Win32.downloader.gen- Help Please

**Snurd** · 2013-09-11, 22:43

Hi Robybel,

I've included the OTL.txt file below. The Extras.Txt is in the next post.

Best,

Keith

OTL.txt

OTL logfile created on: 9/11/2013 3:23:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Keith Simmons\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.84 Mb Total Physical Memory | 550.26 Mb Available Physical Memory | 54.27% Memory free
2.38 Gb Paging File | 1.88 Gb Available in Paging File | 78.86% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 109.20 Gb Free Space | 75.66% Space Free | Partition Type: NTFS
Drive D: | 6.27 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: D1Q0QCC1 | User Name: Keith Simmons | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Keith Simmons\My Documents\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Microsoft Works\WkDStore.exe (Microsoft® Corporation)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Alwil Software\Avast5\defs\13091100\algo.dll ()
MOD - C:\Program Files\Alwil Software\Avast5\defs\13091000\algo.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\system32\_pdfxp.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
MOD - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll ()
MOD - C:\WINDOWS\system32\Dels3LMK.DLL ()
MOD - C:\WINDOWS\system32\pdfmonnt.dll ()

========== Services (SafeList) ==========

SRV - (SymAppCore) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe File not found
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (motport) -- system32\DRIVERS\motport.sys File not found
DRV - (motmodem) -- system32\DRIVERS\motmodem.sys File not found
DRV - (motccgpfl) -- system32\DRIVERS\motccgpfl.sys File not found
DRV - (motccgp) -- system32\DRIVERS\motccgp.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\KEITHS~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (bvrp_pci) -- File not found
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Inspect) -- C:\WINDOWS\system32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (SIUSBXP) -- C:\WINDOWS\system32\drivers\SiUSBXp.sys (Silicon Laboratories)
DRV - (tffsport) -- C:\WINDOWS\system32\drivers\tffsport.sys (M-Systems)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (FiltUSBET) -- C:\WINDOWS\system32\drivers\etFilter.sys (eMPIA Technology Inc.)
DRV - (ScanUSBET) -- C:\WINDOWS\system32\drivers\etScan.sys (eMPIA Technology, Inc.)
DRV - (DCamUSBET) -- C:\WINDOWS\system32\drivers\etDevice.sys (eMPIA Technology, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6070111
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&...us&ibd=6070111
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com?fr=fp-comodo
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 84 FD B5 2D 5A CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\..\SearchScopes\{BEA62368-C50A-453E-A94B-84DC9D8027FA}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DMUS
IE - HKCU\..\SearchScopes\{F91E27C5-D445-456F-8C38-F80EA76D3F7D}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Keith Simmons\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Keith Simmons\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Keith Simmons\Application Data\Move Networks [2010/01/19 17:29:07 | 000,000,000 | ---D | M]

[2013/08/02 23:16:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Keith Simmons\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://us.yahoo.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Keith Simmons\Application Data\Move Networks\plugins\npqmp071705000014.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Keith Simmons\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Keith Simmons\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Keith Simmons\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Keith Simmons\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Gmail = C:\Documents and Settings\Keith Simmons\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/09/08 13:03:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A93A3CC9-BA23-4D0D-9440-6A0148362B7E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\Keith Simmons\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetect...etection32.cab (Device Detection)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87A4AD3F-113A-4EA7-8351-9EB8BFD5832D}: DhcpNameServer = 192.168.254.254
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/KEITHS~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 () - file:///C:/DOCUME~1/KEITHS~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif
O24 - Desktop Components:2 () - file:///C:/DOCUME~1/KEITHS~1/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
O24 - Desktop Components:3 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Keith Simmons\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Keith Simmons\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/09/10 08:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/09/10 08:47:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\KYBO1KQ3FR4HU7CA
[2013/09/09 17:52:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\96INTLKJIOU0Y4SR
[2013/09/09 00:33:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/09/08 13:41:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\BQFZ5OTZCPONMEW2
[2013/09/08 12:35:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/09/08 12:31:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/09/08 12:31:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/09/08 12:31:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/09/08 12:31:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/09/08 12:31:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/07 11:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keith Simmons\Desktop\RK_Quarantine
[2013/09/07 11:30:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/09/04 12:46:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2013/09/04 12:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2013/09/04 12:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/09/04 11:31:30 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/04 00:13:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keith Simmons\Application Data\PC VITALWARE
[2013/09/04 00:13:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC VITALWARE
[2013/09/03 23:19:55 | 001,898,112 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Keith Simmons\Desktop\rkill.com
[2013/09/03 14:43:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Keith Simmons\Recent
[2013/09/02 09:31:44 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/08/30 11:20:57 | 000,028,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll
[2013/08/30 11:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2013/08/30 11:19:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[38 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/11 15:29:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/11 15:23:42 | 000,051,208 | ---- | M] () -- C:\Documents and Settings\Keith Simmons\Application Data\wklnhst.dat
[2013/09/11 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2013/09/11 13:29:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/11 10:10:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/09/11 05:50:00 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/09/10 21:32:14 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Keith Simmons\Desktop\Microsoft Office Outlook 2003.lnk
[2013/09/10 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2013/09/10 18:43:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2013/09/10 08:53:09 | 000,001,039 | ---- | M] () -- C:\Documents and Settings\Keith Simmons\Desktop\Shortcut to esetsmartinstaller_enu.exe.lnk
[2013/09/10 08:47:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/10 08:47:08 | 1063,165,952 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/09 17:50:36 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/09/08 13:03:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/09/08 12:35:53 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2013/09/08 12:26:20 | 000,000,969 | ---- | M] () -- C:\Documents and Settings\Keith Simmons\Desktop\Shortcut to ComboFix.exe.lnk
[2013/09/05 09:15:12 | 000,002,321 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EasyLog USB.lnk
[2013/09/04 15:48:19 | 000,005,119 | ---- | M] () -- C:\Documents and Settings\Keith Simmons\Desktop\attachtxt.zip
[2013/09/04 14:56:01 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Keith Simmons\Desktop\MBR.dat
[2013/09/04 14:55:25 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Keith Simmons\My Documents\MBR.dat
[2013/09/04 12:45:41 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Keith Simmons\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/09/04 12:45:38 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Keith Simmons\Desktop\NTREGOPT.lnk
[2013/09/04 12:45:38 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Keith Simmons\Desktop\ERUNT.lnk
[2013/09/04 05:36:24 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/09/03 23:19:58 | 001,898,112 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Keith Simmons\Desktop\rkill.com
[2013/09/03 20:05:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/03 14:42:52 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Keith Simmons\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/02 12:21:18 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/02 11:58:02 | 000,000,777 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2013/09/02 09:10:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/01 22:33:22 | 000,000,338 | ---- | M] () -- C:\Documents and Settings\Keith Simmons\Local Settings\Application Data\poetsch.bat
[2013/08/31 17:48:02 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Keith Simmons\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/08/31 17:47:56 | 000,445,836 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/31 17:47:56 | 000,073,042 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/30 11:21:01 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2013/08/30 11:20:28 | 000,000,974 | ---- | M] () -- C:\Documents and Settings\Keith Simmons\Desktop\Microsoft Word.lnk
[2013/08/30 02:48:13 | 000,369,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/08/30 02:48:13 | 000,177,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/08/30 02:48:13 | 000,056,080 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/08/30 02:48:12 | 000,770,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/08/30 02:48:12 | 000,049,760 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/08/30 02:48:12 | 000,049,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/08/30 02:48:11 | 000,066,336 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/08/30 02:48:11 | 000,029,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/08/30 02:47:40 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/08/30 02:47:32 | 000,229,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[38 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/10 08:53:09 | 000,001,039 | ---- | C] () -- C:\Documents and Settings\Keith Simmons\Desktop\Shortcut to esetsmartinstaller_enu.exe.lnk
[2013/09/08 12:35:53 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2013/09/08 12:35:49 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/09/08 12:31:43 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/09/08 12:31:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/09/08 12:31:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/09/08 12:31:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/09/08 12:31:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/09/08 12:26:20 | 000,000,969 | ---- | C] () -- C:\Documents and Settings\Keith Simmons\Desktop\Shortcut to ComboFix.exe.lnk
[2013/09/04 15:46:02 | 000,005,119 | ---- | C] () -- C:\Documents and Settings\Keith Simmons\Desktop\attachtxt.zip
[2013/09/04 14:55:25 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Keith Simmons\My Documents\MBR.dat
[2013/09/04 13:32:24 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Keith Simmons\Desktop\MBR.dat
[2013/09/04 12:45:41 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Keith Simmons\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/09/04 12:45:38 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Keith Simmons\Desktop\NTREGOPT.lnk
[2013/09/04 12:45:38 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Keith Simmons\Desktop\ERUNT.lnk
[2013/09/04 09:17:25 | 1063,165,952 | -HS- | C] () -- C:\hiberfil.sys
[2013/09/01 22:33:22 | 000,000,338 | ---- | C] () -- C:\Documents and Settings\Keith Simmons\Local Settings\Application Data\poetsch.bat
[2013/08/30 12:04:39 | 000,002,521 | ---- | C] () -- C:\Documents and Settings\Keith Simmons\Desktop\Microsoft Office Outlook 2003.lnk
[2013/08/30 12:02:05 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Keith Simmons\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/08/30 11:20:28 | 000,000,974 | ---- | C] () -- C:\Documents and Settings\Keith Simmons\Desktop\Microsoft Word.lnk
[2013/08/02 23:24:16 | 000,596,176 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/06/27 14:34:33 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/06/26 21:16:10 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/06/26 21:16:10 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/05/19 01:59:56 | 000,004,922 | ---- | C] () -- C:\Documents and Settings\Keith Simmons\unnamed001.jpg
[2013/05/19 01:57:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Keith Simmons\unnamed.png
[2013/03/19 10:20:13 | 000,177,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/03/19 10:20:13 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2012/02/27 14:55:25 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll
[2012/02/27 14:55:16 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini
[2012/02/14 22:46:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/31 11:28:09 | 000,000,024 | ---- | C] () -- C:\WINDOWS\SW_Win3112X32.DLL
[2012/01/09 01:36:11 | 000,000,069 | ---- | C] () -- C:\WINDOWS\doc2pdf_win.INI
[2012/01/09 01:28:48 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\docPrint.dat
[2012/01/09 01:28:29 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\_pdfxp.dll
[2012/01/04 17:16:29 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2009/12/20 12:27:47 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Keith Simmons\Application Data\dvd.bmk
[2008/11/13 16:56:09 | 000,017,795 | ---- | C] () -- C:\Program Files\Common Files\selubyg.inf
[2008/11/13 16:56:09 | 000,015,234 | ---- | C] () -- C:\Documents and Settings\Keith Simmons\Local Settings\Application Data\vafyluto.pif
[2008/11/13 16:56:09 | 000,012,821 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\evitedyvuk.dat
[2008/11/13 16:56:09 | 000,011,281 | ---- | C] () -- C:\Program Files\Common Files\woko.bin
[2008/05/10 13:38:42 | 000,000,014 | ---- | C] () -- C:\Documents and Settings\Keith Simmons\usb001
[2007/01/24 15:52:47 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Keith Simmons\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/17 21:50:25 | 000,051,208 | ---- | C] () -- C:\Documents and Settings\Keith Simmons\Application Data\wklnhst.dat
[2007/01/17 21:44:37 | 000,488,250 | ---- | C] () -- C:\Documents and Settings\Keith Simmons\TRANSFORMS=1033.mst
[2007/01/17 21:44:37 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Keith Simmons\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2005/08/16 05:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/06/17 16:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2005/08/16 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2013/09/04 00:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC VITALWARE
[2012/01/23 21:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2013/05/23 13:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2012/03/14 09:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Simmons\Application Data\Dropbox
[2011/07/28 19:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Simmons\Application Data\Leadertech
[2012/12/18 13:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Simmons\Application Data\Motorola
[2012/12/18 13:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Simmons\Application Data\Motorola Mobility
[2013/09/04 00:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Simmons\Application Data\PC VITALWARE
[2010/06/14 13:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Simmons\Application Data\R-Wipe&Clean
[2008/11/25 17:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Simmons\Application Data\Simple Star
[2007/02/19 12:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Simmons\Application Data\Template
[2008/08/12 23:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Simmons\Application Data\Uniblue
[2012/01/23 22:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Simmons\Application Data\Visan

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/10 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/10 06:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\i386\services.exe
[2004/08/10 06:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/10 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/10 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/10 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/10 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/10 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: SCSI
Media Type: Fixed\thard disk media
Model: ST3160812AS
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 39.00MB
Starting Offset: 32256
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 144.00GB
Starting Offset: 41126400
Hidden sectors: 0

DeviceID: Disk #0, Partition #2
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 5.00GB
Starting Offset: 155013626880
Hidden sectors: 0

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 332 bytes -> C:\Documents and Settings\Keith Simmons\My Documents\China432.jpg:SummaryInformation
@Alternate Data Stream - 332 bytes -> C:\Documents and Settings\Keith Simmons\Desktop\China432.jpg:SummaryInformation

< End of report >

Thread: Win32.downloader.gen- Help Please

Thread Tools

Display

Threaded View

OTL.Txt

Posting Permissions