Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

2012 xp anit virus


  • Please log in to reply

#1
lashom35

lashom35

    Member

  • Member
  • PipPip
  • 55 posts
I have done as much as I can from reading various posts in regards to 2012 xp anti virus. My problem now is that I can not connect to the internet. My logs are posted below. Any help is greatly appreciated.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-19 22:29:33
-----------------------------
22:29:33.359 OS Version: Windows 5.1.2600 Service Pack 3
22:29:33.359 Number of processors: 1 586 0x4C02
22:29:33.359 ComputerName: RYAN-1067021534 UserName: Ryan LaShomb
22:29:33.671 Initialize success
22:29:33.734 AVAST engine defs: 11121102
22:29:49.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
22:29:49.046 Disk 0 Vendor: SAMSUNG_HM080II YE100-15 Size: 76319MB BusType: 3
22:29:51.046 Disk 0 MBR read successfully
22:29:51.046 Disk 0 MBR scan
22:29:51.046 Disk 0 Windows XP default MBR code
22:29:51.046 Disk 0 scanning sectors +156280320
22:29:51.203 Disk 0 scanning C:\WINDOWS\system32\drivers
22:30:05.531 Service scanning
22:30:06.703 Modules scanning
22:30:13.359 AVAST engine scan C:\WINDOWS
22:30:26.390 AVAST engine scan C:\WINDOWS\system32
22:32:34.625 AVAST engine scan C:\WINDOWS\system32\drivers
22:32:52.875 AVAST engine scan C:\Documents and Settings\Ryan LaShomb
22:34:33.468 AVAST engine scan C:\Documents and Settings\All Users
22:34:52.140 Scan finished successfully
22:37:19.281 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
22:37:19.296 The log file has been saved successfully to "E:\aswMBR.txt"


Checking file system on E:
The type of the file system is FAT.

The volume is dirty.
Volume Serial Number is C2F8-E4F2
Windows has checked the file system and found no problems.

2012971008 bytes total disk space.
4849664 bytes in 79 hidden files.
5537792 bytes in 169 folders.
1442742272 bytes in 1438 files.
559841280 bytes available on disk.

32768 bytes in each allocation unit.
61431 total allocation units on disk.
17085 allocation units available on disk.
Checking file system on F:
The type of the file system is FAT.

The volume is dirty.
Volume Serial Number is C2F8-E4F2
Windows has checked the file system and found no problems.

2012971008 bytes total disk space.
3833856 bytes in 41 hidden files.
1638400 bytes in 50 folders.
1694400512 bytes in 828 files.
313098240 bytes available on disk.

32768 bytes in each allocation unit.
61431 total allocation units on disk.
9555 allocation units available on disk.


ComboFix 11-12-19.03 - Ryan LaShomb 12/19/2011 22:03:55.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.594 [GMT -5:00]
Running from: c:\documents and settings\Ryan LaShomb\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\ulvymcyg.default\extensions\{a60093af-7dba-414f-b18c-cb84870c6c08}
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\ulvymcyg.default\extensions\{a60093af-7dba-414f-b18c-cb84870c6c08}\chrome.manifest
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\ulvymcyg.default\extensions\{a60093af-7dba-414f-b18c-cb84870c6c08}\chrome\xulcache.jar
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\ulvymcyg.default\extensions\{a60093af-7dba-414f-b18c-cb84870c6c08}\defaults\preferences\xulcache.js
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\ulvymcyg.default\extensions\{a60093af-7dba-414f-b18c-cb84870c6c08}\install.rdf
c:\documents and settings\Ryan LaShomb\Application Data\Mozilla\Firefox\Profiles\o2cs5o6u.default\extensions\{a60093af-7dba-414f-b18c-cb84870c6c08}
c:\documents and settings\Ryan LaShomb\Application Data\Mozilla\Firefox\Profiles\o2cs5o6u.default\extensions\{a60093af-7dba-414f-b18c-cb84870c6c08}\chrome.manifest
c:\documents and settings\Ryan LaShomb\Application Data\Mozilla\Firefox\Profiles\o2cs5o6u.default\extensions\{a60093af-7dba-414f-b18c-cb84870c6c08}\chrome\xulcache.jar
c:\documents and settings\Ryan LaShomb\Application Data\Mozilla\Firefox\Profiles\o2cs5o6u.default\extensions\{a60093af-7dba-414f-b18c-cb84870c6c08}\defaults\preferences\xulcache.js
c:\documents and settings\Ryan LaShomb\Application Data\Mozilla\Firefox\Profiles\o2cs5o6u.default\extensions\{a60093af-7dba-414f-b18c-cb84870c6c08}\install.rdf
c:\documents and settings\Ryan LaShomb\qsnvqksnyl.tmp
C:\install.exe
c:\windows\$NtUninstallKB21990$
c:\windows\$NtUninstallKB21990$\2103593663
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.netbt
.
.
((((((((((((((((((((((((( Files Created from 2011-11-20 to 2011-12-20 )))))))))))))))))))))))))))))))
.
.
2011-12-20 02:22 . 2011-12-20 02:22 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-01-17 395640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5-Day Forecast]
2009-07-29 20:23 876544 -c--a-w- c:\program files\5-Day Forecast\5-Day Forecast\5-day forecast.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 08:08 35696 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 18:32 203264 -c--a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-05-10 18:12 90112 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2005-12-19 16:08 1347584 -c--a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 -c--a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2006-08-23 23:14 1032192 -c--a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 22:07 141608 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
2009-07-08 06:53 472112 ----a-w- c:\program files\Pure Networks\Network Magic\nmapp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2009-07-07 18:48 647216 ----a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40 180224 -c--a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-07-27 21:19 282624 -c--a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 12:17 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-08 19:48 761947 -c--a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-01-17 21:37 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
.
R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [10/4/2009 10:16 PM 3456]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/17/2011 6:04 PM 294608]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [5/15/2011 9:07 PM 218688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/17/2011 6:04 PM 17744]
R2 NovacomD;Palm Novacom;c:\program files\Palm\SDK\bin\novacomd\x86\novacomd.exe [3/22/2010 8:50 PM 45056]
R2 Palm_TCP_Relay;Palm TCP Relay;c:\program files\Palm\PDK\tcprelay.exe [6/16/2010 12:33 PM 11776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mc308.mail.yahoo.com/mc/welcome?.gx=1&.tm=1263252270&.rand=c32rr6r7a26ek
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Ryan LaShomb\Application Data\Mozilla\Firefox\Profiles\o2cs5o6u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://us.mc308.mail.yahoo.com/mc/welcome?.gx=1&.tm=1288533407&.rand=4d1mcbm41e5f2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-DW6 - c:\progra~1\THEWEA~2\Desktop\DesktopWeather.exe
MSConfigStartUp-PC Connection Agent - c:\program files\Microsoft ActiveSync\Wcescomm.exe
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-hpqSRMon - c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
MSConfigStartUp-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-19 22:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(1452)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\TVersity\Media Server\MediaServer.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
.
**************************************************************************
.
Completion time: 2011-12-19 22:20:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-20 03:20
.
Pre-Run: 18,523,209,728 bytes free
Post-Run: 18,521,772,032 bytes free
.
- - End Of File - - 962F6B9FBF6BD0B91DEB780989510ECC

:processes
killallprocesses

:OTL
[2011/12/10 14:37:17 | 000,009,878 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\h4il76w5ag3ffl
[2011/12/10 14:37:17 | 000,009,878 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\h4il76w5ag3ffl
[2011/12/10 14:36:50 | 000,325,632 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\kaw.exe


:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Documents and Settings\Owner\Local Settings\Application Data\h4il76w5ag3ffl
C:\Documents and Settings\All Users\Application Data\h4il76w5ag3ffl
C:\Documents and Settings\Owner\Local Settings\Application Data\kaw.exe

:Commands
[RESETHOSTS]
[purity]
[Reboot]

OTL Extras logfile created on: 12/19/2011 9:31:08 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = E:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.04 Mb Total Physical Memory | 566.05 Mb Available Physical Memory | 63.31% Memory free
2.12 Gb Paging File | 1.88 Gb Available in Paging File | 88.70% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 17.35 Gb Free Space | 23.28% Space Free | Partition Type: NTFS
Drive D: | 57.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1.87 Gb Total Space | 0.00 Gb Free Space | 0.09% Space Free | Partition Type: FAT

Computer Name: RYAN-1067021534 | User Name: Ryan LaShomb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-343818398-1454471165-725345543-1004\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\TVersity\Media Server\MediaServer.exe" = C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- ()
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{661F85B9-FB7F-4884-BFCB-09C71930BA8F}" = ArcSoft MediaImpression for Kodak
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{70B236CC-347F-46C1-B926-3E711C980089}" = Palm webOS SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5377642-3171-4A0A-814A-8D433EB8CB0B}" = 5-Day Forecast
"{AC6AE077-1566-4655-BE73-38A869C150DC}" = ATI Catalyst Control Center
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3635FC5A3FE7DACCEF2123BDBDA808BA811B977B" = Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12)
"452416B030C25BAA383F3DA368FECD5D48FAE727" = Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04)
"84713BEB4A2EB4B0E2F1346FDEBFFE94DAB5225D" = Windows Driver Package - Palm (WinUSB) Palm Devices (11/30/2008 1.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Lite" = DAEMON Tools Lite
"F631A62FA5E06534A0FE3637D75AAA5B1D3E4FB7" = Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06)
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"Network MagicUninstall" = Network Magic
"PowerISO" = PowerISO
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVersity Codec Pack" = TVersity Codec Pack 1.4
"TVersity Media Server" = TVersity Media Server 1.9.3
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.00 beta 5 (32-bit)
"winusb0100" = Microsoft WinUsb 1.0
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/30/2010 6:41:23 PM | Computer Name = RYAN-1067021534 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 4/30/2010 6:41:24 PM | Computer Name = RYAN-1067021534 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 5/29/2010 9:49:35 AM | Computer Name = RYAN-1067021534 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 7/13/2010 8:21:07 PM | Computer Name = RYAN-1067021534 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/13/2010 8:21:07 PM | Computer Name = RYAN-1067021534 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/27/2010 7:22:52 AM | Computer Name = RYAN-1067021534 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 8/30/2010 10:20:22 PM | Computer Name = RYAN-1067021534 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/30/2010 10:20:22 PM | Computer Name = RYAN-1067021534 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/16/2010 8:26:07 PM | Computer Name = RYAN-1067021534 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server name or address could not be resolved

Error - 11/16/2010 8:26:08 PM | Computer Name = RYAN-1067021534 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 12/12/2011 1:14:29 AM | Computer Name = RYAN-1067021534 | Source = Service Control Manager | ID = 7023
Description = The Net Driver HPZ12 service terminated with the following error:
%%126

Error - 12/12/2011 1:14:29 AM | Computer Name = RYAN-1067021534 | Source = Service Control Manager | ID = 7023
Description = The Pml Driver HPZ12 service terminated with the following error:
%%126

Error - 12/13/2011 12:37:15 PM | Computer Name = RYAN-1067021534 | Source = Service Control Manager | ID = 7003
Description = The DHCP Client service depends on the following nonexistent service:
NetBT

Error - 12/13/2011 12:37:15 PM | Computer Name = RYAN-1067021534 | Source = Service Control Manager | ID = 7003
Description = The TCP/IP NetBIOS Helper service depends on the following nonexistent
service: NetBT

Error - 12/13/2011 12:37:15 PM | Computer Name = RYAN-1067021534 | Source = Service Control Manager | ID = 7023
Description = The Net Driver HPZ12 service terminated with the following error:
%%126

Error - 12/13/2011 12:37:15 PM | Computer Name = RYAN-1067021534 | Source = Service Control Manager | ID = 7023
Description = The Pml Driver HPZ12 service terminated with the following error:
%%126

Error - 12/19/2011 10:22:06 PM | Computer Name = RYAN-1067021534 | Source = Service Control Manager | ID = 7003
Description = The DHCP Client service depends on the following nonexistent service:
NetBT

Error - 12/19/2011 10:22:06 PM | Computer Name = RYAN-1067021534 | Source = Service Control Manager | ID = 7003
Description = The TCP/IP NetBIOS Helper service depends on the following nonexistent
service: NetBT

Error - 12/19/2011 10:22:06 PM | Computer Name = RYAN-1067021534 | Source = Service Control Manager | ID = 7023
Description = The Net Driver HPZ12 service terminated with the following error:
%%126

Error - 12/19/2011 10:22:06 PM | Computer Name = RYAN-1067021534 | Source = Service Control Manager | ID = 7023
Description = The Pml Driver HPZ12 service terminated with the following error:
%%126


< End of report >

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7622

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/19/2011 10:44:56 PM
mbam-log-2011-12-19 (22-44-56).txt

Scan type: Quick scan
Objects scanned: 167993
Time elapsed: 4 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL logfile created on: 12/19/2011 9:31:08 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = E:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.04 Mb Total Physical Memory | 566.05 Mb Available Physical Memory | 63.31% Memory free
2.12 Gb Paging File | 1.88 Gb Available in Paging File | 88.70% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 17.35 Gb Free Space | 23.28% Space Free | Partition Type: NTFS
Drive D: | 57.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1.87 Gb Total Space | 0.00 Gb Free Space | 0.09% Space Free | Partition Type: FAT

Computer Name: RYAN-1067021534 | User Name: Ryan LaShomb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/19 21:14:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\OTL.scr
PRC - [2011/01/13 03:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/11/24 15:33:26 | 000,921,600 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2010/06/16 12:33:06 | 000,011,776 | ---- | M] () -- C:\Program Files\Palm\PDK\tcprelay.exe
PRC - [2010/03/22 20:50:40 | 000,045,056 | ---- | M] (Palm) -- C:\Program Files\Palm\SDK\bin\novacomd\x86\novacomd.exe
PRC - [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/07/08 01:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/23 18:13:28 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/11 12:44:22 | 001,646,080 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11121102\algo.dll
MOD - [2011/12/07 18:32:09 | 000,241,528 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11121102\aswRep.dll
MOD - [2010/11/24 15:36:30 | 000,731,136 | ---- | M] () -- C:\Program Files\TVersity\Media Server\X11.dll
MOD - [2010/11/24 15:36:30 | 000,714,752 | ---- | M] () -- C:\Program Files\TVersity\Media Server\log4cxx.dll
MOD - [2010/11/24 15:36:30 | 000,507,888 | ---- | M] () -- C:\Program Files\TVersity\Media Server\sqlite3.dll
MOD - [2010/11/24 15:36:30 | 000,346,112 | ---- | M] () -- C:\Program Files\TVersity\Media Server\taglib.dll
MOD - [2010/11/24 15:36:30 | 000,329,728 | ---- | M] () -- C:\Program Files\TVersity\Media Server\libcurl.dll
MOD - [2010/11/24 15:36:30 | 000,311,808 | ---- | M] () -- C:\Program Files\TVersity\Media Server\libmp3lame-0.dll
MOD - [2010/11/24 15:36:30 | 000,201,232 | ---- | M] () -- C:\Program Files\TVersity\Media Server\swscale-0.dll
MOD - [2010/11/24 15:36:28 | 000,165,888 | ---- | M] () -- C:\Program Files\TVersity\Media Server\CORE_RL_lcms_.dll
MOD - [2010/11/24 15:36:22 | 004,532,240 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avcodec-52.dll
MOD - [2010/11/24 15:36:22 | 000,793,616 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avformat-52.dll
MOD - [2010/11/24 15:36:22 | 000,081,936 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avutil-50.dll
MOD - [2010/11/24 15:33:26 | 000,921,600 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
MOD - [2010/06/16 12:33:06 | 000,011,776 | ---- | M] () -- C:\Program Files\Palm\PDK\tcprelay.exe
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/11/14 13:11:32 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\mkunicode.dll
MOD - [2009/07/13 16:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/07/13 16:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2009/01/10 17:15:44 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\mmfinfo.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006/09/16 00:03:02 | 000,007,680 | ---- | M] () -- C:\Program Files\TVersity\Media Server\ImageMagickCoders\IM_MOD_RL_gray_.dll
MOD - [2005/12/19 11:08:30 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Pml Driver HPZ12)
SRV - File not found [Auto | Stopped] -- -- (Net Driver HPZ12)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/11/24 15:33:26 | 000,921,600 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/06/16 12:33:06 | 000,011,776 | ---- | M] () [Auto | Running] -- C:\Program Files\Palm\PDK\tcprelay.exe -- (Palm_TCP_Relay)
SRV - [2010/03/22 20:50:40 | 000,045,056 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm\SDK\bin\novacomd\x86\novacomd.exe -- (NovacomD)
SRV - [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2006/08/23 18:13:28 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/05/18 08:45:02 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 03:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 03:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/12 03:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/07/07 13:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 13:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2006/11/10 18:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/09/22 23:56:40 | 001,681,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/09/13 20:41:46 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
DRV - [2006/08/17 10:55:16 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/27 16:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/07/02 00:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/11/02 15:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/08/12 19:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/14 20:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3F F8 AF 01 FA 4E 56 44 81 26 79 77 F6 F3 DE 78 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3F F8 AF 01 FA 4E 56 44 81 26 79 77 F6 F3 DE 78 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3F F8 AF 01 FA 4E 56 44 81 26 79 77 F6 F3 DE 78 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3F F8 AF 01 FA 4E 56 44 81 26 79 77 F6 F3 DE 78 [binary data]

IE - HKU\S-1-5-21-343818398-1454471165-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
IE - HKU\S-1-5-21-343818398-1454471165-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mc308.mail...d=c32rr6r7a26ek
IE - HKU\S-1-5-21-343818398-1454471165-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3F F8 AF 01 FA 4E 56 44 81 26 79 77 F6 F3 DE 78 [binary data]
IE - HKU\S-1-5-21-343818398-1454471165-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-343818398-1454471165-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://us.mc308.mail...=4d1mcbm41e5f2"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {a60093af-7dba-414f-b18c-cb84870c6c08}:1.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/30 02:00:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/30 02:00:02 | 000,000,000 | ---D | M]

[2010/03/03 12:15:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ryan LaShomb\Application Data\Mozilla\Extensions
[2011/12/13 11:54:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ryan LaShomb\Application Data\Mozilla\Firefox\Profiles\o2cs5o6u.default\extensions
[2010/03/03 13:13:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ryan LaShomb\Application Data\Mozilla\Firefox\Profiles\o2cs5o6u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/02 20:39:30 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Ryan LaShomb\Application Data\Mozilla\Firefox\Profiles\o2cs5o6u.default\extensions\{a60093af-7dba-414f-b18c-cb84870c6c08}
[2011/01/17 16:38:06 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\Ryan LaShomb\Application Data\Mozilla\Firefox\Profiles\o2cs5o6u.default\searchplugins\conduit.xml
[2010/03/03 12:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/04 23:01:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-343818398-1454471165-725345543-1004\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-343818398-1454471165-725345543-1004\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKU\S-1-5-21-343818398-1454471165-725345543-1004..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-1454471165-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1A76895-1497-4C1F-BD06-7AD353474E61}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/04 21:52:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/01/27 17:42:46 | 000,000,154 | RH-- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011/12/19 21:11:34 | 000,000,016 | -H-- | M] () - E:\AUTORUN.INF -- [ FAT ]
O33 - MountPoints2\{7226b1c1-b11d-11de-b27a-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{7226b1c1-b11d-11de-b27a-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7226b1c1-b11d-11de-b27a-806d6172696f}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2011/01/27 17:36:32 | 041,015,936 | R--- | M] (Cisco Consumer Products LLC)
O33 - MountPoints2\{a077eb52-b2e9-11de-b281-0015c5c9376b}\Shell\AutoRun\command - "" = G:\syncablesUpdater.exe
O33 - MountPoints2\{a3b7ce31-f1a7-11df-b310-0015c5c9376b}\Shell\AutoRun\command - "" = slacker.synclauncher.exe
O33 - MountPoints2\{a3b7ce31-f1a7-11df-b310-0015c5c9376b}\Shell\slacker\command - "" = slacker.synclauncher.exe
O33 - MountPoints2\{bc4af435-ac39-11e0-b340-0015c5c9376b}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDEULA.exe
O33 - MountPoints2\{eb5f0e38-bb7d-11de-b28a-0015c5c9376b}\Shell\AutoRun\command - "" = nmusbcfg.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\syncablesUpdater.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-343818398-1454471165-725345543-1004\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/19 21:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan LaShomb\Desktop\RK_Quarantine
[2011/12/11 15:24:52 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\mwh.exe
[1 C:\Documents and Settings\Ryan LaShomb\*.tmp files -> C:\Documents and Settings\Ryan LaShomb\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/19 21:22:31 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/12/19 21:21:33 | 000,015,244 | -HS- | M] () -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\eyfwlj5h3mmp7jcw1bey8j228s1i
[2011/12/19 21:21:33 | 000,015,244 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\eyfwlj5h3mmp7jcw1bey8j228s1i
[2011/12/19 21:21:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/19 21:21:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/12 00:35:08 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/12 00:35:08 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/11 15:24:52 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\mwh.exe
[2011/12/07 21:17:56 | 000,067,072 | ---- | M] () -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Documents and Settings\Ryan LaShomb\*.tmp files -> C:\Documents and Settings\Ryan LaShomb\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/19 21:22:31 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/12/11 15:24:54 | 000,015,244 | -HS- | C] () -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\eyfwlj5h3mmp7jcw1bey8j228s1i
[2011/12/11 15:24:54 | 000,015,244 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\eyfwlj5h3mmp7jcw1bey8j228s1i
[2010/11/16 12:59:25 | 000,160,568 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/16 12:32:58 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dglesv2.dll
[2010/06/16 12:32:52 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dgles.dll
[2010/06/16 12:32:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\SDL_mixer.dll
[2010/06/16 12:32:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SDL_image.dll
[2010/06/16 12:32:20 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\SDL_ttf.dll
[2010/06/16 12:32:06 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\SDL_net.dll
[2010/06/16 12:31:54 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\SDL.dll
[2010/03/03 12:29:59 | 000,067,072 | ---- | C] () -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/03 12:15:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/02 19:00:00 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/03/02 19:00:00 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/03/02 19:00:00 | 000,882,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/02 19:00:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/03/02 19:00:00 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/03/02 19:00:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/03/02 19:00:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/03/02 19:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/03/02 19:00:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/03/02 19:00:00 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/03/02 19:00:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/03/02 19:00:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/03/02 19:00:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/03/02 19:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/03/02 19:00:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/03/02 19:00:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/03/02 19:00:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/03/02 18:41:02 | 000,077,352 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/02/15 14:45:02 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/12/17 11:18:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Ryan LaShomb\Application Data\$_hpcst$.hpc
[2009/11/14 13:37:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/11/14 13:33:40 | 000,357,888 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2009/11/14 13:33:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/11/14 13:11:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/11/14 13:11:42 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/11/14 13:11:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/11/14 13:11:40 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/11/14 13:11:40 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/11/14 13:11:38 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/11/14 13:11:36 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2009/11/14 13:11:36 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2009/11/14 13:11:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/11/14 13:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009/10/11 20:43:29 | 000,012,736 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/04 22:23:28 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2009/10/04 22:20:47 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/10/04 22:20:47 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/10/04 22:20:45 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/10/04 22:13:53 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\fusioncache.dat
[2009/10/04 22:08:03 | 000,133,246 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/10/04 21:55:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/04 21:48:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/04 14:40:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/04 14:38:24 | 000,264,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/11 16:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2009/08/11 15:01:32 | 000,426,496 | ---- | C] () -- C:\WINDOWS\System32\libfreetype-6.dll
[2009/08/11 15:01:32 | 000,317,952 | ---- | C] () -- C:\WINDOWS\System32\libtiff-3.dll
[2009/08/11 15:01:32 | 000,235,520 | ---- | C] () -- C:\WINDOWS\System32\smpeg.dll
[2009/08/11 15:01:32 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\libvorbis-0.dll
[2009/08/11 15:01:32 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\libpng12-0.dll
[2009/08/11 15:01:32 | 000,113,664 | ---- | C] () -- C:\WINDOWS\System32\jpeg.dll
[2009/08/11 15:01:32 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2009/08/11 15:01:32 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\libvorbisfile-3.dll
[2009/08/11 15:01:32 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\libogg-0.dll
[2009/06/07 11:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2005/03/22 13:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 13:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,444,596 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,072,306 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/04/13 13:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 04 01 03 01 00 00 01 00 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2004/08/04 05:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Attached are two zip files. Download and Save them and transfer them to the sick PC. Right click on each and select Extract All. It will create a folder of the same name. Inside the folder is a .reg file. Right click on it and MERGE. If you get an error then you will need to take ownership of the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services key and perhaps delete the NetBT and Legasy_NetBT keys if they still exist.

http://www.microsoft...n.mspx?mfr=true

Reboot and see if it works.

Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3F F8 AF 01 FA 4E 56 44 81 26 79 77 F6 F3 DE 78 [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3F F8 AF 01 FA 4E 56 44 81 26 79 77 F6 F3 DE 78 [binary data]
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3F F8 AF 01 FA 4E 56 44 81 26 79 77 F6 F3 DE 78 [binary data]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3F F8 AF 01 FA 4E 56 44 81 26 79 77 F6 F3 DE 78 [binary data]
IE - HKU\S-1-5-21-343818398-1454471165-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 3F F8 AF 01 FA 4E 56 44 81 26 79 77 F6 F3 DE 78 [binary data]
O32 - AutoRun File - [2011/12/19 21:11:34 | 000,000,016 | -H-- | M] () - E:\AUTORUN.INF -- [ FAT ]
O33 - MountPoints2\{7226b1c1-b11d-11de-b27a-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{7226b1c1-b11d-11de-b27a-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7226b1c1-b11d-11de-b27a-806d6172696f}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2011/01/27 17:36:32 | 041,015,936 | R--- | M] (Cisco Consumer Products LLC)
O33 - MountPoints2\{a077eb52-b2e9-11de-b281-0015c5c9376b}\Shell\AutoRun\command - "" = G:\syncablesUpdater.exe
O33 - MountPoints2\{a3b7ce31-f1a7-11df-b310-0015c5c9376b}\Shell\AutoRun\command - "" = slacker.synclauncher.exe
O33 - MountPoints2\{a3b7ce31-f1a7-11df-b310-0015c5c9376b}\Shell\slacker\command - "" = slacker.synclauncher.exe
O33 - MountPoints2\{bc4af435-ac39-11e0-b340-0015c5c9376b}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDEULA.exe
O33 - MountPoints2\{eb5f0e38-bb7d-11de-b28a-0015c5c9376b}\Shell\AutoRun\command - "" = nmusbcfg.exe
O37 - HKU\S-1-5-21-343818398-1454471165-725345543-1004\...exe [@ = exefile] -- Reg Error: Key error. File not found
[2011/12/11 15:24:52 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\mwh.exe
[2011/12/19 21:21:33 | 000,015,244 | -HS- | M] () -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\eyfwlj5h3mmp7jcw1bey8j228s1i
[2011/12/19 21:21:33 | 000,015,244 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\eyfwlj5h3mmp7jcw1bey8j228s1i

:files
C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\*.exe

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
  • 0

#3
lashom35

lashom35

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
========== PROCESSES ==========
All processes killed
========== OTL ==========
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-21-343818398-1454471165-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
File E:\AUTORUN.INF not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7226b1c1-b11d-11de-b27a-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7226b1c1-b11d-11de-b27a-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7226b1c1-b11d-11de-b27a-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7226b1c1-b11d-11de-b27a-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7226b1c1-b11d-11de-b27a-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7226b1c1-b11d-11de-b27a-806d6172696f}\ not found.
File move failed. D:\Setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a077eb52-b2e9-11de-b281-0015c5c9376b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a077eb52-b2e9-11de-b281-0015c5c9376b}\ not found.
File G:\syncablesUpdater.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3b7ce31-f1a7-11df-b310-0015c5c9376b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3b7ce31-f1a7-11df-b310-0015c5c9376b}\ not found.
File slacker.synclauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3b7ce31-f1a7-11df-b310-0015c5c9376b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3b7ce31-f1a7-11df-b310-0015c5c9376b}\ not found.
File slacker.synclauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc4af435-ac39-11e0-b340-0015c5c9376b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc4af435-ac39-11e0-b340-0015c5c9376b}\ not found.
File E:\wd_windows_tools\WDEULA.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb5f0e38-bb7d-11de-b28a-0015c5c9376b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb5f0e38-bb7d-11de-b28a-0015c5c9376b}\ not found.
File nmusbcfg.exe not found.
Registry key HKEY_USERS\S-1-5-21-343818398-1454471165-725345543-1004_Classes\.exe\ not found.
Registry key HKEY_USERS\S-1-5-21-343818398-1454471165-725345543-1004_Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
File C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\mwh.exe not found.
C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\eyfwlj5h3mmp7jcw1bey8j228s1i moved successfully.
C:\Documents and Settings\All Users\Application Data\eyfwlj5h3mmp7jcw1bey8j228s1i moved successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\*.exe not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 41044 bytes

User: Guest
->Flash cache emptied: 41044 bytes

User: LocalService

User: NetworkService

User: Ryan LaShomb
->Flash cache emptied: 100959 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default User

User: Guest

User: LocalService

User: NetworkService

User: Ryan LaShomb
->Java cache emptied: 12127511 bytes

Total Java Files Cleaned = 12.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12292011_130206

Files\Folders moved on Reboot...
File move failed. D:\Setup.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...


13:10:00.0734 3948 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
13:10:00.0875 3948 ============================================================
13:10:00.0875 3948 Current date / time: 2011/12/29 13:10:00.0875
13:10:00.0875 3948 SystemInfo:
13:10:00.0875 3948
13:10:00.0875 3948 OS Version: 5.1.2600 ServicePack: 3.0
13:10:00.0875 3948 Product type: Workstation
13:10:00.0875 3948 ComputerName: RYAN-1067021534
13:10:00.0875 3948 UserName: Ryan LaShomb
13:10:00.0875 3948 Windows directory: C:\WINDOWS
13:10:00.0875 3948 System windows directory: C:\WINDOWS
13:10:00.0875 3948 Processor architecture: Intel x86
13:10:00.0875 3948 Number of processors: 1
13:10:00.0875 3948 Page size: 0x1000
13:10:00.0875 3948 Boot type: Normal boot
13:10:00.0875 3948 ============================================================
13:10:03.0125 3948 Initialize success
13:10:19.0484 2908 ============================================================
13:10:19.0484 2908 Scan started
13:10:19.0484 2908 Mode: Manual;
13:10:19.0484 2908 ============================================================
13:10:20.0078 2908 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
13:10:20.0078 2908 Aavmker4 - ok
13:10:20.0093 2908 Abiosdsk - ok
13:10:20.0125 2908 abp480n5 - ok
13:10:20.0171 2908 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:10:20.0187 2908 ACPI - ok
13:10:20.0265 2908 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
13:10:20.0265 2908 ACPIEC - ok
13:10:20.0281 2908 adpu160m - ok
13:10:20.0343 2908 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:10:20.0343 2908 aec - ok
13:10:20.0406 2908 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
13:10:20.0406 2908 Afc - ok
13:10:20.0500 2908 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
13:10:20.0500 2908 AFD - ok
13:10:20.0531 2908 Aha154x - ok
13:10:20.0546 2908 aic78u2 - ok
13:10:20.0578 2908 aic78xx - ok
13:10:20.0609 2908 AliIde - ok
13:10:20.0718 2908 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
13:10:20.0718 2908 AmdK8 - ok
13:10:20.0750 2908 amsint - ok
13:10:20.0796 2908 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
13:10:20.0796 2908 APPDRV - ok
13:10:20.0828 2908 asc - ok
13:10:20.0859 2908 asc3350p - ok
13:10:20.0875 2908 asc3550 - ok
13:10:20.0937 2908 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
13:10:20.0937 2908 aswFsBlk - ok
13:10:20.0984 2908 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
13:10:21.0000 2908 aswMon2 - ok
13:10:21.0031 2908 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
13:10:21.0031 2908 aswRdr - ok
13:10:21.0062 2908 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
13:10:21.0078 2908 aswSP - ok
13:10:21.0093 2908 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
13:10:21.0093 2908 aswTdi - ok
13:10:21.0156 2908 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:10:21.0171 2908 AsyncMac - ok
13:10:21.0187 2908 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:10:21.0203 2908 atapi - ok
13:10:21.0218 2908 Atdisk - ok
13:10:21.0406 2908 ati2mtag (9e050c4e49a26ff181b70bec61ae048e) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:10:21.0437 2908 ati2mtag - ok
13:10:21.0531 2908 atiide (1842b56b3d3f195c36f62708d266b95e) C:\WINDOWS\system32\DRIVERS\atiide.sys
13:10:21.0531 2908 atiide - ok
13:10:21.0609 2908 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:10:21.0609 2908 Atmarpc - ok
13:10:21.0656 2908 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:10:21.0656 2908 audstub - ok
13:10:21.0765 2908 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
13:10:21.0781 2908 BCM43XX - ok
13:10:21.0796 2908 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
13:10:21.0812 2908 bcm4sbxp - ok
13:10:21.0843 2908 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:10:21.0859 2908 Beep - ok
13:10:21.0890 2908 catchme - ok
13:10:21.0953 2908 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:10:21.0953 2908 cbidf2k - ok
13:10:21.0984 2908 cd20xrnt - ok
13:10:22.0265 2908 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:10:22.0312 2908 Cdaudio - ok
13:10:22.0390 2908 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:10:22.0390 2908 Cdfs - ok
13:10:22.0421 2908 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:10:22.0421 2908 Cdrom - ok
13:10:22.0484 2908 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
13:10:22.0484 2908 cercsr6 - ok
13:10:22.0515 2908 Changer - ok
13:10:22.0609 2908 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:10:22.0609 2908 CmBatt - ok
13:10:22.0625 2908 CmdIde - ok
13:10:22.0656 2908 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:10:22.0656 2908 Compbatt - ok
13:10:22.0687 2908 Cpqarray - ok
13:10:22.0734 2908 dac2w2k - ok
13:10:22.0750 2908 dac960nt - ok
13:10:22.0812 2908 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:10:22.0812 2908 Disk - ok
13:10:22.0890 2908 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:10:22.0906 2908 dmboot - ok
13:10:22.0921 2908 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:10:22.0921 2908 dmio - ok
13:10:22.0968 2908 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:10:22.0968 2908 dmload - ok
13:10:23.0046 2908 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:10:23.0046 2908 DMusic - ok
13:10:23.0078 2908 dpti2o - ok
13:10:23.0109 2908 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:10:23.0109 2908 drmkaud - ok
13:10:23.0203 2908 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
13:10:23.0203 2908 dtsoftbus01 - ok
13:10:23.0265 2908 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:10:23.0265 2908 Fastfat - ok
13:10:23.0296 2908 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:10:23.0296 2908 Fdc - ok
13:10:23.0359 2908 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:10:23.0359 2908 Fips - ok
13:10:23.0421 2908 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:10:23.0421 2908 Flpydisk - ok
13:10:23.0468 2908 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:10:23.0468 2908 FltMgr - ok
13:10:23.0484 2908 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:10:23.0500 2908 Fs_Rec - ok
13:10:23.0531 2908 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:10:23.0531 2908 Ftdisk - ok
13:10:23.0625 2908 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:10:23.0625 2908 GEARAspiWDM - ok
13:10:23.0671 2908 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:10:23.0671 2908 Gpc - ok
13:10:23.0703 2908 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:10:23.0718 2908 HDAudBus - ok
13:10:23.0781 2908 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:10:23.0781 2908 HidUsb - ok
13:10:23.0796 2908 hpn - ok
13:10:23.0843 2908 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:10:23.0859 2908 HPZid412 - ok
13:10:23.0875 2908 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:10:23.0875 2908 HPZipr12 - ok
13:10:23.0921 2908 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:10:23.0921 2908 HPZius12 - ok
13:10:24.0062 2908 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
13:10:24.0093 2908 HSF_DPV - ok
13:10:24.0187 2908 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
13:10:24.0187 2908 HSXHWAZL - ok
13:10:24.0281 2908 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:10:24.0281 2908 HTTP - ok
13:10:24.0312 2908 i2omgmt - ok
13:10:24.0343 2908 i2omp - ok
13:10:24.0406 2908 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:10:24.0421 2908 i8042prt - ok
13:10:24.0468 2908 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:10:24.0468 2908 Imapi - ok
13:10:24.0500 2908 ini910u - ok
13:10:24.0531 2908 IntelIde - ok
13:10:24.0562 2908 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:10:24.0562 2908 Ip6Fw - ok
13:10:24.0687 2908 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:10:24.0687 2908 IpFilterDriver - ok
13:10:24.0734 2908 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:10:24.0734 2908 IpInIp - ok
13:10:24.0781 2908 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:10:24.0796 2908 IpNat - ok
13:10:24.0843 2908 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:10:24.0843 2908 IPSec - ok
13:10:24.0875 2908 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:10:24.0890 2908 IRENUM - ok
13:10:24.0937 2908 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:10:24.0953 2908 isapnp - ok
13:10:24.0984 2908 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:10:24.0984 2908 Kbdclass - ok
13:10:25.0062 2908 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:10:25.0062 2908 kmixer - ok
13:10:25.0140 2908 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:10:25.0140 2908 KSecDD - ok
13:10:25.0187 2908 lbrtfdc - ok
13:10:25.0281 2908 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
13:10:25.0281 2908 MBAMProtector - ok
13:10:25.0375 2908 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:10:25.0375 2908 mdmxsdk - ok
13:10:25.0468 2908 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:10:25.0468 2908 mnmdd - ok
13:10:25.0546 2908 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:10:25.0546 2908 Modem - ok
13:10:25.0640 2908 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:10:25.0640 2908 Mouclass - ok
13:10:25.0703 2908 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:10:25.0703 2908 mouhid - ok
13:10:25.0843 2908 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:10:25.0843 2908 MountMgr - ok
13:10:25.0875 2908 mraid35x - ok
13:10:25.0968 2908 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:10:25.0968 2908 MRxDAV - ok
13:10:26.0093 2908 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:10:26.0109 2908 MRxSmb - ok
13:10:26.0187 2908 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:10:26.0187 2908 Msfs - ok
13:10:26.0265 2908 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:10:26.0265 2908 MSKSSRV - ok
13:10:26.0343 2908 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:10:26.0343 2908 MSPCLOCK - ok
13:10:26.0390 2908 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:10:26.0390 2908 MSPQM - ok
13:10:26.0453 2908 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:10:26.0453 2908 mssmbios - ok
13:10:26.0500 2908 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
13:10:26.0500 2908 Mup - ok
13:10:26.0562 2908 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:10:26.0562 2908 NDIS - ok
13:10:26.0640 2908 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:10:26.0640 2908 NdisTapi - ok
13:10:26.0703 2908 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:10:26.0703 2908 Ndisuio - ok
13:10:26.0750 2908 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:10:26.0750 2908 NdisWan - ok
13:10:26.0843 2908 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:10:26.0843 2908 NDProxy - ok
13:10:26.0890 2908 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:10:26.0890 2908 NetBIOS - ok
13:10:26.0968 2908 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:10:26.0968 2908 NetBT - ok
13:10:27.0109 2908 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:10:27.0109 2908 Npfs - ok
13:10:27.0171 2908 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:10:27.0203 2908 Ntfs - ok
13:10:27.0234 2908 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:10:27.0250 2908 Null - ok
13:10:27.0312 2908 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:10:27.0328 2908 NwlnkFlt - ok
13:10:27.0343 2908 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:10:27.0343 2908 NwlnkFwd - ok
13:10:27.0421 2908 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
13:10:27.0421 2908 Parport - ok
13:10:27.0453 2908 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:10:27.0453 2908 PartMgr - ok
13:10:27.0500 2908 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:10:27.0500 2908 ParVdm - ok
13:10:27.0531 2908 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:10:27.0531 2908 PCI - ok
13:10:27.0546 2908 PCIDump - ok
13:10:27.0625 2908 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:10:27.0625 2908 PCIIde - ok
13:10:27.0671 2908 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:10:27.0671 2908 Pcmcia - ok
13:10:27.0687 2908 PDCOMP - ok
13:10:27.0718 2908 PDFRAME - ok
13:10:27.0750 2908 PDRELI - ok
13:10:27.0765 2908 PDRFRAME - ok
13:10:27.0796 2908 perc2 - ok
13:10:27.0812 2908 perc2hib - ok
13:10:27.0937 2908 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys
13:10:27.0937 2908 pnarp - ok
13:10:28.0000 2908 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:10:28.0000 2908 PptpMiniport - ok
13:10:28.0046 2908 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
13:10:28.0046 2908 Processor - ok
13:10:28.0078 2908 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:10:28.0078 2908 PSched - ok
13:10:28.0125 2908 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:10:28.0125 2908 Ptilink - ok
13:10:28.0203 2908 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys
13:10:28.0203 2908 purendis - ok
13:10:28.0234 2908 ql1080 - ok
13:10:28.0250 2908 Ql10wnt - ok
13:10:28.0281 2908 ql12160 - ok
13:10:28.0296 2908 ql1240 - ok
13:10:28.0328 2908 ql1280 - ok
13:10:28.0359 2908 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:10:28.0359 2908 RasAcd - ok
13:10:28.0406 2908 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:10:28.0406 2908 Rasl2tp - ok
13:10:28.0453 2908 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:10:28.0453 2908 RasPppoe - ok
13:10:28.0500 2908 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:10:28.0500 2908 Raspti - ok
13:10:28.0578 2908 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:10:28.0578 2908 Rdbss - ok
13:10:28.0640 2908 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:10:28.0640 2908 RDPCDD - ok
13:10:28.0703 2908 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
13:10:28.0718 2908 RDPWD - ok
13:10:28.0781 2908 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:10:28.0781 2908 redbook - ok
13:10:28.0890 2908 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
13:10:28.0890 2908 rimmptsk - ok
13:10:28.0906 2908 RimUsb - ok
13:10:28.0968 2908 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
13:10:28.0968 2908 RimVSerPort - ok
13:10:29.0015 2908 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
13:10:29.0015 2908 ROOTMODEM - ok
13:10:29.0140 2908 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys
13:10:29.0140 2908 SCDEmu - ok
13:10:29.0234 2908 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
13:10:29.0234 2908 sdbus - ok
13:10:29.0296 2908 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:10:29.0312 2908 Secdrv - ok
13:10:29.0390 2908 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
13:10:29.0390 2908 Serial - ok
13:10:29.0437 2908 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
13:10:29.0437 2908 sffdisk - ok
13:10:29.0468 2908 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
13:10:29.0468 2908 sffp_sd - ok
13:10:29.0500 2908 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:10:29.0500 2908 Sfloppy - ok
13:10:29.0546 2908 Simbad - ok
13:10:29.0578 2908 Sparrow - ok
13:10:29.0656 2908 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:10:29.0656 2908 splitter - ok
13:10:29.0687 2908 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:10:29.0703 2908 sr - ok
13:10:29.0781 2908 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
13:10:29.0796 2908 Srv - ok
13:10:29.0937 2908 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
13:10:29.0953 2908 STHDA - ok
13:10:30.0031 2908 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:10:30.0031 2908 swenum - ok
13:10:30.0062 2908 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:10:30.0078 2908 swmidi - ok
13:10:30.0093 2908 symc810 - ok
13:10:30.0109 2908 symc8xx - ok
13:10:30.0125 2908 sym_hi - ok
13:10:30.0140 2908 sym_u3 - ok
13:10:30.0218 2908 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
13:10:30.0234 2908 SynTP - ok
13:10:30.0312 2908 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:10:30.0312 2908 sysaudio - ok
13:10:30.0437 2908 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:10:30.0453 2908 Tcpip - ok
13:10:30.0531 2908 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:10:30.0531 2908 TDPIPE - ok
13:10:30.0578 2908 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:10:30.0578 2908 TDTCP - ok
13:10:30.0640 2908 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:10:30.0640 2908 TermDD - ok
13:10:30.0687 2908 TosIde - ok
13:10:30.0781 2908 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
13:10:30.0781 2908 TrueSight - ok
13:10:30.0859 2908 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:10:30.0859 2908 Udfs - ok
13:10:30.0890 2908 UIUSys - ok
13:10:30.0906 2908 ultra - ok
13:10:31.0000 2908 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:10:31.0015 2908 Update - ok
13:10:31.0062 2908 USBAAPL - ok
13:10:31.0125 2908 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:10:31.0140 2908 usbccgp - ok
13:10:31.0187 2908 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:10:31.0187 2908 usbehci - ok
13:10:31.0265 2908 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:10:31.0265 2908 usbhub - ok
13:10:31.0328 2908 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:10:31.0328 2908 usbohci - ok
13:10:31.0375 2908 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:10:31.0375 2908 usbprint - ok
13:10:31.0421 2908 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:10:31.0421 2908 usbscan - ok
13:10:31.0500 2908 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:10:31.0500 2908 USBSTOR - ok
13:10:31.0546 2908 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
13:10:31.0546 2908 usb_rndisx - ok
13:10:31.0625 2908 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:10:31.0625 2908 VgaSave - ok
13:10:31.0656 2908 ViaIde - ok
13:10:31.0750 2908 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:10:31.0750 2908 VolSnap - ok
13:10:31.0843 2908 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:10:31.0859 2908 Wanarp - ok
13:10:31.0937 2908 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
13:10:31.0953 2908 Wdf01000 - ok
13:10:31.0984 2908 WDICA - ok
13:10:32.0062 2908 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:10:32.0078 2908 wdmaud - ok
13:10:32.0203 2908 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
13:10:32.0218 2908 winachsf - ok
13:10:32.0343 2908 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
13:10:32.0343 2908 WinUSB - ok
13:10:32.0531 2908 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:10:32.0531 2908 WudfPf - ok
13:10:32.0578 2908 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:10:32.0578 2908 WudfRd - ok
13:10:32.0671 2908 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:10:32.0906 2908 \Device\Harddisk0\DR0 - ok
13:10:32.0921 2908 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
13:10:33.0984 2908 \Device\Harddisk1\DR2 - ok
13:10:33.0984 2908 Boot (0x1200) (9398f6777bbd4b7f7d3849c9b45577f7) \Device\Harddisk0\DR0\Partition0
13:10:33.0984 2908 \Device\Harddisk0\DR0\Partition0 - ok
13:10:34.0000 2908 Boot (0x1200) (1a235ead69a8e16466cb575ede14c712) \Device\Harddisk1\DR2\Partition0
13:10:34.0000 2908 \Device\Harddisk1\DR2\Partition0 - ok
13:10:34.0000 2908 ============================================================
13:10:34.0000 2908 Scan finished
13:10:34.0000 2908 ============================================================
13:10:34.0015 2876 Detected object count: 0
13:10:34.0015 2876 Actual detected object count: 0
13:11:08.0765 3832 Deinitialize success


13:13:04.0687 1824 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
13:13:04.0718 1824 ============================================================
13:13:04.0718 1824 Current date / time: 2011/12/29 13:13:04.0718
13:13:04.0718 1824 SystemInfo:
13:13:04.0718 1824
13:13:04.0718 1824 OS Version: 5.1.2600 ServicePack: 3.0
13:13:04.0718 1824 Product type: Workstation
13:13:04.0718 1824 ComputerName: RYAN-1067021534
13:13:04.0718 1824 UserName: Ryan LaShomb
13:13:04.0718 1824 Windows directory: C:\WINDOWS
13:13:04.0718 1824 System windows directory: C:\WINDOWS
13:13:04.0718 1824 Processor architecture: Intel x86
13:13:04.0718 1824 Number of processors: 1
13:13:04.0718 1824 Page size: 0x1000
13:13:04.0718 1824 Boot type: Normal boot
13:13:04.0718 1824 ============================================================
13:13:06.0890 1824 Initialize success
13:13:22.0906 4048 ============================================================
13:13:22.0906 4048 Scan started
13:13:22.0906 4048 Mode: Manual; SigCheck; TDLFS;
13:13:22.0906 4048 ============================================================
13:13:23.0515 4048 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
13:13:23.0828 4048 Aavmker4 - ok
13:13:23.0843 4048 Abiosdsk - ok
13:13:23.0859 4048 abp480n5 - ok
13:13:23.0921 4048 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:13:25.0093 4048 ACPI - ok
13:13:25.0156 4048 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
13:13:25.0296 4048 ACPIEC - ok
13:13:25.0312 4048 adpu160m - ok
13:13:25.0343 4048 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:13:25.0484 4048 aec - ok
13:13:25.0531 4048 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
13:13:25.0531 4048 Afc - ok
13:13:25.0609 4048 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
13:13:25.0640 4048 AFD - ok
13:13:25.0671 4048 Aha154x - ok
13:13:25.0687 4048 aic78u2 - ok
13:13:25.0687 4048 aic78xx - ok
13:13:25.0718 4048 AliIde - ok
13:13:25.0796 4048 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
13:13:25.0812 4048 AmdK8 - ok
13:13:25.0828 4048 amsint - ok
13:13:25.0875 4048 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
13:13:25.0906 4048 APPDRV ( UnsignedFile.Multi.Generic ) - warning
13:13:25.0906 4048 APPDRV - detected UnsignedFile.Multi.Generic (1)
13:13:25.0921 4048 asc - ok
13:13:25.0937 4048 asc3350p - ok
13:13:25.0953 4048 asc3550 - ok
13:13:26.0015 4048 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
13:13:26.0031 4048 aswFsBlk - ok
13:13:26.0078 4048 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
13:13:26.0093 4048 aswMon2 - ok
13:13:26.0109 4048 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
13:13:26.0125 4048 aswRdr - ok
13:13:26.0156 4048 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
13:13:26.0171 4048 aswSP - ok
13:13:26.0187 4048 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
13:13:26.0187 4048 aswTdi - ok
13:13:26.0250 4048 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:13:26.0390 4048 AsyncMac - ok
13:13:26.0406 4048 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:13:26.0562 4048 atapi - ok
13:13:26.0578 4048 Atdisk - ok
13:13:26.0734 4048 ati2mtag (9e050c4e49a26ff181b70bec61ae048e) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:13:26.0890 4048 ati2mtag - ok
13:13:26.0968 4048 atiide (1842b56b3d3f195c36f62708d266b95e) C:\WINDOWS\system32\DRIVERS\atiide.sys
13:13:27.0031 4048 atiide - ok
13:13:27.0062 4048 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:13:27.0218 4048 Atmarpc - ok
13:13:27.0281 4048 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:13:27.0453 4048 audstub - ok
13:13:27.0562 4048 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
13:13:27.0593 4048 BCM43XX - ok
13:13:27.0609 4048 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
13:13:27.0625 4048 bcm4sbxp - ok
13:13:27.0703 4048 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:13:27.0875 4048 Beep - ok
13:13:27.0890 4048 catchme - ok
13:13:27.0937 4048 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:13:28.0125 4048 cbidf2k - ok
13:13:28.0140 4048 cd20xrnt - ok
13:13:28.0203 4048 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:13:28.0359 4048 Cdaudio - ok
13:13:28.0421 4048 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:13:28.0562 4048 Cdfs - ok
13:13:28.0593 4048 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:13:28.0718 4048 Cdrom - ok
13:13:28.0781 4048 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
13:13:28.0812 4048 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
13:13:28.0812 4048 cercsr6 - detected UnsignedFile.Multi.Generic (1)
13:13:28.0828 4048 Changer - ok
13:13:28.0875 4048 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:13:29.0015 4048 CmBatt - ok
13:13:29.0031 4048 CmdIde - ok
13:13:29.0046 4048 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:13:29.0203 4048 Compbatt - ok
13:13:29.0234 4048 Cpqarray - ok
13:13:29.0250 4048 dac2w2k - ok
13:13:29.0265 4048 dac960nt - ok
13:13:29.0328 4048 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:13:29.0468 4048 Disk - ok
13:13:29.0546 4048 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:13:29.0703 4048 dmboot - ok
13:13:29.0718 4048 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:13:29.0859 4048 dmio - ok
13:13:29.0906 4048 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:13:30.0093 4048 dmload - ok
13:13:30.0156 4048 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:13:30.0265 4048 DMusic - ok
13:13:30.0296 4048 dpti2o - ok
13:13:30.0312 4048 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:13:30.0421 4048 drmkaud - ok
13:13:30.0484 4048 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
13:13:30.0500 4048 dtsoftbus01 - ok
13:13:30.0562 4048 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:13:30.0687 4048 Fastfat - ok
13:13:30.0734 4048 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:13:30.0859 4048 Fdc - ok
13:13:30.0906 4048 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:13:31.0078 4048 Fips - ok
13:13:31.0140 4048 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:13:31.0265 4048 Flpydisk - ok
13:13:31.0312 4048 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:13:31.0437 4048 FltMgr - ok
13:13:31.0468 4048 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:13:31.0640 4048 Fs_Rec - ok
13:13:31.0687 4048 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:13:31.0828 4048 Ftdisk - ok
13:13:31.0906 4048 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:13:31.0953 4048 GEARAspiWDM - ok
13:13:32.0000 4048 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:13:32.0125 4048 Gpc - ok
13:13:32.0187 4048 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:13:32.0312 4048 HDAudBus - ok
13:13:32.0375 4048 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:13:32.0500 4048 HidUsb - ok
13:13:32.0515 4048 hpn - ok
13:13:32.0562 4048 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:13:32.0625 4048 HPZid412 - ok
13:13:32.0640 4048 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:13:32.0671 4048 HPZipr12 - ok
13:13:32.0734 4048 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:13:32.0781 4048 HPZius12 - ok
13:13:32.0890 4048 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
13:13:32.0937 4048 HSF_DPV - ok
13:13:33.0015 4048 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
13:13:33.0031 4048 HSXHWAZL - ok
13:13:33.0109 4048 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:13:33.0125 4048 HTTP - ok
13:13:33.0156 4048 i2omgmt - ok
13:13:33.0171 4048 i2omp - ok
13:13:33.0234 4048 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:13:33.0484 4048 i8042prt - ok
13:13:33.0546 4048 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:13:33.0671 4048 Imapi - ok
13:13:33.0703 4048 ini910u - ok
13:13:33.0718 4048 IntelIde - ok
13:13:33.0765 4048 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:13:33.0890 4048 Ip6Fw - ok
13:13:33.0968 4048 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:13:34.0125 4048 IpFilterDriver - ok
13:13:34.0171 4048 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:13:34.0312 4048 IpInIp - ok
13:13:34.0359 4048 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:13:34.0500 4048 IpNat - ok
13:13:34.0531 4048 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:13:34.0671 4048 IPSec - ok
13:13:34.0718 4048 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:13:34.0859 4048 IRENUM - ok
13:13:34.0921 4048 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:13:35.0062 4048 isapnp - ok
13:13:35.0125 4048 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:13:35.0250 4048 Kbdclass - ok
13:13:35.0312 4048 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:13:35.0437 4048 kmixer - ok
13:13:35.0500 4048 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:13:35.0531 4048 KSecDD - ok
13:13:35.0546 4048 lbrtfdc - ok
13:13:35.0640 4048 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
13:13:35.0656 4048 MBAMProtector - ok
13:13:35.0718 4048 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:13:35.0750 4048 mdmxsdk - ok
13:13:35.0828 4048 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:13:35.0984 4048 mnmdd - ok
13:13:36.0031 4048 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:13:36.0171 4048 Modem - ok
13:13:36.0234 4048 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:13:36.0343 4048 Mouclass - ok
13:13:36.0406 4048 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:13:36.0578 4048 mouhid - ok
13:13:36.0640 4048 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:13:36.0765 4048 MountMgr - ok
13:13:36.0781 4048 mraid35x - ok
13:13:36.0843 4048 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:13:36.0984 4048 MRxDAV - ok
13:13:37.0078 4048 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:13:37.0125 4048 MRxSmb - ok
13:13:37.0187 4048 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:13:37.0328 4048 Msfs - ok
13:13:37.0390 4048 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:13:37.0515 4048 MSKSSRV - ok
13:13:37.0578 4048 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:13:37.0687 4048 MSPCLOCK - ok
13:13:37.0718 4048 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:13:37.0859 4048 MSPQM - ok
13:13:37.0921 4048 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:13:38.0031 4048 mssmbios - ok
13:13:38.0062 4048 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
13:13:38.0203 4048 Mup - ok
13:13:38.0234 4048 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:13:38.0390 4048 NDIS - ok
13:13:38.0437 4048 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:13:38.0562 4048 NdisTapi - ok
13:13:38.0640 4048 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:13:38.0812 4048 Ndisuio - ok
13:13:38.0843 4048 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:13:38.0968 4048 NdisWan - ok
13:13:39.0062 4048 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:13:39.0093 4048 NDProxy - ok
13:13:39.0125 4048 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:13:39.0250 4048 NetBIOS - ok
13:13:39.0312 4048 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:13:39.0421 4048 NetBT - ok
13:13:39.0515 4048 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:13:39.0640 4048 Npfs - ok
13:13:39.0718 4048 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:13:39.0890 4048 Ntfs - ok
13:13:39.0921 4048 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:13:40.0093 4048 Null - ok
13:13:40.0125 4048 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:13:40.0281 4048 NwlnkFlt - ok
13:13:40.0296 4048 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:13:40.0437 4048 NwlnkFwd - ok
13:13:40.0500 4048 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
13:13:40.0609 4048 Parport - ok
13:13:40.0625 4048 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:13:40.0734 4048 PartMgr - ok
13:13:40.0781 4048 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:13:40.0921 4048 ParVdm - ok
13:13:40.0968 4048 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:13:41.0093 4048 PCI - ok
13:13:41.0109 4048 PCIDump - ok
13:13:41.0187 4048 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:13:41.0343 4048 PCIIde - ok
13:13:41.0375 4048 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:13:41.0515 4048 Pcmcia - ok
13:13:41.0531 4048 PDCOMP - ok
13:13:41.0546 4048 PDFRAME - ok
13:13:41.0562 4048 PDRELI - ok
13:13:41.0578 4048 PDRFRAME - ok
13:13:41.0593 4048 perc2 - ok
13:13:41.0609 4048 perc2hib - ok
13:13:41.0718 4048 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys
13:13:41.0718 4048 pnarp - ok
13:13:41.0781 4048 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:13:41.0921 4048 PptpMiniport - ok
13:13:41.0953 4048 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
13:13:42.0140 4048 Processor - ok
13:13:42.0156 4048 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:13:42.0296 4048 PSched - ok
13:13:42.0328 4048 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:13:42.0468 4048 Ptilink - ok
13:13:42.0546 4048 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys
13:13:42.0562 4048 purendis - ok
13:13:42.0562 4048 ql1080 - ok
13:13:42.0578 4048 Ql10wnt - ok
13:13:42.0593 4048 ql12160 - ok
13:13:42.0609 4048 ql1240 - ok
13:13:42.0625 4048 ql1280 - ok
13:13:42.0656 4048 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:13:42.0812 4048 RasAcd - ok
13:13:42.0859 4048 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:13:42.0968 4048 Rasl2tp - ok
13:13:43.0000 4048 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:13:43.0140 4048 RasPppoe - ok
13:13:43.0187 4048 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:13:43.0343 4048 Raspti - ok
13:13:43.0421 4048 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:13:43.0531 4048 Rdbss - ok
13:13:43.0546 4048 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:13:43.0687 4048 RDPCDD - ok
13:13:43.0734 4048 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
13:13:43.0859 4048 RDPWD - ok
13:13:43.0906 4048 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:13:44.0031 4048 redbook - ok
13:13:44.0125 4048 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
13:13:44.0140 4048 rimmptsk - ok
13:13:44.0156 4048 RimUsb - ok
13:13:44.0203 4048 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
13:13:44.0203 4048 RimVSerPort - ok
13:13:44.0250 4048 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
13:13:44.0421 4048 ROOTMODEM - ok
13:13:44.0515 4048 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys
13:13:44.0531 4048 SCDEmu ( UnsignedFile.Multi.Generic ) - warning
13:13:44.0531 4048 SCDEmu - detected UnsignedFile.Multi.Generic (1)
13:13:44.0593 4048 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
13:13:44.0734 4048 sdbus - ok
13:13:44.0812 4048 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:13:44.0953 4048 Secdrv - ok
13:13:45.0031 4048 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
13:13:45.0140 4048 Serial - ok
13:13:45.0203 4048 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
13:13:45.0328 4048 sffdisk - ok
13:13:45.0343 4048 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
13:13:45.0453 4048 sffp_sd - ok
13:13:45.0484 4048 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:13:45.0593 4048 Sfloppy - ok
13:13:45.0609 4048 Simbad - ok
13:13:45.0640 4048 Sparrow - ok
13:13:45.0687 4048 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:13:45.0796 4048 splitter - ok
13:13:45.0859 4048 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:13:45.0968 4048 sr - ok
13:13:46.0062 4048 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
13:13:46.0109 4048 Srv - ok
13:13:46.0250 4048 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
13:13:46.0375 4048 STHDA - ok
13:13:46.0453 4048 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:13:46.0578 4048 swenum - ok
13:13:46.0625 4048 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:13:46.0734 4048 swmidi - ok
13:13:46.0765 4048 symc810 - ok
13:13:46.0781 4048 symc8xx - ok
13:13:46.0796 4048 sym_hi - ok
13:13:46.0812 4048 sym_u3 - ok
13:13:46.0875 4048 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
13:13:46.0890 4048 SynTP - ok
13:13:46.0968 4048 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:13:47.0093 4048 sysaudio - ok
13:13:47.0218 4048 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:13:47.0312 4048 Tcpip - ok
13:13:47.0375 4048 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:13:47.0515 4048 TDPIPE - ok
13:13:47.0546 4048 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:13:47.0687 4048 TDTCP - ok
13:13:47.0765 4048 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:13:47.0906 4048 TermDD - ok
13:13:47.0921 4048 TosIde - ok
13:13:47.0984 4048 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
13:13:48.0015 4048 TrueSight ( UnsignedFile.Multi.Generic ) - warning
13:13:48.0015 4048 TrueSight - detected UnsignedFile.Multi.Generic (1)
13:13:48.0093 4048 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:13:48.0234 4048 Udfs - ok
13:13:48.0250 4048 UIUSys - ok
13:13:48.0265 4048 ultra - ok
13:13:48.0343 4048 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:13:48.0468 4048 Update - ok
13:13:48.0500 4048 USBAAPL - ok
13:13:48.0562 4048 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:13:48.0703 4048 usbccgp - ok
13:13:48.0750 4048 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:13:48.0875 4048 usbehci - ok
13:13:48.0953 4048 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:13:49.0078 4048 usbhub - ok
13:13:49.0140 4048 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:13:49.0265 4048 usbohci - ok
13:13:49.0312 4048 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:13:49.0453 4048 usbprint - ok
13:13:49.0484 4048 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:13:49.0656 4048 usbscan - ok
13:13:49.0718 4048 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:13:49.0843 4048 USBSTOR - ok
13:13:49.0875 4048 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
13:13:50.0015 4048 usb_rndisx - ok
13:13:50.0078 4048 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:13:50.0203 4048 VgaSave - ok
13:13:50.0218 4048 ViaIde - ok
13:13:50.0281 4048 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:13:50.0406 4048 VolSnap - ok
13:13:50.0484 4048 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:13:50.0609 4048 Wanarp - ok
13:13:50.0687 4048 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
13:13:50.0718 4048 Wdf01000 - ok
13:13:50.0734 4048 WDICA - ok
13:13:50.0812 4048 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:13:50.0937 4048 wdmaud - ok
13:13:51.0046 4048 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
13:13:51.0125 4048 winachsf - ok
13:13:51.0218 4048 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
13:13:51.0218 4048 WinUSB - ok
13:13:51.0312 4048 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:13:51.0328 4048 WudfPf - ok
13:13:51.0375 4048 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:13:51.0406 4048 WudfRd - ok
13:13:51.0468 4048 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:13:52.0828 4048 \Device\Harddisk0\DR0 - ok
13:13:52.0843 4048 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
13:13:53.0968 4048 \Device\Harddisk1\DR2 - ok
13:13:54.0046 4048 Boot (0x1200) (9398f6777bbd4b7f7d3849c9b45577f7) \Device\Harddisk0\DR0\Partition0
13:13:54.0062 4048 \Device\Harddisk0\DR0\Partition0 - ok
13:13:54.0062 4048 Boot (0x1200) (1a235ead69a8e16466cb575ede14c712) \Device\Harddisk1\DR2\Partition0
13:13:54.0062 4048 \Device\Harddisk1\DR2\Partition0 - ok
13:13:54.0062 4048 ============================================================
13:13:54.0062 4048 Scan finished
13:13:54.0062 4048 ============================================================
13:13:54.0171 4036 Detected object count: 4
13:13:54.0171 4036 Actual detected object count: 4
13:14:16.0406 4036 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
13:14:16.0406 4036 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:14:16.0406 4036 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
13:14:16.0406 4036 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:14:16.0406 4036 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user
13:14:16.0406 4036 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:14:16.0406 4036 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
13:14:16.0406 4036 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Are you back on line now?

Run OTL, Quickscan and post the log.

If Avast seems to be updating OK:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

I think on XP systems the log file can be found in text form in C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\boot.txt. If you can find it please copy and paste it.
  • 0

#5
lashom35

lashom35

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I can't seem to find the boot log. I'm not sure where it's hiding. Everything else is running great. All your help is greatly appreciated. If you have any other ideas on where the boot log would be i can try to find it. Thanks again.
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
I think there was a mistake in my last post. Believe it may be named aswBoot but don't worry about it.

Do a final OTL, Quickscan and also check for damage by clearing the event logs, rebooting and run VEW:

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot. The disk check will run and will probably take an hour or more to finish.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.
  • 0

#7
lashom35

lashom35

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
My apologies I have been out of town for work. The virus is back. I tried to repeat the process but I can not run RogueKiller. I ran OTL and the log reads as follows:

OTL logfile created on: 1/10/2012 11:03:37 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = E:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.04 Mb Total Physical Memory | 686.61 Mb Available Physical Memory | 76.80% Memory free
2.12 Gb Paging File | 2.04 Gb Available in Paging File | 96.37% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 28.03 Gb Free Space | 37.62% Space Free | Partition Type: NTFS
Drive D: | 57.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1.87 Gb Total Space | 0.15 Gb Free Space | 8.26% Space Free | Partition Type: FAT

Computer Name: RYAN-1067021534 | User Name: Ryan LaShomb | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/10 10:16:27 | 000,346,624 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\fmr.exe
PRC - [2011/12/19 21:14:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\OTL.scr
PRC - [2008/04/13 19:12:08 | 001,058,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/01/23 23:50:42 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/11/14 13:11:32 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\mkunicode.dll
MOD - [2009/01/10 17:15:44 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\mmfinfo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Pml Driver HPZ12)
SRV - File not found [Auto | Stopped] -- -- (Net Driver HPZ12)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/11/24 15:33:26 | 000,921,600 | ---- | M] () [Auto | Stopped] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/06/16 12:33:06 | 000,011,776 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Palm\PDK\tcprelay.exe -- (Palm_TCP_Relay)
SRV - [2010/03/22 20:50:40 | 000,045,056 | ---- | M] (Palm) [Auto | Stopped] -- C:\Program Files\Palm\SDK\bin\novacomd\x86\novacomd.exe -- (NovacomD)
SRV - [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2006/08/23 18:13:28 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 12:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/18 08:45:02 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/04/12 03:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/07/07 13:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 13:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2006/11/10 18:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/09/22 23:56:40 | 001,681,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/09/13 20:41:46 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
DRV - [2006/08/17 10:55:16 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/27 16:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/07/02 00:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/11/02 15:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/08/12 19:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/14 20:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mc308.mail...d=c32rr6r7a26ek
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://us.mc308.mail...=4d1mcbm41e5f2"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/12/31 10:31:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/01 15:51:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/01 15:51:39 | 000,000,000 | ---D | M]

[2010/03/03 12:15:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ryan LaShomb\Application Data\Mozilla\Extensions
[2012/01/09 22:17:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ryan LaShomb\Application Data\Mozilla\Firefox\Profiles\o2cs5o6u.default\extensions
[2010/03/03 13:13:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ryan LaShomb\Application Data\Mozilla\Firefox\Profiles\o2cs5o6u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/17 16:38:06 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\Ryan LaShomb\Application Data\Mozilla\Firefox\Profiles\o2cs5o6u.default\searchplugins\conduit.xml
[2010/03/03 12:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/04 23:01:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2012/01/10 08:41:58 | 000,000,884 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 94.63.240.131 www.google.com
O1 - Hosts: 94.63.240.132 www.bing.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [dplaysvr] C:\Documents and Settings\Ryan LaShomb\Application Data\dplaysvr.exe ()
O4 - HKLM..\Run: [kUPiPllRoCFj.exe] C:\Documents and Settings\All Users\Application Data\kUPiPllRoCFj.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKCU..\Run: [dplaysvr] C:\Documents and Settings\Ryan LaShomb\Application Data\dplaysvr.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [winupd] C:\DOCUME~1\RYANLA~1\LOCALS~1\Temp:winupd.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1A76895-1497-4C1F-BD06-7AD353474E61}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/04 21:52:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/01/27 17:42:46 | 000,000,154 | RH-- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011/12/19 21:11:34 | 000,000,016 | -H-- | M] () - E:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = b3n] -- "C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\fmr.exe" -a "%1" %* (?????????? ??????????)

========== Files/Folders - Created Within 30 Days ==========

[2012/01/10 10:16:27 | 000,346,624 | ---- | C] (Корпорация Майкрософт) -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\fmr.exe
[2012/01/08 21:33:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan LaShomb\Application Data\TeamViewer
[2012/01/08 21:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 7
[2012/01/08 21:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012/01/08 00:38:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\DivX
[2012/01/03 20:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan LaShomb\Application Data\HandBrake
[2012/01/03 20:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\HandBrake
[2012/01/03 20:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2012/01/03 20:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan LaShomb\Start Menu\Programs\Handbrake
[2011/12/31 10:31:10 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/12/29 20:26:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/19 23:00:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/19 21:54:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/19 21:54:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/19 21:54:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/19 21:54:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/19 21:54:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/19 21:51:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/19 21:51:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ryan LaShomb\Start Menu\Programs\Administrative Tools
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/10 11:09:07 | 000,013,694 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\hru3fo2ia18802o4j683i2
[2012/01/10 11:09:06 | 000,013,694 | -HS- | M] () -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\hru3fo2ia18802o4j683i2
[2012/01/10 10:39:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/10 10:26:03 | 000,000,835 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies
[2012/01/10 10:21:37 | 000,000,058 | -HS- | M] () -- C:\WINDOWS\System32\User.ini
[2012/01/10 10:19:29 | 000,075,776 | RHS- | M] () -- C:\WINDOWS\System32\cftmon.exe
[2012/01/10 10:16:27 | 000,346,624 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\fmr.exe
[2012/01/10 10:15:46 | 000,447,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\kUPiPllRoCFj.exe
[2012/01/10 08:42:04 | 000,101,376 | -HS- | M] () -- C:\Documents and Settings\Ryan LaShomb\Application Data\dplaysvr.exe
[2012/01/10 08:42:02 | 000,062,976 | -HS- | M] () -- C:\Documents and Settings\Ryan LaShomb\Application Data\dplayx.dll
[2012/01/10 08:41:58 | 000,000,884 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/01/09 23:03:25 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/08 21:33:13 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 7.lnk
[2012/01/08 21:11:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/03 20:54:01 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Ryan LaShomb\Desktop\Handbrake.lnk
[2011/12/31 10:31:10 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/12/26 13:43:31 | 000,000,321 | -HS- | M] () -- C:\boot.ini
[2011/12/19 22:39:48 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/19 21:22:31 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/12/19 21:13:18 | 000,771,072 | ---- | M] () -- C:\Documents and Settings\Ryan LaShomb\Desktop\RogueKiller.exe
[2011/12/12 00:35:08 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/12 00:35:08 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/10 11:01:18 | 000,771,072 | ---- | C] () -- C:\Documents and Settings\Ryan LaShomb\Desktop\RogueKiller.exe
[2012/01/10 10:21:37 | 000,000,058 | -HS- | C] () -- C:\WINDOWS\System32\User.ini
[2012/01/10 10:20:37 | 000,075,776 | RHS- | C] () -- C:\WINDOWS\System32\cftmon.exe
[2012/01/10 10:19:26 | 000,062,976 | -HS- | C] () -- C:\Documents and Settings\Ryan LaShomb\Application Data\dplayx.dll
[2012/01/10 10:19:24 | 000,101,376 | -HS- | C] () -- C:\Documents and Settings\Ryan LaShomb\Application Data\dplaysvr.exe
[2012/01/10 10:19:11 | 000,447,024 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kUPiPllRoCFj.exe
[2012/01/10 10:17:59 | 000,013,694 | -HS- | C] () -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\hru3fo2ia18802o4j683i2
[2012/01/10 10:17:59 | 000,013,694 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hru3fo2ia18802o4j683i2
[2012/01/09 10:50:12 | 000,000,835 | ---- | C] () -- C:\WINDOWS\System32\tversity.cookies
[2012/01/08 21:33:13 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 7.lnk
[2012/01/03 20:54:01 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Ryan LaShomb\Desktop\Handbrake.lnk
[2011/12/19 22:39:48 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/19 21:54:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/19 21:54:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/19 21:54:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/19 21:54:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/19 21:54:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/19 21:22:31 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2010/11/16 12:59:25 | 000,160,568 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/16 12:32:58 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dglesv2.dll
[2010/06/16 12:32:52 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dgles.dll
[2010/06/16 12:32:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\SDL_mixer.dll
[2010/06/16 12:32:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SDL_image.dll
[2010/06/16 12:32:20 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\SDL_ttf.dll
[2010/06/16 12:32:06 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\SDL_net.dll
[2010/06/16 12:31:54 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\SDL.dll
[2010/03/03 12:29:59 | 000,077,824 | ---- | C] () -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/03 12:15:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/02 19:00:00 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/03/02 19:00:00 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/03/02 19:00:00 | 000,882,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/02 19:00:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/03/02 19:00:00 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/03/02 19:00:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/03/02 19:00:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/03/02 19:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/03/02 19:00:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/03/02 19:00:00 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/03/02 19:00:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/03/02 19:00:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/03/02 19:00:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/03/02 19:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/03/02 19:00:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/03/02 19:00:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/03/02 19:00:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/03/02 18:41:02 | 000,077,352 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/02/15 14:45:02 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/12/17 11:18:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Ryan LaShomb\Application Data\$_hpcst$.hpc
[2009/11/14 13:37:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/11/14 13:33:40 | 000,357,888 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2009/11/14 13:33:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/11/14 13:11:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/11/14 13:11:42 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/11/14 13:11:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/11/14 13:11:40 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/11/14 13:11:40 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/11/14 13:11:38 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/11/14 13:11:36 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2009/11/14 13:11:36 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2009/11/14 13:11:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/11/14 13:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009/10/11 20:43:29 | 000,012,736 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/04 22:23:28 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2009/10/04 22:20:47 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/10/04 22:20:47 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/10/04 22:20:45 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/10/04 22:13:53 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\fusioncache.dat
[2009/10/04 22:08:03 | 000,133,246 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/10/04 21:55:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/04 21:48:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/04 14:40:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/04 14:38:24 | 000,264,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/11 16:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2009/08/11 15:01:32 | 000,426,496 | ---- | C] () -- C:\WINDOWS\System32\libfreetype-6.dll
[2009/08/11 15:01:32 | 000,317,952 | ---- | C] () -- C:\WINDOWS\System32\libtiff-3.dll
[2009/08/11 15:01:32 | 000,235,520 | ---- | C] () -- C:\WINDOWS\System32\smpeg.dll
[2009/08/11 15:01:32 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\libvorbis-0.dll
[2009/08/11 15:01:32 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\libpng12-0.dll
[2009/08/11 15:01:32 | 000,113,664 | ---- | C] () -- C:\WINDOWS\System32\jpeg.dll
[2009/08/11 15:01:32 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2009/08/11 15:01:32 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\libvorbisfile-3.dll
[2009/08/11 15:01:32 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\libogg-0.dll
[2009/06/07 11:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2005/03/22 13:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 13:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 001,033,728 | ---- | C] () -- C:\WINDOWS\expl.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\winl.dat
[2004/08/04 05:00:00 | 000,444,596 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,072,306 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\svch.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >
  • 0

#8
lashom35

lashom35

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I am able to run exe files and I will do as much as I can and post all the logs by this evening. I'm not sure where I am making myself susceptible to this virus.
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [dplaysvr] C:\Documents and Settings\Ryan LaShomb\Application Data\dplaysvr.exe ()
O4 - HKLM..\Run: [kUPiPllRoCFj.exe] C:\Documents and Settings\All Users\Application Data\kUPiPllRoCFj.exe ()
O4 - HKCU..\Run: [dplaysvr] C:\Documents and Settings\Ryan LaShomb\Application Data\dplaysvr.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [winupd] C:\DOCUME~1\RYANLA~1\LOCALS~1\Temp:winupd.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 File not found
O37 - HKCU\...exe [@ = b3n] -- "C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\fmr.exe" -a "%1" %* (?????????? ??????????)
[2012/01/10 10:16:27 | 000,346,624 | ---- | C] (Корпорация Майкрософт) -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\fmr.exe
[2012/01/10 11:09:07 | 000,013,694 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\hru3fo2ia18802o4j683i2
[2012/01/10 11:09:06 | 000,013,694 | -HS- | M] () -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\hru3fo2ia18802o4j683i2
[2012/01/10 11:09:07 | 000,013,694 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\hru3fo2ia18802o4j683i2
[2012/01/10 11:09:06 | 000,013,694 | -HS- | M] () -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\hru3fo2ia18802o4j683i2
[2012/01/10 10:39:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/10 10:26:03 | 000,000,835 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies
[2012/01/10 10:21:37 | 000,000,058 | -HS- | M] () -- C:\WINDOWS\System32\User.ini
[2012/01/10 10:19:29 | 000,075,776 | RHS- | M] () -- C:\WINDOWS\System32\cftmon.exe
[2012/01/10 10:16:27 | 000,346,624 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\fmr.exe
[2012/01/10 10:15:46 | 000,447,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\kUPiPllRoCFj.exe
[2012/01/10 08:42:04 | 000,101,376 | -HS- | M] () -- C:\Documents and Settings\Ryan LaShomb\Application Data\dplaysvr.exe
[2012/01/10 08:42:02 | 000,062,976 | -HS- | M] () -- C:\Documents and Settings\Ryan LaShomb\Application Data\dplayx.dll

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Documents and Settings\Ryan LaShomb\Application Data\*.exe
C:\Documents and Settings\Ryan LaShomb\Application Data\*.dll
     
:Commands
[EMPTYFLASH]
{EMPTYJAVA]
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.


Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml


We need to clean up System Restore. Follow Jim's procedure here:
http://aumha.net/vie...581099691bf108f


Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#10
lashom35

lashom35

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
when i go to run fix through OTL i get a blue screen :

STOP:c000021a (Fatal System Error)
The windows logon process system process terminated unexpectedly with a status of 0x00000001 (0x00000000 0x00000000).
The system has been shut down.
  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
OK try this version:

Copy the text in the code box by highlighting and Ctrl + c

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [dplaysvr] C:\Documents and Settings\Ryan LaShomb\Application Data\dplaysvr.exe ()
O4 - HKLM..\Run: [kUPiPllRoCFj.exe] C:\Documents and Settings\All Users\Application Data\kUPiPllRoCFj.exe ()
O4 - HKCU..\Run: [dplaysvr] C:\Documents and Settings\Ryan LaShomb\Application Data\dplaysvr.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [winupd] C:\DOCUME~1\RYANLA~1\LOCALS~1\Temp:winupd.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 File not found
O37 - HKCU\...exe [@ = b3n] -- "C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\fmr.exe" -a "%1" %* (?????????? ??????????)
[2012/01/10 10:16:27 | 000,346,624 | ---- | C] (Корпорация Майкрософт) -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\fmr.exe
[2012/01/10 11:09:07 | 000,013,694 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\hru3fo2ia18802o4j683i2
[2012/01/10 11:09:06 | 000,013,694 | -HS- | M] () -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\hru3fo2ia18802o4j683i2
[2012/01/10 11:09:07 | 000,013,694 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\hru3fo2ia18802o4j683i2
[2012/01/10 11:09:06 | 000,013,694 | -HS- | M] () -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\hru3fo2ia18802o4j683i2
[2012/01/10 10:39:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/10 10:26:03 | 000,000,835 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies
[2012/01/10 10:21:37 | 000,000,058 | -HS- | M] () -- C:\WINDOWS\System32\User.ini
[2012/01/10 10:19:29 | 000,075,776 | RHS- | M] () -- C:\WINDOWS\System32\cftmon.exe
[2012/01/10 10:16:27 | 000,346,624 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\fmr.exe
[2012/01/10 10:15:46 | 000,447,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\kUPiPllRoCFj.exe
[2012/01/10 08:42:04 | 000,101,376 | -HS- | M] () -- C:\Documents and Settings\Ryan LaShomb\Application Data\dplaysvr.exe
[2012/01/10 08:42:02 | 000,062,976 | -HS- | M] () -- C:\Documents and Settings\Ryan LaShomb\Application Data\dplayx.dll

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Documents and Settings\Ryan LaShomb\Application Data\*.exe
C:\Documents and Settings\Ryan LaShomb\Application Data\*.dll
     
:Commands
[EMPTYFLASH]
{EMPTYJAVA]
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

See if you can get this one to run. If so then continue with the other steps.
  • 0

#12
lashom35

lashom35

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
OTL logfile created on: 1/16/2012 3:22:00 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ryan LaShomb\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.04 Mb Total Physical Memory | 306.43 Mb Available Physical Memory | 34.27% Memory free
2.12 Gb Paging File | 1.57 Gb Available in Paging File | 73.99% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 27.90 Gb Free Space | 37.43% Space Free | Partition Type: NTFS
Drive D: | 57.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1.87 Gb Total Space | 0.16 Gb Free Space | 8.78% Space Free | Partition Type: FAT

Computer Name: RYAN-1067021534 | User Name: Ryan LaShomb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/19 21:14:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan LaShomb\Desktop\OTL.scr
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/01/17 16:37:26 | 000,395,640 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/11/24 15:33:26 | 000,921,600 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2010/06/16 12:33:06 | 000,011,776 | ---- | M] () -- C:\Program Files\Palm\PDK\tcprelay.exe
PRC - [2010/03/22 20:50:40 | 000,045,056 | ---- | M] (Palm) -- C:\Program Files\Palm\SDK\bin\novacomd\x86\novacomd.exe
PRC - [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/07/08 01:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/13 19:12:08 | 001,058,816 | ---- | M] () -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 19:12:08 | 000,545,280 | ---- | M] () -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008/04/13 19:12:08 | 000,039,936 | ---- | M] () -- C:\WINDOWS\system32\svchost.exe
PRC - [2008/04/13 19:12:08 | 000,039,936 | ---- | M] () -- C:\WINDOWS\system32\svchost.exe
PRC - [2008/04/13 19:12:08 | 000,039,936 | ---- | M] () -- C:\WINDOWS\system32\svchost.exe
PRC - [2008/04/13 19:12:08 | 000,039,936 | ---- | M] () -- C:\WINDOWS\system32\svchost.exe
PRC - [2008/04/13 19:12:08 | 000,039,936 | ---- | M] () -- C:\WINDOWS\system32\svchost.exe
PRC - [2006/08/23 18:13:28 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/16 04:05:04 | 001,678,336 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12011600\algo.dll
MOD - [2010/11/24 15:36:30 | 000,731,136 | ---- | M] () -- C:\Program Files\TVersity\Media Server\X11.dll
MOD - [2010/11/24 15:36:30 | 000,714,752 | ---- | M] () -- C:\Program Files\TVersity\Media Server\log4cxx.dll
MOD - [2010/11/24 15:36:30 | 000,507,888 | ---- | M] () -- C:\Program Files\TVersity\Media Server\sqlite3.dll
MOD - [2010/11/24 15:36:30 | 000,346,112 | ---- | M] () -- C:\Program Files\TVersity\Media Server\taglib.dll
MOD - [2010/11/24 15:36:30 | 000,329,728 | ---- | M] () -- C:\Program Files\TVersity\Media Server\libcurl.dll
MOD - [2010/11/24 15:36:30 | 000,311,808 | ---- | M] () -- C:\Program Files\TVersity\Media Server\libmp3lame-0.dll
MOD - [2010/11/24 15:36:30 | 000,201,232 | ---- | M] () -- C:\Program Files\TVersity\Media Server\swscale-0.dll
MOD - [2010/11/24 15:36:28 | 000,165,888 | ---- | M] () -- C:\Program Files\TVersity\Media Server\CORE_RL_lcms_.dll
MOD - [2010/11/24 15:36:22 | 004,532,240 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avcodec-52.dll
MOD - [2010/11/24 15:36:22 | 000,793,616 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avformat-52.dll
MOD - [2010/11/24 15:36:22 | 000,081,936 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avutil-50.dll
MOD - [2010/11/24 15:33:26 | 000,921,600 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
MOD - [2010/06/16 12:33:06 | 000,011,776 | ---- | M] () -- C:\Program Files\Palm\PDK\tcprelay.exe
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/11/14 13:11:32 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\mkunicode.dll
MOD - [2009/07/13 16:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/07/13 16:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2009/01/10 17:15:44 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\mmfinfo.dll
MOD - [2008/04/13 19:12:08 | 001,058,816 | ---- | M] () -- C:\WINDOWS\explorer.exe
MOD - [2008/04/13 19:12:08 | 000,545,280 | ---- | M] () -- C:\WINDOWS\system32\winlogon.exe
MOD - [2008/04/13 19:12:08 | 000,039,936 | ---- | M] () -- C:\WINDOWS\system32\svchost.exe
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006/09/16 00:03:02 | 000,007,680 | ---- | M] () -- C:\Program Files\TVersity\Media Server\ImageMagickCoders\IM_MOD_RL_gray_.dll
MOD - [2005/12/19 11:08:30 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Pml Driver HPZ12)
SRV - File not found [Auto | Stopped] -- -- (Net Driver HPZ12)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/11/24 15:33:26 | 000,921,600 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/06/16 12:33:06 | 000,011,776 | ---- | M] () [Auto | Running] -- C:\Program Files\Palm\PDK\tcprelay.exe -- (Palm_TCP_Relay)
SRV - [2010/03/22 20:50:40 | 000,045,056 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm\SDK\bin\novacomd\x86\novacomd.exe -- (NovacomD)
SRV - [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2006/08/23 18:13:28 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 12:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/18 08:45:02 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/04/12 03:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/07/07 13:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 13:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2006/11/10 18:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/09/22 23:56:40 | 001,681,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/09/13 20:41:46 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
DRV - [2006/08/17 10:55:16 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/27 16:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/07/02 00:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/11/02 15:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/08/12 19:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/14 20:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mc308.mail...d=c32rr6r7a26ek
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://us.mc308.mail...=4d1mcbm41e5f2"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:6.0.1367
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/12/31 10:31:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/01 15:51:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/01 15:51:39 | 000,000,000 | ---D | M]

[2010/03/03 12:15:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ryan LaShomb\Application Data\Mozilla\Extensions
[2012/01/16 12:36:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ryan LaShomb\Application Data\Mozilla\Firefox\Profiles\o2cs5o6u.default\extensions
[2010/03/03 13:13:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ryan LaShomb\Application Data\Mozilla\Firefox\Profiles\o2cs5o6u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/17 16:38:06 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\Ryan LaShomb\Application Data\Mozilla\Firefox\Profiles\o2cs5o6u.default\searchplugins\conduit.xml
[2010/03/03 12:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/31 10:31:07 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2009/10/04 23:01:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2012/01/10 08:41:58 | 000,000,884 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 94.63.240.131 www.google.com
O1 - Hosts: 94.63.240.132 www.bing.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1A76895-1497-4C1F-BD06-7AD353474E61}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/04 21:52:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/01/27 17:42:46 | 000,000,154 | RH-- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011/12/19 21:11:34 | 000,000,016 | -H-- | M] () - E:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 12:42:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ryan LaShomb\Desktop\OTL.scr
[2012/01/10 11:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan LaShomb\Desktop\RK_Quarantine
[2012/01/10 11:21:51 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ryan LaShomb\Desktop\tdsskiller.exe
[2012/01/08 21:33:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan LaShomb\Application Data\TeamViewer
[2012/01/08 21:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 7
[2012/01/08 21:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012/01/08 00:38:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\DivX
[2012/01/03 20:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan LaShomb\Application Data\HandBrake
[2012/01/03 20:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\HandBrake
[2012/01/03 20:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2012/01/03 20:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan LaShomb\Start Menu\Programs\Handbrake
[2011/12/31 10:31:10 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/12/29 20:26:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/19 23:00:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/19 21:54:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/19 21:54:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/19 21:54:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/19 21:54:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/19 21:54:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/19 21:51:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/19 21:51:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ryan LaShomb\Start Menu\Programs\Administrative Tools
[6 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/16 15:04:54 | 000,000,835 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies
[2012/01/16 15:04:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/16 13:07:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ryan LaShomb\Desktop\cmd.bat
[2012/01/16 12:56:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/16 12:30:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/10 11:47:00 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/10 11:39:09 | 000,013,698 | -HS- | M] () -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\hru3fo2ia18802o4j683i2
[2012/01/10 11:39:09 | 000,013,698 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\hru3fo2ia18802o4j683i2
[2012/01/10 11:37:55 | 000,000,275 | ---- | M] () -- C:\Documents and Settings\Ryan LaShomb\Desktop\Shortcut to ComboFix.lnk
[2012/01/10 10:21:37 | 000,000,058 | -HS- | M] () -- C:\WINDOWS\System32\User.ini
[2012/01/10 08:41:58 | 000,000,884 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/01/09 23:03:25 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/08 21:33:13 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 7.lnk
[2012/01/03 20:54:01 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Ryan LaShomb\Desktop\Handbrake.lnk
[2011/12/31 10:31:10 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/12/26 13:43:31 | 000,000,321 | -HS- | M] () -- C:\boot.ini
[2011/12/19 22:39:48 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/19 21:56:02 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ryan LaShomb\Desktop\tdsskiller.exe
[2011/12/19 21:14:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan LaShomb\Desktop\OTL.scr
[6 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/16 13:07:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ryan LaShomb\Desktop\cmd.bat
[2012/01/16 12:56:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/10 11:37:55 | 000,000,275 | ---- | C] () -- C:\Documents and Settings\Ryan LaShomb\Desktop\Shortcut to ComboFix.lnk
[2012/01/10 10:21:37 | 000,000,058 | -HS- | C] () -- C:\WINDOWS\System32\User.ini
[2012/01/10 10:17:59 | 000,013,698 | -HS- | C] () -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\hru3fo2ia18802o4j683i2
[2012/01/10 10:17:59 | 000,013,698 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\hru3fo2ia18802o4j683i2
[2012/01/09 10:50:12 | 000,000,835 | ---- | C] () -- C:\WINDOWS\System32\tversity.cookies
[2012/01/08 21:33:13 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 7.lnk
[2012/01/03 20:54:01 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Ryan LaShomb\Desktop\Handbrake.lnk
[2011/12/19 22:39:48 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/19 21:54:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/19 21:54:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/19 21:54:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/19 21:54:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/19 21:54:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/19 21:22:31 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2010/11/16 12:59:25 | 000,160,568 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/16 12:32:58 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dglesv2.dll
[2010/06/16 12:32:52 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dgles.dll
[2010/06/16 12:32:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\SDL_mixer.dll
[2010/06/16 12:32:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SDL_image.dll
[2010/06/16 12:32:20 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\SDL_ttf.dll
[2010/06/16 12:32:06 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\SDL_net.dll
[2010/06/16 12:31:54 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\SDL.dll
[2010/03/03 12:29:59 | 000,077,824 | ---- | C] () -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/03 12:15:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/02 19:00:00 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/03/02 19:00:00 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/03/02 19:00:00 | 000,882,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/02 19:00:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/03/02 19:00:00 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/03/02 19:00:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/03/02 19:00:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/03/02 19:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/03/02 19:00:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/03/02 19:00:00 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/03/02 19:00:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/03/02 19:00:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/03/02 19:00:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/03/02 19:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/03/02 19:00:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/03/02 19:00:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/03/02 19:00:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/03/02 18:41:02 | 000,077,352 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/02/15 14:45:02 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/12/17 11:18:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Ryan LaShomb\Application Data\$_hpcst$.hpc
[2009/11/14 13:37:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/11/14 13:33:40 | 000,357,888 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2009/11/14 13:33:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/11/14 13:11:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/11/14 13:11:42 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/11/14 13:11:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/11/14 13:11:40 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/11/14 13:11:40 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/11/14 13:11:38 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/11/14 13:11:36 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2009/11/14 13:11:36 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2009/11/14 13:11:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/11/14 13:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009/10/11 20:43:29 | 000,012,736 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/04 22:23:28 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2009/10/04 22:20:47 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/10/04 22:20:47 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/10/04 22:20:45 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/10/04 22:13:53 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\fusioncache.dat
[2009/10/04 22:08:03 | 000,133,246 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/10/04 21:55:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/04 21:48:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/04 14:40:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/04 14:38:24 | 000,264,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/11 16:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2009/08/11 15:01:32 | 000,426,496 | ---- | C] () -- C:\WINDOWS\System32\libfreetype-6.dll
[2009/08/11 15:01:32 | 000,317,952 | ---- | C] () -- C:\WINDOWS\System32\libtiff-3.dll
[2009/08/11 15:01:32 | 000,235,520 | ---- | C] () -- C:\WINDOWS\System32\smpeg.dll
[2009/08/11 15:01:32 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\libvorbis-0.dll
[2009/08/11 15:01:32 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\libpng12-0.dll
[2009/08/11 15:01:32 | 000,113,664 | ---- | C] () -- C:\WINDOWS\System32\jpeg.dll
[2009/08/11 15:01:32 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2009/08/11 15:01:32 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\libvorbisfile-3.dll
[2009/08/11 15:01:32 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\libogg-0.dll
[2009/06/07 11:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2005/03/22 13:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 13:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 001,058,816 | ---- | C] () -- C:\WINDOWS\explorer.exe
[2004/08/04 05:00:00 | 001,033,728 | ---- | C] () -- C:\WINDOWS\expl.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,545,280 | ---- | C] () -- C:\WINDOWS\System32\winlogon.exe
[2004/08/04 05:00:00 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\winl.dat
[2004/08/04 05:00:00 | 000,444,596 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,072,306 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\svchost.exe
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\svch.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========


< :processes >

< killallprocesses >

< >

< :OTL >

< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = >

< O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. >

< O4 - HKLM..\Run: [dplaysvr] C:\Documents and Settings\Ryan LaShomb\Application Data\dplaysvr.exe () >

< O4 - HKLM..\Run: [kUPiPllRoCFj.exe] C:\Documents and Settings\All Users\Application Data\kUPiPllRoCFj.exe () >

< O4 - HKCU..\Run: [dplaysvr] C:\Documents and Settings\Ryan LaShomb\Application Data\dplaysvr.exe () >

< O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) >

< O4 - HKCU..\Run: [winupd] C:\DOCUME~1\RYANLA~1\LOCALS~1\Temp:winupd.exe File not found >

< O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present >

< O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present >

< O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 File not found >
Invalid Switch: 3000 File not found


< O37 - HKCU\...exe [@ = b3n] -- "C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\fmr.exe" -a "%1" %* (?????????? ??????????) >

< [2012/01/10 10:16:27 | 000,346,624 | ---- | C] (?????????? ??????????) -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\fmr.exe >
Invalid Switch: 10 10:16:27 | 000,346,624 | ---- | C] (?????????? ??????????) -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\fmr.exe


< [2012/01/10 11:09:07 | 000,013,694 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\hru3fo2ia18802o4j683i2 >
Invalid Switch: 10 11:09:07 | 000,013,694 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\hru3fo2ia18802o4j683i2


< [2012/01/10 11:09:06 | 000,013,694 | -HS- | M] () -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\hru3fo2ia18802o4j683i2 >
Invalid Switch: 10 11:09:06 | 000,013,694 | -HS- | M] () -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\hru3fo2ia18802o4j683i2


< [2012/01/10 11:09:07 | 000,013,694 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\hru3fo2ia18802o4j683i2 >
Invalid Switch: 10 11:09:07 | 000,013,694 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\hru3fo2ia18802o4j683i2


< [2012/01/10 11:09:06 | 000,013,694 | -HS- | M] () -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\hru3fo2ia18802o4j683i2 >
Invalid Switch: 10 11:09:06 | 000,013,694 | -HS- | M] () -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\hru3fo2ia18802o4j683i2


< [2012/01/10 10:39:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat >
Invalid Switch: 10 10:39:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat


< [2012/01/10 10:26:03 | 000,000,835 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies >
Invalid Switch: 10 10:26:03 | 000,000,835 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies


< [2012/01/10 10:21:37 | 000,000,058 | -HS- | M] () -- C:\WINDOWS\System32\User.ini >
Invalid Switch: 10 10:21:37 | 000,000,058 | -HS- | M] () -- C:\WINDOWS\System32\User.ini


< [2012/01/10 10:19:29 | 000,075,776 | RHS- | M] () -- C:\WINDOWS\System32\cftmon.exe >
Invalid Switch: 10 10:19:29 | 000,075,776 | RHS- | M] () -- C:\WINDOWS\System32\cftmon.exe


< [2012/01/10 10:16:27 | 000,346,624 | ---- | M] (?????????? ??????????) -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\fmr.exe >
Invalid Switch: 10 10:16:27 | 000,346,624 | ---- | M] (?????????? ??????????) -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\fmr.exe


< [2012/01/10 10:15:46 | 000,447,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\kUPiPllRoCFj.exe >
Invalid Switch: 10 10:15:46 | 000,447,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\kUPiPllRoCFj.exe


< [2012/01/10 08:42:04 | 000,101,376 | -HS- | M] () -- C:\Documents and Settings\Ryan LaShomb\Application Data\dplaysvr.exe >
Invalid Switch: 10 08:42:04 | 000,101,376 | -HS- | M] () -- C:\Documents and Settings\Ryan LaShomb\Application Data\dplaysvr.exe


< [2012/01/10 08:42:02 | 000,062,976 | -HS- | M] () -- C:\Documents and Settings\Ryan LaShomb\Application Data\dplayx.dll >
Invalid Switch: 10 08:42:02 | 000,062,976 | -HS- | M] () -- C:\Documents and Settings\Ryan LaShomb\Application Data\dplayx.dll


< >

< :files >

< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied

< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied

< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied

< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied

< C:\Documents and Settings\Ryan LaShomb\Application Data\*.exe >

< C:\Documents and Settings\Ryan LaShomb\Application Data\*.dll >

< >

< :Commands >

< [EMPTYFLASH] >

< {EMPTYJAVA] >

< [RESETHOSTS] >

< [purity] >

< [Reboot] >

< End of report >

OTL logfile created on: 1/16/2012 8:48:54 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ryan LaShomb\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.04 Mb Total Physical Memory | 429.14 Mb Available Physical Memory | 48.00% Memory free
2.12 Gb Paging File | 1.77 Gb Available in Paging File | 83.61% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 27.63 Gb Free Space | 37.07% Space Free | Partition Type: NTFS
Drive D: | 57.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1.87 Gb Total Space | 0.16 Gb Free Space | 8.78% Space Free | Partition Type: FAT

Computer Name: RYAN-1067021534 | User Name: Ryan LaShomb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/19 21:14:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan LaShomb\Desktop\OTL.scr
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/11/24 15:33:26 | 000,921,600 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2010/06/16 12:33:06 | 000,011,776 | ---- | M] () -- C:\Program Files\Palm\PDK\tcprelay.exe
PRC - [2010/03/22 20:50:40 | 000,045,056 | ---- | M] (Palm) -- C:\Program Files\Palm\SDK\bin\novacomd\x86\novacomd.exe
PRC - [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/07/08 01:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/13 19:12:08 | 001,058,816 | ---- | M] () -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 19:12:08 | 000,545,280 | ---- | M] () -- C:\WINDOWS\System32\winlogon.exe
PRC - [2008/04/13 19:12:08 | 000,039,936 | ---- | M] () -- C:\WINDOWS\System32\svchost.exe
PRC - [2008/04/13 19:12:08 | 000,039,936 | ---- | M] () -- C:\WINDOWS\System32\svchost.exe
PRC - [2008/04/13 19:12:08 | 000,039,936 | ---- | M] () -- C:\WINDOWS\System32\svchost.exe
PRC - [2008/04/13 19:12:08 | 000,039,936 | ---- | M] () -- C:\WINDOWS\System32\svchost.exe
PRC - [2006/08/23 18:13:28 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/16 16:05:59 | 001,678,848 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12011601\algo.dll
MOD - [2010/11/24 15:36:30 | 000,731,136 | ---- | M] () -- C:\Program Files\TVersity\Media Server\X11.dll
MOD - [2010/11/24 15:36:30 | 000,714,752 | ---- | M] () -- C:\Program Files\TVersity\Media Server\log4cxx.dll
MOD - [2010/11/24 15:36:30 | 000,507,888 | ---- | M] () -- C:\Program Files\TVersity\Media Server\sqlite3.dll
MOD - [2010/11/24 15:36:30 | 000,346,112 | ---- | M] () -- C:\Program Files\TVersity\Media Server\taglib.dll
MOD - [2010/11/24 15:36:30 | 000,329,728 | ---- | M] () -- C:\Program Files\TVersity\Media Server\libcurl.dll
MOD - [2010/11/24 15:36:30 | 000,311,808 | ---- | M] () -- C:\Program Files\TVersity\Media Server\libmp3lame-0.dll
MOD - [2010/11/24 15:36:30 | 000,201,232 | ---- | M] () -- C:\Program Files\TVersity\Media Server\swscale-0.dll
MOD - [2010/11/24 15:36:28 | 000,165,888 | ---- | M] () -- C:\Program Files\TVersity\Media Server\CORE_RL_lcms_.dll
MOD - [2010/11/24 15:36:22 | 004,532,240 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avcodec-52.dll
MOD - [2010/11/24 15:36:22 | 000,793,616 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avformat-52.dll
MOD - [2010/11/24 15:36:22 | 000,081,936 | ---- | M] () -- C:\Program Files\TVersity\Media Server\avutil-50.dll
MOD - [2010/11/24 15:33:26 | 000,921,600 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
MOD - [2010/06/16 12:33:06 | 000,011,776 | ---- | M] () -- C:\Program Files\Palm\PDK\tcprelay.exe
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/07/13 16:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/07/13 16:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2008/04/13 19:12:08 | 000,545,280 | ---- | M] () -- C:\WINDOWS\System32\winlogon.exe
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006/09/16 00:03:02 | 000,028,672 | ---- | M] () -- C:\Program Files\TVersity\Media Server\ImageMagickCoders\IM_MOD_RL_jpeg_.dll
MOD - [2006/09/16 00:03:02 | 000,007,680 | ---- | M] () -- C:\Program Files\TVersity\Media Server\ImageMagickCoders\IM_MOD_RL_gray_.dll
MOD - [2005/12/19 11:08:30 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Pml Driver HPZ12)
SRV - File not found [Auto | Stopped] -- -- (Net Driver HPZ12)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/11/24 15:33:26 | 000,921,600 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/06/16 12:33:06 | 000,011,776 | ---- | M] () [Auto | Running] -- C:\Program Files\Palm\PDK\tcprelay.exe -- (Palm_TCP_Relay)
SRV - [2010/03/22 20:50:40 | 000,045,056 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm\SDK\bin\novacomd\x86\novacomd.exe -- (NovacomD)
SRV - [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2006/08/23 18:13:28 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 12:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/18 08:45:02 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/04/12 03:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/07/07 13:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 13:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2006/11/10 18:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/09/22 23:56:40 | 001,681,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/09/13 20:41:46 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
DRV - [2006/08/17 10:55:16 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/27 16:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/07/02 00:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/11/02 15:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/08/12 19:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/14 20:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mc308.mail...d=c32rr6r7a26ek
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://us.mc308.mail...=4d1mcbm41e5f2"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:6.0.1367
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/12/31 10:31:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/01 15:51:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/01 15:51:39 | 000,000,000 | ---D | M]

[2010/03/03 12:15:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ryan LaShomb\Application Data\Mozilla\Extensions
[2012/01/16 12:36:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ryan LaShomb\Application Data\Mozilla\Firefox\Profiles\o2cs5o6u.default\extensions
[2010/03/03 13:13:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ryan LaShomb\Application Data\Mozilla\Firefox\Profiles\o2cs5o6u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/17 16:38:06 | 000,000,863 | ---- | M] () -- C:\Documents and Settings\Ryan LaShomb\Application Data\Mozilla\Firefox\Profiles\o2cs5o6u.default\searchplugins\conduit.xml
[2010/03/03 12:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/31 10:31:07 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2009/10/04 23:01:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2012/01/16 20:43:34 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1A76895-1497-4C1F-BD06-7AD353474E61}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/04 21:52:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/01/27 17:42:46 | 000,000,154 | RH-- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011/12/19 21:11:34 | 000,000,016 | -H-- | M] () - E:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 12:42:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ryan LaShomb\Desktop\OTL.scr
[2012/01/10 11:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan LaShomb\Desktop\RK_Quarantine
[2012/01/10 11:21:51 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ryan LaShomb\Desktop\tdsskiller.exe
[2012/01/08 21:33:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan LaShomb\Application Data\TeamViewer
[2012/01/08 21:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 7
[2012/01/08 21:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012/01/08 00:38:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\DivX
[2012/01/03 20:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan LaShomb\Application Data\HandBrake
[2012/01/03 20:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\HandBrake
[2012/01/03 20:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2012/01/03 20:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan LaShomb\Start Menu\Programs\Handbrake
[2011/12/31 10:31:10 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/12/29 20:26:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/19 23:00:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/19 21:54:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/19 21:54:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/19 21:54:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/19 21:54:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/19 21:54:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/19 21:51:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/19 21:51:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ryan LaShomb\Start Menu\Programs\Administrative Tools
[7 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/16 21:00:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/16 20:43:34 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/01/16 12:30:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/10 11:47:00 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/01/10 11:37:55 | 000,000,275 | ---- | M] () -- C:\Documents and Settings\Ryan LaShomb\Desktop\Shortcut to ComboFix.lnk
[2012/01/09 23:03:25 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/08 21:33:13 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 7.lnk
[2012/01/03 20:54:01 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Ryan LaShomb\Desktop\Handbrake.lnk
[2011/12/31 10:31:10 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/12/26 13:43:31 | 000,000,321 | -HS- | M] () -- C:\boot.ini
[2011/12/19 22:39:48 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/19 21:56:02 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ryan LaShomb\Desktop\tdsskiller.exe
[2011/12/19 21:14:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan LaShomb\Desktop\OTL.scr
[10 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/16 12:56:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/10 11:37:55 | 000,000,275 | ---- | C] () -- C:\Documents and Settings\Ryan LaShomb\Desktop\Shortcut to ComboFix.lnk
[2012/01/08 21:33:13 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 7.lnk
[2012/01/03 20:54:01 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Ryan LaShomb\Desktop\Handbrake.lnk
[2011/12/19 22:39:48 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/19 21:54:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/19 21:54:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/19 21:54:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/19 21:54:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/19 21:54:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/19 21:22:31 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2010/11/16 12:59:25 | 000,160,568 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/16 12:32:58 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dglesv2.dll
[2010/06/16 12:32:52 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dgles.dll
[2010/06/16 12:32:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\SDL_mixer.dll
[2010/06/16 12:32:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SDL_image.dll
[2010/06/16 12:32:20 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\SDL_ttf.dll
[2010/06/16 12:32:06 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\SDL_net.dll
[2010/06/16 12:31:54 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\SDL.dll
[2010/03/03 12:29:59 | 000,077,824 | ---- | C] () -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/03 12:15:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/02 19:00:00 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/03/02 19:00:00 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/03/02 19:00:00 | 000,882,688 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/03/02 19:00:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/03/02 19:00:00 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/03/02 19:00:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/03/02 19:00:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/03/02 19:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/03/02 19:00:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/03/02 19:00:00 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/03/02 19:00:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/03/02 19:00:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/03/02 19:00:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/03/02 19:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/03/02 19:00:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/03/02 19:00:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/03/02 19:00:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/03/02 18:41:02 | 000,077,352 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/02/15 14:45:02 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/12/17 11:18:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Ryan LaShomb\Application Data\$_hpcst$.hpc
[2009/11/14 13:37:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/11/14 13:33:40 | 000,357,888 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2009/11/14 13:33:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/11/14 13:11:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/11/14 13:11:42 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/11/14 13:11:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/11/14 13:11:40 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/11/14 13:11:40 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/11/14 13:11:38 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/11/14 13:11:36 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2009/11/14 13:11:36 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2009/11/14 13:11:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/11/14 13:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009/10/11 20:43:29 | 000,012,736 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/04 22:23:28 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2009/10/04 22:20:47 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/10/04 22:20:47 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/10/04 22:20:45 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/10/04 22:13:53 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Ryan LaShomb\Local Settings\Application Data\fusioncache.dat
[2009/10/04 22:08:03 | 000,133,246 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/10/04 21:48:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/04 14:40:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/04 14:38:24 | 000,264,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/11 16:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2009/08/11 15:01:32 | 000,426,496 | ---- | C] () -- C:\WINDOWS\System32\libfreetype-6.dll
[2009/08/11 15:01:32 | 000,317,952 | ---- | C] () -- C:\WINDOWS\System32\libtiff-3.dll
[2009/08/11 15:01:32 | 000,235,520 | ---- | C] () -- C:\WINDOWS\System32\smpeg.dll
[2009/08/11 15:01:32 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\libvorbis-0.dll
[2009/08/11 15:01:32 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\libpng12-0.dll
[2009/08/11 15:01:32 | 000,113,664 | ---- | C] () -- C:\WINDOWS\System32\jpeg.dll
[2009/08/11 15:01:32 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2009/08/11 15:01:32 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\libvorbisfile-3.dll
[2009/08/11 15:01:32 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\libogg-0.dll
[2009/06/07 11:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2005/03/22 13:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 13:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 001,058,816 | ---- | C] () -- C:\WINDOWS\explorer.exe
[2004/08/04 05:00:00 | 001,033,728 | ---- | C] () -- C:\WINDOWS\expl.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,545,280 | ---- | C] () -- C:\WINDOWS\System32\winlogon.exe
[2004/08/04 05:00:00 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\winl.dat
[2004/08/04 05:00:00 | 000,444,596 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,072,306 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\svchost.exe
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\svch.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >

Vino's Event Viewer v01c run on Windows XP in English
Report run at 16/01/2012 9:35:48 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/01/2012 9:34:01 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The HTTP SSL service failed to start due to the following error: Access is denied.

Log: 'System' Date/Time: 16/01/2012 9:34:01 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The HTTP SSL service failed to start due to the following error: Access is denied.

Log: 'System' Date/Time: 16/01/2012 9:33:43 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Image Acquisition (WIA) service failed to start due to the following error: Access is denied.

Log: 'System' Date/Time: 16/01/2012 9:33:41 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%5" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Log: 'System' Date/Time: 16/01/2012 9:33:32 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Image Acquisition (WIA) service failed to start due to the following error: Access is denied.

Log: 'System' Date/Time: 16/01/2012 9:33:32 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Pml Driver HPZ12 service failed to start due to the following error: Access is denied.

Log: 'System' Date/Time: 16/01/2012 9:33:32 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Net Driver HPZ12 service failed to start due to the following error: Access is denied.

Log: 'System' Date/Time: 16/01/2012 9:33:32 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The WebClient service failed to start due to the following error: Access is denied.

Log: 'System' Date/Time: 16/01/2012 9:32:27 PM
Type: error Category: 0
Event: 1 Source: sr
The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'r8' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vino's Event Viewer v01c run on Windows XP in English
Report run at 16/01/2012 9:36:53 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Download SubInACL.exe

http://www.microsoft...&displaylang=en

By default it installs the tool in C:\Program Files\Windows Resource Kits\Tools\

Please allow it to do so.


Download and Save the attached file, reset.zip, right click on it and Extract All and copy the reset.cmd file to C:\Program Files\Windows Resource Kits\Tools\.
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:


cd  \Program Files\Windows Resource Kits\Tools

reset.cmd


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply

Ron
  • 0

#14
lashom35

lashom35

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 17/01/2012 10:39:45 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/01/2012 10:39:12 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The HTTP SSL service failed to start due to the following error: Access is denied.

Log: 'System' Date/Time: 17/01/2012 10:39:11 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The HTTP SSL service failed to start due to the following error: Access is denied.

Log: 'System' Date/Time: 17/01/2012 10:38:45 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Image Acquisition (WIA) service failed to start due to the following error: Access is denied.

Log: 'System' Date/Time: 17/01/2012 10:38:45 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Pml Driver HPZ12 service failed to start due to the following error: Access is denied.

Log: 'System' Date/Time: 17/01/2012 10:38:45 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Net Driver HPZ12 service failed to start due to the following error: Access is denied.

Log: 'System' Date/Time: 17/01/2012 10:38:45 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The WebClient service failed to start due to the following error: Access is denied.

Log: 'System' Date/Time: 17/01/2012 10:36:06 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The HTTP SSL service failed to start due to the following error: Access is denied.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

The Windows Image Acquisition (WIA) service failed to start due to the following error: Access is denied.

The WebClient service failed to start due to the following error: Access is denied.

The HTTP SSL service failed to start due to the following error: Access is denied.


Start, Run, services.msc , OK then find each service and right click on it and select Properties. Verify that the Startup Type is either Manual or Automatic. (IF not change it to Automatic then Apply.) Try and START the service. Does it tell you Access Denied? Click on the Logon Tab. What is it using? (This Account: Local Service with a password of *'s ? )
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP