Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DDS scan does not produce a log file


  • This topic is locked This topic is locked
39 replies to this topic

#1 ihatebleepingviruses

ihatebleepingviruses

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 11 June 2012 - 09:47 PM

Hi,

I am running Windows XP SP3 and can't seem to fix a problem that is causing my browsers (FF, Chrome and IE) to use 100% CPU. Everything looks ok till you open a browser then the CPU usage goes up to 100% and does not go down even after a page is completely loaded. The computer becomes almost completely unusable while the browser is open (can't even type or get a response from the mouse without waiting several seconds to see any results of your input). Malwarebytes has been run extensively to no avail. I was able to solve a google redirect issue by disabling a IE add-on.

I have followed the Preparation guide up to running a DDS scan, but it does not complete the scan. It gets as far as telling me to post the log file to the forum as requested and begins displaying a series of #'s then stops and completely freezes the computer. The only way to recover is to power down.

Please help.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:26 AM

Posted 11 June 2012 - 09:51 PM

Hello, If you cannot get DDS to work, please try this instead.

Please download OTL by OldTimer and save it to your Desktop.
  • Close all other applications and windows so that you have nothing open.
  • Double click on the Posted Image icon on your desktop.

    Vista/Windows 7 users right-click and select Run As Administrator.
    If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • Under Output, ensure that Minimal Output is selected.
  • Click the "Scan All Users" checkbox.
    Leave the remaining selections to the default settings.
  • Click the Posted Image button.
  • Do not use the computer while the scan is in progress.
  • When the scan is complete, two log files will open in Notepad:
    • OTListIt.txt <- (will be maximized)
    • Extras.txt <- (will be minimized in the Task Bar).
  • Both logs are automatically saved to the Desktop.
  • Please copy and paste the contents of OTListIt.txt and Extras.txt in your next reply.
    If the Extras.txt log is too long, you may need to add a second reply to your thread or upload it as an attachment.
  • Click the red X in the upper right corner to exit OTL.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 ihatebleepingviruses

ihatebleepingviruses
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 11 June 2012 - 10:21 PM

The OTL scan seems to complete without any errors, but does not create anything but the attached file.

Attached Files

  • Attached File  OTL.Txt   67.93KB   3 downloads


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:26 AM

Posted 12 June 2012 - 06:32 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ihatebleepingviruses

ihatebleepingviruses
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 12 June 2012 - 12:51 PM

Hi Gringo,

Security Check ran fine and gave the results below. Combofix does not complete though. It starts scanning then freezes the computer. I let it run for over an hour (without clicking on the window it is running in as the instructions say) and still get no results.

Here are the results of Security Check:

Results of screen317's Security Check version 0.99.41
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Auslogics Registry Cleaner
Java 2 Runtime Environment, SE v1.4.2_03
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Flash Player 11.1.102.63
Adobe Reader X (10.1.3)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 1%
````````````````````End of Log``````````````````````


What should I try next?

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:26 AM

Posted 12 June 2012 - 01:03 PM

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ihatebleepingviruses

ihatebleepingviruses
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 12 June 2012 - 02:41 PM

That worked. Here is the output:

ComboFix 12-06-12.01 - FASULLO 06/12/2012 13:37:24.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.458 [GMT -5:00]
Running from: c:\documents and settings\FASULLO\Desktop\ComboFix.exe
Command switches used :: /nombr
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\82135416f4s7
c:\windows\system32\bszip.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-12 to 2012-06-12 )))))))))))))))))))))))))))))))
.
.
2012-06-12 03:05 . 2012-06-12 03:05 -------- d-----w- c:\documents and settings\FASULLO\Local Settings\Application Data\Temp
2012-06-02 03:48 . 2012-06-02 03:48 -------- d-----w- c:\documents and settings\FASULLO\Local Settings\Application Data\PCHealth
2012-06-02 02:42 . 2012-06-02 02:42 -------- d-----w- c:\windows\ie8updates
2012-06-01 19:53 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-06-01 19:53 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-06-01 19:53 . 2012-06-04 17:04 -------- d--h--w- c:\windows\$hf_mig$
2012-06-01 03:33 . 2008-04-14 12:42 146432 ------w- c:\windows\regedit.exe
2012-05-29 21:24 . 2012-05-29 21:24 -------- d-----w- c:\documents and settings\FASULLO\Application Data\Auslogics
2012-05-29 21:21 . 2012-05-29 21:31 -------- d-----w- c:\program files\Auslogics
2012-05-29 20:57 . 2012-05-29 20:58 -------- d-----w- c:\documents and settings\FASULLO\Local Settings\Application Data\Google
2012-05-29 20:46 . 2012-05-29 20:46 -------- d-----w- c:\program files\Common Files\xing shared
2012-05-26 00:12 . 2012-05-26 00:12 -------- d-----w- c:\windows\Downloaded Program Files
2012-05-25 23:41 . 2004-08-04 10:00 3374640 ----a-w- c:\windows\system32\dllcache\tourP.exe
2012-05-22 19:27 . 2012-05-22 19:27 -------- d-----w- c:\documents and settings\FASULLO\Application Data\RealNetworks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2004-08-10 17:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-04-04 20:56 . 2012-04-12 05:28 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-26 16:26 . 2011-05-19 03:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AROReminder"="c:\program files\Advanced Registry Optimizer\aro.exe" [2009-10-22 2132480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-10-26 98304]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2007-08-01 815104]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-05-29 296056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [N/A]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?]
S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200;c:\windows\System32\svchost.exe -k NetSvcs [8/10/2004 12:51 PM 14336]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [8/10/2004 12:51 PM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPHLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1854486727-825902985-2588729355-1006Core.job
- c:\documents and settings\FASULLO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-29 20:57]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1854486727-825902985-2588729355-1006UA.job
- c:\documents and settings\FASULLO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-29 20:57]
.
2012-06-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1854486727-825902985-2588729355-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 23:21]
.
2012-05-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1854486727-825902985-2588729355-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 23:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
TCP: DhcpNameServer = 205.152.132.23 205.152.144.23
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-12 14:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-06-12 14:27:24
ComboFix-quarantined-files.txt 2012-06-12 19:27
.
Pre-Run: 51,052,908,544 bytes free
Post-Run: 51,901,493,248 bytes free
.
- - End Of File - - DA3F6C45F4125467B118BD08F9B1BABE

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:26 AM

Posted 12 June 2012 - 09:42 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ihatebleepingviruses

ihatebleepingviruses
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 12 June 2012 - 10:08 PM

TDSSKiller does not run. Nothing happens when I doubleclick the icon on the desktop.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:26 AM

Posted 12 June 2012 - 10:14 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ihatebleepingviruses

ihatebleepingviruses
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 12 June 2012 - 11:41 PM

TDSS and aswMBR both worked.

TDSS:
22:21:38.0750 3392 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
22:21:39.0140 3392 ============================================================
22:21:39.0140 3392 Current date / time: 2012/06/12 22:21:39.0140
22:21:39.0140 3392 SystemInfo:
22:21:39.0140 3392
22:21:39.0140 3392 OS Version: 5.1.2600 ServicePack: 3.0
22:21:39.0140 3392 Product type: Workstation
22:21:39.0140 3392 ComputerName: DDNX0Q81
22:21:39.0140 3392 UserName: FASULLO
22:21:39.0140 3392 Windows directory: C:\WINDOWS
22:21:39.0140 3392 System windows directory: C:\WINDOWS
22:21:39.0140 3392 Processor architecture: Intel x86
22:21:39.0140 3392 Number of processors: 1
22:21:39.0140 3392 Page size: 0x1000
22:21:39.0140 3392 Boot type: Normal boot
22:21:39.0140 3392 ============================================================
22:21:40.0671 3392 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:21:40.0671 3392 ============================================================
22:21:40.0671 3392 \Device\Harddisk0\DR0:
22:21:40.0671 3392 MBR partitions:
22:21:40.0671 3392 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x8E2957F
22:21:40.0671 3392 ============================================================
22:21:40.0734 3392 C: <-> \Device\Harddisk0\DR0\Partition0
22:21:40.0734 3392 ============================================================
22:21:40.0734 3392 Initialize success
22:21:40.0734 3392 ============================================================
22:21:44.0484 1844 ============================================================
22:21:44.0484 1844 Scan started
22:21:44.0484 1844 Mode: Manual;
22:21:44.0484 1844 ============================================================
22:21:44.0937 1844 Abiosdsk - ok
22:21:44.0968 1844 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:21:44.0968 1844 abp480n5 - ok
22:21:45.0031 1844 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:21:45.0046 1844 ACPI - ok
22:21:45.0078 1844 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:21:45.0078 1844 ACPIEC - ok
22:21:45.0140 1844 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:21:45.0140 1844 adpu160m - ok
22:21:45.0187 1844 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:21:45.0187 1844 aec - ok
22:21:45.0250 1844 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:21:45.0250 1844 AegisP - ok
22:21:45.0296 1844 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:21:45.0312 1844 AFD - ok
22:21:45.0359 1844 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:21:45.0359 1844 agp440 - ok
22:21:45.0406 1844 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:21:45.0421 1844 agpCPQ - ok
22:21:45.0421 1844 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:21:45.0437 1844 Aha154x - ok
22:21:45.0453 1844 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:21:45.0453 1844 aic78u2 - ok
22:21:45.0468 1844 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:21:45.0484 1844 aic78xx - ok
22:21:45.0515 1844 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:21:45.0515 1844 Alerter - ok
22:21:45.0546 1844 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:21:45.0546 1844 ALG - ok
22:21:45.0593 1844 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:21:45.0593 1844 AliIde - ok
22:21:45.0609 1844 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:21:45.0609 1844 alim1541 - ok
22:21:45.0640 1844 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:21:45.0640 1844 amdagp - ok
22:21:45.0671 1844 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
22:21:45.0671 1844 amsint - ok
22:21:45.0687 1844 AppMgmt - ok
22:21:45.0718 1844 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
22:21:45.0718 1844 asc - ok
22:21:45.0734 1844 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:21:45.0734 1844 asc3350p - ok
22:21:45.0750 1844 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:21:45.0750 1844 asc3550 - ok
22:21:45.0765 1844 aspnet_state - ok
22:21:45.0843 1844 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:21:45.0843 1844 AsyncMac - ok
22:21:45.0875 1844 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:21:45.0875 1844 atapi - ok
22:21:45.0906 1844 Atdisk - ok
22:21:45.0937 1844 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:21:45.0937 1844 Atmarpc - ok
22:21:45.0984 1844 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:21:45.0984 1844 AudioSrv - ok
22:21:46.0031 1844 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:21:46.0046 1844 audstub - ok
22:21:47.0250 1844 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
22:21:47.0250 1844 BCM43XX - ok
22:21:47.0328 1844 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:21:47.0328 1844 Beep - ok
22:21:47.0375 1844 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:21:47.0421 1844 BITS - ok
22:21:47.0453 1844 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
22:21:47.0453 1844 BridgeMP - ok
22:21:47.0500 1844 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:21:47.0500 1844 Browser - ok
22:21:47.0515 1844 bvrp_pci - ok
22:21:47.0671 1844 catchme - ok
22:21:47.0718 1844 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:21:47.0718 1844 cbidf - ok
22:21:47.0734 1844 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:21:47.0734 1844 cbidf2k - ok
22:21:47.0796 1844 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:21:47.0796 1844 cd20xrnt - ok
22:21:47.0843 1844 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:21:47.0843 1844 Cdaudio - ok
22:21:47.0859 1844 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:21:47.0859 1844 Cdfs - ok
22:21:47.0921 1844 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:21:47.0921 1844 Cdrom - ok
22:21:47.0921 1844 Changer - ok
22:21:47.0968 1844 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:21:47.0968 1844 CiSvc - ok
22:21:48.0000 1844 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:21:48.0000 1844 ClipSrv - ok
22:21:48.0015 1844 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:21:48.0015 1844 CmdIde - ok
22:21:48.0031 1844 COMSysApp - ok
22:21:48.0093 1844 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:21:48.0093 1844 Cpqarray - ok
22:21:48.0125 1844 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:21:48.0140 1844 CryptSvc - ok
22:21:48.0187 1844 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:21:48.0187 1844 dac2w2k - ok
22:21:48.0218 1844 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:21:48.0218 1844 dac960nt - ok
22:21:48.0265 1844 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:21:48.0281 1844 DcomLaunch - ok
22:21:48.0343 1844 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:21:48.0343 1844 Dhcp - ok
22:21:48.0375 1844 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:21:48.0375 1844 Disk - ok
22:21:48.0375 1844 dmadmin - ok
22:21:48.0796 1844 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:21:48.0828 1844 dmboot - ok
22:21:48.0859 1844 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:21:48.0859 1844 dmio - ok
22:21:48.0890 1844 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:21:48.0890 1844 dmload - ok
22:21:48.0906 1844 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:21:48.0906 1844 dmserver - ok
22:21:48.0937 1844 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:21:48.0937 1844 DMusic - ok
22:21:49.0000 1844 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:21:49.0000 1844 Dnscache - ok
22:21:49.0062 1844 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:21:49.0062 1844 Dot3svc - ok
22:21:49.0109 1844 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:21:49.0109 1844 dpti2o - ok
22:21:49.0156 1844 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:21:49.0156 1844 drmkaud - ok
22:21:49.0203 1844 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:21:49.0218 1844 E100B - ok
22:21:49.0265 1844 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:21:49.0265 1844 EapHost - ok
22:21:49.0312 1844 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:21:49.0312 1844 ERSvc - ok
22:21:49.0375 1844 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:21:49.0375 1844 Eventlog - ok
22:21:49.0453 1844 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
22:21:49.0468 1844 EventSystem - ok
22:21:49.0484 1844 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:21:49.0484 1844 Fastfat - ok
22:21:49.0546 1844 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:21:49.0546 1844 FastUserSwitchingCompatibility - ok
22:21:49.0625 1844 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
22:21:49.0625 1844 Fax - ok
22:21:49.0687 1844 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:21:49.0687 1844 Fdc - ok
22:21:49.0703 1844 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:21:49.0703 1844 Fips - ok
22:21:49.0718 1844 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:21:49.0718 1844 Flpydisk - ok
22:21:49.0765 1844 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:21:49.0765 1844 FltMgr - ok
22:21:49.0796 1844 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:21:49.0796 1844 Fs_Rec - ok
22:21:49.0843 1844 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:21:49.0843 1844 Ftdisk - ok
22:21:49.0890 1844 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:21:49.0890 1844 Gpc - ok
22:21:49.0953 1844 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
22:21:49.0953 1844 GTNDIS5 - ok
22:21:50.0046 1844 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:21:50.0046 1844 helpsvc - ok
22:21:50.0078 1844 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
22:21:50.0078 1844 HidServ - ok
22:21:50.0125 1844 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:21:50.0125 1844 HidUsb - ok
22:21:50.0171 1844 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:21:50.0171 1844 hkmsvc - ok
22:21:50.0218 1844 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
22:21:50.0218 1844 hpn - ok
22:21:50.0265 1844 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:21:50.0281 1844 HTTP - ok
22:21:50.0328 1844 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:21:50.0328 1844 HTTPFilter - ok
22:21:50.0390 1844 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:21:50.0390 1844 i2omgmt - ok
22:21:50.0421 1844 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:21:50.0421 1844 i2omp - ok
22:21:50.0453 1844 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:21:50.0453 1844 i8042prt - ok
22:21:50.0562 1844 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:21:50.0609 1844 ialm - ok
22:21:51.0000 1844 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:21:51.0000 1844 Imapi - ok
22:21:51.0062 1844 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:21:51.0062 1844 ImapiService - ok
22:21:51.0125 1844 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:21:51.0125 1844 ini910u - ok
22:21:51.0218 1844 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
22:21:51.0218 1844 IntelC51 - ok
22:21:51.0281 1844 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
22:21:51.0296 1844 IntelC52 - ok
22:21:51.0312 1844 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
22:21:51.0312 1844 IntelC53 - ok
22:21:51.0359 1844 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:21:51.0359 1844 IntelIde - ok
22:21:51.0375 1844 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:21:51.0375 1844 intelppm - ok
22:21:51.0406 1844 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:21:51.0406 1844 Ip6Fw - ok
22:21:51.0453 1844 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:21:51.0453 1844 IpFilterDriver - ok
22:21:51.0453 1844 iphlpsvc - ok
22:21:51.0468 1844 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:21:51.0468 1844 IpInIp - ok
22:21:51.0500 1844 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:21:51.0515 1844 IpNat - ok
22:21:51.0546 1844 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:21:51.0562 1844 IPSec - ok
22:21:51.0593 1844 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:21:51.0593 1844 IRENUM - ok
22:21:51.0625 1844 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:21:51.0640 1844 isapnp - ok
22:21:51.0656 1844 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:21:51.0656 1844 Kbdclass - ok
22:21:51.0703 1844 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:21:51.0703 1844 kbdhid - ok
22:21:51.0765 1844 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:21:51.0781 1844 kmixer - ok
22:21:51.0843 1844 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:21:51.0843 1844 KSecDD - ok
22:21:51.0890 1844 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:21:51.0906 1844 lanmanserver - ok
22:21:51.0953 1844 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:21:51.0968 1844 lanmanworkstation - ok
22:21:51.0968 1844 lbrtfdc - ok
22:21:52.0046 1844 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:21:52.0046 1844 LmHosts - ok
22:21:52.0109 1844 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:21:52.0109 1844 mnmdd - ok
22:21:52.0156 1844 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
22:21:52.0156 1844 mnmsrvc - ok
22:21:52.0203 1844 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:21:52.0203 1844 Modem - ok
22:21:52.0265 1844 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:21:52.0265 1844 MODEMCSA - ok
22:21:52.0312 1844 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
22:21:52.0312 1844 mohfilt - ok
22:21:52.0359 1844 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:21:52.0359 1844 Mouclass - ok
22:21:52.0390 1844 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:21:52.0390 1844 mouhid - ok
22:21:52.0406 1844 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:21:52.0406 1844 MountMgr - ok
22:21:52.0453 1844 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:21:52.0453 1844 mraid35x - ok
22:21:52.0484 1844 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:21:52.0500 1844 MRxDAV - ok
22:21:52.0578 1844 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:21:52.0593 1844 MRxSmb - ok
22:21:52.0656 1844 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
22:21:52.0656 1844 MSDTC - ok
22:21:52.0703 1844 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:21:52.0703 1844 Msfs - ok
22:21:52.0718 1844 MSIServer - ok
22:21:52.0750 1844 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:21:52.0750 1844 MSKSSRV - ok
22:21:52.0781 1844 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:21:52.0781 1844 MSPCLOCK - ok
22:21:52.0796 1844 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:21:52.0796 1844 MSPQM - ok
22:21:52.0828 1844 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:21:52.0828 1844 mssmbios - ok
22:21:53.0281 1844 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:21:53.0281 1844 Mup - ok
22:21:53.0343 1844 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:21:53.0359 1844 napagent - ok
22:21:53.0406 1844 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:21:53.0421 1844 NDIS - ok
22:21:53.0484 1844 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:21:53.0484 1844 NdisTapi - ok
22:21:53.0546 1844 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:21:53.0562 1844 Ndisuio - ok
22:21:53.0562 1844 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:21:53.0578 1844 NdisWan - ok
22:21:53.0625 1844 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:21:53.0625 1844 NDProxy - ok
22:21:53.0687 1844 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:21:53.0687 1844 NetBIOS - ok
22:21:53.0734 1844 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:21:53.0750 1844 NetBT - ok
22:21:53.0812 1844 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:21:53.0812 1844 NetDDE - ok
22:21:53.0828 1844 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:21:53.0828 1844 NetDDEdsdm - ok
22:21:53.0875 1844 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:21:53.0890 1844 Netlogon - ok
22:21:53.0937 1844 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:21:53.0953 1844 Netman - ok
22:21:54.0109 1844 NetSvc (02d0798f376fcbd0210eda58476d0b1b) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
22:21:54.0109 1844 NetSvc - ok
22:21:54.0156 1844 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:21:54.0171 1844 Nla - ok
22:21:54.0234 1844 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:21:54.0234 1844 Npfs - ok
22:21:54.0281 1844 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:21:54.0296 1844 Ntfs - ok
22:21:54.0312 1844 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:21:54.0312 1844 NtLmSsp - ok
22:21:54.0359 1844 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:21:54.0375 1844 NtmsSvc - ok
22:21:54.0421 1844 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
22:21:54.0421 1844 NuidFltr - ok
22:21:54.0468 1844 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:21:54.0468 1844 Null - ok
22:21:54.0578 1844 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:21:54.0625 1844 nv - ok
22:21:54.0718 1844 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:21:54.0734 1844 NwlnkFlt - ok
22:21:54.0734 1844 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:21:54.0734 1844 NwlnkFwd - ok
22:21:54.0781 1844 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:21:54.0781 1844 Parport - ok
22:21:54.0796 1844 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:21:54.0796 1844 PartMgr - ok
22:21:54.0843 1844 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:21:54.0843 1844 ParVdm - ok
22:21:54.0859 1844 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:21:54.0859 1844 PCI - ok
22:21:54.0859 1844 PCIDump - ok
22:21:54.0953 1844 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:21:54.0953 1844 PCIIde - ok
22:21:54.0984 1844 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:21:55.0000 1844 Pcmcia - ok
22:21:55.0000 1844 PDCOMP - ok
22:21:55.0015 1844 PDFRAME - ok
22:21:55.0031 1844 PDRELI - ok
22:21:55.0031 1844 PDRFRAME - ok
22:21:55.0062 1844 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
22:21:55.0062 1844 perc2 - ok
22:21:55.0078 1844 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:21:55.0078 1844 perc2hib - ok
22:21:55.0140 1844 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:21:55.0140 1844 PlugPlay - ok
22:21:55.0546 1844 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:21:55.0546 1844 PolicyAgent - ok
22:21:55.0593 1844 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:21:55.0593 1844 PptpMiniport - ok
22:21:55.0609 1844 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:21:55.0609 1844 ProtectedStorage - ok
22:21:55.0625 1844 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:21:55.0625 1844 PSched - ok
22:21:55.0656 1844 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:21:55.0656 1844 Ptilink - ok
22:21:55.0703 1844 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:21:55.0703 1844 PxHelp20 - ok
22:21:55.0734 1844 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:21:55.0734 1844 ql1080 - ok
22:21:55.0796 1844 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:21:55.0796 1844 Ql10wnt - ok
22:21:55.0828 1844 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:21:55.0828 1844 ql12160 - ok
22:21:55.0859 1844 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:21:55.0859 1844 ql1240 - ok
22:21:55.0875 1844 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:21:55.0875 1844 ql1280 - ok
22:21:55.0921 1844 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:21:55.0921 1844 RasAcd - ok
22:21:55.0953 1844 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:21:55.0968 1844 RasAuto - ok
22:21:56.0000 1844 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:21:56.0000 1844 Rasl2tp - ok
22:21:56.0046 1844 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:21:56.0062 1844 RasMan - ok
22:21:56.0093 1844 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:21:56.0093 1844 RasPppoe - ok
22:21:56.0109 1844 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:21:56.0109 1844 Raspti - ok
22:21:56.0125 1844 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:21:56.0140 1844 Rdbss - ok
22:21:56.0203 1844 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:21:56.0203 1844 RDPCDD - ok
22:21:56.0265 1844 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:21:56.0265 1844 rdpdr - ok
22:21:56.0312 1844 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:21:56.0328 1844 RDPWD - ok
22:21:56.0375 1844 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:21:56.0390 1844 RDSessMgr - ok
22:21:56.0421 1844 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:21:56.0421 1844 redbook - ok
22:21:56.0468 1844 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:21:56.0468 1844 RemoteAccess - ok
22:21:56.0515 1844 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
22:21:56.0515 1844 RpcLocator - ok
22:21:56.0578 1844 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
22:21:56.0593 1844 RpcSs - ok
22:21:56.0640 1844 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:21:56.0640 1844 RSVP - ok
22:21:56.0734 1844 SABProcEnum - ok
22:21:56.0781 1844 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:21:56.0781 1844 SamSs - ok
22:21:56.0843 1844 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:21:56.0859 1844 SCardSvr - ok
22:21:56.0906 1844 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:21:56.0921 1844 Schedule - ok
22:21:56.0968 1844 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:21:56.0968 1844 Secdrv - ok
22:21:57.0015 1844 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:21:57.0015 1844 seclogon - ok
22:21:57.0093 1844 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
22:21:57.0125 1844 senfilt - ok
22:21:57.0187 1844 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:21:57.0187 1844 SENS - ok
22:21:57.0203 1844 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:21:57.0203 1844 serenum - ok
22:21:57.0234 1844 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:21:57.0250 1844 Serial - ok
22:21:57.0265 1844 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:21:57.0265 1844 Sfloppy - ok
22:21:57.0328 1844 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:21:57.0343 1844 SharedAccess - ok
22:21:57.0375 1844 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:21:57.0375 1844 ShellHWDetection - ok
22:21:57.0390 1844 Simbad - ok
22:21:57.0796 1844 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:21:57.0796 1844 sisagp - ok
22:21:57.0843 1844 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
22:21:57.0859 1844 smwdm - ok
22:21:57.0906 1844 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:21:57.0906 1844 Sparrow - ok
22:21:57.0937 1844 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:21:57.0937 1844 splitter - ok
22:21:58.0000 1844 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:21:58.0000 1844 Spooler - ok
22:21:58.0062 1844 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:21:58.0062 1844 sr - ok
22:21:58.0109 1844 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:21:58.0125 1844 srservice - ok
22:21:58.0203 1844 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:21:58.0218 1844 Srv - ok
22:21:58.0281 1844 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:21:58.0281 1844 SSDPSRV - ok
22:21:58.0296 1844 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:21:58.0328 1844 stisvc - ok
22:21:58.0343 1844 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:21:58.0343 1844 swenum - ok
22:21:58.0390 1844 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:21:58.0406 1844 swmidi - ok
22:21:58.0406 1844 SwPrv - ok
22:21:58.0453 1844 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
22:21:58.0453 1844 symc810 - ok
22:21:58.0468 1844 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:21:58.0468 1844 symc8xx - ok
22:21:58.0484 1844 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:21:58.0484 1844 sym_hi - ok
22:21:58.0500 1844 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:21:58.0500 1844 sym_u3 - ok
22:21:58.0531 1844 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:21:58.0531 1844 sysaudio - ok
22:21:58.0593 1844 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:21:58.0593 1844 SysmonLog - ok
22:21:58.0656 1844 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:21:58.0671 1844 TapiSrv - ok
22:21:58.0734 1844 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:21:58.0765 1844 Tcpip - ok
22:21:58.0796 1844 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:21:58.0796 1844 TDPIPE - ok
22:21:58.0812 1844 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:21:58.0828 1844 TDTCP - ok
22:21:58.0828 1844 tdx - ok
22:21:58.0859 1844 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:21:58.0859 1844 TermDD - ok
22:21:58.0921 1844 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:21:58.0937 1844 TermService - ok
22:21:58.0984 1844 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:21:58.0984 1844 Themes - ok
22:21:59.0031 1844 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
22:21:59.0031 1844 TosIde - ok
22:21:59.0078 1844 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:21:59.0078 1844 TrkWks - ok
22:21:59.0125 1844 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:21:59.0125 1844 Udfs - ok
22:21:59.0140 1844 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
22:21:59.0140 1844 ultra - ok
22:21:59.0187 1844 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
22:21:59.0187 1844 UMWdf - ok
22:21:59.0265 1844 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:21:59.0281 1844 Update - ok
22:21:59.0328 1844 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:21:59.0343 1844 upnphost - ok
22:21:59.0375 1844 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:21:59.0375 1844 UPS - ok
22:21:59.0421 1844 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:21:59.0421 1844 usbccgp - ok
22:21:59.0437 1844 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:21:59.0437 1844 usbehci - ok
22:21:59.0484 1844 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:21:59.0500 1844 usbhub - ok
22:21:59.0531 1844 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:21:59.0531 1844 usbscan - ok
22:21:59.0578 1844 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:21:59.0578 1844 USBSTOR - ok
22:21:59.0609 1844 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:21:59.0609 1844 usbuhci - ok
22:21:59.0640 1844 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:21:59.0640 1844 VgaSave - ok
22:22:00.0046 1844 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:22:00.0046 1844 viaagp - ok
22:22:00.0062 1844 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:22:00.0062 1844 ViaIde - ok
22:22:00.0109 1844 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:22:00.0109 1844 VolSnap - ok
22:22:00.0171 1844 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:22:00.0187 1844 VSS - ok
22:22:00.0234 1844 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:22:00.0250 1844 w32time - ok
22:22:00.0265 1844 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:22:00.0265 1844 Wanarp - ok
22:22:00.0281 1844 wanatw - ok
22:22:00.0375 1844 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:22:00.0375 1844 Wdf01000 - ok
22:22:00.0390 1844 WDICA - ok
22:22:00.0406 1844 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:22:00.0406 1844 wdmaud - ok
22:22:00.0500 1844 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:22:00.0500 1844 WebClient - ok
22:22:00.0562 1844 WinDefend - ok
22:22:00.0578 1844 WinHttpAutoProxySvc - ok
22:22:00.0687 1844 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:22:00.0687 1844 winmgmt - ok
22:22:00.0750 1844 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
22:22:00.0750 1844 WmdmPmSN - ok
22:22:00.0796 1844 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:22:00.0796 1844 WmiApSrv - ok
22:22:00.0890 1844 WMP54GSSVC (e8c30ef9bbc6ddb71f0f77fa3a96515f) C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
22:22:00.0906 1844 WMP54GSSVC - ok
22:22:00.0953 1844 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:22:00.0953 1844 WS2IFSL - ok
22:22:01.0000 1844 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:22:01.0000 1844 wscsvc - ok
22:22:01.0046 1844 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:22:01.0078 1844 wuauserv - ok
22:22:01.0125 1844 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:22:01.0140 1844 WZCSVC - ok
22:22:01.0203 1844 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:22:01.0218 1844 xmlprov - ok
22:22:01.0265 1844 MBR (0x1B8) (a03e065717cb65f3034ad33ad58b6bba) \Device\Harddisk0\DR0
22:22:01.0718 1844 \Device\Harddisk0\DR0 - ok
22:22:01.0734 1844 Boot (0x1200) (ef58f94dbdcef41316abbfa9968d6e8b) \Device\Harddisk0\DR0\Partition0
22:22:01.0734 1844 \Device\Harddisk0\DR0\Partition0 - ok
22:22:01.0734 1844 ============================================================
22:22:01.0734 1844 Scan finished
22:22:01.0734 1844 ============================================================
22:22:01.0750 0352 Detected object count: 0
22:22:01.0750 0352 Actual detected object count: 0


aswMBR:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-12 22:23:10
-----------------------------
22:23:10.515 OS Version: Windows 5.1.2600 Service Pack 3
22:23:10.515 Number of processors: 1 586 0x401
22:23:10.515 ComputerName: DDNX0Q81 UserName: FASULLO
22:23:10.765 Initialize success
22:24:57.531 AVAST engine defs: 12061201
22:25:21.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:25:21.031 Disk 0 Vendor: ST380011A 8.16 Size: 76293MB BusType: 3
22:25:21.046 Disk 0 MBR read successfully
22:25:21.046 Disk 0 MBR scan
22:25:21.109 Disk 0 unknown MBR code
22:25:21.203 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 31 MB offset 63
22:25:21.218 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 72786 MB offset 64260
22:25:21.281 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3467 MB offset 149131395
22:25:21.281 Disk 0 scanning sectors +156249984
22:25:23.421 Disk 0 scanning C:\WINDOWS\system32\drivers
22:25:38.265 Service scanning
22:26:10.750 Modules scanning
22:26:26.937 Disk 0 trace - called modules:
22:26:26.953 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
22:26:26.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f66ab8]
22:26:26.953 3 CLASSPNP.SYS[f7697fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f8fd98]
22:26:27.312 AVAST engine scan C:\WINDOWS
22:26:31.625 AVAST engine scan C:\WINDOWS\system32
22:28:46.046 AVAST engine scan C:\WINDOWS\system32\drivers
22:29:06.093 AVAST engine scan C:\Documents and Settings\FASULLO
22:48:26.828 AVAST engine scan C:\Documents and Settings\All Users
22:49:13.968 Scan finished successfully
23:35:00.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\FASULLO\Desktop\MBR.dat"
23:35:00.000 The log file has been saved successfully to "C:\Documents and Settings\FASULLO\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:26 AM

Posted 13 June 2012 - 01:06 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ihatebleepingviruses

ihatebleepingviruses
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 13 June 2012 - 08:50 AM

Here are the results you asked for:

OTL logfile created on: 6/13/2012 8:42:06 AM - Run 6
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\FASULLO\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 661.27 Mb Available Physical Memory | 64.70% Memory free
2.41 Gb Paging File | 2.20 Gb Available in Paging File | 91.43% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.08 Gb Total Space | 48.13 Gb Free Space | 67.72% Space Free | Partition Type: NTFS

Computer Name: DDNX0Q81 | User Name: FASULLO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\FASULLO\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\Security.dll ()
MOD - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\ses_cl.dll ()
MOD - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
MOD - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\ez54g.dll ()
MOD - C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
MOD - C:\WINDOWS\system32\GTW32N50.dll ()
MOD - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\GEMWEP.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (WMP54GSSVC) -- C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe WMP54GSv1_1.exe File not found
SRV - (WinDefend) -- %ProgramFiles%\Windows Defender\mpsvc.dll File not found
SRV - (iphlpsvc) -- %SystemRoot%\System32\iphlpsvc.dll File not found
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (NetDDEdsdm) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)
SRV - (NetDDE) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)
SRV - (TermService) -- C:\WINDOWS\system32\termsrv.dll (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\WINDOWS\system32\mprdim.dll (Microsoft Corporation)
SRV - (Alerter) -- C:\WINDOWS\system32\alrsvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (wanatw) WAN Miniport (ATW) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (tdx) -- system32\DRIVERS\tdx.sys File not found
DRV - (SABProcEnum) -- C:\Program Files\Internet Explorer\SABProcEnum.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\FASULLO\LOCALS~1\Temp\catchme.sys File not found
DRV - (bvrp_pci) -- File not found
DRV - (aswMBR) -- C:\DOCUME~1\FASULLO\LOCALS~1\Temp\aswMBR.sys File not found
DRV - (dmboot) -- C:\WINDOWS\system32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)
DRV - (dmio) -- C:\WINDOWS\system32\drivers\dmio.sys (Microsoft Corp., Veritas Software)
DRV - (i2omp) -- C:\WINDOWS\system32\drivers\i2omp.sys (Microsoft Corporation)
DRV - (ViaIde) -- C:\WINDOWS\system32\drivers\viaide.sys (Microsoft Corporation)
DRV - (Pcmcia) -- C:\WINDOWS\System32\drivers\pcmcia.sys (Microsoft Corporation)
DRV - (viaagp) -- C:\WINDOWS\system32\drivers\viaagp.sys (Microsoft Corporation)
DRV - (agpCPQ) -- C:\WINDOWS\system32\drivers\agpcpq.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\drivers\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\drivers\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (alim1541) -- C:\WINDOWS\system32\drivers\alim1541.sys (Microsoft Corporation)
DRV - (agp440) -- C:\WINDOWS\system32\drivers\agp440.sys (Microsoft Corporation)
DRV - (Udfs) -- C:\WINDOWS\System32\drivers\udfs.sys (Microsoft Corporation)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\bcmwl5.sys (Broadcom Corporation)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (ACPIEC) -- C:\WINDOWS\System32\drivers\acpiec.sys (Microsoft Corporation)
DRV - (ParVdm) -- C:\WINDOWS\System32\drivers\parvdm.sys (Microsoft Corporation)
DRV - (dmload) -- C:\WINDOWS\system32\drivers\dmload.sys (Microsoft Corp., Veritas Software.)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (hpn) -- C:\WINDOWS\system32\drivers\hpn.sys (Microsoft Corporation)
DRV - (dpti2o) -- C:\WINDOWS\system32\drivers\dpti2o.sys (Microsoft Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\drivers\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (perc2hib) -- C:\WINDOWS\system32\drivers\perc2hib.sys (Microsoft Corporation)
DRV - (sym_hi) -- C:\WINDOWS\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (perc2) -- C:\WINDOWS\system32\drivers\perc2.sys (Microsoft Corporation)
DRV - (aic78xx) -- C:\WINDOWS\system32\drivers\aic78xx.sys (Microsoft Corporation)
DRV - (aic78u2) -- C:\WINDOWS\system32\drivers\aic78u2.sys (Microsoft Corporation)
DRV - (symc8xx) -- C:\WINDOWS\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\drivers\symc810.sys (Symbios Logic Inc.)
DRV - (adpu160m) -- C:\WINDOWS\system32\drivers\adpu160m.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\drivers\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\drivers\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\drivers\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\drivers\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\drivers\dac2w2k.sys (Mylex Corporation)
DRV - (ql1240) -- C:\WINDOWS\system32\drivers\ql1240.sys (Microsoft Corporation)
DRV - (Ql10wnt) -- C:\WINDOWS\system32\drivers\ql10wnt.sys (Microsoft Corporation)
DRV - (dac960nt) -- C:\WINDOWS\system32\drivers\dac960nt.sys (Microsoft Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\drivers\mraid35x.sys (American Megatrends Inc.)
DRV - (ini910u) -- C:\WINDOWS\system32\drivers\ini910u.sys (Microsoft Corporation)
DRV - (cbidf2k) -- C:\WINDOWS\System32\drivers\cbidf2k.sys (Microsoft Corporation)
DRV - (cbidf) -- C:\WINDOWS\system32\drivers\cbidf2k.sys (Microsoft Corporation)
DRV - (Cpqarray) -- C:\WINDOWS\system32\drivers\cpqarray.sys (Microsoft Corporation)
DRV - (cd20xrnt) -- C:\WINDOWS\system32\drivers\cd20xrnt.sys (Microsoft Corporation)
DRV - (asc3350p) -- C:\WINDOWS\system32\drivers\asc3350p.sys (Microsoft Corporation)
DRV - (amsint) -- C:\WINDOWS\system32\drivers\amsint.sys (Microsoft Corporation)
DRV - (Aha154x) -- C:\WINDOWS\system32\drivers\aha154x.sys (Microsoft Corporation)
DRV - (asc) -- C:\WINDOWS\system32\drivers\asc.sys (Advanced System Products, Inc.)
DRV - (abp480n5) -- C:\WINDOWS\system32\drivers\ABP480N5.SYS (Microsoft Corporation)
DRV - (asc3550) -- C:\WINDOWS\system32\drivers\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (TosIde) -- C:\WINDOWS\system32\drivers\toside.sys (Microsoft Corporation)
DRV - (CmdIde) -- C:\WINDOWS\system32\drivers\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1854486727-825902985-2588729355-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1854486727-825902985-2588729355-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1854486727-825902985-2588729355-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1854486727-825902985-2588729355-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\FASULLO\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\FASULLO\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\FASULLO\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/29 15:45:59 | 000,000,000 | ---D | M]

[2011/03/08 22:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\FASULLO\Application Data\Mozilla\Extensions
[2012/05/01 20:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\FASULLO\Application Data\Mozilla\Firefox\Profiles\ou65tbl7.default\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\FASULLO\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\FASULLO\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\FASULLO\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\FASULLO\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\FASULLO\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Documents and Settings\FASULLO\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\FASULLO\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\FASULLO\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\FASULLO\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/12 14:11:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1854486727-825902985-2588729355-1006..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe (Sammsoft)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1854486727-825902985-2588729355-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1854486727-825902985-2588729355-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1854486727-825902985-2588729355-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1854486727-825902985-2588729355-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1854486727-825902985-2588729355-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - Reg Error: Value error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.152.132.23 205.152.144.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4674B5EF-F22E-4EDA-A8F3-8849D8260ADE}: DhcpNameServer = 205.152.132.23 205.152.144.23
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\FASULLO\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\FASULLO\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/13 08:40:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/12 22:18:49 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\FASULLO\Desktop\FixTDSS.exe
[2012/06/12 21:57:38 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\FASULLO\Desktop\tdsskiller.exe
[2012/06/12 14:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/06/12 13:54:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Talisman Online
[2012/06/12 13:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2012/06/12 11:29:05 | 004,556,029 | R--- | C] (Swearware) -- C:\Documents and Settings\FASULLO\Desktop\ComboFix.exe
[2012/06/11 22:05:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FASULLO\Local Settings\Application Data\Temp
[2012/06/11 19:41:06 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\FASULLO\Desktop\aswMBR.exe
[2012/06/07 21:52:26 | 054,476,696 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\FASULLO\My Documents\AdbeRdr1013_en_US.exe
[2012/06/02 01:48:20 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\FASULLO\Desktop\OTL.exe
[2012/06/02 01:03:37 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\FASULLO\Desktop\dds.scr
[2012/06/01 22:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FASULLO\Local Settings\Application Data\PCHealth
[2012/06/01 21:42:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/06/01 14:53:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012/05/31 22:50:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/05/31 20:25:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/31 20:25:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/31 20:25:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/31 20:25:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/31 20:23:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/05/31 20:21:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/31 20:21:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\FASULLO\Start Menu\Programs\Administrative Tools
[2012/05/29 16:24:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FASULLO\Application Data\Auslogics
[2012/05/29 16:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2012/05/29 16:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2012/05/29 15:58:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FASULLO\Start Menu\Programs\Google Chrome
[2012/05/29 15:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FASULLO\Local Settings\Application Data\Google
[2012/05/29 15:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/05/29 15:45:51 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2012/05/29 15:45:42 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2012/05/29 15:45:42 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2012/05/29 15:45:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
[2012/05/25 19:12:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Program Files
[2012/05/25 18:43:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2012/05/25 18:41:37 | 003,374,640 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\dllcache\tourP.exe
[2012/05/25 18:41:28 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\script.fon
[2012/05/22 14:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FASULLO\Application Data\RealNetworks
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/13 08:02:01 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1854486727-825902985-2588729355-1006UA.job
[2012/06/12 23:35:00 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\FASULLO\Desktop\MBR.dat
[2012/06/12 22:20:32 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1854486727-825902985-2588729355-1006.job
[2012/06/12 22:20:29 | 000,001,332 | ---- | M] () -- C:\Documents and Settings\FASULLO\Desktop\Clean Registry for Free!.lnk
[2012/06/12 22:20:21 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/12 22:17:40 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\FASULLO\Desktop\FixTDSS.exe
[2012/06/12 21:53:38 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\FASULLO\Desktop\tdsskiller.exe
[2012/06/12 18:30:56 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/12 18:30:56 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/12 16:02:01 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1854486727-825902985-2588729355-1006Core.job
[2012/06/12 15:43:01 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1854486727-825902985-2588729355-1006.job
[2012/06/12 14:11:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/12 11:22:42 | 004,556,029 | R--- | M] (Swearware) -- C:\Documents and Settings\FASULLO\Desktop\ComboFix.exe
[2012/06/12 11:22:04 | 000,853,862 | ---- | M] () -- C:\Documents and Settings\FASULLO\Desktop\SecurityCheck.exe
[2012/06/11 21:05:35 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\FASULLO\Desktop\Google Chrome.lnk
[2012/06/11 19:36:58 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\FASULLO\Desktop\aswMBR.exe
[2012/06/11 19:35:48 | 001,012,656 | ---- | M] () -- C:\Documents and Settings\FASULLO\Desktop\rkill.scr
[2012/06/11 19:35:20 | 001,012,656 | ---- | M] () -- C:\Documents and Settings\FASULLO\Desktop\rkill.com
[2012/06/11 19:34:54 | 001,012,656 | ---- | M] () -- C:\Documents and Settings\FASULLO\Desktop\rkill.exe
[2012/06/11 17:59:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/07 21:56:01 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/06/07 21:52:26 | 054,476,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\FASULLO\My Documents\AdbeRdr1013_en_US.exe
[2012/06/07 21:16:49 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\FASULLO\Desktop\Notepad.lnk
[2012/06/02 02:36:14 | 011,968,874 | ---- | M] () -- C:\Documents and Settings\FASULLO\Desktop\gmer.bmp
[2012/06/02 01:41:23 | 000,127,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/02 01:38:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FASULLO\Desktop\OTL.exe
[2012/06/02 01:04:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\FASULLO\defogger_reenable
[2012/06/02 00:55:02 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\FASULLO\Desktop\8egyti0z.exe
[2012/06/02 00:54:12 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\FASULLO\Desktop\dds.scr
[2012/06/02 00:52:50 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\FASULLO\Desktop\Defogger.exe
[2012/05/31 22:51:09 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/05/31 08:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/29 16:31:05 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\FASULLO\Desktop\Auslogics Registry Defrag.lnk
[2012/05/29 16:26:33 | 000,195,021 | ---- | M] () -- C:\Documents and Settings\FASULLO\My Documents\Auslogics Registry Cleaner Report 05-29-12.htm
[2012/05/29 16:21:49 | 000,000,934 | ---- | M] () -- C:\Documents and Settings\FASULLO\Desktop\Auslogics Registry Cleaner.lnk
[2012/05/29 16:02:10 | 000,002,768 | ---- | M] () -- C:\Documents and Settings\FASULLO\Desktop\Yahoo!.lnk
[2012/05/29 15:46:22 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/05/29 15:45:51 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2012/05/29 15:45:42 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2012/05/29 15:45:42 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2012/05/29 15:45:41 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/05/29 13:44:08 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\FASULLO\Desktop\Windows Explorer.lnk
[2012/05/25 18:42:43 | 000,000,061 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2012/05/18 22:40:43 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\FASULLO\My Documents\spider.sav
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/12 23:35:00 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\FASULLO\Desktop\MBR.dat
[2012/06/12 13:54:05 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2012/06/12 13:53:56 | 000,001,907 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Musicmatch Jukebox.lnk
[2012/06/12 13:53:55 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/12 13:53:54 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk
[2012/06/12 13:53:53 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\FASULLO\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk
[2012/06/12 13:53:52 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\FASULLO\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/12 11:28:54 | 000,853,862 | ---- | C] () -- C:\Documents and Settings\FASULLO\Desktop\SecurityCheck.exe
[2012/06/11 20:09:48 | 1071,697,920 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/11 19:41:06 | 001,012,656 | ---- | C] () -- C:\Documents and Settings\FASULLO\Desktop\rkill.scr
[2012/06/11 19:41:06 | 001,012,656 | ---- | C] () -- C:\Documents and Settings\FASULLO\Desktop\rkill.exe
[2012/06/11 19:41:06 | 001,012,656 | ---- | C] () -- C:\Documents and Settings\FASULLO\Desktop\rkill.com
[2012/06/07 21:56:01 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/06/07 21:56:01 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/06/02 02:36:12 | 011,968,874 | ---- | C] () -- C:\Documents and Settings\FASULLO\Desktop\gmer.bmp
[2012/06/02 02:19:13 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\FASULLO\Desktop\gmer.exe
[2012/06/02 01:04:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\FASULLO\defogger_reenable
[2012/06/02 01:03:34 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\FASULLO\Desktop\Defogger.exe
[2012/06/02 01:03:30 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\FASULLO\Desktop\8egyti0z.exe
[2012/06/01 14:53:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/06/01 14:53:18 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/05/31 22:51:07 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/05/31 22:50:53 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/05/31 20:25:46 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/31 20:25:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/31 20:25:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/31 20:25:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/31 20:25:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/29 16:31:05 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\FASULLO\Desktop\Auslogics Registry Defrag.lnk
[2012/05/29 16:26:33 | 000,195,021 | ---- | C] () -- C:\Documents and Settings\FASULLO\My Documents\Auslogics Registry Cleaner Report 05-29-12.htm
[2012/05/29 16:21:49 | 000,000,934 | ---- | C] () -- C:\Documents and Settings\FASULLO\Desktop\Auslogics Registry Cleaner.lnk
[2012/05/29 16:07:44 | 000,002,300 | ---- | C] () -- C:\Documents and Settings\FASULLO\Desktop\Google Chrome.lnk
[2012/05/29 16:02:10 | 000,002,768 | ---- | C] () -- C:\Documents and Settings\FASULLO\Desktop\Yahoo!.lnk
[2012/05/29 15:57:29 | 000,000,986 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1854486727-825902985-2588729355-1006UA.job
[2012/05/29 15:57:29 | 000,000,934 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1854486727-825902985-2588729355-1006Core.job
[2012/05/29 15:46:22 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/05/25 18:42:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2012/05/18 22:40:43 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\FASULLO\My Documents\spider.sav
[2012/04/11 15:57:06 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-bHUWvot06BEeIgr
[2012/04/11 15:57:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-bHUWvot06BEeIg
[2012/04/11 15:56:54 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bHUWvot06BEeIg
[2012/02/23 20:17:52 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2012/02/23 20:17:52 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2011/12/25 17:06:58 | 000,015,326 | -HS- | C] () -- C:\Documents and Settings\FASULLO\Local Settings\Application Data\82135416f4s7
[2011/03/12 01:36:31 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2170W.DAT
[2011/03/12 01:36:29 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2011/03/08 20:42:07 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2011/03/08 20:41:55 | 000,004,254 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2011/03/06 22:24:18 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\FASULLO\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/05 18:41:12 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\0923F1AEB7.sys
[2011/03/05 18:41:11 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

< End of report >





OTL Extras logfile created on: 6/13/2012 8:42:06 AM - Run 6
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\FASULLO\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 661.27 Mb Available Physical Memory | 64.70% Memory free
2.41 Gb Paging File | 2.20 Gb Available in Paging File | 91.43% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.08 Gb Total Space | 48.13 Gb Free Space | 67.72% Space Free | Partition Type: NTFS

Computer Name: DDNX0Q81 | User Name: FASULLO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1854486727-825902985-2588729355-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{C11432F0-977F-4ACA-858C-4D2DF198352B}" = Brother HL-2170W
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1" = Auslogics Registry Defrag
"{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant
"{EAE4A00B-D290-4B65-8287-B82A80FC0619}" = Linksys Wireless-G PCI Network Adapter with SpeedBooster
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"PROSet" = Intel® PRO Network Adapters and Drivers
"QuickTime" = QuickTime
"RealPlayer 15.0" = RealPlayer
"VLC media player" = VLC media player 2.0.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1854486727-825902985-2588729355-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/12/2011 12:59:59 PM | Computer Name = DDNX0Q81 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4182, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/17/2011 2:54:29 PM | Computer Name = DDNX0Q81 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module explorer.exe, version 6.0.2900.5512, fault address 0x00021356.

Error - 7/20/2011 3:26:17 PM | Computer Name = DDNX0Q81 | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 6.0.2.126, faulting module
unknown, version 0.0.0.0, fault address 0x400e38e4.

Error - 8/10/2011 4:40:23 PM | Computer Name = DDNX0Q81 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4182, faulting
module wininet.dll, version 8.0.6001.19098, fault address 0x00016ad1.

Error - 9/27/2011 5:32:35 PM | Computer Name = DDNX0Q81 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4262, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/28/2011 1:40:16 PM | Computer Name = DDNX0Q81 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.

Error - 12/4/2011 12:49:12 PM | Computer Name = DDNX0Q81 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4324, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.

Error - 1/1/2012 5:50:37 PM | Computer Name = DDNX0Q81 | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x240075f9.

Error - 1/8/2012 8:09:52 PM | Computer Name = DDNX0Q81 | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.60.0.59, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/8/2012 8:10:42 PM | Computer Name = DDNX0Q81 | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.60.0.59, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 6/12/2012 10:56:52 PM | Computer Name = DDNX0Q81 | Source = Service Control Manager | ID = 7000
Description = The @%SystemRoot%\system32\tcpipcfg.dll,-50004 service failed to start
due to the following error: %%2

Error - 6/12/2012 10:56:52 PM | Computer Name = DDNX0Q81 | Source = Service Control Manager | ID = 7003
Description = The @%SystemRoot%\system32\iphlpsvc.dll,-200 service depends on the
following nonexistent service: nsi

Error - 6/12/2012 10:56:52 PM | Computer Name = DDNX0Q81 | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%1290

Error - 6/12/2012 11:04:37 PM | Computer Name = DDNX0Q81 | Source = Service Control Manager | ID = 7000
Description = The @%SystemRoot%\system32\tcpipcfg.dll,-50004 service failed to start
due to the following error: %%2

Error - 6/12/2012 11:04:37 PM | Computer Name = DDNX0Q81 | Source = Service Control Manager | ID = 7003
Description = The @%SystemRoot%\system32\iphlpsvc.dll,-200 service depends on the
following nonexistent service: nsi

Error - 6/12/2012 11:04:37 PM | Computer Name = DDNX0Q81 | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%1290

Error - 6/12/2012 11:20:31 PM | Computer Name = DDNX0Q81 | Source = Service Control Manager | ID = 7000
Description = The @%SystemRoot%\system32\tcpipcfg.dll,-50004 service failed to start
due to the following error: %%2

Error - 6/12/2012 11:20:31 PM | Computer Name = DDNX0Q81 | Source = Service Control Manager | ID = 7003
Description = The @%SystemRoot%\system32\iphlpsvc.dll,-200 service depends on the
following nonexistent service: nsi

Error - 6/12/2012 11:20:31 PM | Computer Name = DDNX0Q81 | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%1290

Error - 6/12/2012 11:20:32 PM | Computer Name = DDNX0Q81 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde


< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:26 AM

Posted 13 June 2012 - 01:48 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = File not found
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - Reg Error: Value error. File not found
    [2012/06/12 22:20:29 | 000,001,332 | ---- | M] () -- C:\Documents and Settings\FASULLO\Desktop\Clean Registry for Free!.lnk  
    [2012/05/29 16:31:05 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\FASULLO\Desktop\Auslogics Registry Defrag.lnk
    [2012/05/29 16:26:33 | 000,195,021 | ---- | M] () -- C:\Documents and Settings\FASULLO\My Documents\Auslogics Registry Cleaner Report 05-29-12.htm
    [2012/05/29 16:21:49 | 000,000,934 | ---- | M] () -- C:\Documents and Settings\FASULLO\Desktop\Auslogics Registry Cleaner.lnk
    [2012/04/11 15:57:06 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-bHUWvot06BEeIgr
    [2012/04/11 15:57:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-bHUWvot06BEeIg
    [2012/04/11 15:56:54 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bHUWvot06BEeIg
    [2011/12/25 17:06:58 | 000,015,326 | -HS- | C] () -- C:\Documents and Settings\FASULLO\Local Settings\Application Data\82135416f4s7
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 ihatebleepingviruses

ihatebleepingviruses
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 13 June 2012 - 02:20 PM

Browsing is much better. Pages are loading quickly and the CPU does not max out the way it was. I still see a spike when a page loads, but it a short spike that does not last more then a couple of seconds.

Here is the output of the fix.

========== OTL ==========
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2e2dd38-d088-4134-82b7-f2ba38496583}\ not found.
C:\Documents and Settings\FASULLO\Desktop\Clean Registry for Free!.lnk moved successfully.
C:\Documents and Settings\FASULLO\Desktop\Auslogics Registry Defrag.lnk moved successfully.
C:\Documents and Settings\FASULLO\My Documents\Auslogics Registry Cleaner Report 05-29-12.htm moved successfully.
C:\Documents and Settings\FASULLO\Desktop\Auslogics Registry Cleaner.lnk moved successfully.
C:\Documents and Settings\All Users\Application Data\-bHUWvot06BEeIgr moved successfully.
C:\Documents and Settings\All Users\Application Data\-bHUWvot06BEeIg moved successfully.
C:\Documents and Settings\All Users\Application Data\bHUWvot06BEeIg moved successfully.
C:\Documents and Settings\FASULLO\Local Settings\Application Data\82135416f4s7 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\FASULLO\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\FASULLO\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: FASULLO
->Java cache emptied: 467933 bytes

User: LocalService

User: NetworkService

User: Owner

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: FASULLO
->Flash cache emptied: 910984 bytes

User: LocalService

User: NetworkService

User: Owner

Total Flash Files Cleaned = 1.00 mb


OTL by OldTimer - Version 3.2.45.0 log created on 06132012_140602




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users