Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 34

Thread: Infected XP Security 2012

  1. #11
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Lets see if this program can locate and fix a bad file, that may be the problem.

    Again, download to a working computer and transfer by disk

    Please download TDSSKiller.zip
    • Extract it to your desktop
    • Double click TDSSKiller.exe
    • Press Start Scan
      • Only if Malicious objects are found then ensure Cure is selected
      • Then click Continue > Reboot now
    • Copy and paste the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  2. #12
    Senior Member
    Join Date
    Oct 2009
    Posts
    100

    Default

    I haven't run OLT.
    It looks like I am to use TDSSKiller instead of OLT.
    Is this correct?

    Thanks,
    FlaCajun

  3. #13
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Go ahead and run them both, first OTL and then TDSSkiller. Zero Access Rootkit which you are infected with is a fairly new infection and we are finding out that by removing it sometimes it damages your internet connection, I am in touch with other helpers and we will figure this out.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  4. #14
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    After you do the above, if still no internet connection than try this


    Try this:

    Please copy the entire contents of the codebox below into Notepad:

    • Open Notepad
    • Copy the contents of the codebox below using CTRL C


    Code:
    Windows Registry Editor Version 5.00
    
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock]
    
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2]
    • Now return to Notepad and use CTRL V to paste the script
    • Verify that you have pasted the complete script
    • Save the Notepad file to your Desktop as FixReg.reg using Save as Type: All files
    • Locate FixReg.reg on your desktop
    • Double click to run, and when prompted Allow the file to merge with your registry
    • OK your way out.

    After that, Reboot your computer.


    After the reboot, we will reinstall TCP/IP
    • Go to Start the Settings and choose Network Connections
    • Right click on your normal connection icon, and choose Properties
    • Click the Install button
    • Choose Protocol then click Add
    • Click Have disk
    • In the drop down box, type in: C:\WINDOWS\INF and click OK
    • In the next dialog, click Internet Protocol (TCP/IP) then click OK
    • Click Close to leave the properties box

    After that, Reboot your computer and see if you have regained your connection.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #15
    Senior Member
    Join Date
    Oct 2009
    Posts
    100

    Default

    The computer is substantially slow to re-boot.
    Icons take substantial time to initialize and become visually recognizeable.

    OTL.txt log below.
    Extras.txt log in next post.

    OTL logfile created on: 12/20/2011 8:00:19 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Raymond Green\Desktop
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.27% Memory free
    5.85 Gb Paging File | 5.24 Gb Available in Paging File | 89.69% Paging File free
    Paging file location(s): C:\pagefile.sys 4092 10000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 219.72 Gb Total Space | 47.25 Gb Free Space | 21.50% Space Free | Partition Type: NTFS
    Drive D: | 8.26 Gb Total Space | 8.26 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
    Drive F: | 232.88 Gb Total Space | 63.71 Gb Free Space | 27.35% Space Free | Partition Type: NTFS
    Drive G: | 1.86 Gb Total Space | 1.85 Gb Free Space | 99.40% Space Free | Partition Type: FAT32

    Computer Name: RAYMOND-DESKTOP | User Name: Raymond Green | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Raymond Green\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
    PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
    PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
    PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    PRC - c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc.)
    PRC - C:\Program Files\NewsRover\NewsRover.exe (S&H Computer Systems, Inc.
    1027-A 17th Ave. South
    Nashville, TN 37212 USA
    615-327-3670
    www.NewsRover.com)
    PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    PRC - C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
    PRC - C:\acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
    PRC - C:\acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
    PRC - C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe (Hewlett-Packard Company)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\NewsRover\libeay32.dll ()
    MOD - C:\acer\Empowering Technology\eRecovery\it41.dll ()
    MOD - C:\acer\Empowering Technology\eRecovery\imagefile.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
    SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
    SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
    SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
    SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)


    ========== Driver Services (SafeList) ==========

    DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
    DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
    DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
    DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
    DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
    DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
    DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
    DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
    DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
    DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
    DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
    DRV - (int15.sys) -- C:\acer\Empowering Technology\eRecovery\int15.sys ()
    DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
    DRV - (IPSec) -- C:\WINDOWS\system32\drivers\ipsec.sys ()
    DRV - (PortRW) -- C:\WINDOWS\system32\drivers\PortRW.sys (acer)
    DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
    DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)
    DRV - (SNTNLUSB) -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1072916345-2785684930-38884129-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKU\S-1-5-21-1072916345-2785684930-38884129-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKU\S-1-5-21-1072916345-2785684930-38884129-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.kitco.com/
    IE - HKU\S-1-5-21-1072916345-2785684930-38884129-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKU\S-1-5-21-1072916345-2785684930-38884129-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {e2fda1a4-762b-4020-b5ad-a41df1933103}:1.0b2

    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
    FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\npsibelius.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/29 18:44:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011/12/19 00:33:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/11/29 18:43:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

    [2011/01/30 17:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Raymond Green\Application Data\Mozilla\Extensions
    [2011/01/30 17:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Raymond Green\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2011/03/09 16:47:23 | 000,000,000 | ---D | M] (Lightning) -- C:\DOCUMENTS AND SETTINGS\RAYMOND GREEN\APPLICATION DATA\THUNDERBIRD\PROFILES\BPR9V7G8.DEFAULT\EXTENSIONS\{E2FDA1A4-762B-4020-B5AD-A41DF1933103}

    O1 HOSTS File: ([2011/12/18 20:21:09 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll ()
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111114131554.dll (McAfee, Inc.)
    O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
    O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll ()
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
    O3 - HKU\S-1-5-21-1072916345-2785684930-38884129-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-1072916345-2785684930-38884129-1005\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
    O3 - HKU\S-1-5-21-1072916345-2785684930-38884129-1005\..\Toolbar\WebBrowser: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll ()
    O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
    O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
    O4 - HKLM..\Run: [eRecoveryService] C:\acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
    O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
    O4 - HKLM..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
    O4 - HKLM..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - Startup: C:\Documents and Settings\Raymond Green\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1072916345-2785684930-38884129-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1072916345-2785684930-38884129-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1072916345-2785684930-38884129-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-1072916345-2785684930-38884129-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1166462899750 (WUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_09)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_10)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_11)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59387631-056E-4C7A-85DB-39C08EC0F541}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Raymond Green\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Raymond Green\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/11/27 08:00:42 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/20 19:49:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Raymond Green\Desktop\OTL.exe
    [2011/12/19 00:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
    [2011/12/19 00:01:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/12/18 20:08:42 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Raymond Green\Desktop\WinsockxpFix.exe
    [2011/12/18 20:08:42 | 001,413,120 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Raymond Green\Desktop\winsockfix.exe
    [2011/12/18 14:52:40 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acpi.sys
    [2011/12/18 14:46:01 | 004,342,882 | R--- | C] (Swearware) -- C:\Documents and Settings\Raymond Green\Desktop\ComboFix.exe
    [2011/12/15 21:28:31 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Raymond Green\Desktop\dds.scr
    [2011/12/15 21:24:08 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Raymond Green\Desktop\erunt-setup.exe
    [2011/12/15 16:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\RealNetworks
    [2011/12/15 16:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
    [2011/12/15 14:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2011/12/15 11:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond Green\Application Data\Voypab
    [2011/12/14 17:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raymond Green\Local Settings\Application Data\WMTools Downloaded Files
    [2011/12/07 22:27:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Raymond Green\PrivacIE
    [2011/12/07 22:20:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Raymond Green\IETldCache
    [2011/12/07 22:17:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
    [2011/12/07 22:15:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2011/12/07 21:59:27 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
    [2011/12/07 21:59:27 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
    [2011/12/07 21:59:24 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
    [2011/12/07 21:59:23 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
    [2011/12/07 21:59:21 | 011,076,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
    [2011/11/29 18:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2011/11/29 18:43:53 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
    [2011/11/29 18:43:36 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
    [2011/11/29 18:43:36 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
    [2011/11/29 18:43:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
    [2006/12/18 12:18:36 | 000,016,384 | ---- | C] ( ) -- C:\WINDOWS\System32\ClearEvent.exe
    [2006/12/18 12:15:37 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\SysMonitor.exe
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/12/20 19:36:32 | 000,486,105 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\Infected XP Security 2012 - Safer-Networking Forums.mht
    [2011/12/20 19:36:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Raymond Green\Desktop\OTL.exe
    [2011/12/20 19:34:58 | 001,557,791 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\tdsskiller.zip
    [2011/12/19 00:35:10 | 000,000,703 | ---- | M] () -- C:\WINDOWS\NewsRover.INI
    [2011/12/19 00:32:18 | 000,001,599 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
    [2011/12/19 00:30:14 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1072916345-2785684930-38884129-1005.job
    [2011/12/19 00:27:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/12/18 20:21:09 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/12/18 20:07:26 | 001,413,120 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Raymond Green\Desktop\winsockfix.exe
    [2011/12/18 20:03:56 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Raymond Green\Desktop\WinsockxpFix.exe
    [2011/12/18 19:12:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
    [2011/12/18 14:39:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/12/18 14:29:58 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\uSeRiNiT.exe
    [2011/12/18 14:29:44 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\WiNlOgOn.exe
    [2011/12/18 14:29:30 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\rkill.scr
    [2011/12/18 14:29:16 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\rkill.com
    [2011/12/18 14:28:58 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\rkill.exe
    [2011/12/18 11:47:51 | 000,015,422 | -HS- | M] () -- C:\Documents and Settings\Raymond Green\Local Settings\Application Data\411012n4x265a652f306x3jkm4y5
    [2011/12/18 11:47:51 | 000,015,422 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\411012n4x265a652f306x3jkm4y5
    [2011/12/18 11:35:44 | 004,342,882 | R--- | M] (Swearware) -- C:\Documents and Settings\Raymond Green\Desktop\ComboFix.exe
    [2011/12/15 21:19:44 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Raymond Green\Desktop\dds.scr
    [2011/12/15 21:15:28 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Raymond Green\Desktop\erunt-setup.exe
    [2011/12/14 21:34:44 | 000,000,330 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\Harry Gilbert's Holiday Super Series Home.url
    [2011/12/14 19:22:20 | 000,000,257 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\KJV Bible -- Browse.url
    [2011/12/14 17:34:10 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1072916345-2785684930-38884129-1005.job
    [2011/12/12 23:06:27 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\Amazon.com John F. Walvoord Books, Biography, Blog, Audiobooks, Kindle.url
    [2011/12/11 20:10:29 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\smashtennis1's Channel - YouTube.url
    [2011/12/07 22:20:40 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/12/07 22:16:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/12/05 22:04:39 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\RealPlayer.lnk
    [2011/12/04 21:50:20 | 000,000,204 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\Mt. Sinai Found.url
    [2011/12/04 11:49:32 | 000,000,347 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\Member Experience.url
    [2011/11/29 18:44:31 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
    [2011/11/29 18:43:53 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
    [2011/11/29 18:43:36 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
    [2011/11/29 18:43:36 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
    [2011/11/29 18:43:35 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
    [2011/11/29 18:37:40 | 002,922,831 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\Diferenša_sala_chefe_e_a_sua1.wmv_.zip
    [2011/11/27 13:17:47 | 000,000,318 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\Yoga Beginner Videos - Step-by-Step Yoga for Beginners YogaGlo.com.url
    [2011/11/26 08:19:11 | 000,941,543 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\Small_Group_Basics_booklet[1].pdf
    [2011/11/26 00:51:41 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\50yrs of MK-Ultra BETA Sex Slaves (GRAPHIC w-VIDEOS) - Julie Newmar - Zimbio.url
    [2011/11/25 11:15:44 | 000,268,844 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\Revelation - Barnhouse outline.pdf
    [2011/11/23 13:47:10 | 000,001,013 | ---- | M] () -- C:\Documents and Settings\Raymond Green\Desktop\Full List - The 50 Most Beautiful Women Over 50 - StyleBistro.url
    [2011/11/21 14:57:34 | 000,360,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/12/20 19:49:22 | 001,557,791 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\tdsskiller.zip
    [2011/12/20 19:49:18 | 000,486,105 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\Infected XP Security 2012 - Safer-Networking Forums.mht
    [2011/12/18 14:33:48 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\uSeRiNiT.exe
    [2011/12/18 14:33:45 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\WiNlOgOn.exe
    [2011/12/18 14:33:40 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\rkill.scr
    [2011/12/18 14:33:35 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\rkill.com
    [2011/12/18 14:33:09 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\rkill.exe
    [2011/12/15 11:23:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/12/15 10:37:12 | 000,015,422 | -HS- | C] () -- C:\Documents and Settings\Raymond Green\Local Settings\Application Data\411012n4x265a652f306x3jkm4y5
    [2011/12/15 10:37:12 | 000,015,422 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\411012n4x265a652f306x3jkm4y5
    [2011/12/14 21:34:44 | 000,000,330 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\Harry Gilbert's Holiday Super Series Home.url
    [2011/12/12 23:06:26 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\Amazon.com John F. Walvoord Books, Biography, Blog, Audiobooks, Kindle.url
    [2011/12/11 20:10:29 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\smashtennis1's Channel - YouTube.url
    [2011/12/05 22:04:39 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\RealPlayer.lnk
    [2011/12/04 21:50:20 | 000,000,204 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\Mt. Sinai Found.url
    [2011/12/04 11:49:31 | 000,000,347 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\Member Experience.url
    [2011/11/29 18:44:31 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
    [2011/11/29 18:37:38 | 002,922,831 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\Diferenša_sala_chefe_e_a_sua1.wmv_.zip
    [2011/11/27 13:17:47 | 000,000,318 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\Yoga Beginner Videos - Step-by-Step Yoga for Beginners YogaGlo.com.url
    [2011/11/26 08:19:09 | 000,941,543 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\Small_Group_Basics_booklet[1].pdf
    [2011/11/26 00:51:41 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\50yrs of MK-Ultra BETA Sex Slaves (GRAPHIC w-VIDEOS) - Julie Newmar - Zimbio.url
    [2011/11/25 11:15:44 | 000,268,844 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\Revelation - Barnhouse outline.pdf
    [2011/11/23 13:47:10 | 000,001,013 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Desktop\Full List - The 50 Most Beautiful Women Over 50 - StyleBistro.url
    [2011/06/22 15:05:43 | 000,000,703 | ---- | C] () -- C:\WINDOWS\NewsRover.INI
    [2011/06/20 16:38:56 | 000,108,890 | ---- | C] () -- C:\WINDOWS\News Rover Uninstaller.exe
    [2011/06/10 18:54:39 | 000,000,029 | ---- | C] () -- C:\WINDOWS\CDMKR32.INI
    [2011/03/20 19:35:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2011/02/27 11:30:55 | 000,000,783 | ---- | C] () -- C:\WINDOWS\NTIWVEDT.INI
    [2011/02/26 17:13:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jcmkr32.INI
    [2011/02/26 16:54:17 | 000,000,280 | -HS- | C] () -- C:\Documents and Settings\Raymond Green\Application Data\s0510.cfg
    [2011/01/30 17:14:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/12/19 09:38:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/12/19 09:38:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/12/19 09:38:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/12/19 09:38:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/12/19 09:38:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/12/11 08:12:07 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/05/19 11:54:49 | 000,060,593 | ---- | C] () -- C:\WINDOWS\hpwins03.dat
    [2007/05/19 11:54:48 | 000,001,238 | ---- | C] () -- C:\WINDOWS\hpwmdl03.dat
    [2007/05/15 19:28:45 | 000,000,197 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
    [2007/01/03 09:26:30 | 000,000,024 | ---- | C] () -- C:\WINDOWS\KADJISYS.INI
    [2007/01/03 09:26:15 | 000,000,322 | ---- | C] () -- C:\WINDOWS\astros.ini
    [2007/01/03 09:25:55 | 000,000,023 | ---- | C] () -- C:\WINDOWS\FTROBOT.INI
    [2007/01/03 09:25:53 | 000,000,466 | ---- | C] () -- C:\WINDOWS\FTGT32.INI
    [2007/01/03 09:07:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\CompDLL.dll
    [2007/01/03 09:07:26 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\SX32W.DLL
    [2007/01/03 09:07:25 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\CTA32.dll
    [2007/01/02 19:18:29 | 000,004,408 | ---- | C] () -- C:\WINDOWS\WinSig.Ini
    [2007/01/02 19:18:29 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Reader.Ini
    [2007/01/02 19:18:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\proxydll.dll
    [2007/01/02 19:18:16 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
    [2007/01/02 19:17:23 | 000,002,521 | ---- | C] () -- C:\WINDOWS\WinRos.Ini
    [2006/12/18 14:25:14 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
    [2006/12/18 14:25:02 | 000,133,246 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2006/12/18 12:20:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2006/12/18 12:18:13 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Raymond Green\Local Settings\Application Data\fusioncache.dat
    [2006/05/05 01:58:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2006/05/05 01:57:12 | 000,360,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2006/05/05 01:54:16 | 000,405,640 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2006/05/05 01:54:16 | 000,064,064 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2006/05/04 19:26:28 | 000,000,093 | ---- | C] () -- C:\WINDOWS\alaunch.ini
    [2006/03/08 20:19:28 | 001,421,824 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll
    [2006/03/08 20:11:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
    [2006/03/08 20:10:46 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\InstallCheck.dll
    [2006/03/02 22:35:48 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin
    [2006/01/10 14:28:48 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\installnetawa.exe
    [2005/11/28 16:53:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2005/11/27 08:01:04 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
    [2005/11/27 08:00:14 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
    [2005/11/27 08:00:14 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
    [2005/11/27 08:00:14 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
    [2005/11/27 08:00:14 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
    [2005/11/27 07:42:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/11/27 07:41:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2005/11/17 01:11:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\Kill1211.exe
    [2005/11/10 14:27:42 | 000,003,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINIO.sys
    [2005/10/26 03:25:28 | 000,008,073 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/07/14 20:48:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2005/07/12 17:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
    [2005/06/27 18:12:58 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
    [2005/04/12 08:53:10 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
    [2005/03/28 09:14:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
    [2004/12/17 20:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
    [2004/08/04 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/04 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/04 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/04 00:00:00 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\ipsec.sys
    [2004/08/04 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/04 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/04 00:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
    [2004/08/04 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/04 00:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/08/04 00:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2004/08/04 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/03/23 19:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
    [2003/08/07 12:51:32 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\reboot.exe
    [2003/08/06 22:32:24 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\KCMDNIns.exe
    [2003/03/14 15:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
    [2002/05/24 03:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMOVE.EXE
    [2001/12/26 19:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
    [2001/09/04 02:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
    [2001/08/25 21:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2001/08/25 21:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2001/07/30 19:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
    [2001/07/24 01:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
    [2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

    ========== LOP Check ==========

    [2007/02/12 16:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avocent AdminWorks
    [2011/11/06 12:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
    [2011/11/01 17:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
    [2007/02/12 16:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond Green\Application Data\Avocent AdminWorks
    [2011/08/04 19:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond Green\Application Data\Elluminate
    [2010/12/14 06:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond Green\Application Data\Leadertech
    [2011/11/01 17:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond Green\Application Data\OpenCandy
    [2011/09/21 17:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond Green\Application Data\Southwest Airlines
    [2011/01/30 17:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond Green\Application Data\Thunderbird
    [2008/01/10 09:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond Green\Application Data\Trading Rooms
    [2011/12/15 22:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raymond Green\Application Data\Voypab

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2011/10/28 17:29:40 | 000,001,870 | ---- | M] ()(C:\Documents and Settings\Raymond Green\Desktop\??? ???????? ?????? - MarketGid.url) -- C:\Documents and Settings\Raymond Green\Desktop\Кто УГРОЖАЕТ Лолите - MarketGid.url
    [2011/10/28 17:29:40 | 000,001,870 | ---- | C] ()(C:\Documents and Settings\Raymond Green\Desktop\??? ???????? ?????? - MarketGid.url) -- C:\Documents and Settings\Raymond Green\Desktop\Кто УГРОЖАЕТ Лолите - MarketGid.url
    [2011/10/28 17:29:24 | 000,000,753 | ---- | M] ()(C:\Documents and Settings\Raymond Green\Desktop\You-Tube ????????? ?? ?????.url) -- C:\Documents and Settings\Raymond Green\Desktop\You-Tube Блондинка за рулем.url
    [2011/10/28 17:29:24 | 000,000,753 | ---- | C] ()(C:\Documents and Settings\Raymond Green\Desktop\You-Tube ????????? ?? ?????.url) -- C:\Documents and Settings\Raymond Green\Desktop\You-Tube Блондинка за рулем.url

    < End of report >

  6. #16
    Senior Member
    Join Date
    Oct 2009
    Posts
    100

    Default

    Extras.txt log below.
    OTL log run with script to follow in next post.

    OTL Extras logfile created on: 12/20/2011 8:00:19 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Raymond Green\Desktop
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.27% Memory free
    5.85 Gb Paging File | 5.24 Gb Available in Paging File | 89.69% Paging File free
    Paging file location(s): C:\pagefile.sys 4092 10000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 219.72 Gb Total Space | 47.25 Gb Free Space | 21.50% Space Free | Partition Type: NTFS
    Drive D: | 8.26 Gb Total Space | 8.26 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
    Drive F: | 232.88 Gb Total Space | 63.71 Gb Free Space | 27.35% Space Free | Partition Type: NTFS
    Drive G: | 1.86 Gb Total Space | 1.85 Gb Free Space | 99.40% Space Free | Partition Type: FAT32

    Computer Name: RAYMOND-DESKTOP | User Name: Raymond Green | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
    "23133:UDP" = 23133:UDP:*:Enabled:UDP 23133
    "27193:TCP" = 27193:TCP:*:Enabled:TCP 27193

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\eSignal\winros.exe" = C:\Program Files\eSignal\winros.exe:*:Enabled:eSignal Data Manager -- (eSignal)
    "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03EA3D6E-D92B-11D0-892B-00A0C91827B3}" = eSignal
    "{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
    "{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
    "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "{1F5C9A13-6966-45F7-B39E-B9C3462535A7}" = ATI Catalyst Control Center
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{30E10267-3B27-42CC-B727-681DEBD30C4D}" = Clean Water Action TriMini Reminder by We-Care.com v5.0.3.2
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
    "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
    "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
    "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
    "{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
    "{46097540-46DC-4946-BA9F-1ACEBABAE7FB}_is1" = Super MP3 Splitter 1.5.0.1219
    "{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management
    "{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
    "{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
    "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}" = Sentinel System Driver
    "{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{AC60C8C1-855E-45AB-8D95-1D16F8A38E78}" = UGuide
    "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{BA7A3288-228D-4031-A93A-B5F6B3415E15}" = Misc
    "{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
    "{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
    "{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}" = AVIVO Codecs
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1CD25A0-5401-40B2-BAA9-E267408B16DF}" = Toolbox
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "ComcastToolbar" = Comcast Toolbar
    "ENTERPRISER" = Microsoft Office Enterprise 2007
    "Fibonacci Trader 4" = Fibonacci Trader 4
    "Fibonacci/Galactic Trader 4" = Fibonacci/Galactic Trader 4
    "HP Officejet Pro K550 Series" = HP Officejet Pro K550 Series
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
    "InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
    "Mozilla Thunderbird (3.1.16)" = Mozilla Thunderbird (3.1.16)
    "MP3 Splitter_is1" = MP3 Splitter
    "MSC" = McAfee Internet Security
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.5
    "News Rover" = News Rover -- Usenet newsreader
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "RealPlayer 15.0" = RealPlayer
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1072916345-2785684930-38884129-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/23/2011 9:14:31 AM | Computer Name = RAYMOND-DESKTOP | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 7.0.5730.11, faulting module
    mshtml.dll, version 7.0.5730.11, fault address 0x000a0986.

    Error - 11/26/2011 3:07:49 AM | Computer Name = RAYMOND-DESKTOP | Source = Application Error | ID = 1000
    Description = Faulting application newsrover.exe, version 16.2.0.0, faulting module
    newsrover.exe, version 16.2.0.0, fault address 0x00202003.

    Error - 11/26/2011 3:20:05 PM | Computer Name = RAYMOND-DESKTOP | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 7.0.5730.11, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 11/26/2011 3:20:05 PM | Computer Name = RAYMOND-DESKTOP | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 7.0.5730.11, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 11/27/2011 7:37:32 PM | Computer Name = RAYMOND-DESKTOP | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 7.0.5730.11, faulting module
    mshtml.dll, version 7.0.5730.11, fault address 0x0008a672.

    Error - 12/1/2011 12:10:51 AM | Computer Name = RAYMOND-DESKTOP | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 7.0.5730.11, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 12/2/2011 8:47:54 PM | Computer Name = RAYMOND-DESKTOP | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 7.0.5730.11, faulting module
    ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

    Error - 12/12/2011 11:57:57 PM | Computer Name = RAYMOND-DESKTOP | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module unknown, version 0.0.0.0, fault address 0x0074007b.

    Error - 12/15/2011 12:50:41 PM | Computer Name = RAYMOND-DESKTOP | Source = Application Error | ID = 1000
    Description = Faulting application _ex-68.exe, version 8.0.52140.33806, faulting
    module _ex-68.exe, version 8.0.52140.33806, fault address 0x0001f713.

    Error - 12/15/2011 12:51:51 PM | Computer Name = RAYMOND-DESKTOP | Source = Application Error | ID = 1000
    Description = Faulting application _ex-68.exe, version 8.0.52140.33806, faulting
    module _ex-68.exe, version 8.0.52140.33806, fault address 0x000af498.

    [ System Events ]
    Error - 12/19/2011 1:30:08 AM | Computer Name = RAYMOND-DESKTOP | Source = Service Control Manager | ID = 7000
    Description = The TCP/IP Protocol Driver service failed to start due to the following
    error: %%2

    Error - 12/19/2011 1:30:08 AM | Computer Name = RAYMOND-DESKTOP | Source = Service Control Manager | ID = 7001
    Description = The Network Location Awareness (NLA) service depends on the TCP/IP
    Protocol Driver service which failed to start because of the following error: %%2

    Error - 12/19/2011 1:30:08 AM | Computer Name = RAYMOND-DESKTOP | Source = Service Control Manager | ID = 7000
    Description = The TCP/IP Protocol Driver service failed to start due to the following
    error: %%2

    Error - 12/19/2011 1:30:08 AM | Computer Name = RAYMOND-DESKTOP | Source = Service Control Manager | ID = 7001
    Description = The Network Location Awareness (NLA) service depends on the TCP/IP
    Protocol Driver service which failed to start because of the following error: %%2

    Error - 12/19/2011 1:30:08 AM | Computer Name = RAYMOND-DESKTOP | Source = Service Control Manager | ID = 7000
    Description = The TCP/IP Protocol Driver service failed to start due to the following
    error: %%2

    Error - 12/19/2011 1:30:08 AM | Computer Name = RAYMOND-DESKTOP | Source = Service Control Manager | ID = 7001
    Description = The Network Location Awareness (NLA) service depends on the TCP/IP
    Protocol Driver service which failed to start because of the following error: %%2

    Error - 12/19/2011 1:30:11 AM | Computer Name = RAYMOND-DESKTOP | Source = Service Control Manager | ID = 7000
    Description = The TCP/IP Protocol Driver service failed to start due to the following
    error: %%2

    Error - 12/19/2011 1:30:11 AM | Computer Name = RAYMOND-DESKTOP | Source = Service Control Manager | ID = 7001
    Description = The Network Location Awareness (NLA) service depends on the TCP/IP
    Protocol Driver service which failed to start because of the following error: %%2

    Error - 12/19/2011 1:30:15 AM | Computer Name = RAYMOND-DESKTOP | Source = Service Control Manager | ID = 7000
    Description = The TCP/IP Protocol Driver service failed to start due to the following
    error: %%2

    Error - 12/19/2011 1:30:15 AM | Computer Name = RAYMOND-DESKTOP | Source = Service Control Manager | ID = 7001
    Description = The Network Location Awareness (NLA) service depends on the TCP/IP
    Protocol Driver service which failed to start because of the following error: %%2


    < End of report >

  7. #17
    Senior Member
    Join Date
    Oct 2009
    Posts
    100

    Default

    OTL log with script run.
    No Internet connnectivity regardless of re-cycling network system.

    Will run the next programs.

    All processes killed
    ========== PROCESSES ==========
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    An internal error occurred: The request is not supported.

    Please contact Microsoft Product Support Services for further help.
    Additional information: Unable to query host name.
    C:\Documents and Settings\Raymond Green\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Raymond Green\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32768 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 40354 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 78991 bytes
    ->Java cache emptied: 23361 bytes
    ->Flash cache emptied: 38662 bytes

    User: Raymond Green
    ->Temp folder emptied: 588831 bytes
    ->Temporary Internet Files folder emptied: 11939041 bytes
    ->Java cache emptied: 13322961 bytes
    ->Flash cache emptied: 790 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 25.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 12202011_212930

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

  8. #18
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Please download Farbar Service Scanner and run it on the computer with the issue.



    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #19
    Senior Member
    Join Date
    Oct 2009
    Posts
    100

    Default

    Below is the TDSSKiller log.
    Nothing malicious found.
    Re-booted, no internet connectivity.

    FixReg.reg hasn't been run.
    Do you want FixReg.reg run or go on to the latest directive?
    If you want FixReg.reg run, where do I go to download the file?

    22:01:31.0578 3868 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
    22:01:31.0593 3868 ============================================================
    22:01:31.0593 3868 Current date / time: 2011/12/20 22:01:31.0593
    22:01:31.0593 3868 SystemInfo:
    22:01:31.0593 3868
    22:01:31.0593 3868 OS Version: 5.1.2600 ServicePack: 2.0
    22:01:31.0593 3868 Product type: Workstation
    22:01:31.0593 3868 ComputerName: RAYMOND-DESKTOP
    22:01:31.0593 3868 UserName: Raymond Green
    22:01:31.0593 3868 Windows directory: C:\WINDOWS
    22:01:31.0593 3868 System windows directory: C:\WINDOWS
    22:01:31.0593 3868 Processor architecture: Intel x86
    22:01:31.0593 3868 Number of processors: 2
    22:01:31.0593 3868 Page size: 0x1000
    22:01:31.0593 3868 Boot type: Normal boot
    22:01:31.0593 3868 ============================================================
    22:01:32.0250 3868 Initialize success
    22:01:35.0015 1340 ============================================================
    22:01:35.0015 1340 Scan started
    22:01:35.0015 1340 Mode: Manual;
    22:01:35.0015 1340 ============================================================
    22:01:35.0625 1340 Abiosdsk - ok
    22:01:35.0640 1340 abp480n5 - ok
    22:01:35.0703 1340 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    22:01:35.0703 1340 ACPI - ok
    22:01:35.0796 1340 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    22:01:35.0796 1340 ACPIEC - ok
    22:01:35.0812 1340 adpu160m - ok
    22:01:35.0875 1340 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
    22:01:35.0875 1340 aec - ok
    22:01:35.0890 1340 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
    22:01:35.0890 1340 AFD - ok
    22:01:35.0890 1340 Aha154x - ok
    22:01:35.0906 1340 aic78u2 - ok
    22:01:35.0906 1340 aic78xx - ok
    22:01:35.0937 1340 AliIde - ok
    22:01:35.0937 1340 amsint - ok
    22:01:35.0984 1340 asc - ok
    22:01:36.0000 1340 asc3350p - ok
    22:01:36.0000 1340 asc3550 - ok
    22:01:36.0046 1340 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    22:01:36.0046 1340 AsyncMac - ok
    22:01:36.0062 1340 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
    22:01:36.0062 1340 atapi - ok
    22:01:36.0078 1340 Atdisk - ok
    22:01:36.0171 1340 ati2mtag (86a7a22f3670465ef575614e001159c0) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    22:01:36.0171 1340 ati2mtag - ok
    22:01:36.0203 1340 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    22:01:36.0203 1340 Atmarpc - ok
    22:01:36.0250 1340 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    22:01:36.0250 1340 audstub - ok
    22:01:36.0265 1340 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    22:01:36.0265 1340 Beep - ok
    22:01:36.0390 1340 catchme - ok
    22:01:36.0421 1340 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    22:01:36.0421 1340 cbidf2k - ok
    22:01:36.0421 1340 cd20xrnt - ok
    22:01:36.0453 1340 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    22:01:36.0453 1340 Cdaudio - ok
    22:01:36.0484 1340 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
    22:01:36.0484 1340 Cdfs - ok
    22:01:36.0515 1340 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    22:01:36.0515 1340 Cdrom - ok
    22:01:36.0562 1340 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\WINDOWS\system32\drivers\cfwids.sys
    22:01:36.0578 1340 cfwids - ok
    22:01:36.0578 1340 Changer - ok
    22:01:36.0609 1340 CmdIde - ok
    22:01:36.0656 1340 Cpqarray - ok
    22:01:36.0671 1340 dac2w2k - ok
    22:01:36.0687 1340 dac960nt - ok
    22:01:36.0750 1340 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
    22:01:36.0765 1340 Disk - ok
    22:01:36.0796 1340 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
    22:01:36.0796 1340 dmboot - ok
    22:01:36.0812 1340 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
    22:01:36.0812 1340 dmio - ok
    22:01:36.0828 1340 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    22:01:36.0828 1340 dmload - ok
    22:01:36.0859 1340 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    22:01:36.0859 1340 DMusic - ok
    22:01:36.0859 1340 dpti2o - ok
    22:01:36.0906 1340 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    22:01:36.0906 1340 drmkaud - ok
    22:01:36.0906 1340 eLock2BurnerLockDriver - ok
    22:01:36.0937 1340 eLock2FSCTLDriver - ok
    22:01:36.0953 1340 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
    22:01:36.0968 1340 Fastfat - ok
    22:01:37.0109 1340 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
    22:01:37.0125 1340 Fdc - ok
    22:01:37.0203 1340 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
    22:01:37.0203 1340 Fips - ok
    22:01:37.0234 1340 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    22:01:37.0234 1340 Flpydisk - ok
    22:01:37.0281 1340 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    22:01:37.0281 1340 FltMgr - ok
    22:01:37.0312 1340 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    22:01:37.0312 1340 Fs_Rec - ok
    22:01:37.0343 1340 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    22:01:37.0343 1340 Ftdisk - ok
    22:01:37.0375 1340 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    22:01:37.0375 1340 Gpc - ok
    22:01:37.0390 1340 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
    22:01:37.0406 1340 HdAudAddService - ok
    22:01:37.0437 1340 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    22:01:37.0437 1340 HDAudBus - ok
    22:01:37.0453 1340 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    22:01:37.0453 1340 hidusb - ok
    22:01:37.0468 1340 hpn - ok
    22:01:37.0500 1340 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
    22:01:37.0500 1340 HTTP - ok
    22:01:37.0515 1340 i2omgmt - ok
    22:01:37.0531 1340 i2omp - ok
    22:01:37.0562 1340 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    22:01:37.0562 1340 i8042prt - ok
    22:01:37.0609 1340 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    22:01:37.0671 1340 ialm - ok
    22:01:37.0703 1340 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
    22:01:37.0703 1340 Imapi - ok
    22:01:37.0718 1340 ini910u - ok
    22:01:37.0875 1340 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Acer\Empowering Technology\eRecovery\int15.sys
    22:01:37.0875 1340 int15.sys - ok
    22:01:37.0984 1340 IntcAzAudAddService (284bcb80391783d328a8d8163e97fd58) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    22:01:38.0000 1340 IntcAzAudAddService - ok
    22:01:38.0046 1340 IntelIde - ok
    22:01:38.0093 1340 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    22:01:38.0093 1340 intelppm - ok
    22:01:38.0140 1340 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    22:01:38.0140 1340 Ip6Fw - ok
    22:01:38.0171 1340 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    22:01:38.0171 1340 IpFilterDriver - ok
    22:01:38.0218 1340 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    22:01:38.0218 1340 IpInIp - ok
    22:01:38.0296 1340 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    22:01:38.0296 1340 IpNat - ok
    22:01:38.0328 1340 IPSec (ea66d9a13e73b54f7e9ae34a0d835114) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    22:01:38.0328 1340 IPSec - ok
    22:01:38.0375 1340 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
    22:01:38.0375 1340 IRENUM - ok
    22:01:38.0421 1340 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    22:01:38.0421 1340 isapnp - ok
    22:01:38.0468 1340 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    22:01:38.0468 1340 Kbdclass - ok
    22:01:38.0500 1340 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    22:01:38.0500 1340 kbdhid - ok
    22:01:38.0562 1340 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
    22:01:38.0562 1340 kmixer - ok
    22:01:38.0609 1340 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
    22:01:38.0609 1340 KSecDD - ok
    22:01:38.0625 1340 lbrtfdc - ok
    22:01:38.0718 1340 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\WINDOWS\system32\drivers\mfeapfk.sys
    22:01:38.0718 1340 mfeapfk - ok
    22:01:38.0750 1340 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys
    22:01:38.0750 1340 mfeavfk - ok
    22:01:38.0750 1340 mfeavfk01 - ok
    22:01:38.0765 1340 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys
    22:01:38.0781 1340 mfebopk - ok
    22:01:38.0828 1340 mfefirek (215666a8a85023ef019b510cbb67f678) C:\WINDOWS\system32\drivers\mfefirek.sys
    22:01:38.0843 1340 mfefirek - ok
    22:01:38.0875 1340 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys
    22:01:38.0875 1340 mfehidk - ok
    22:01:38.0921 1340 mfendisk (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
    22:01:38.0921 1340 mfendisk - ok
    22:01:38.0921 1340 mfendiskmp (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
    22:01:38.0921 1340 mfendiskmp - ok
    22:01:38.0968 1340 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\WINDOWS\system32\drivers\mferkdet.sys
    22:01:38.0968 1340 mferkdet - ok
    22:01:39.0031 1340 mfetdi2k (922e64ca38e38106498fb3435a8e399d) C:\WINDOWS\system32\drivers\mfetdi2k.sys
    22:01:39.0031 1340 mfetdi2k - ok
    22:01:39.0062 1340 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    22:01:39.0062 1340 mnmdd - ok
    22:01:39.0109 1340 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
    22:01:39.0109 1340 Modem - ok
    22:01:39.0171 1340 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    22:01:39.0171 1340 MODEMCSA - ok
    22:01:39.0218 1340 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    22:01:39.0234 1340 Mouclass - ok
    22:01:39.0265 1340 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    22:01:39.0265 1340 mouhid - ok
    22:01:39.0281 1340 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
    22:01:39.0296 1340 MountMgr - ok
    22:01:39.0343 1340 MPFP (bc2a92cff784555ed622f861cb34f2e6) C:\WINDOWS\system32\Drivers\Mpfp.sys
    22:01:39.0343 1340 MPFP - ok
    22:01:39.0359 1340 mraid35x - ok
    22:01:39.0375 1340 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    22:01:39.0375 1340 MRxDAV - ok
    22:01:39.0437 1340 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    22:01:39.0453 1340 MRxSmb - ok
    22:01:39.0468 1340 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
    22:01:39.0468 1340 Msfs - ok
    22:01:39.0484 1340 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    22:01:39.0484 1340 MSKSSRV - ok
    22:01:39.0500 1340 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    22:01:39.0500 1340 MSPCLOCK - ok
    22:01:39.0531 1340 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
    22:01:39.0531 1340 MSPQM - ok
    22:01:39.0562 1340 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    22:01:39.0562 1340 mssmbios - ok
    22:01:39.0578 1340 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
    22:01:39.0578 1340 Mup - ok
    22:01:39.0625 1340 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
    22:01:39.0625 1340 NDIS - ok
    22:01:39.0656 1340 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    22:01:39.0656 1340 NdisTapi - ok
    22:01:39.0687 1340 Ndisuio (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    22:01:39.0703 1340 Ndisuio - ok
    22:01:39.0734 1340 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    22:01:39.0734 1340 NdisWan - ok
    22:01:39.0781 1340 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
    22:01:39.0781 1340 NDProxy - ok
    22:01:39.0812 1340 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
    22:01:39.0812 1340 NetBIOS - ok
    22:01:39.0843 1340 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
    22:01:39.0843 1340 NetBT - ok
    22:01:39.0890 1340 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
    22:01:39.0890 1340 Npfs - ok
    22:01:39.0953 1340 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
    22:01:39.0968 1340 Ntfs - ok
    22:01:40.0000 1340 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
    22:01:40.0000 1340 NTIDrvr - ok
    22:01:40.0046 1340 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    22:01:40.0046 1340 Null - ok
    22:01:40.0093 1340 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    22:01:40.0093 1340 NwlnkFlt - ok
    22:01:40.0109 1340 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    22:01:40.0109 1340 NwlnkFwd - ok
    22:01:40.0140 1340 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
    22:01:40.0140 1340 Parport - ok
    22:01:40.0171 1340 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
    22:01:40.0171 1340 PartMgr - ok
    22:01:40.0203 1340 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    22:01:40.0203 1340 ParVdm - ok
    22:01:40.0250 1340 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
    22:01:40.0250 1340 PCI - ok
    22:01:40.0265 1340 PCIDump - ok
    22:01:40.0312 1340 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    22:01:40.0312 1340 PCIIde - ok
    22:01:40.0343 1340 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
    22:01:40.0343 1340 Pcmcia - ok
    22:01:40.0359 1340 PDCOMP - ok
    22:01:40.0390 1340 PDFRAME - ok
    22:01:40.0390 1340 PDRELI - ok
    22:01:40.0406 1340 PDRFRAME - ok
    22:01:40.0437 1340 perc2 - ok
    22:01:40.0453 1340 perc2hib - ok
    22:01:40.0531 1340 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys
    22:01:40.0531 1340 Point32 - ok
    22:01:40.0546 1340 PortRW (a7e67865db59e54801122077df8ade36) C:\WINDOWS\system32\Drivers\PortRW.sys
    22:01:40.0546 1340 PortRW - ok
    22:01:40.0593 1340 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    22:01:40.0593 1340 PptpMiniport - ok
    22:01:40.0656 1340 PQNTDrv (b26019a686d36e22f954e67c8fec4297) C:\WINDOWS\system32\drivers\PQNTDrv.sys
    22:01:40.0656 1340 PQNTDrv - ok
    22:01:40.0687 1340 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
    22:01:40.0687 1340 PSched - ok
    22:01:40.0765 1340 psdfilter (00b670d8a36c7134cfc66b446a18cc92) C:\WINDOWS\system32\Drivers\psdfilter.sys
    22:01:40.0765 1340 psdfilter - ok
    22:01:40.0796 1340 psdvdisk (e9a60343cb7c39090638b1dd574f26eb) C:\WINDOWS\system32\Drivers\psdvdisk.sys
    22:01:40.0796 1340 psdvdisk - ok
    22:01:40.0828 1340 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    22:01:40.0828 1340 Ptilink - ok
    22:01:40.0843 1340 ql1080 - ok
    22:01:40.0859 1340 Ql10wnt - ok
    22:01:40.0875 1340 ql12160 - ok
    22:01:40.0921 1340 ql1240 - ok
    22:01:40.0968 1340 ql1280 - ok
    22:01:41.0046 1340 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    22:01:41.0046 1340 RasAcd - ok
    22:01:41.0125 1340 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    22:01:41.0125 1340 Rasl2tp - ok
    22:01:41.0171 1340 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    22:01:41.0171 1340 RasPppoe - ok
    22:01:41.0234 1340 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    22:01:41.0234 1340 Raspti - ok
    22:01:41.0312 1340 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    22:01:41.0312 1340 Rdbss - ok
    22:01:41.0359 1340 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    22:01:41.0359 1340 RDPCDD - ok
    22:01:41.0406 1340 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    22:01:41.0406 1340 rdpdr - ok
    22:01:41.0468 1340 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
    22:01:41.0468 1340 RDPWD - ok
    22:01:41.0515 1340 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
    22:01:41.0515 1340 redbook - ok
    22:01:41.0593 1340 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    22:01:41.0593 1340 Secdrv - ok
    22:01:41.0671 1340 Sentinel (8627c992b8a80504fc477b2e8ff8ec4f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
    22:01:41.0671 1340 Sentinel - ok
    22:01:41.0703 1340 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
    22:01:41.0703 1340 serenum - ok
    22:01:41.0750 1340 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
    22:01:41.0750 1340 Serial - ok
    22:01:41.0812 1340 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
    22:01:41.0812 1340 Sfloppy - ok
    22:01:41.0828 1340 Simbad - ok
    22:01:41.0843 1340 SNTNLUSB (87f799c486302aceff098e067d481d9c) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
    22:01:41.0843 1340 SNTNLUSB - ok
    22:01:41.0859 1340 Sparrow - ok
    22:01:41.0921 1340 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
    22:01:41.0921 1340 splitter - ok
    22:01:41.0953 1340 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
    22:01:41.0984 1340 sr - ok
    22:01:42.0156 1340 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys
    22:01:42.0171 1340 Srv - ok
    22:01:42.0203 1340 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
    22:01:42.0203 1340 swenum - ok
    22:01:42.0250 1340 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
    22:01:42.0250 1340 swmidi - ok
    22:01:42.0265 1340 symc810 - ok
    22:01:42.0296 1340 symc8xx - ok
    22:01:42.0296 1340 sym_hi - ok
    22:01:42.0343 1340 sym_u3 - ok
    22:01:42.0375 1340 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
    22:01:42.0375 1340 sysaudio - ok
    22:01:42.0453 1340 Tcpip (1dbf125862891817f374f407626967f4) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    22:01:42.0453 1340 Tcpip - ok
    22:01:42.0484 1340 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
    22:01:42.0484 1340 TDPIPE - ok
    22:01:42.0515 1340 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
    22:01:42.0515 1340 TDTCP - ok
    22:01:42.0562 1340 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
    22:01:42.0562 1340 TermDD - ok
    22:01:42.0625 1340 TosIde - ok
    22:01:42.0640 1340 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
    22:01:42.0656 1340 UBHelper - ok
    22:01:42.0671 1340 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
    22:01:42.0687 1340 Udfs - ok
    22:01:42.0703 1340 ultra - ok
    22:01:42.0734 1340 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
    22:01:42.0734 1340 Update - ok
    22:01:42.0750 1340 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    22:01:42.0765 1340 usbccgp - ok
    22:01:42.0781 1340 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    22:01:42.0781 1340 usbehci - ok
    22:01:42.0812 1340 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    22:01:42.0812 1340 usbhub - ok
    22:01:42.0875 1340 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    22:01:42.0875 1340 usbprint - ok
    22:01:42.0921 1340 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    22:01:42.0921 1340 usbscan - ok
    22:01:42.0984 1340 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    22:01:42.0984 1340 USBSTOR - ok
    22:01:43.0000 1340 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    22:01:43.0000 1340 usbuhci - ok
    22:01:43.0031 1340 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
    22:01:43.0031 1340 VgaSave - ok
    22:01:43.0062 1340 ViaIde - ok
    22:01:43.0078 1340 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
    22:01:43.0078 1340 VolSnap - ok
    22:01:43.0109 1340 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    22:01:43.0109 1340 Wanarp - ok
    22:01:43.0125 1340 WDICA - ok
    22:01:43.0156 1340 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
    22:01:43.0156 1340 wdmaud - ok
    22:01:43.0218 1340 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    22:01:43.0218 1340 WudfPf - ok
    22:01:43.0234 1340 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    22:01:43.0234 1340 WudfRd - ok
    22:01:43.0343 1340 yukonwxp (ba6d2b32372a879aa817829c7cd2cb15) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
    22:01:43.0343 1340 yukonwxp - ok
    22:01:43.0359 1340 ZD1211BU(ZyDAS) - ok
    22:01:43.0359 1340 ZD1211U(ZyDAS) - ok
    22:01:43.0375 1340 ZDPSp50 - ok
    22:01:43.0406 1340 MBR (0x1B8) (99852d5c3a78447c3d6d82b6155fe848) \Device\Harddisk0\DR0
    22:01:44.0109 1340 \Device\Harddisk0\DR0 - ok
    22:01:44.0125 1340 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    22:01:44.0125 1340 \Device\Harddisk1\DR1 - ok
    22:01:44.0125 1340 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk2\DR8
    22:01:44.0140 1340 \Device\Harddisk2\DR8 - ok
    22:01:44.0156 1340 Boot (0x1200) (a82133b7861ed553500d80c4a338ae1f) \Device\Harddisk0\DR0\Partition0
    22:01:44.0156 1340 \Device\Harddisk0\DR0\Partition0 - ok
    22:01:44.0171 1340 Boot (0x1200) (b441ccaa50c9c029c17d9507399e97d7) \Device\Harddisk0\DR0\Partition1
    22:01:44.0171 1340 \Device\Harddisk0\DR0\Partition1 - ok
    22:01:44.0187 1340 Boot (0x1200) (a45ee1ddad76c4e8f8fef65712138336) \Device\Harddisk2\DR8\Partition0
    22:01:44.0187 1340 \Device\Harddisk2\DR8\Partition0 - ok
    22:01:44.0187 1340 ============================================================
    22:01:44.0187 1340 Scan finished
    22:01:44.0187 1340 ============================================================
    22:01:44.0203 1984 Detected object count: 0
    22:01:44.0203 1984 Actual detected object count: 0
    22:02:25.0046 3884 Deinitialize success

  10. #20
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Fixreg will be on your desktop after you save that code in Notepad, but before we run it let me ask you, do you have your windows CD ?

    So hang off on Fixreg for the moment and run Farbars tool, it may show what was removed that is hampering your internet access
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •