | M] () -- C:\Boot.bak
[2012/01/25 05:39:46 | 000,002,170 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/25 04:16:20 | 000,000,437 | ---- | M] () -- C:\Documents and Settings\Rion\Desktop\PE Builder.lnk
[2012/01/25 03:22:54 | 000,000,047 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/01/18 06:11:30 | 000,516,606 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/18 06:11:30 | 000,098,008 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/18 01:10:50 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Rion\Desktop\dds.scr
[2012/01/12 20:56:50 | 000,024,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/01/12 19:10:04 | 000,008,581 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\5f5e9b90
[2012/01/12 19:10:04 | 000,008,578 | ---- | M] () -- C:\Documents and Settings\Rion\Application Data\32f0799f
[2012/01/12 19:10:04 | 000,008,526 | ---- | M] () -- C:\Documents and Settings\Rion\Local Settings\Application Data\95b84d65
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/25 16:12:52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/25 16:12:52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/25 04:16:18 | 000,000,437 | ---- | C] () -- C:\Documents and Settings\Rion\Desktop\PE Builder.lnk
[2012/01/25 03:22:53 | 000,000,047 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/01/13 10:38:08 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2012/01/13 10:38:08 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2012/01/13 10:19:19 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2012/01/13 10:19:18 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2012/01/13 10:18:05 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2012/01/13 10:16:29 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2012/01/13 10:16:29 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2012/01/13 10:16:28 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2012/01/13 10:16:27 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2012/01/13 10:16:27 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2012/01/13 10:15:27 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2012/01/13 10:15:26 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2012/01/13 10:15:26 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2012/01/13 10:11:15 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2012/01/13 10:11:14 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2012/01/13 10:11:14 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2012/01/13 10:11:14 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2012/01/13 10:11:13 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2012/01/13 10:11:13 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2012/01/13 10:11:13 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2012/01/13 10:11:12 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2012/01/13 10:11:12 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2012/01/13 10:11:08 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2012/01/12 20:56:49 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/01/12 18:59:55 | 000,008,581 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\5f5e9b90
[2012/01/12 18:59:55 | 000,008,578 | ---- | C] () -- C:\Documents and Settings\Rion\Application Data\32f0799f
[2012/01/12 18:59:55 | 000,008,526 | ---- | C] () -- C:\Documents and Settings\Rion\Local Settings\Application Data\95b84d65
[2011/08/30 05:25:25 | 000,141,152 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/10 17:15:57 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Pgoxafonut.dat
[2011/07/10 17:15:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Nvorog.bin
[2010/06/14 16:40:17 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP PrecisionScan Pro.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/12 20:04:52 | 000,004,342 | ---- | C] () -- C:\WINDOWS\scad3.INI
[2009/03/23 12:51:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/03/23 12:51:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/03/23 12:51:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/12/26 16:39:55 | 000,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2008/12/26 16:34:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2008/12/26 16:34:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2008/09/26 15:46:30 | 000,004,199 | ---- | C] () -- C:\WINDOWS\ALWPU.INI
[2008/09/26 15:45:43 | 000,177,664 | ---- | C] () -- C:\WINDOWS\System32\APPLE_UI.DLL
[2008/09/26 15:45:43 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\APPLE_NT.DLL
[2008/07/28 15:39:20 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2007/12/29 00:22:11 | 000,003,147 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/24 18:05:38 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Rion\Application Data\WavCodec.wff
[2007/11/23 00:38:28 | 000,139,008 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2007/11/14 03:00:15 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\afcddb4_d.dll
[2007/10/29 02:08:42 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/17 19:08:45 | 000,454,656 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2006/10/22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 12:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/22 12:22:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/24 23:21:23 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallThunderbird.exe
[2005/08/24 02:30:01 | 000,000,104 | ---- | C] () -- C:\WINDOWS\nTune.INI
[2005/08/24 02:29:56 | 000,000,113 | ---- | C] () -- C:\WINDOWS\NVProfileManager.INI
[2005/08/24 02:27:25 | 000,000,119 | ---- | C] () -- C:\WINDOWS\NVPerformance.INI
[2005/08/17 18:33:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2005/03/09 22:10:46 | 000,000,041 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/01/20 08:34:48 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2004/10/01 15:20:43 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/19 00:25:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2004/09/11 18:10:55 | 000,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/09/10 15:08:23 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2004/06/28 02:20:09 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2004/03/07 16:10:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2004/02/10 17:43:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SfwIFmt.dll
[2004/02/10 17:43:08 | 000,000,772 | ---- | C] () -- C:\WINDOWS\PODW.INI
[2003/12/30 23:20:21 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2003/12/30 23:11:42 | 000,000,274 | ---- | C] () -- C:\WINDOWS\pcstudio.ini
[2003/11/05 16:36:15 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003/10/30 02:44:23 | 000,000,363 | ---- | C] () -- C:\WINDOWS\CoverDes.INI
[2003/10/27 12:03:27 | 000,001,232 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/10/13 21:47:15 | 000,030,720 | ---- | C] () -- C:\WINDOWS\PerlGlob.exe
[2003/10/13 21:47:15 | 000,013,158 | ---- | C] () -- C:\WINDOWS\System32\CW16XFR.EXE
[2003/10/11 22:17:46 | 000,004,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\hmonitor.sys
[2003/10/02 23:51:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\MJUninstall.exe
[2003/09/18 17:44:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2003/09/18 17:44:07 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2003/09/18 17:44:07 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2003/09/18 17:43:39 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2003/09/18 17:43:38 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2003/09/18 17:43:35 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2003/08/29 00:42:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2003/08/24 23:52:31 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/08/23 22:26:28 | 000,001,125 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2003/08/22 01:34:57 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/08/22 01:34:32 | 000,095,440 | ---- | C] () -- C:\WINDOWS\NSUninst.exe
[2003/08/22 01:34:27 | 000,095,440 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
[2003/08/22 01:34:26 | 000,016,723 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2003/08/22 01:17:03 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Rion\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/08/20 13:52:23 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\NILaunch.exe
[2003/08/20 13:52:16 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Approach.ini
[2003/08/15 21:50:08 | 000,159,788 | ---- | C] () -- C:\WINDOWS\DelKey.exe
[2003/08/15 21:50:08 | 000,090,149 | ---- | C] () -- C:\WINDOWS\Delvid.exe
[2003/08/15 21:50:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\shicoxp.exe
[2003/08/15 21:50:08 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\caili.exe
[2003/08/15 16:09:17 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\anvcinst.dll
[2003/08/15 16:09:11 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2003/08/15 16:05:54 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2003/08/15 16:05:54 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2003/08/15 16:05:53 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003/08/15 16:05:32 | 000,020,480 | ---- | C] () -- C:\WINDOWS\ANVUNIS.exe
[2003/08/15 16:05:32 | 000,000,578 | ---- | C] () -- C:\WINDOWS\Anvshell.ini
[2003/08/15 15:55:42 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\jedih2rx.bin
[2003/08/15 15:55:42 | 000,000,122 | ---- | C] () -- C:\WINDOWS\System32\drivers\ramsed.bin
[2003/08/15 15:54:26 | 000,003,429 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2003/08/15 15:54:25 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2003/08/15 15:52:22 | 000,004,345 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2003/08/15 15:42:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/08/15 15:36:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/08/15 15:29:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/08/15 15:28:49 | 000,241,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/08/29 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 12:00:00 | 000,516,606 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 12:00:00 | 000,098,008 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 12:00:00 | 000,018,543 | ---- | C] () -- C:\WINDOWS\System32\dtiqtc.dll
[2002/08/29 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2002/08/29 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/08/31 09:36:18 | 000,064,378 | ---- | C] () -- C:\WINDOWS\System32\Hphex.bin
[2001/03/27 04:39:33 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HPNVRamStrings.dll
[1999/03/10 18:23:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1998/06/11 14:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[1998/06/11 14:08:04 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1998/03/18 18:23:00 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\nsqlc32.dll
[1998/01/13 18:23:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
[1997/11/14 18:23:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1997/05/13 18:23:00 | 000,000,153 | ---- | C] () -- C:\WINDOWS\acroread.ini
[1994/07/25 18:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994/04/07 18:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf13.ini

========== LOP Check ==========

[2004/05/26 18:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/08/21 16:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2007/09/18 20:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2007/10/30 16:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2007/11/24 06:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/01/23 14:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/02/02 18:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
[2009/04/17 03:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCB Artist
[2012/01/13 03:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2003/08/30 00:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\NovaStor
[2005/09/07 00:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\Netscape
[2006/03/24 23:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\Thunderbird
[2007/05/07 05:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\Nvu
[2007/06/01 04:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\Viewpoint
[2007/11/05 02:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\Uniblue
[2010/01/28 00:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\OpenOffice.org
[2010/03/31 20:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\Elluminate
[2010/12/28 09:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\PriceGong
[2011/08/30 02:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\Charles Schwab
[2012/01/13 03:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\SpeedMaxPc
[2012/01/13 03:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rion\Application Data\DriverCure
[2012/01/31 03:43:24 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
 
OTL part 4

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/04/14 00:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2008/04/13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2012/01/28 08:39:48 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2003/08/15 15:39:36 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2003/08/15 15:39:36 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2003/08/15 15:39:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2003/08/15 15:39:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/01/30 00:42:44 | 000,079,346 | -H-- | M] () -- C:\TREEINFO.WC
[2011/01/11 16:27:14 | 000,000,000 | ---- | M] () -- C:\CLDMA.LOG
[2011/04/12 08:39:46 | 000,000,000 | ---- | M] () -- C:\Log.txt
[2009/01/23 12:45:14 | 000,001,148 | ---- | M] () -- C:\net_save.dna
[2012/01/27 09:14:54 | 000,000,328 | ---- | M] () -- C:\Boot.bak
[2008/04/14 00:02:08 | 000,260,288 | RHS- | M] () -- C:\cmldr
[2012/01/13 12:42:10 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2012/01/30 00:11:42 | 000,058,814 | ---- | M] () -- C:\Win-Files.txt
[2012/01/30 00:12:00 | 000,000,000 | ---- | M] () -- C:\RootKit.log
[2003/10/26 01:44:20 | 000,000,199 | ---- | M] () -- C:\UnInstall.dat
[2003/11/06 17:16:48 | 000,000,185 | ---- | M] () -- C:\Setup.log

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2003/08/15 15:39:18 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[1998/02/05 12:16:18 | 000,018,432 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\jDocPrc.dll
[2008/07/06 03:50:04 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2003/08/15 15:27:50 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
[2003/08/15 15:27:50 | 000,626,688 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2003/08/15 15:27:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/08/18 18:51:08 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/03/23 04:22:10 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Rion\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2003/08/15 15:46:00 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Rion\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Documents and Settings\Rion\Desktop\boot_cleaner.exe
[2012/01/27 09:37:40 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Rion\Desktop\tdsskiller.exe
[2012/01/27 10:15:02 | 004,391,956 | R--- | M] (Swearware) -- C:\Documents and Settings\Rion\Desktop\Buttly.exe
[2012/01/31 07:23:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rion\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2004/10/01 16:42:16 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Rion\Favorites\Desktop.ini
[2012/01/29 09:26:42 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\Rion\Favorites\NtUser.dat
[2012/01/29 09:26:56 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Rion\Favorites\NtUser.dat.LOG

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/01/31 07:15:14 | 001,212,416 | ---- | M] () -- C:\Documents and Settings\Rion\Cookies\index.dat
[2009/03/23 02:49:24 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Rion\Cookies\desktop.ini
[2012/01/29 09:26:42 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\Rion\Cookies\NtUser.dat
[2012/01/29 09:26:56 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Rion\Cookies\NtUser.dat.LOG

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/13 17:12:38 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2002/08/29 05:00:00 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/08/29 05:00:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/08/29 05:00:00 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002/08/29 05:00:00 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/08/20 12:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2002/08/20 15:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2002/08/20 12:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2002/08/20 12:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2004/07/17 11:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm
[2008/04/13 17:12:28 | 001,695,232 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/04/13 10:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 17:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2008/05/02 07:01:50 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< MD5 for: AGP440.SYS >
[2004/10/01 16:26:40 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/18 18:42:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/10/01 16:26:40 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/08/18 18:42:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 12:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/10/01 16:26:40 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/18 18:42:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/10/01 16:26:40 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/08/18 18:42:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/29 12:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\ATAPI.SYS
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DXGTHK.SYS >
[2002/08/29 04:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) MD5=A73F5D6705B1D820C19B18782E176EFD -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\DXGTHK.SYS
[2002/08/29 12:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) MD5=A73F5D6705B1D820C19B18782E176EFD -- C:\WINDOWS\system32\dllcache\dxgthk.sys
[2002/08/29 12:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) MD5=A73F5D6705B1D820C19B18782E176EFD -- C:\WINDOWS\system32\drivers\dxgthk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 17:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\pebuilder3110a\BartPE\I386\EXPLORER.EXE
[2008/04/13 17:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 17:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 17:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: NETBT.SYS >
[2008/04/14 00:51:02 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\NETBT.SYS
[2008/04/13 12:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008/04/13 12:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\dllcache\netbt.sys
[2008/04/13 12:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\NETLOGON.DLL
[2008/04/13 17:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 17:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\SCECLI.DLL
[2008/04/13 17:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 17:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\SVCHOST.EXE
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TCPIP.SYS >
[2008/04/14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\TCPIP.SYS
[2008/04/13 12:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 04:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 04:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\USERINIT.EXE
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/13 11:41:02 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 11:41:02 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\dllcache\volsnap.sys
[2008/04/13 11:41:02 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\WINLOGON.EXE
[2008/04/13 17:12:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 17:12:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINSRV.DLL >
[2008/04/14 05:42:10 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=1618F36D4F7F6CCCEB3EE44BA95BE85C -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\WINSRV.DLL
[2008/04/13 17:12:10 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=1618F36D4F7F6CCCEB3EE44BA95BE85C -- C:\WINDOWS\ServicePackFiles\i386\winsrv.dll
[2011/11/25 13:57:20 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=8C7DCA4B158BF16894120786A7A5F366 -- C:\WINDOWS\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\sp3gdr\winsrv.dll
[2011/11/25 13:57:20 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=8C7DCA4B158BF16894120786A7A5F366 -- C:\WINDOWS\system32\dllcache\winsrv.dll
[2011/11/25 13:57:20 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=8C7DCA4B158BF16894120786A7A5F366 -- C:\WINDOWS\system32\winsrv.dll
[2011/11/25 13:56:26 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=B23423313519C522E0E73BA170D3CE71 -- C:\WINDOWS\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2\sp3qfe\winsrv.dll

< End of report >
 
Extras.txt

OTL Extras logfile created on: 1/31/2012 7:27:12 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Rion\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 635.09 Mb Available Physical Memory | 62.05% Memory free
929.73 Mb Paging File | 659.62 Mb Available in Paging File | 70.95% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17.07 Gb Total Space | 5.68 Gb Free Space | 33.27% Space Free | Partition Type: FAT32
Drive D: | 34.24 Gb Total Space | 15.05 Gb Free Space | 43.97% Space Free | Partition Type: NTFS
Drive E: | 8.53 Gb Total Space | 3.55 Gb Free Space | 41.56% Space Free | Partition Type: FAT32
Drive F: | 159.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: RIONXP | User Name: Rion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with ACDSee] -- "C:\My Program Files\ACDSee32\ACDSee32.exe" "%1" (ACD Systems, Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\System32\ftp.exe" = C:\WINDOWS\System32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\WINDOWS\System32\mmc.exe" = C:\WINDOWS\System32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Palm\HOTSYNC.EXE" = C:\Program Files\Palm\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application -- (Palm, Inc.)
"E:\RC40 Scale\RC40 Rate Update.exe" = E:\RC40 Scale\RC40 Rate Update.exe:*:Enabled:RC40 Scale -- (CompanionLink Software, Inc.)
"C:\Program Files\Schwab\SSPro\SSPro.exe" = C:\Program Files\Schwab\SSPro\SSPro.exe:*:Enabled:StreetSmart Pro® -- (Charles Schwab & Co., Inc.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Java\JRE6\BIN\javaw.exe" = C:\Program Files\Java\JRE6\BIN\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Rion\Local Settings\Application Data\Google\Google Earth\client\googleearth.exe" = C:\Documents and Settings\Rion\Local Settings\Application Data\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0345CF70-FA00-4F4E-A218-0FA494F465A4}" = LightScribe Template Designs - Business Pack 1
"{22DAFE84-E618-11D3-B2A7-080009FB4A19}" = HP PrecisionScan Pro 3.0
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{2CDB2DCD-1153-4ED4-9D0A-606231CEFE9A}" = LightScribe Template Designs - Art Pack 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{47BD9F34-BBB7-4CFF-BE29-2D5D8E2F0385}" = PCB Artist
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{48963B63-7A10-49D6-8B08-61E6132453D0}" = ViewSonic Monitor Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{664708B3-C730-11D5-ADE7-00B0D07D157A}" = StreetSmart Pro
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD XP
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7141AD74-0C90-4369-A4C0-15BD0BD57C1D}" = Net-It Now! Uninstaller
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7DBBC522-F642-4D6C-A03F-22E49EB63437}" = Palm Desktop
"{82F248C6-D392-11D5-9EA2-0050BAE317E1}" = PowerDirector Pro Disc Wizard
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A14F19F4-2E19-4CA5-83AB-FC9EE3FEA1E0}" = NovaBACKUP
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B6C766E9-B26D-4D54-A22B-A52B069C6C14}" = LightScribe Template Designs - Special Occasion Pack 1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF736FF-8133-42F3-8E18-BDFE293B87FF}" = LightScribe Template Designs - Holiday Pack 1
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1
"{E9B65E73-A050-413C-89BA-80EE1875870D}" = Retrospect 5.6
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{FAC20C98-35F4-49E9-B4E3-6A4FB2E9686C}" = LightScribe Template Labeler
"{FAFD21CB-7882-4ED2-8270-508F564221A8}" = ATECH FLASH PRO-IX Driver (Rev1.00)
"2A17D76A9A2D2CD672A7F1A1B0C763731AC8D607" = Windows Driver Package - MARS (MR97310_USB_DUAL_CAMERA) Image (12/03/2002 1.2.9.0)
"7-Zip" = 7-Zip 9.20
"ACDSee 32" = ACDSee 32
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AppleLaserWriterSoftware202" = Apple LaserWriter Software
"ASUS Probe V2.19.07" = ASUS Probe V2.19.07
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Codewright51" = Codewright 5.1
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Compton's Interactive Encyclopedia 2000" = Compton's Interactive Encyclopedia 2000
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"DVD Identifier_is1" = DVD Identifier
"EZ-PC" = AutoXray EZ-PC (remove only)
"HijackThis" = HijackThis 2.0.2
"HP PhotoSmart C200 Camera Software" = HP PhotoSmart C200 Photo Imaging Software
"HP PhotoSmart Photo Printing Software" = HP PhotoSmart Photo Printing Software
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InCD!UninstallKey" = InCD (Ahead Software)
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"IrfanView" = IrfanView (remove only)
"Java Web Start" = Java Web Start
"Karen's Cookie Viewer" = Karen's Cookie Viewer
"Learn Electronics Part 1" = Twisted Pair Computer Based Training Learn Electronics Part 1 5.03
"LTspice IV" = LTspice IV
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Media Jukebox 8.0" = Media Jukebox 8.0
"MediaShow" = Medi@Show
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"MovieConverterV3" = Movie Converter V3 (remove only)
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"Mozilla Thunderbird (3.1.12)" = Mozilla Thunderbird (3.1.12)
"Netscape (7.1)" = Netscape (7.1)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PE Builder_is1" = PE Builder 3.1.10a
"PhotoWorks" = PhotoWorks v2.41
"RC40 Scale" = RC40 Scale
"SeaTools Enterprise" = SeaTools Enterprise
"SmartSuite V99.0" = Lotus SmartSuite Release 9.5
"SnagIt6" = SnagIt 6
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"Xerox Phaser 3124" = Xerox Phaser 3124
"Yahoo! Photos Drag-Drop Uploader 1v7" = Yahoo! Photos Easy Upload Tool 1v7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-789336058-287218729-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Smad" = SanctionedMedia

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/19/2012 5:41:02 PM | Computer Name = RIONXP | Source = ESENT | ID = 482
Description = wuauclt (3272) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
at offset 237568 (0x000000000003a000) for 4096 (0x00001000) bytes failed with system
error 1117 (0x0000045d): "The request could not be performed because of an I/O
device error. ". The write operation will fail with error -1022 (0xfffffc02).
If this error persists then the file may be damaged and may need to be restored
from a previous backup.

Error - 1/19/2012 7:27:32 PM | Computer Name = RIONXP | Source = ESENT | ID = 482
Description = wuauclt (1964) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
at offset 102400 (0x0000000000019000) for 4096 (0x00001000) bytes failed with system
error 1117 (0x0000045d): "The request could not be performed because of an I/O
device error. ". The write operation will fail with error -1022 (0xfffffc02).
If this error persists then the file may be damaged and may need to be restored
from a previous backup.

Error - 1/19/2012 7:28:32 PM | Computer Name = RIONXP | Source = ESENT | ID = 482
Description = wuauclt (1964) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
at offset 28672 (0x0000000000007000) for 4096 (0x00001000) bytes failed with system
error 1117 (0x0000045d): "The request could not be performed because of an I/O
device error. ". The write operation will fail with error -1022 (0xfffffc02).
If this error persists then the file may be damaged and may need to be restored
from a previous backup.

Error - 1/19/2012 7:34:17 PM | Computer Name = RIONXP | Source = ESENT | ID = 482
Description = wuauclt (2812) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
at offset 0 (0x0000000000000000) for 8192 (0x00002000) bytes failed with system
error 1117 (0x0000045d): "The request could not be performed because of an I/O
device error. ". The write operation will fail with error -1022 (0xfffffc02).
If this error persists then the file may be damaged and may need to be restored
from a previous backup.

Error - 1/19/2012 7:35:17 PM | Computer Name = RIONXP | Source = ESENT | ID = 439
Description = wuauclt (2812) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb.
Error -1022.

Error - 1/19/2012 7:37:17 PM | Computer Name = RIONXP | Source = ESENT | ID = 482
Description = wuauclt (2260) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\res2.log"
at offset 0 (0x0000000000000000) for 131072 (0x00020000) bytes failed with system
error 1117 (0x0000045d): "The request could not be performed because of an I/O
device error. ". The write operation will fail with error -1022 (0xfffffc02).
If this error persists then the file may be damaged and may need to be restored
from a previous backup.

Error - 1/19/2012 7:38:02 PM | Computer Name = RIONXP | Source = ESENT | ID = 428
Description = wuauclt (2260) The database engine is rejecting update operations
due to low free disk space on the log disk.

Error - 1/19/2012 7:46:17 PM | Computer Name = RIONXP | Source = ESENT | ID = 481
Description = wuauclt (2260) An attempt to read from the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
at offset 299008 (0x0000000000049000) for 4096 (0x00001000) bytes failed with system
error 1117 (0x0000045d): "The request could not be performed because of an I/O
device error. ". The read operation will fail with error -1022 (0xfffffc02). If
this error persists then the file may be damaged and may need to be restored from
a previous backup.

Error - 1/19/2012 8:58:34 PM | Computer Name = RIONXP | Source = ESENT | ID = 481
Description = wuauclt (2632) An attempt to read from the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
at offset 45056 (0x000000000000b000) for 4096 (0x00001000) bytes failed with system
error 1117 (0x0000045d): "The request could not be performed because of an I/O
device error. ". The read operation will fail with error -1022 (0xfffffc02). If
this error persists then the file may be damaged and may need to be restored from
a previous backup.

Error - 1/19/2012 9:08:19 PM | Computer Name = RIONXP | Source = ESENT | ID = 482
Description = wuauclt (616) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb"
at offset 73728 (0x0000000000012000) for 4096 (0x00001000) bytes failed with system
error 1117 (0x0000045d): "The request could not be performed because of an I/O
device error. ". The write operation will fail with error -1022 (0xfffffc02).
If this error persists then the file may be damaged and may need to be restored
from a previous backup.

[ System Events ]
Error - 1/30/2012 2:00:47 AM | Computer Name = RIONXP | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 1/30/2012 2:00:53 AM | Computer Name = RIONXP | Source = Service Control Manager | ID = 7000
Description = The NetBEUI Protocol service failed to start due to the following
error: %%2

Error - 1/30/2012 4:26:43 AM | Computer Name = RIONXP | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 1/30/2012 4:26:49 AM | Computer Name = RIONXP | Source = Service Control Manager | ID = 7000
Description = The NetBEUI Protocol service failed to start due to the following
error: %%2

Error - 1/31/2012 7:08:27 AM | Computer Name = RIONXP | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 1/31/2012 7:08:33 AM | Computer Name = RIONXP | Source = Service Control Manager | ID = 7000
Description = The NetBEUI Protocol service failed to start due to the following
error: %%2

Error - 1/31/2012 7:17:39 AM | Computer Name = RIONXP | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 1/31/2012 7:17:43 AM | Computer Name = RIONXP | Source = Service Control Manager | ID = 7000
Description = The NetBEUI Protocol service failed to start due to the following
error: %%2

Error - 1/31/2012 7:43:30 AM | Computer Name = RIONXP | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 1/31/2012 7:43:35 AM | Computer Name = RIONXP | Source = Service Control Manager | ID = 7000
Description = The NetBEUI Protocol service failed to start due to the following
error: %%2


< End of report >
 
Status
Not open for further replies.

Similar threads

Kaelkitty
Solved Two problems: tinny music everyday at 4pm, AND a scareware pop-up
2
Replies
45
Views
5K
Broni
Broni
R
  • Locked
Inactive Virus removal
Replies
2
Views
3K
Broni
Broni
D
Solved Broni: Please Review Logs of My Old HP Pavilion ze2000, Windows XP! Part 1
Replies
21
Views
3K
Broni
Broni

Latest posts

Back