-
Lets see if this program can locate and fix a bad file, that may be the problem.
Again, download to a working computer and transfer by disk
Please download TDSSKiller.zip- Extract it to your desktop
- Double click TDSSKiller.exe
- Press Start Scan
- Only if Malicious objects are found then ensure Cure is selected
- Then click Continue > Reboot now
- Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)
-
I haven't run OLT.
It looks like I am to use TDSSKiller instead of OLT.
Is this correct?
Thanks,
FlaCajun
-
Go ahead and run them both, first OTL and then TDSSkiller. Zero Access Rootkit which you are infected with is a fairly new infection and we are finding out that by removing it sometimes it damages your internet connection, I am in touch with other helpers and we will figure this out.
-
After you do the above, if still no internet connection than try this
Try this:
Please copy the entire contents of the codebox below into Notepad:
- Open Notepad
- Copy the contents of the codebox below using CTRL C
Code:
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2]
- Now return to Notepad and use CTRL V to paste the script
- Verify that you have pasted the complete script
- Save the Notepad file to your Desktop as FixReg.reg using Save as Type: All files
- Locate FixReg.reg on your desktop
- Double click to run, and when prompted Allow the file to merge with your registry
- OK your way out.
After that, Reboot your computer.
After the reboot, we will reinstall TCP/IP- Go to Start the Settings and choose Network Connections
- Right click on your normal connection icon, and choose Properties
- Click the Install button
- Choose Protocol then click Add
- Click Have disk
- In the drop down box, type in: C:\WINDOWS\INF and click OK
- In the next dialog, click Internet Protocol (TCP/IP) then click OK
- Click Close to leave the properties box
After that, Reboot your computer and see if you have regained your connection.
-
The computer is substantially slow to re-boot.
Icons take substantial time to initialize and become visually recognizeable.
OTL.txt log below.
Extras.txt log in next post.
OTL logfile created on: 12/20/2011 8:00:19 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Raymond Green\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.27% Memory free
5.85 Gb Paging File | 5.24 Gb Available in Paging File | 89.69% Paging File free
Paging file location(s): C:\pagefile.sys 4092 10000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 219.72 Gb Total Space | 47.25 Gb Free Space | 21.50% Space Free | Partition Type: NTFS
Drive D: | 8.26 Gb Total Space | 8.26 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive F: | 232.88 Gb Total Space | 63.71 Gb Free Space | 27.35% Space Free | Partition Type: NTFS
Drive G: | 1.86 Gb Total Space | 1.85 Gb Free Space | 99.40% Space Free | Partition Type: FAT32
Computer Name: RAYMOND-DESKTOP | User Name: Raymond Green | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Raymond Green\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc.)
PRC - C:\Program Files\NewsRover\NewsRover.exe (S&H Computer Systems, Inc.
1027-A 17th Ave. South
Nashville, TN 37212 USA
615-327-3670
www.NewsRover.com)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
PRC - C:\acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
PRC - C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\NewsRover\libeay32.dll ()
MOD - C:\acer\Empowering Technology\eRecovery\it41.dll ()
MOD - C:\acer\Empowering Technology\eRecovery\imagefile.dll ()
========== Win32 Services (SafeList) ==========
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
========== Driver Services (SafeList) ==========
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (int15.sys) -- C:\acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (IPSec) -- C:\WINDOWS\system32\drivers\ipsec.sys ()
DRV - (PortRW) -- C:\WINDOWS\system32\drivers\PortRW.sys (acer)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)
DRV - (SNTNLUSB) -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1072916345-2785684930-38884129-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1072916345-2785684930-38884129-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1072916345-2785684930-38884129-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.kitco.com/
IE - HKU\S-1-5-21-1072916345-2785684930-38884129-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1072916345-2785684930-38884129-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {e2fda1a4-762b-4020-b5ad-a41df1933103}:1.0b2
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\npsibelius.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/29 18:44:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011/12/19 00:33:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/11/29 18:43:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2011/01/30 17:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Raymond Green\Application Data\Mozilla\Extensions
[2011/01/30 17:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Raymond Green\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/03/09 16:47:23 | 000,000,000 | ---D | M] (Lightning) -- C:\DOCUMENTS AND SETTINGS\RAYMOND GREEN\APPLICATION DATA\THUNDERBIRD\PROFILES\BPR9V7G8.DEFAULT\EXTENSIONS\{E2FDA1A4-762B-4020-B5AD-A41DF1933103}
O1 HOSTS File: ([2011/12/18 20:21:09 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111114131554.dll (McAfee, Inc.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-1072916345-2785684930-38884129-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1072916345-2785684930-38884129-1005\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-1072916345-2785684930-38884129-1005\..\Toolbar\WebBrowser: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll ()
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService] C:\acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\Raymond Green\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1072916345-2785684930-38884129-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1072916345-2785684930-38884129-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1072916345-2785684930-38884129-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1072916345-2785684930-38884129-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1166462899750 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59387631-056E-4C7A-85DB-39C08EC0F541}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Raymond Green\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Raymond Green\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/27 08:00:42 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/12/20 19:49:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Raymond Green\Desktop\OTL.exe
[2011/12/19 00:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/12/19 00:01:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/12/18 20:08:42 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Raymond Green\Desktop\WinsockxpFix.exe
[2011/12/18 20:08:42 | 001,413,120 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Raymond Green\Desktop\winsockfix.exe
[2011/12/18 14:52:40 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acpi.sys
[2011/12/18 14:46:01 | 004,342,882 | R--- | C] (Swearware) -- C:\Documents and Settings\Raymond Green\Desktop\ComboFix.exe
[2011/12/15 21:28:31 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Raymond Green\Desktop\dds.scr
[2011/12/15 21:24:08 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Raymond Green\Desktop\erunt-setup.exe
[2011/12/15 16:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\RealNetworks
[2011/12/15 16:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/12/15 14:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/15 11:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond Green\Application Data\Voypab
[2011/12/14 17:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond Green\Local Settings\Application Data\WMTools Downloaded Files
[2011/12/07 22:27:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Raymond Green\PrivacIE
[2011/12/07 22:20:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Raymond Green\IETldCache
[2011/12/07 22:17:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/12/07 22:15:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/12/07 21:59:27 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/12/07 21:59:27 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/12/07 21:59:24 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/12/07 21:59:23 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/12/07 21:59:21 | 011,076,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011/11/29 18:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/11/29 18:43:53 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/11/29 18:43:36 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/11/29 18:43:36 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/11/29 18:43:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2006/12/18 12:18:36 | 000,016,384 | ---- | C] ( ) -- C:\WINDOWS\System32\ClearEvent.exe
[2006/12/18 12:15:37 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\SysMonitor.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/12/20 19:36:32 | 000,486,105 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\Infected XP Security 2012 - Safer-Networking Forums.mht
[2011/12/20 19:36:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Raymond Green\Desktop\OTL.exe
[2011/12/20 19:34:58 | 001,557,791 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\tdsskiller.zip
[2011/12/19 00:35:10 | 000,000,703 | ---- | M] () -- C:\WINDOWS\NewsRover.INI
[2011/12/19 00:32:18 | 000,001,599 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
[2011/12/19 00:30:14 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1072916345-2785684930-38884129-1005.job
[2011/12/19 00:27:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/18 20:21:09 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/18 20:07:26 | 001,413,120 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Raymond Green\Desktop\winsockfix.exe
[2011/12/18 20:03:56 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Raymond Green\Desktop\WinsockxpFix.exe
[2011/12/18 19:12:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2011/12/18 14:39:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/18 14:29:58 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\uSeRiNiT.exe
[2011/12/18 14:29:44 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\WiNlOgOn.exe
[2011/12/18 14:29:30 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\rkill.scr
[2011/12/18 14:29:16 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\rkill.com
[2011/12/18 14:28:58 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\rkill.exe
[2011/12/18 11:47:51 | 000,015,422 | -HS- | M] () -- C:\Documents and Settings\Raymond Green\Local Settings\Application Data\411012n4x265a652f306x3jkm4y5
[2011/12/18 11:47:51 | 000,015,422 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\411012n4x265a652f306x3jkm4y5
[2011/12/18 11:35:44 | 004,342,882 | R--- | M] (Swearware) -- C:\Documents and Settings\Raymond Green\Desktop\ComboFix.exe
[2011/12/15 21:19:44 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Raymond Green\Desktop\dds.scr
[2011/12/15 21:15:28 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Raymond Green\Desktop\erunt-setup.exe
[2011/12/14 21:34:44 | 000,000,330 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\Harry Gilbert's Holiday Super Series Home.url
[2011/12/14 19:22:20 | 000,000,257 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\KJV Bible -- Browse.url
[2011/12/14 17:34:10 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1072916345-2785684930-38884129-1005.job
[2011/12/12 23:06:27 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\Amazon.com John F. Walvoord Books, Biography, Blog, Audiobooks, Kindle.url
[2011/12/11 20:10:29 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\smashtennis1's Channel - YouTube.url
[2011/12/07 22:20:40 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/07 22:16:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/05 22:04:39 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\RealPlayer.lnk
[2011/12/04 21:50:20 | 000,000,204 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\Mt. Sinai Found.url
[2011/12/04 11:49:32 | 000,000,347 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\Member Experience.url
[2011/11/29 18:44:31 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/11/29 18:43:53 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/11/29 18:43:36 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/11/29 18:43:36 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/11/29 18:43:35 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/11/29 18:37:40 | 002,922,831 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\Diferença_sala_chefe_e_a_sua1.wmv_.zip
[2011/11/27 13:17:47 | 000,000,318 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\Yoga Beginner Videos - Step-by-Step Yoga for Beginners YogaGlo.com.url
[2011/11/26 08:19:11 | 000,941,543 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\Small_Group_Basics_booklet[1].pdf
[2011/11/26 00:51:41 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\50yrs of MK-Ultra BETA Sex Slaves (GRAPHIC w-VIDEOS) - Julie Newmar - Zimbio.url
[2011/11/25 11:15:44 | 000,268,844 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\Revelation - Barnhouse outline.pdf
[2011/11/23 13:47:10 | 000,001,013 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\Full List - The 50 Most Beautiful Women Over 50 - StyleBistro.url
[2011/11/21 14:57:34 | 000,360,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/12/20 19:49:22 | 001,557,791 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\tdsskiller.zip
[2011/12/20 19:49:18 | 000,486,105 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\Infected XP Security 2012 - Safer-Networking Forums.mht
[2011/12/18 14:33:48 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\uSeRiNiT.exe
[2011/12/18 14:33:45 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\WiNlOgOn.exe
[2011/12/18 14:33:40 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\rkill.scr
[2011/12/18 14:33:35 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\rkill.com
[2011/12/18 14:33:09 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\rkill.exe
[2011/12/15 11:23:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/15 10:37:12 | 000,015,422 | -HS- | C] () -- C:\Documents and Settings\Raymond Green\Local Settings\Application Data\411012n4x265a652f306x3jkm4y5
[2011/12/15 10:37:12 | 000,015,422 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\411012n4x265a652f306x3jkm4y5
[2011/12/14 21:34:44 | 000,000,330 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\Harry Gilbert's Holiday Super Series Home.url
[2011/12/12 23:06:26 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\Amazon.com John F. Walvoord Books, Biography, Blog, Audiobooks, Kindle.url
[2011/12/11 20:10:29 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\smashtennis1's Channel - YouTube.url
[2011/12/05 22:04:39 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\RealPlayer.lnk
[2011/12/04 21:50:20 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\Mt. Sinai Found.url
[2011/12/04 11:49:31 | 000,000,347 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\Member Experience.url
[2011/11/29 18:44:31 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/11/29 18:37:38 | 002,922,831 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\Diferença_sala_chefe_e_a_sua1.wmv_.zip
[2011/11/27 13:17:47 | 000,000,318 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\Yoga Beginner Videos - Step-by-Step Yoga for Beginners YogaGlo.com.url
[2011/11/26 08:19:09 | 000,941,543 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\Small_Group_Basics_booklet[1].pdf
[2011/11/26 00:51:41 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\50yrs of MK-Ultra BETA Sex Slaves (GRAPHIC w-VIDEOS) - Julie Newmar - Zimbio.url
[2011/11/25 11:15:44 | 000,268,844 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\Revelation - Barnhouse outline.pdf
[2011/11/23 13:47:10 | 000,001,013 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\Full List - The 50 Most Beautiful Women Over 50 - StyleBistro.url
[2011/06/22 15:05:43 | 000,000,703 | ---- | C] () -- C:\WINDOWS\NewsRover.INI
[2011/06/20 16:38:56 | 000,108,890 | ---- | C] () -- C:\WINDOWS\News Rover Uninstaller.exe
[2011/06/10 18:54:39 | 000,000,029 | ---- | C] () -- C:\WINDOWS\CDMKR32.INI
[2011/03/20 19:35:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/02/27 11:30:55 | 000,000,783 | ---- | C] () -- C:\WINDOWS\NTIWVEDT.INI
[2011/02/26 17:13:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jcmkr32.INI
[2011/02/26 16:54:17 | 000,000,280 | -HS- | C] () -- C:\Documents and Settings\Raymond Green\Application Data\s0510.cfg
[2011/01/30 17:14:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/12/19 09:38:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/19 09:38:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/19 09:38:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/19 09:38:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/19 09:38:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/11 08:12:07 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/19 11:54:49 | 000,060,593 | ---- | C] () -- C:\WINDOWS\hpwins03.dat
[2007/05/19 11:54:48 | 000,001,238 | ---- | C] () -- C:\WINDOWS\hpwmdl03.dat
[2007/05/15 19:28:45 | 000,000,197 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/01/03 09:26:30 | 000,000,024 | ---- | C] () -- C:\WINDOWS\KADJISYS.INI
[2007/01/03 09:26:15 | 000,000,322 | ---- | C] () -- C:\WINDOWS\astros.ini
[2007/01/03 09:25:55 | 000,000,023 | ---- | C] () -- C:\WINDOWS\FTROBOT.INI
[2007/01/03 09:25:53 | 000,000,466 | ---- | C] () -- C:\WINDOWS\FTGT32.INI
[2007/01/03 09:07:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\CompDLL.dll
[2007/01/03 09:07:26 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\SX32W.DLL
[2007/01/03 09:07:25 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\CTA32.dll
[2007/01/02 19:18:29 | 000,004,408 | ---- | C] () -- C:\WINDOWS\WinSig.Ini
[2007/01/02 19:18:29 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Reader.Ini
[2007/01/02 19:18:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\proxydll.dll
[2007/01/02 19:18:16 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2007/01/02 19:17:23 | 000,002,521 | ---- | C] () -- C:\WINDOWS\WinRos.Ini
[2006/12/18 14:25:14 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2006/12/18 14:25:02 | 000,133,246 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/12/18 12:20:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/12/18 12:18:13 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Local Settings\Application Data\fusioncache.dat
[2006/05/05 01:58:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/05/05 01:57:12 | 000,360,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/05/05 01:54:16 | 000,405,640 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/05/05 01:54:16 | 000,064,064 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/05/04 19:26:28 | 000,000,093 | ---- | C] () -- C:\WINDOWS\alaunch.ini
[2006/03/08 20:19:28 | 001,421,824 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll
[2006/03/08 20:11:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2006/03/08 20:10:46 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\InstallCheck.dll
[2006/03/02 22:35:48 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin
[2006/01/10 14:28:48 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\installnetawa.exe
[2005/11/28 16:53:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/27 08:01:04 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/11/27 08:00:14 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/11/27 08:00:14 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/11/27 08:00:14 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/11/27 08:00:14 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/11/27 07:42:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/11/27 07:41:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/11/17 01:11:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\Kill1211.exe
[2005/11/10 14:27:42 | 000,003,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINIO.sys
[2005/10/26 03:25:28 | 000,008,073 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/07/14 20:48:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/07/12 17:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005/06/27 18:12:58 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
[2005/04/12 08:53:10 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/03/28 09:14:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/12/17 20:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/08/04 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 00:00:00 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\ipsec.sys
[2004/08/04 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 00:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 00:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/04 00:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/03/23 19:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003/08/07 12:51:32 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\reboot.exe
[2003/08/06 22:32:24 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\KCMDNIns.exe
[2003/03/14 15:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2002/05/24 03:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMOVE.EXE
[2001/12/26 19:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/04 02:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/08/25 21:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/25 21:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/30 19:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/24 01:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
========== LOP Check ==========
[2007/02/12 16:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avocent AdminWorks
[2011/11/06 12:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2011/11/01 17:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2007/02/12 16:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond Green\Application Data\Avocent AdminWorks
[2011/08/04 19:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond Green\Application Data\Elluminate
[2010/12/14 06:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond Green\Application Data\Leadertech
[2011/11/01 17:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond Green\Application Data\OpenCandy
[2011/09/21 17:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond Green\Application Data\Southwest Airlines
[2011/01/30 17:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond Green\Application Data\Thunderbird
[2008/01/10 09:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond Green\Application Data\Trading Rooms
[2011/12/15 22:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond Green\Application Data\Voypab
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2011/10/28 17:29:40 | 000,001,870 | ---- | M] ()(C:\Documents and Settings\Raymond Green\Desktop\??? ???????? ?????? - MarketGid.url) -- C:\Documents and Settings\Raymond Green\Desktop\Кто УГРОЖАЕТ Лолите - MarketGid.url
[2011/10/28 17:29:40 | 000,001,870 | ---- | C] ()(C:\Documents and Settings\Raymond Green\Desktop\??? ???????? ?????? - MarketGid.url) -- C:\Documents and Settings\Raymond Green\Desktop\Кто УГРОЖАЕТ Лолите - MarketGid.url
[2011/10/28 17:29:24 | 000,000,753 | ---- | M] ()(C:\Documents and Settings\Raymond Green\Desktop\You-Tube ????????? ?? ?????.url) -- C:\Documents and Settings\Raymond Green\Desktop\You-Tube Блондинка за рулем.url
[2011/10/28 17:29:24 | 000,000,753 | ---- | C] ()(C:\Documents and Settings\Raymond Green\Desktop\You-Tube ????????? ?? ?????.url) -- C:\Documents and Settings\Raymond Green\Desktop\You-Tube Блондинка за рулем.url
< End of report >
-
Extras.txt log below.
OTL log run with script to follow in next post.
OTL Extras logfile created on: 12/20/2011 8:00:19 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Raymond Green\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.27% Memory free
5.85 Gb Paging File | 5.24 Gb Available in Paging File | 89.69% Paging File free
Paging file location(s): C:\pagefile.sys 4092 10000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 219.72 Gb Total Space | 47.25 Gb Free Space | 21.50% Space Free | Partition Type: NTFS
Drive D: | 8.26 Gb Total Space | 8.26 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive F: | 232.88 Gb Total Space | 63.71 Gb Free Space | 27.35% Space Free | Partition Type: NTFS
Drive G: | 1.86 Gb Total Space | 1.85 Gb Free Space | 99.40% Space Free | Partition Type: FAT32
Computer Name: RAYMOND-DESKTOP | User Name: Raymond Green | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"23133:UDP" = 23133:UDP:*:Enabled:UDP 23133
"27193:TCP" = 27193:TCP:*:Enabled:TCP 27193
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\eSignal\winros.exe" = C:\Program Files\eSignal\winros.exe:*:Enabled:eSignal Data Manager -- (eSignal)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03EA3D6E-D92B-11D0-892B-00A0C91827B3}" = eSignal
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1F5C9A13-6966-45F7-B39E-B9C3462535A7}" = ATI Catalyst Control Center
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30E10267-3B27-42CC-B727-681DEBD30C4D}" = Clean Water Action TriMini Reminder by We-Care.com v5.0.3.2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{46097540-46DC-4946-BA9F-1ACEBABAE7FB}_is1" = Super MP3 Splitter 1.5.0.1219
"{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}" = Sentinel System Driver
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC60C8C1-855E-45AB-8D95-1D16F8A38E78}" = UGuide
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA7A3288-228D-4031-A93A-B5F6B3415E15}" = Misc
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1CD25A0-5401-40B2-BAA9-E267408B16DF}" = Toolbox
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"ComcastToolbar" = Comcast Toolbar
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Fibonacci Trader 4" = Fibonacci Trader 4
"Fibonacci/Galactic Trader 4" = Fibonacci/Galactic Trader 4
"HP Officejet Pro K550 Series" = HP Officejet Pro K550 Series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Thunderbird (3.1.16)" = Mozilla Thunderbird (3.1.16)
"MP3 Splitter_is1" = MP3 Splitter
"MSC" = McAfee Internet Security
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.5
"News Rover" = News Rover -- Usenet newsreader
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 15.0" = RealPlayer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1072916345-2785684930-38884129-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11/23/2011 9:14:31 AM | Computer Name = RAYMOND-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.5730.11, faulting module
mshtml.dll, version 7.0.5730.11, fault address 0x000a0986.
Error - 11/26/2011 3:07:49 AM | Computer Name = RAYMOND-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application newsrover.exe, version 16.2.0.0, faulting module
newsrover.exe, version 16.2.0.0, fault address 0x00202003.
Error - 11/26/2011 3:20:05 PM | Computer Name = RAYMOND-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.5730.11, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 11/26/2011 3:20:05 PM | Computer Name = RAYMOND-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.5730.11, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 11/27/2011 7:37:32 PM | Computer Name = RAYMOND-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.5730.11, faulting module
mshtml.dll, version 7.0.5730.11, fault address 0x0008a672.
Error - 12/1/2011 12:10:51 AM | Computer Name = RAYMOND-DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.5730.11, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 12/2/2011 8:47:54 PM | Computer Name = RAYMOND-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.5730.11, faulting module
ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.
Error - 12/12/2011 11:57:57 PM | Computer Name = RAYMOND-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x0074007b.
Error - 12/15/2011 12:50:41 PM | Computer Name = RAYMOND-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application _ex-68.exe, version 8.0.52140.33806, faulting
module _ex-68.exe, version 8.0.52140.33806, fault address 0x0001f713.
Error - 12/15/2011 12:51:51 PM | Computer Name = RAYMOND-DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application _ex-68.exe, version 8.0.52140.33806, faulting
module _ex-68.exe, version 8.0.52140.33806, fault address 0x000af498.
[ System Events ]
Error - 12/19/2011 1:30:08 AM | Computer Name = RAYMOND-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The TCP/IP Protocol Driver service failed to start due to the following
error: %%2
Error - 12/19/2011 1:30:08 AM | Computer Name = RAYMOND-DESKTOP | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the TCP/IP
Protocol Driver service which failed to start because of the following error: %%2
Error - 12/19/2011 1:30:08 AM | Computer Name = RAYMOND-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The TCP/IP Protocol Driver service failed to start due to the following
error: %%2
Error - 12/19/2011 1:30:08 AM | Computer Name = RAYMOND-DESKTOP | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the TCP/IP
Protocol Driver service which failed to start because of the following error: %%2
Error - 12/19/2011 1:30:08 AM | Computer Name = RAYMOND-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The TCP/IP Protocol Driver service failed to start due to the following
error: %%2
Error - 12/19/2011 1:30:08 AM | Computer Name = RAYMOND-DESKTOP | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the TCP/IP
Protocol Driver service which failed to start because of the following error: %%2
Error - 12/19/2011 1:30:11 AM | Computer Name = RAYMOND-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The TCP/IP Protocol Driver service failed to start due to the following
error: %%2
Error - 12/19/2011 1:30:11 AM | Computer Name = RAYMOND-DESKTOP | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the TCP/IP
Protocol Driver service which failed to start because of the following error: %%2
Error - 12/19/2011 1:30:15 AM | Computer Name = RAYMOND-DESKTOP | Source = Service Control Manager | ID = 7000
Description = The TCP/IP Protocol Driver service failed to start due to the following
error: %%2
Error - 12/19/2011 1:30:15 AM | Computer Name = RAYMOND-DESKTOP | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the TCP/IP
Protocol Driver service which failed to start because of the following error: %%2
< End of report >
-
OTL log with script run.
No Internet connnectivity regardless of re-cycling network system.
Will run the next programs.
All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The request is not supported.
Please contact Microsoft Product Support Services for further help.
Additional information: Unable to query host name.
C:\Documents and Settings\Raymond Green\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Raymond Green\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 40354 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Java cache emptied: 23361 bytes
->Flash cache emptied: 38662 bytes
User: Raymond Green
->Temp folder emptied: 588831 bytes
->Temporary Internet Files folder emptied: 11939041 bytes
->Java cache emptied: 13322961 bytes
->Flash cache emptied: 790 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 25.00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 12202011_212930
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
-
Please download Farbar Service Scanner and run it on the computer with the issue.
http://i121.photobucket.com/albums/o...nf80/FSS1a.png
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply
-
Below is the TDSSKiller log.
Nothing malicious found.
Re-booted, no internet connectivity.
FixReg.reg hasn't been run.
Do you want FixReg.reg run or go on to the latest directive?
If you want FixReg.reg run, where do I go to download the file?
22:01:31.0578 3868 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
22:01:31.0593 3868 ============================================================
22:01:31.0593 3868 Current date / time: 2011/12/20 22:01:31.0593
22:01:31.0593 3868 SystemInfo:
22:01:31.0593 3868
22:01:31.0593 3868 OS Version: 5.1.2600 ServicePack: 2.0
22:01:31.0593 3868 Product type: Workstation
22:01:31.0593 3868 ComputerName: RAYMOND-DESKTOP
22:01:31.0593 3868 UserName: Raymond Green
22:01:31.0593 3868 Windows directory: C:\WINDOWS
22:01:31.0593 3868 System windows directory: C:\WINDOWS
22:01:31.0593 3868 Processor architecture: Intel x86
22:01:31.0593 3868 Number of processors: 2
22:01:31.0593 3868 Page size: 0x1000
22:01:31.0593 3868 Boot type: Normal boot
22:01:31.0593 3868 ============================================================
22:01:32.0250 3868 Initialize success
22:01:35.0015 1340 ============================================================
22:01:35.0015 1340 Scan started
22:01:35.0015 1340 Mode: Manual;
22:01:35.0015 1340 ============================================================
22:01:35.0625 1340 Abiosdsk - ok
22:01:35.0640 1340 abp480n5 - ok
22:01:35.0703 1340 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:01:35.0703 1340 ACPI - ok
22:01:35.0796 1340 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:01:35.0796 1340 ACPIEC - ok
22:01:35.0812 1340 adpu160m - ok
22:01:35.0875 1340 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
22:01:35.0875 1340 aec - ok
22:01:35.0890 1340 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
22:01:35.0890 1340 AFD - ok
22:01:35.0890 1340 Aha154x - ok
22:01:35.0906 1340 aic78u2 - ok
22:01:35.0906 1340 aic78xx - ok
22:01:35.0937 1340 AliIde - ok
22:01:35.0937 1340 amsint - ok
22:01:35.0984 1340 asc - ok
22:01:36.0000 1340 asc3350p - ok
22:01:36.0000 1340 asc3550 - ok
22:01:36.0046 1340 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:01:36.0046 1340 AsyncMac - ok
22:01:36.0062 1340 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:01:36.0062 1340 atapi - ok
22:01:36.0078 1340 Atdisk - ok
22:01:36.0171 1340 ati2mtag (86a7a22f3670465ef575614e001159c0) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:01:36.0171 1340 ati2mtag - ok
22:01:36.0203 1340 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:01:36.0203 1340 Atmarpc - ok
22:01:36.0250 1340 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:01:36.0250 1340 audstub - ok
22:01:36.0265 1340 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:01:36.0265 1340 Beep - ok
22:01:36.0390 1340 catchme - ok
22:01:36.0421 1340 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:01:36.0421 1340 cbidf2k - ok
22:01:36.0421 1340 cd20xrnt - ok
22:01:36.0453 1340 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:01:36.0453 1340 Cdaudio - ok
22:01:36.0484 1340 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
22:01:36.0484 1340 Cdfs - ok
22:01:36.0515 1340 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:01:36.0515 1340 Cdrom - ok
22:01:36.0562 1340 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\WINDOWS\system32\drivers\cfwids.sys
22:01:36.0578 1340 cfwids - ok
22:01:36.0578 1340 Changer - ok
22:01:36.0609 1340 CmdIde - ok
22:01:36.0656 1340 Cpqarray - ok
22:01:36.0671 1340 dac2w2k - ok
22:01:36.0687 1340 dac960nt - ok
22:01:36.0750 1340 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
22:01:36.0765 1340 Disk - ok
22:01:36.0796 1340 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
22:01:36.0796 1340 dmboot - ok
22:01:36.0812 1340 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
22:01:36.0812 1340 dmio - ok
22:01:36.0828 1340 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:01:36.0828 1340 dmload - ok
22:01:36.0859 1340 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
22:01:36.0859 1340 DMusic - ok
22:01:36.0859 1340 dpti2o - ok
22:01:36.0906 1340 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
22:01:36.0906 1340 drmkaud - ok
22:01:36.0906 1340 eLock2BurnerLockDriver - ok
22:01:36.0937 1340 eLock2FSCTLDriver - ok
22:01:36.0953 1340 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
22:01:36.0968 1340 Fastfat - ok
22:01:37.0109 1340 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:01:37.0125 1340 Fdc - ok
22:01:37.0203 1340 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
22:01:37.0203 1340 Fips - ok
22:01:37.0234 1340 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:01:37.0234 1340 Flpydisk - ok
22:01:37.0281 1340 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:01:37.0281 1340 FltMgr - ok
22:01:37.0312 1340 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:01:37.0312 1340 Fs_Rec - ok
22:01:37.0343 1340 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:01:37.0343 1340 Ftdisk - ok
22:01:37.0375 1340 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:01:37.0375 1340 Gpc - ok
22:01:37.0390 1340 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
22:01:37.0406 1340 HdAudAddService - ok
22:01:37.0437 1340 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:01:37.0437 1340 HDAudBus - ok
22:01:37.0453 1340 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:01:37.0453 1340 hidusb - ok
22:01:37.0468 1340 hpn - ok
22:01:37.0500 1340 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
22:01:37.0500 1340 HTTP - ok
22:01:37.0515 1340 i2omgmt - ok
22:01:37.0531 1340 i2omp - ok
22:01:37.0562 1340 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:01:37.0562 1340 i8042prt - ok
22:01:37.0609 1340 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:01:37.0671 1340 ialm - ok
22:01:37.0703 1340 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:01:37.0703 1340 Imapi - ok
22:01:37.0718 1340 ini910u - ok
22:01:37.0875 1340 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Acer\Empowering Technology\eRecovery\int15.sys
22:01:37.0875 1340 int15.sys - ok
22:01:37.0984 1340 IntcAzAudAddService (284bcb80391783d328a8d8163e97fd58) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:01:38.0000 1340 IntcAzAudAddService - ok
22:01:38.0046 1340 IntelIde - ok
22:01:38.0093 1340 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:01:38.0093 1340 intelppm - ok
22:01:38.0140 1340 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:01:38.0140 1340 Ip6Fw - ok
22:01:38.0171 1340 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:01:38.0171 1340 IpFilterDriver - ok
22:01:38.0218 1340 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:01:38.0218 1340 IpInIp - ok
22:01:38.0296 1340 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:01:38.0296 1340 IpNat - ok
22:01:38.0328 1340 IPSec (ea66d9a13e73b54f7e9ae34a0d835114) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:01:38.0328 1340 IPSec - ok
22:01:38.0375 1340 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:01:38.0375 1340 IRENUM - ok
22:01:38.0421 1340 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:01:38.0421 1340 isapnp - ok
22:01:38.0468 1340 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:01:38.0468 1340 Kbdclass - ok
22:01:38.0500 1340 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:01:38.0500 1340 kbdhid - ok
22:01:38.0562 1340 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
22:01:38.0562 1340 kmixer - ok
22:01:38.0609 1340 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
22:01:38.0609 1340 KSecDD - ok
22:01:38.0625 1340 lbrtfdc - ok
22:01:38.0718 1340 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\WINDOWS\system32\drivers\mfeapfk.sys
22:01:38.0718 1340 mfeapfk - ok
22:01:38.0750 1340 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys
22:01:38.0750 1340 mfeavfk - ok
22:01:38.0750 1340 mfeavfk01 - ok
22:01:38.0765 1340 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys
22:01:38.0781 1340 mfebopk - ok
22:01:38.0828 1340 mfefirek (215666a8a85023ef019b510cbb67f678) C:\WINDOWS\system32\drivers\mfefirek.sys
22:01:38.0843 1340 mfefirek - ok
22:01:38.0875 1340 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys
22:01:38.0875 1340 mfehidk - ok
22:01:38.0921 1340 mfendisk (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
22:01:38.0921 1340 mfendisk - ok
22:01:38.0921 1340 mfendiskmp (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
22:01:38.0921 1340 mfendiskmp - ok
22:01:38.0968 1340 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\WINDOWS\system32\drivers\mferkdet.sys
22:01:38.0968 1340 mferkdet - ok
22:01:39.0031 1340 mfetdi2k (922e64ca38e38106498fb3435a8e399d) C:\WINDOWS\system32\drivers\mfetdi2k.sys
22:01:39.0031 1340 mfetdi2k - ok
22:01:39.0062 1340 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:01:39.0062 1340 mnmdd - ok
22:01:39.0109 1340 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
22:01:39.0109 1340 Modem - ok
22:01:39.0171 1340 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:01:39.0171 1340 MODEMCSA - ok
22:01:39.0218 1340 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:01:39.0234 1340 Mouclass - ok
22:01:39.0265 1340 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:01:39.0265 1340 mouhid - ok
22:01:39.0281 1340 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
22:01:39.0296 1340 MountMgr - ok
22:01:39.0343 1340 MPFP (bc2a92cff784555ed622f861cb34f2e6) C:\WINDOWS\system32\Drivers\Mpfp.sys
22:01:39.0343 1340 MPFP - ok
22:01:39.0359 1340 mraid35x - ok
22:01:39.0375 1340 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:01:39.0375 1340 MRxDAV - ok
22:01:39.0437 1340 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:01:39.0453 1340 MRxSmb - ok
22:01:39.0468 1340 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
22:01:39.0468 1340 Msfs - ok
22:01:39.0484 1340 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:01:39.0484 1340 MSKSSRV - ok
22:01:39.0500 1340 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:01:39.0500 1340 MSPCLOCK - ok
22:01:39.0531 1340 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
22:01:39.0531 1340 MSPQM - ok
22:01:39.0562 1340 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:01:39.0562 1340 mssmbios - ok
22:01:39.0578 1340 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
22:01:39.0578 1340 Mup - ok
22:01:39.0625 1340 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
22:01:39.0625 1340 NDIS - ok
22:01:39.0656 1340 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:01:39.0656 1340 NdisTapi - ok
22:01:39.0687 1340 Ndisuio (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:01:39.0703 1340 Ndisuio - ok
22:01:39.0734 1340 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:01:39.0734 1340 NdisWan - ok
22:01:39.0781 1340 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
22:01:39.0781 1340 NDProxy - ok
22:01:39.0812 1340 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:01:39.0812 1340 NetBIOS - ok
22:01:39.0843 1340 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:01:39.0843 1340 NetBT - ok
22:01:39.0890 1340 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
22:01:39.0890 1340 Npfs - ok
22:01:39.0953 1340 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
22:01:39.0968 1340 Ntfs - ok
22:01:40.0000 1340 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
22:01:40.0000 1340 NTIDrvr - ok
22:01:40.0046 1340 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:01:40.0046 1340 Null - ok
22:01:40.0093 1340 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:01:40.0093 1340 NwlnkFlt - ok
22:01:40.0109 1340 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:01:40.0109 1340 NwlnkFwd - ok
22:01:40.0140 1340 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
22:01:40.0140 1340 Parport - ok
22:01:40.0171 1340 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
22:01:40.0171 1340 PartMgr - ok
22:01:40.0203 1340 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:01:40.0203 1340 ParVdm - ok
22:01:40.0250 1340 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
22:01:40.0250 1340 PCI - ok
22:01:40.0265 1340 PCIDump - ok
22:01:40.0312 1340 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:01:40.0312 1340 PCIIde - ok
22:01:40.0343 1340 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:01:40.0343 1340 Pcmcia - ok
22:01:40.0359 1340 PDCOMP - ok
22:01:40.0390 1340 PDFRAME - ok
22:01:40.0390 1340 PDRELI - ok
22:01:40.0406 1340 PDRFRAME - ok
22:01:40.0437 1340 perc2 - ok
22:01:40.0453 1340 perc2hib - ok
22:01:40.0531 1340 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys
22:01:40.0531 1340 Point32 - ok
22:01:40.0546 1340 PortRW (a7e67865db59e54801122077df8ade36) C:\WINDOWS\system32\Drivers\PortRW.sys
22:01:40.0546 1340 PortRW - ok
22:01:40.0593 1340 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:01:40.0593 1340 PptpMiniport - ok
22:01:40.0656 1340 PQNTDrv (b26019a686d36e22f954e67c8fec4297) C:\WINDOWS\system32\drivers\PQNTDrv.sys
22:01:40.0656 1340 PQNTDrv - ok
22:01:40.0687 1340 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
22:01:40.0687 1340 PSched - ok
22:01:40.0765 1340 psdfilter (00b670d8a36c7134cfc66b446a18cc92) C:\WINDOWS\system32\Drivers\psdfilter.sys
22:01:40.0765 1340 psdfilter - ok
22:01:40.0796 1340 psdvdisk (e9a60343cb7c39090638b1dd574f26eb) C:\WINDOWS\system32\Drivers\psdvdisk.sys
22:01:40.0796 1340 psdvdisk - ok
22:01:40.0828 1340 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:01:40.0828 1340 Ptilink - ok
22:01:40.0843 1340 ql1080 - ok
22:01:40.0859 1340 Ql10wnt - ok
22:01:40.0875 1340 ql12160 - ok
22:01:40.0921 1340 ql1240 - ok
22:01:40.0968 1340 ql1280 - ok
22:01:41.0046 1340 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:01:41.0046 1340 RasAcd - ok
22:01:41.0125 1340 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:01:41.0125 1340 Rasl2tp - ok
22:01:41.0171 1340 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:01:41.0171 1340 RasPppoe - ok
22:01:41.0234 1340 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:01:41.0234 1340 Raspti - ok
22:01:41.0312 1340 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:01:41.0312 1340 Rdbss - ok
22:01:41.0359 1340 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:01:41.0359 1340 RDPCDD - ok
22:01:41.0406 1340 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:01:41.0406 1340 rdpdr - ok
22:01:41.0468 1340 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
22:01:41.0468 1340 RDPWD - ok
22:01:41.0515 1340 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:01:41.0515 1340 redbook - ok
22:01:41.0593 1340 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:01:41.0593 1340 Secdrv - ok
22:01:41.0671 1340 Sentinel (8627c992b8a80504fc477b2e8ff8ec4f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
22:01:41.0671 1340 Sentinel - ok
22:01:41.0703 1340 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:01:41.0703 1340 serenum - ok
22:01:41.0750 1340 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
22:01:41.0750 1340 Serial - ok
22:01:41.0812 1340 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:01:41.0812 1340 Sfloppy - ok
22:01:41.0828 1340 Simbad - ok
22:01:41.0843 1340 SNTNLUSB (87f799c486302aceff098e067d481d9c) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
22:01:41.0843 1340 SNTNLUSB - ok
22:01:41.0859 1340 Sparrow - ok
22:01:41.0921 1340 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
22:01:41.0921 1340 splitter - ok
22:01:41.0953 1340 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
22:01:41.0984 1340 sr - ok
22:01:42.0156 1340 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys
22:01:42.0171 1340 Srv - ok
22:01:42.0203 1340 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:01:42.0203 1340 swenum - ok
22:01:42.0250 1340 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
22:01:42.0250 1340 swmidi - ok
22:01:42.0265 1340 symc810 - ok
22:01:42.0296 1340 symc8xx - ok
22:01:42.0296 1340 sym_hi - ok
22:01:42.0343 1340 sym_u3 - ok
22:01:42.0375 1340 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
22:01:42.0375 1340 sysaudio - ok
22:01:42.0453 1340 Tcpip (1dbf125862891817f374f407626967f4) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:01:42.0453 1340 Tcpip - ok
22:01:42.0484 1340 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:01:42.0484 1340 TDPIPE - ok
22:01:42.0515 1340 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
22:01:42.0515 1340 TDTCP - ok
22:01:42.0562 1340 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:01:42.0562 1340 TermDD - ok
22:01:42.0625 1340 TosIde - ok
22:01:42.0640 1340 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
22:01:42.0656 1340 UBHelper - ok
22:01:42.0671 1340 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
22:01:42.0687 1340 Udfs - ok
22:01:42.0703 1340 ultra - ok
22:01:42.0734 1340 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
22:01:42.0734 1340 Update - ok
22:01:42.0750 1340 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:01:42.0765 1340 usbccgp - ok
22:01:42.0781 1340 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:01:42.0781 1340 usbehci - ok
22:01:42.0812 1340 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:01:42.0812 1340 usbhub - ok
22:01:42.0875 1340 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:01:42.0875 1340 usbprint - ok
22:01:42.0921 1340 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:01:42.0921 1340 usbscan - ok
22:01:42.0984 1340 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:01:42.0984 1340 USBSTOR - ok
22:01:43.0000 1340 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:01:43.0000 1340 usbuhci - ok
22:01:43.0031 1340 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
22:01:43.0031 1340 VgaSave - ok
22:01:43.0062 1340 ViaIde - ok
22:01:43.0078 1340 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
22:01:43.0078 1340 VolSnap - ok
22:01:43.0109 1340 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:01:43.0109 1340 Wanarp - ok
22:01:43.0125 1340 WDICA - ok
22:01:43.0156 1340 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
22:01:43.0156 1340 wdmaud - ok
22:01:43.0218 1340 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:01:43.0218 1340 WudfPf - ok
22:01:43.0234 1340 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:01:43.0234 1340 WudfRd - ok
22:01:43.0343 1340 yukonwxp (ba6d2b32372a879aa817829c7cd2cb15) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
22:01:43.0343 1340 yukonwxp - ok
22:01:43.0359 1340 ZD1211BU(ZyDAS) - ok
22:01:43.0359 1340 ZD1211U(ZyDAS) - ok
22:01:43.0375 1340 ZDPSp50 - ok
22:01:43.0406 1340 MBR (0x1B8) (99852d5c3a78447c3d6d82b6155fe848) \Device\Harddisk0\DR0
22:01:44.0109 1340 \Device\Harddisk0\DR0 - ok
22:01:44.0125 1340 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
22:01:44.0125 1340 \Device\Harddisk1\DR1 - ok
22:01:44.0125 1340 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk2\DR8
22:01:44.0140 1340 \Device\Harddisk2\DR8 - ok
22:01:44.0156 1340 Boot (0x1200) (a82133b7861ed553500d80c4a338ae1f) \Device\Harddisk0\DR0\Partition0
22:01:44.0156 1340 \Device\Harddisk0\DR0\Partition0 - ok
22:01:44.0171 1340 Boot (0x1200) (b441ccaa50c9c029c17d9507399e97d7) \Device\Harddisk0\DR0\Partition1
22:01:44.0171 1340 \Device\Harddisk0\DR0\Partition1 - ok
22:01:44.0187 1340 Boot (0x1200) (a45ee1ddad76c4e8f8fef65712138336) \Device\Harddisk2\DR8\Partition0
22:01:44.0187 1340 \Device\Harddisk2\DR8\Partition0 - ok
22:01:44.0187 1340 ============================================================
22:01:44.0187 1340 Scan finished
22:01:44.0187 1340 ============================================================
22:01:44.0203 1984 Detected object count: 0
22:01:44.0203 1984 Actual detected object count: 0
22:02:25.0046 3884 Deinitialize success
-
Fixreg will be on your desktop after you save that code in Notepad, but before we run it let me ask you, do you have your windows CD ?
So hang off on Fixreg for the moment and run Farbars tool, it may show what was removed that is hampering your internet access