Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TDSS/ TDL3 and https Stop 07b

Started by davidJ85 , Aug 21 2011 01:11 PM

  • This topic is locked This topic is locked

#1
davidJ85
Posted 21 August 2011 - 01:11 PM

davidJ85

    New Member

  • Member
  • Pip
  • 5 posts
Hello,

I have a Dell Laptop running Windows XP Media Center Edition. I am trying to fix it for a friend who got in over his head and doesnt know computers well at all. He gave me his laptop to fix since I do know quite a bit about computers. Well it looks like I am in over my head as well now.

The computer had the TDL3 rootkit because google was redirectingand no HTTPS websites are loading the pages load blank or half load. I ran TDSS Killer and it successfully found it and removed it. Also Malwarebytes was coming up with an error that matched an .exe that was downloaded from the internet regardless of IE or Firefox it would have a
.%2%.exe appened to the name of the file and extension. The error on startup showed malwarebytes saying something similar filename wise.

Everything was running fine at this point after removing TDLL/ TDS 3, the pc rebooted i reran tdsskiller and it showed the pc was clean of it. I just needed to finish cleaning the system of any other malware so i did the following

I ran OTL Log File

It shows an Alternative Data stream so I ran OTL Fix and used the following options

:OTL



@ Alternative Data Stream (whatever the stream was)

:Commands
[emptytemp]
[Reboot]

OTL ran ad then asked for a reboot I let it reboot

Now the system comes up to the Windows loading screen and then gets a STOP 07b error and I do not know why...
I am not sure what to do at this point because the problem occurred after removing the alternative data stream which I dont think should have happened unless whatever was attached to this alternative data stream caused the issue (another rootkit perhaps ??) Please help me I am using a BART CD to back up the PC right now so I will have access to the OTL Log Files Shortly and I will be able to post those as well.


I hope you guys can please help me as reinstall is not option.
  • 0

Advertisements

#2
davidJ85
Posted 21 August 2011 - 01:32 PM

davidJ85

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OTL logfile created on: 8/21/2011 1:57:48 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\user\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 614.00 Mb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73.12 Gb Total Space | 12.12 Gb Free Space | 16.58% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 5.44 Gb Free Space | 73.07% Space Free | Partition Type: FAT32

Computer Name: DANNY | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/11 08:10:37 | 000,615,688 | ---- | M] (CA, Inc) -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge\SelfServe.exe
PRC - [2011/04/15 19:50:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2010/08/24 00:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/02/28 22:37:38 | 001,377,008 | ---- | M] () -- C:\WINDOWS\system32\svcprs32.exe
PRC - [2010/02/28 22:33:56 | 002,347,760 | ---- | M] () -- C:\WINDOWS\system32\mdmcls32.exe
PRC - [2008/08/13 21:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/28 20:57:24 | 000,018,944 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Printer\Center\KodakSvc.exe
PRC - [2007/07/22 20:34:56 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2007/02/14 20:23:18 | 000,538,096 | ---- | M] ( ) -- C:\WINDOWS\system32\dlcccoms.exe


========== Modules (SafeList) ==========

MOD - [2011/04/15 19:50:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (CAAMSvc)
SRV - File not found [Auto | Stopped] -- -- (avast! Antivirus)
SRV - [2010/08/24 00:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/02/28 22:37:38 | 001,377,008 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\svcprs32.exe -- (WinSvchostManager)
SRV - [2010/02/28 22:33:56 | 002,347,760 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\mdmcls32.exe -- (WinExtManager)
SRV - [2008/08/13 21:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/02/28 20:57:24 | 000,018,944 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\printer\center\KodakSvc.exe -- (KodakSvc)
SRV - [2007/07/22 20:34:56 | 000,069,632 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2007/03/19 15:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/14 20:23:18 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Running] -- -- (MBAMSwissArmy)
DRV - [2011/08/21 12:24:15 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tsk14.tmp -- (VolSnap)
DRV - [2010/09/17 15:21:00 | 000,135,248 | ---- | M] (CA) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\KmxAMRT.sys -- (KmxAMRT)
DRV - [2010/03/22 16:58:42 | 000,079,864 | ---- | M] (CA) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2009/03/27 18:27:04 | 000,598,656 | ---- | M] (Computer Associates International, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KmxAMVet.sys -- (KmxAMVet)
DRV - [2007/07/22 17:45:57 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/02/25 15:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/21 07:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/15 03:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 22:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 20:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/10/05 20:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/16 15:57:28 | 000,018,560 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2006/08/09 14:11:58 | 000,156,288 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2006/03/24 20:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/18 15:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 15:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/07 08:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/11/07 08:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/11/07 08:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/11/07 08:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/11/07 08:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/11/07 08:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/11/07 08:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/12 20:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2001/08/22 11:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-507921405-527237240-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-507921405-527237240-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
IE - HKU\S-1-5-21-507921405-527237240-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-507921405-527237240-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:0.1

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\CA\CA Internet Security Suite\RRR Anti-Phishing\Toolbar\Firefox
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/11 08:35:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/05 19:19:59 | 000,000,000 | ---D | M]

[2010/10/21 18:59:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2009/03/29 15:23:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions\[email protected]
[2011/08/19 19:06:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\015k703u.default\extensions
[2011/05/23 13:03:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\015k703u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/03 20:13:23 | 000,000,000 | ---D | M] (Low Quality Flash) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\015k703u.default\extensions\[email protected]
[2010/10/21 18:47:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKLM\..\Toolbar: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-527237240-682003330-1003\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-527237240-682003330-1003\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-527237240-682003330-1003\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-527237240-682003330-1003\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-527237240-682003330-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\RunOnceEx: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-527237240-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-507921405-527237240-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-507921405-527237240-682003330-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-507921405-527237240-682003330-1003\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logme...eDownloader.cab (LogMeIn Rescue Applet Downloader)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} http://ts.hickeyfreeman.com/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/02 21:22:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/04 11:57:10 | 000,000,125 | -H-- | M] () - E:\autorun.inf -- [ FAT32 ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/21 13:41:42 | 000,306,736 | ---- | C] (AVAST Software) -- C:\Documents and Settings\user\Desktop\aswclear.exe
[2011/08/21 13:01:16 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2011/08/21 12:24:15 | 000,094,768 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\94160935.sys
[2011/08/21 12:22:40 | 001,405,744 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\user\Desktop\tdsskiller.exe
[2011/08/18 13:34:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent
[2011/08/13 13:52:10 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/08/13 13:51:15 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/06 20:17:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2011/08/05 19:19:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/08/03 20:10:57 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/03 20:10:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2011/08/03 20:10:30 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2007/02/14 20:23:20 | 000,386,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccih.exe
[2007/02/14 20:23:18 | 000,538,096 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccoms.exe
[2007/02/14 20:23:18 | 000,382,448 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccfg.exe
[2006/12/20 21:08:24 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2006/12/20 21:06:58 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[2006/12/20 21:01:04 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[2006/12/20 20:59:24 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2006/12/20 20:58:02 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcciesc.dll
[2006/12/20 20:55:40 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[2006/12/20 20:54:54 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
[2006/12/20 20:54:20 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll
[2006/12/20 20:47:32 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccinpa.dll
[2006/12/20 20:46:50 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2006/12/20 20:42:36 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/21 13:55:00 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2011/08/21 13:54:05 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\Kodak AiO Scheduled Maintenance.job
[2011/08/21 13:54:00 | 000,000,564 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2011/08/21 13:51:33 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D7DA1D3B-59F3-4F60-85E6-4AD1C487AFBD}.job
[2011/08/21 13:41:43 | 000,306,736 | ---- | M] (AVAST Software) -- C:\Documents and Settings\user\Desktop\aswclear.exe
[2011/08/21 12:25:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\Registry Reviver-user-Startup.job
[2011/08/21 12:25:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/21 12:24:15 | 000,094,768 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\94160935.sys
[2011/08/21 12:12:26 | 001,405,744 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\user\Desktop\tdsskiller.exe
[2011/08/21 11:38:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/19 19:22:27 | 001,082,822 | ---- | M] () -- C:\caisslog.old
[2011/08/18 20:14:07 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/17 01:26:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/17 01:18:04 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/08/14 03:12:40 | 000,503,562 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/14 03:12:40 | 000,097,334 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/14 03:07:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/09 20:31:57 | 000,016,630 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Chicken Soup.odt
[2011/08/08 13:28:02 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2011/08/06 20:17:53 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/08/05 19:20:01 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/07/25 11:17:44 | 005,969,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/05 19:20:00 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/08/05 19:19:59 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2011/08/04 19:37:05 | 000,016,630 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Chicken Soup.odt
[2011/08/03 20:10:31 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/06/05 15:19:15 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~25288484r
[2011/06/05 15:19:15 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~25288484
[2011/06/05 15:18:07 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\25288484
[2011/05/14 14:34:31 | 000,014,698 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\xg72t2m7865872670ook
[2011/05/14 14:34:31 | 000,014,698 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xg72t2m7865872670ook
[2011/05/06 20:04:48 | 000,000,016 | ---- | C] () -- C:\WINDOWS\prefs.dat
[2011/02/17 08:39:22 | 000,790,760 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/02 17:36:31 | 000,005,729 | ---- | C] () -- C:\WINDOWS\System32\EPSTP32U.DAT
[2010/10/21 18:47:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/20 20:07:51 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\simple.dll
[2010/10/20 20:07:44 | 000,302,592 | ---- | C] () -- C:\WINDOWS\System32\pgp.dll
[2010/10/20 20:07:42 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\keydb.dll
[2010/10/20 20:07:40 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\bn.dll
[2010/10/20 20:07:24 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2010/10/20 20:07:14 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2010/09/27 19:03:36 | 000,060,968 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/07/05 10:53:38 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2010/07/05 10:51:59 | 001,054,032 | ---- | C] () -- C:\WINDOWS\System32\cfgmig32.dll
[2010/07/05 10:51:34 | 001,377,008 | ---- | C] () -- C:\WINDOWS\System32\svcprs32.exe
[2010/07/05 10:51:33 | 005,845,744 | ---- | C] () -- C:\WINDOWS\System32\win32cpr.dll
[2010/07/05 10:51:32 | 002,385,136 | ---- | C] () -- C:\WINDOWS\System32\winsflt_x64.dll
[2010/07/05 10:51:32 | 002,347,760 | ---- | C] () -- C:\WINDOWS\System32\mdmcls32.exe
[2010/07/05 10:51:32 | 001,872,624 | ---- | C] () -- C:\WINDOWS\System32\winsflt.dll
[2010/07/05 10:51:32 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\winsfinst.exe
[2009/10/19 16:43:44 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2008/09/19 17:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 17:54:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/12 06:57:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/08/14 02:04:15 | 000,000,014 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2007/08/06 11:30:46 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/07/25 23:11:09 | 000,000,066 | ---- | C] () -- C:\WINDOWS\ESPR200.ini
[2007/07/23 21:19:24 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007/07/23 21:05:35 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/07/23 21:05:35 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/07/23 21:05:35 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/07/23 21:05:35 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/07/23 21:05:35 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/07/23 21:05:35 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/07/23 21:05:35 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/07/23 21:05:35 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/07/23 21:05:35 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/07/23 21:05:35 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/07/23 21:05:35 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/07/23 21:05:35 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/07/23 21:05:35 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/07/23 21:05:35 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/07/23 21:05:35 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/07/23 21:05:35 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/07/23 14:15:19 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/23 14:13:08 | 000,061,678 | -H-- | C] () -- C:\Documents and Settings\user\Application Data\PFP120JPR.{PB
[2007/07/23 14:13:08 | 000,012,358 | -H-- | C] () -- C:\Documents and Settings\user\Application Data\PFP120JCM.{PB
[2007/07/23 13:41:08 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/07/23 13:24:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2007/07/22 20:51:50 | 000,000,190 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/07/22 17:17:38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/07/13 23:23:42 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/07/13 23:23:40 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/07/13 23:23:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2007/07/10 23:27:55 | 000,000,467 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/07/08 15:38:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/07/02 22:30:14 | 000,000,139 | -H-- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
[2007/07/02 21:27:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/07/02 21:17:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/07/02 14:07:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/07/02 14:06:28 | 000,293,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/02/07 16:57:16 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcccoin.dll
[2007/01/26 11:11:42 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2007/01/26 11:11:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2007/01/26 11:09:58 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2007/01/26 10:59:04 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2007/01/26 10:58:30 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2007/01/26 10:57:38 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2007/01/26 10:57:18 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2007/01/26 10:53:46 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2007/01/22 06:24:50 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2005/11/18 10:52:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/18 10:26:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2005/08/05 17:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/01 15:44:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcccnv4.dll
[2005/03/22 18:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 18:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 07:00:00 | 000,503,562 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 07:00:00 | 000,097,334 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 07:00:00 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\volsnap.sys
[2004/08/10 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/04/09 10:06:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\EPSPTDV.DLL

========== LOP Check ==========

[2011/08/17 01:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/06/10 22:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2011/06/11 08:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2009/10/19 16:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2010/08/05 20:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2007/07/13 23:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2011/04/12 06:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2011/06/11 07:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
[2011/06/13 19:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Road Runner
[2007/07/23 14:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simple Star
[2007/07/23 14:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simple Star Shared
[2011/05/05 21:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/05/05 19:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/01 20:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/09/27 18:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/04 19:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\CallingID
[2007/07/25 23:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Leadertech
[2009/03/29 15:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\LimeWire
[2007/07/10 23:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\MSNInstaller
[2011/04/12 06:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PCDr
[2009/02/06 07:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PDM
[2011/06/21 21:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Road Runner
[2011/08/03 16:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Simple Star
[2010/08/14 19:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SlideRocketPlayer.62C1F915F5A6BA2BA0761B85080AA90D2A2F76E2.1
[2011/05/01 20:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TuneUp Software
[2011/08/08 13:28:02 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job
[2011/08/21 13:54:00 | 000,000,564 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/08/21 12:25:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\Registry Reviver-user-Startup.job
[2011/08/21 13:55:00 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job
[2011/08/21 13:51:33 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D7DA1D3B-59F3-4F60-85E6-4AD1C487AFBD}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E7393FC

< End of report >
  • 0

#3
Essexboy
Posted 22 August 2011 - 01:10 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there are you able to access safe mode and/or normal mode now ?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - [2010/02/28 22:37:38 | 001,377,008 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\svcprs32.exe -- (WinSvchostManager)
    SRV - [2010/02/28 22:33:56 | 002,347,760 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\mdmcls32.exe -- (WinExtManager)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
    O3 - HKLM\..\Toolbar: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-507921405-527237240-682003330-1003\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-507921405-527237240-682003330-1003\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
    O3 - HKU\S-1-5-21-507921405-527237240-682003330-1003\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
    O3 - HKU\S-1-5-21-507921405-527237240-682003330-1003\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\S-1-5-21-507921405-527237240-682003330-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKLM..\RunOnceEx: [] File not found
    [2011/06/05 15:19:15 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~25288484r
    [2011/06/05 15:19:15 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~25288484
    [2011/06/05 15:18:07 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\25288484
    [2011/05/14 14:34:31 | 000,014,698 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\xg72t2m7865872670ook
    [2011/05/14 14:34:31 | 000,014,698 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xg72t2m7865872670ook

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#4
davidJ85
Posted 23 August 2011 - 11:00 AM

davidJ85

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I was stil getting the blue screen of death until I did the following while waiting for a response.


I couldnt access recovery console because my friend set the administrator password but did not remember it so I used the NT Offline password reset CD and reset the administrator password. I was then able to get into recovery console where i ran a CHKDSK /r which did find bad sectors and repaired them. The stop error still continued after this.

I ran AVG AV Rescue CD which found nothing

I then went back through the logfile and noticed this registry entry:
DRV - [2011/08/21 12:24:15 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tsk14.tmp -- (VolSnap)

I then used a Reatogo Bart CD to remote load the System part of HKLM registry Key. I then looked at the Volsnap registry key under HKLM\System\currentcontrolset\services\volsnap i notcied it was pointing to the wrong file for the image c:\windows\system32\drivers\tsk14.tmp i then changed that to volsnap.sys. I also noticed the enum sub registry key was missing. I installed a copy of MCE in VM Ware Workstation and looked at the registry keys I then recreated them on this laptop. While I was in the registry i noticed many other services were missing their entire registry keys, like the main key name for the service was there but no start type, image path or anything.

I then shutdown and rebooted the PC, upon reboot it went into WINDOWS - Score 1 for me. I then ran Malwarebytes, I kick myself for not noticing this intially but someone had put REVO uninstaller on the desktop, LSP Fix and some other Winsock tool. SO now I know that someone attempted to fix this previously and was unsuccessful. The system had Pieces of Avast all over in the system (they had used revo before using add/remove programs to try to remove it or the malware hammered it, also while infected they tried loading CA Etrust Internet Security Suite so pieces of that and Avast were active services but their GUIs were non existent. I manually removed the registry services for them, rebooted and then ran their specific uninstaller tools which removed both of them . Ran Malware bytes and it found nothing. At this point my friend had called and was really anxious about getting the laptop back and did not have the CD's. I told him I couldnt properly fix it at this point because too many bad things were done to this system which has made a mess out of registry and that at this point it really needed to be reloaded they said as long as it gets on the net they were fine with it so they picked it up and thats it unfortunately. I Did find in the system restore that someone had used revo back in May to force uninstall Avast, CA Internet Security Registry Reviver and several other programs.

I now know though why it BSOD on my after running OTL and using the emptytemp option, it deleted the temp file that the service registry entry was pointing to for volsnap.sys. Had I not run that it would not have BSOD although System Restore wouldnt be working either unless the service registry entry was pointed back to the proper file. SO Hopefully this helps someone in the future not all BSOD 07b errors are hard drives it can be something stupid like a boot time service with bad values from a virus or rootkit.

Thanks for your reply I wish I could have taken this further I dont like throwing the towel in on pc but someone really messed with this thing
  • 0

#5
davidJ85
Posted 23 August 2011 - 11:07 AM

davidJ85

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
here is a more detailed OTL log file the multiple DRV - File not found listings below is what tipped me off



OTL logfile created on: 8/21/2011 9:08:13 PM - Run
OTLPE by OldTimer - Version 3.1.41.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 666.00 Mb Available Physical Memory | 66.00% Memory free
902.00 Mb Paging File | 735.00 Mb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73.12 Gb Total Space | 14.93 Gb Free Space | 20.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 434.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe -- (CAAMSvc)
SRV - File not found [Auto] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/24 00:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/08/13 15:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/28 22:37:38 | 001,377,008 | ---- | M] () [Auto] -- C:\WINDOWS\system32\svcprs32.exe -- (WinSvchostManager)
SRV - [2010/02/28 22:33:56 | 002,347,760 | ---- | M] () [Auto] -- C:\WINDOWS\system32\mdmcls32.exe -- (WinExtManager)
SRV - [2008/08/13 21:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/02/28 20:57:24 | 000,018,944 | ---- | M] (Eastman Kodak Company) [Auto] -- C:\Program Files\Kodak\printer\center\KodakSvc.exe -- (KodakSvc)
SRV - [2007/07/22 20:34:56 | 000,069,632 | ---- | M] (Creative Labs) [Auto] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2007/03/19 15:44:44 | 000,070,656 | ---- | M] () [On_Demand] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/02/14 20:23:18 | 000,538,096 | ---- | M] ( ) [Auto] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)
SRV - [2003/03/18 00:22:40 | 000,040,960 | ---- | M] () [Auto] -- C:\WINDOWS\system32\PwdServ.exe -- (Password)


========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Boot] -- C:\WINDOWS\System32\drivers\tsk14.tmp -- (VolSnap)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | System] -- -- (aswTdi)
DRV - File not found [Kernel | System] -- -- (aswSP)
DRV - File not found [File_System | System] -- -- (aswSnx)
DRV - File not found [Kernel | System] -- -- (aswRdr)
DRV - File not found [File_System | Auto] -- -- (aswMon2)
DRV - File not found [File_System | Auto] -- -- (aswFsBlk)
DRV - File not found [Kernel | System] -- -- (Aavmker4)
DRV - [2010/09/17 15:21:00 | 000,135,248 | ---- | M] (CA) [File_System | Boot] -- C:\WINDOWS\system32\drivers\KmxAMRT.sys -- (KmxAMRT)
DRV - [2010/03/22 16:58:42 | 000,079,864 | ---- | M] (CA) [File_System | System] -- C:\WINDOWS\system32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2009/03/27 18:27:04 | 000,598,656 | ---- | M] (Computer Associates International, Inc.) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\KmxAMVet.sys -- (KmxAMVet)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/22 17:45:57 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/03/31 00:34:14 | 005,704,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/02/25 15:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/21 07:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/15 03:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 22:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 20:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/10/05 20:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/16 15:57:28 | 000,018,560 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2006/08/09 14:11:58 | 000,156,288 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2006/03/24 20:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/12/01 04:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 04:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 04:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/11/18 15:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 15:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/07 08:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/11/07 08:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/11/07 08:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/11/07 08:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/11/07 08:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/11/07 08:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/11/07 08:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/12 06:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/08/12 20:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/12 08:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2001/08/22 11:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\anthony_tramonto_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\anthony_tramonto_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
IE - HKU\anthony_tramonto_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\anthony_tramonto_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:0.1

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\CA\CA Internet Security Suite\RRR Anti-Phishing\Toolbar\Firefox
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/11 08:35:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/05 19:19:59 | 000,000,000 | ---D | M]

[2010/10/21 18:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anthony tramonto\Application Data\Mozilla\Extensions
[2009/03/29 15:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anthony tramonto\Application Data\Mozilla\Extensions\[email protected]
[2011/08/19 19:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anthony tramonto\Application Data\Mozilla\Firefox\Profiles\015k703u.default\extensions
[2011/05/23 13:03:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\anthony tramonto\Application Data\Mozilla\Firefox\Profiles\015k703u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/03 20:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anthony tramonto\Application Data\Mozilla\Firefox\Profiles\015k703u.default\extensions\[email protected]
[2010/10/21 18:47:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\anthony_tramonto_ON_C\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\anthony_tramonto_ON_C\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
O3 - HKU\anthony_tramonto_ON_C\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKU\anthony_tramonto_ON_C\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\anthony_tramonto_ON_C\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\RunOnceEx: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\anthony_tramonto_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\anthony_tramonto_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logme...eDownloader.cab (LogMeIn Rescue Applet Downloader)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} http://ts.hickeyfreeman.com/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/02 21:22:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (BVRP Software)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe - (Eastman Kodak Company)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe - (McAfee, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^anthony tramonto^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe - ()
MsConfig - StartUpReg: Auto Auto EPSON Stylus Photo R200 Series on ANTHONY-3891860 on YOUR-9K1AY6X2A2 - hkey= - key= - File not found
MsConfig - StartUpReg: Auto EPSON Stylus Photo R200 Series (Copy 1) on YOUR-9K1AY6X2A2 - hkey= - key= - File not found
MsConfig - StartUpReg: Broadcom Wireless Manager UI - hkey= - key= - File not found
MsConfig - StartUpReg: capfupgrade - hkey= - key= - C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe File not found
MsConfig - StartUpReg: cctray - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: CTSVolFE - hkey= - key= - C:\Program Files\Creative\Mixer\CTSVolFE.exe (Creative Technology Ltd)
MsConfig - StartUpReg: CTSVolFE.exe - hkey= - key= - C:\Program Files\Creative\Mixer\CTSVolFE.exe (Creative Technology Ltd)
MsConfig - StartUpReg: Dell QuickSet - hkey= - key= - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
MsConfig - StartUpReg: DellSupport - hkey= - key= - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
MsConfig - StartUpReg: DellSupportCenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig - StartUpReg: DLA - hkey= - key= - File not found
MsConfig - StartUpReg: DLACTRLW - hkey= - key= - File not found
MsConfig - StartUpReg: DLCCCATS - hkey= - key= - File not found
MsConfig - StartUpReg: DMXLauncher - hkey= - key= - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
MsConfig - StartUpReg: DSAgnt - hkey= - key= - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
MsConfig - StartUpReg: dsca - hkey= - key= - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
MsConfig - StartUpReg: dscactivate - hkey= - key= - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
MsConfig - StartUpReg: ehTray - hkey= - key= - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: EPSON Stylus Photo R200 Series - hkey= - key= - File not found
MsConfig - StartUpReg: E_S4I2H1 - hkey= - key= - File not found
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe File not found
MsConfig - StartUpReg: GoogleDesktop - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe File not found
MsConfig - StartUpReg: hkcmd - hkey= - key= - File not found
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: issch - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: ISUSPM - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: jusched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe File not found
MsConfig - StartUpReg: msmsgs - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: mssysmgr - hkey= - key= - C:\Program Files\Simple Star\PhotoShow 5\data\Xtras\mssysmgr.exe (Roxio)
MsConfig - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig - StartUpReg: Persistence - hkey= - key= - File not found
MsConfig - StartUpReg: QOELOADER - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: qttask - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: quickset - hkey= - key= - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: Road Runner PhotoShow Media Manager - hkey= - key= - C:\Program Files\Road Runner\PhotoShow 5\data\Xtras\mssysmgr.exe (Roxio)
MsConfig - StartUpReg: SandIcon - hkey= - key= - C:\ImageMate CompactFlash USB\SandIcon.exe ()
MsConfig - StartUpReg: SigmatelSysTrayApp - hkey= - key= - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
MsConfig - StartUpReg: Simple Star PhotoShow Media Manager - hkey= - key= - C:\Program Files\Simple Star\PhotoShow 5\data\Xtras\mssysmgr.exe (Roxio)
MsConfig - StartUpReg: sprtcmd - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig - StartUpReg: stsystra - hkey= - key= - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe File not found
MsConfig - StartUpReg: WLTRAY - hkey= - key= - File not found
MsConfig - StartUpReg: YOUR-9K1AY6X2A2 - hkey= - key= - Reg Error: Value error. File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: 46224711.sys - Driver
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: 46224711.sys - Driver
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

========== Files/Folders - Created Within 30 Days ==========

[2011/08/21 17:58:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/21 14:17:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/21 13:41:42 | 000,306,736 | ---- | C] (AVAST Software) -- C:\Documents and Settings\anthony tramonto\Desktop\aswclear.exe
[2011/08/21 13:01:16 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\anthony tramonto\Desktop\OTL.exe
[2011/08/21 12:22:40 | 001,405,744 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\anthony tramonto\Desktop\tdsskiller.exe
[2011/08/18 13:34:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\anthony tramonto\Recent
[2011/08/13 13:52:10 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/08/13 13:51:15 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/05 19:19:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/08/03 20:10:57 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/03 20:10:30 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2006/12/20 21:08:24 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2006/12/20 21:06:58 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[2006/12/20 21:01:04 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[2006/12/20 20:59:24 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2006/12/20 20:58:02 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcciesc.dll
[2006/12/20 20:55:40 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[2006/12/20 20:54:54 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
[2006/12/20 20:54:20 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll
[2006/12/20 20:47:32 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccinpa.dll
[2006/12/20 20:46:50 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2006/12/20 20:42:36 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll

========== Files - Modified Within 30 Days ==========

[2011/08/21 20:55:50 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\anthony tramonto\ntuser.dat
[2011/08/21 14:20:34 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService\ntuser.dat
[2011/08/21 14:20:34 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2011/08/21 14:20:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/21 14:20:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011/08/21 14:20:10 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\anthony tramonto\ntuser.ini
[2011/08/21 14:16:00 | 000,000,564 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2011/08/21 14:08:00 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2011/08/21 13:54:05 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\Kodak AiO Scheduled Maintenance.job
[2011/08/21 13:51:33 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D7DA1D3B-59F3-4F60-85E6-4AD1C487AFBD}.job
[2011/08/21 13:41:43 | 000,306,736 | ---- | M] (AVAST Software) -- C:\Documents and Settings\anthony tramonto\Desktop\aswclear.exe
[2011/08/21 12:25:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\Registry Reviver-anthony tramonto-Startup.job
[2011/08/21 12:24:06 | 000,096,768 | ---- | M] () -- C:\Documents and Settings\anthony tramonto\Desktop\SCAN RESULTS.doc
[2011/08/21 12:12:26 | 001,405,744 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\anthony tramonto\Desktop\tdsskiller.exe
[2011/08/21 11:38:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/19 19:22:27 | 001,082,822 | ---- | M] () -- C:\caisslog.old
[2011/08/18 20:14:07 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/17 01:26:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/17 01:18:04 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/08/14 03:12:40 | 000,591,318 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011/08/14 03:12:40 | 000,503,562 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/14 03:12:40 | 000,097,334 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/14 03:07:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/09 20:31:57 | 000,016,630 | ---- | M] () -- C:\Documents and Settings\anthony tramonto\My Documents\Chicken Soup.odt
[2011/08/08 13:28:02 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2011/08/07 13:58:55 | 002,114,088 | -H-- | M] () -- C:\Documents and Settings\anthony tramonto\Local Settings\Application Data\IconCache.db
[2011/07/30 14:04:50 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\anthony tramonto\My Documents\Chicken Soup.doc
[2011/07/25 11:17:44 | 005,969,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

========== Files Created - No Company Name ==========

[2011/08/21 15:48:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\PwdServ.exe
[2011/08/21 12:24:02 | 000,096,768 | ---- | C] () -- C:\Documents and Settings\anthony tramonto\Desktop\SCAN RESULTS.doc
[2011/08/17 01:18:08 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
[2011/08/04 19:37:05 | 000,016,630 | ---- | C] () -- C:\Documents and Settings\anthony tramonto\My Documents\Chicken Soup.odt
[2011/07/30 12:42:31 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\anthony tramonto\My Documents\Chicken Soup.doc
[2011/06/13 19:14:30 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\anthony tramonto\Application Data\7zip_progress_327270C7-F853-47DF-BB4A-E9CEFBC5D372.txt
[2011/06/13 19:14:27 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\anthony tramonto\Application Data\7zip_progress_ED6E7899-1D71-4A2B-AE36-75E32C17FA3C.txt
[2011/06/13 18:40:24 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\anthony tramonto\Application Data\7zip_progress_80A575C9-05B6-45D2-BBB8-C369D5822AB3.txt
[2011/06/13 18:40:21 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\anthony tramonto\Application Data\7zip_progress_8DC8405C-398E-4F5E-905D-6DE9DA81DF80.txt
[2011/06/01 18:06:18 | 000,233,472 | ---- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat
[2011/05/28 19:38:38 | 003,932,160 | ---- | C] () -- C:\Documents and Settings\anthony tramonto\ntuser.dat
[2011/05/26 19:42:57 | 000,006,446 | -H-- | C] () -- C:\Documents and Settings\anthony tramonto\r
[2011/05/14 14:34:31 | 000,014,698 | -HS- | C] () -- C:\Documents and Settings\anthony tramonto\Local Settings\Application Data\xg72t2m7865872670ook
[2011/04/11 19:45:16 | 000,286,720 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat
[2011/02/17 08:39:22 | 000,790,760 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/20 20:07:51 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\simple.dll
[2010/10/20 20:07:44 | 000,302,592 | ---- | C] () -- C:\WINDOWS\System32\pgp.dll
[2010/10/20 20:07:42 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\keydb.dll
[2010/10/20 20:07:40 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\bn.dll
[2010/10/20 20:07:24 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2010/10/20 20:07:14 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2010/07/05 10:53:38 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2010/07/05 10:51:59 | 001,054,032 | ---- | C] () -- C:\WINDOWS\System32\cfgmig32.dll
[2010/07/05 10:51:33 | 005,845,744 | ---- | C] () -- C:\WINDOWS\System32\win32cpr.dll
[2010/07/05 10:51:32 | 002,385,136 | ---- | C] () -- C:\WINDOWS\System32\winsflt_x64.dll
[2010/07/05 10:51:32 | 001,872,624 | ---- | C] () -- C:\WINDOWS\System32\winsflt.dll
[2009/10/19 16:43:44 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2009/10/18 15:07:29 | 000,000,002 | -H-- | C] () -- C:\Documents and Settings\anthony tramonto\Application Data\7zip_progress_F388460F-5771-4CFF-9146-B825F7580992.txt
[2009/10/18 15:07:27 | 000,000,002 | -H-- | C] () -- C:\Documents and Settings\anthony tramonto\Application Data\7zip_progress_35CB8672-5ED4-4605-B9B4-2894529C67C7.txt
[2008/09/19 17:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 17:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/19 17:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/19 17:54:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/25 20:59:40 | 000,000,002 | -H-- | C] () -- C:\Documents and Settings\anthony tramonto\Application Data\7zip_progress_81C45F09-D521-4EF1-8AE8-3E806C15C2E8.txt
[2008/05/25 20:59:37 | 000,000,002 | -H-- | C] () -- C:\Documents and Settings\anthony tramonto\Application Data\7zip_progress_3BAA7874-79CB-4D64-91CC-9DF3683BEF02.txt
[2008/05/12 06:57:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/08/06 11:30:46 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/07/25 23:11:09 | 000,000,066 | ---- | C] () -- C:\WINDOWS\ESPR200.ini
[2007/07/24 21:15:07 | 000,000,002 | -H-- | C] () -- C:\Documents and Settings\anthony tramonto\Application Data\7zip_progress_AA8341E6-7A1D-44AE-AE8D-876CC8252CA0.txt
[2007/07/24 21:15:07 | 000,000,002 | -H-- | C] () -- C:\Documents and Settings\anthony tramonto\Application Data\7zip_progress_83E294C9-D02C-4200-99FA-930222ADCA44.txt
[2007/07/23 21:19:24 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007/07/23 21:05:35 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/07/23 14:43:58 | 000,000,002 | -H-- | C] () -- C:\Documents and Settings\anthony tramonto\Application Data\7zip_progress_CE4486E9-7203-4AA3-82A7-060C1B881F23.txt
[2007/07/23 14:43:57 | 000,000,002 | -H-- | C] () -- C:\Documents and Settings\anthony tramonto\Application Data\7zip_progress_C185E433-0F57-4871-8467-9423BA7A874E.txt
[2007/07/23 14:43:56 | 000,000,002 | -H-- | C] () -- C:\Documents and Settings\anthony tramonto\Application Data\7zip_progress_FAB88BF9-42C7-4591-82EC-0A0C0B9BEC82.txt
[2007/07/23 14:15:19 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\anthony tramonto\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/23 14:13:08 | 000,061,678 | -H-- | C] () -- C:\Documents and Settings\anthony tramonto\Application Data\PFP120JPR.{PB
[2007/07/23 14:13:08 | 000,012,358 | -H-- | C] () -- C:\Documents and Settings\anthony tramonto\Application Data\PFP120JCM.{PB
[2007/07/23 13:41:08 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/07/23 13:24:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2007/07/22 20:51:50 | 000,000,190 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/07/22 17:17:38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/07/13 23:23:42 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/07/13 23:23:40 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/07/10 23:27:55 | 000,000,467 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/07/02 22:30:14 | 000,000,139 | -H-- | C] () -- C:\Documents and Settings\anthony tramonto\Local Settings\Application Data\fusioncache.dat
[2007/07/02 22:23:56 | 000,073,728 | -H-- | C] () -- C:\Documents and Settings\anthony tramonto\ntuser.dat.LOG
[2007/07/02 22:23:56 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\anthony tramonto\ntuser.ini
[2007/07/02 22:22:12 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2007/07/02 22:22:11 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2007/07/02 21:28:05 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2007/07/02 21:28:04 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2007/07/02 21:28:04 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2007/02/07 16:57:16 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcccoin.dll
[2007/01/26 11:11:42 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2007/01/26 11:11:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2007/01/26 11:09:58 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2007/01/26 10:59:04 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2007/01/26 10:58:30 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2007/01/26 10:57:38 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2007/01/26 10:57:18 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2007/01/26 10:53:46 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2007/01/22 06:24:50 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2005/11/18 10:52:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/18 10:26:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2005/08/05 17:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/01 15:44:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcccnv4.dll
[2004/04/09 10:06:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\EPSPTDV.DLL

========== LOP Check ==========

[2011/04/04 19:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anthony tramonto\Application Data\CallingID
[2007/07/25 23:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anthony tramonto\Application Data\Leadertech
[2009/03/29 15:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anthony tramonto\Application Data\LimeWire
[2007/07/10 23:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anthony tramonto\Application Data\MSNInstaller
[2011/04/12 06:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anthony tramonto\Application Data\PCDr
[2009/02/06 07:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anthony tramonto\Application Data\PDM
[2011/06/21 21:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anthony tramonto\Application Data\Road Runner
[2011/08/03 16:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anthony tramonto\Application Data\Simple Star
[2010/08/14 19:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anthony tramonto\Application Data\SlideRocketPlayer.62C1F915F5A6BA2BA0761B85080AA90D2A2F76E2.1
[2011/05/01 20:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anthony tramonto\Application Data\TuneUp Software
[2011/08/08 13:28:02 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job
[2011/08/21 14:16:00 | 000,000,564 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/08/21 12:25:45 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\Registry Reviver-anthony tramonto-Startup.job
[2011/08/21 14:08:00 | 000,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job
[2011/08/21 13:51:33 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D7DA1D3B-59F3-4F60-85E6-4AD1C487AFBD}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/07/02 21:22:21 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/04/14 19:02:53 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2007/07/13 22:21:09 | 000,035,393 | ---- | M] () -- C:\caavsetupLog.txt
[2011/08/19 19:22:27 | 001,082,822 | ---- | M] () -- C:\caisslog.old
[2011/08/20 06:12:00 | 000,133,095 | ---- | M] () -- C:\caisslog.txt
[2007/07/02 21:22:21 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2001/09/06 00:00:58 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\gdiplus.dll
[2007/07/02 21:22:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/12/15 21:03:38 | 000,206,249 | ---- | M] () -- C:\logfile
[2011/06/11 08:44:47 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2007/07/02 21:22:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/23 21:08:21 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/08/21 20:59:18 | 000,065,358 | ---- | M] () -- C:\OTL.Txt
[2011/08/21 11:39:09 | 000,001,407 | ---- | M] () -- C:\serf_conf.txt
[2011/08/21 12:24:19 | 000,045,172 | ---- | M] () -- C:\TDSSKiller.2.5.16.0_21.08.2011_12.22.42_log.txt
[2011/08/21 12:32:49 | 000,043,084 | ---- | M] () -- C:\TDSSKiller.2.5.16.0_21.08.2011_12.32.24_log.txt
[2006/12/05 22:52:06 | 000,000,505 | ---- | M] () -- C:\unPDVDDX.iss
[2010/08/09 17:27:15 | 000,000,086 | ---- | M] () -- C:\unPDVDDX.log
[2000/01/28 21:57:52 | 000,010,432 | ---- | M] (Microsoft Corporation) -- C:\USBAUTH.SYS


< MD5 for: AGP440.SYS >
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/23 20:57:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/10/23 20:57:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/23 20:57:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/10/23 20:57:59 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/10 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/04/26 08:23:52 | 000,250,880 | ---- | M] (Intel Corporation) MD5=1C77A81756D4777CCB0425AE8107FE96 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006/03/16 20:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys
[2006/03/16 20:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\system32\drivers\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/10 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< CREATERESTOREPOINT >

< %systemroot%\System32\config\*.sav >
[2007/07/02 14:05:43 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/07/02 14:05:43 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/07/02 14:05:43 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/03 02:55:19 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2011/06/23 14:36:29 | 011,081,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2011/06/23 14:36:30 | 001,991,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 20:12:00 | 000,274,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 20:12:02 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2011/01/21 10:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[2011/06/23 14:36:30 | 001,212,416 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\urlmon.dll

< %systemroot%\Tasks\*.job /lockedfiles >
< End of report >
  • 0

#6
Essexboy
Posted 23 August 2011 - 11:29 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

then went back through the logfile and noticed this registry entry:
DRV - [2011/08/21 12:24:15 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tsk14.tmp -- (VolSnap)

This indicates that a very old copy of TDSSKiller was run - they stopped using this method about a year ago

But as long as all is OK then I am happy as well

I feel a reinstalll of the system was best as it did look a bit of a mess, I also saw a registry cleaner there I am not a great fan of those as in the wrong hands it can lead to disaster
  • 0

#7
Essexboy
Posted 25 August 2011 - 12:52 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP