Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

[XLDR] ATA error


  • This topic is locked This topic is locked
37 replies to this topic

#1 apached

apached

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 04 September 2012 - 02:53 AM

Not sure if this is a virus or HDD problem, but since I am able to get the command prompt, I suspect it could be a Virus.
I am using a Dell Inspiron 6400 Notebook with With Windows XP. Suddenly, while trying to shutdown error screens flased up about critical problems etc. and the screen blacked out with the XLDR Ata error.
Tried rebooting with the installation disk and after several attempts have been able to get to the command prompt. Only now I realised that I was using a Window 7 installation disk from the desktop Pc instead of the XP disk.
Anyway, I am able to list directories, so it appears that the HDD is functioniong properly.
Just wonder what is the best course of action now.
Thanks.

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:33 AM

Posted 08 September 2012 - 02:02 AM

Hello, lets see if we can find out a bit more here. :)

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1

  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 apached

apached
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 08 September 2012 - 08:22 AM

Hi Elise,
Thanks for your help.
Followed the instructions and the file created is attached.
It is: mbr.bin=512
Hope that is correct.
Thanks again.

Attached Files

  • Attached File  mbr.zip   591bytes   3 downloads


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:33 AM

Posted 08 September 2012 - 08:28 AM

That is indeed infected with a partition rootkit.

  • Download tdl_fix.sh and save it to the xPUD CD.
  • Boot the infected computer with the CD you just burned and the slash drive inserted
  • The computer must be set to boot from the CD (How to boot from the CD-ROM)
  • Follow the prompts
  • A Welcome to xPUD screen will appear, choose your language
  • click the File tab.
  • Expand mnt
  • Click on the folder under mnt that represents your USB drive (sdb1)
  • You should see the tdl_fix.sh file in the main window.
  • Select Tool from the Menu
  • Choose Open Terminal
  • Type
    bash tdl_fix.sh
    then press Enter.
  • Read the warning then type y and press Enter to continue.
  • Type
    sda
    then press Enter when prompted.
  • You will be shown a list of partitions to choose marking active.
  • Type 2 then press Enter.
  • When you receive no warning about bootloader files but are presented with another view of the partition structure and asked if it looks correct, type y then press Enter
  • The script will complete and prompt you to reboot the computer.
  • Close the Terminal window and restart back into Windows. (change to boot from harddisk)
  • Post the contents of the tdl_fix.txt file that was created on your flash drive and let me know how the computer is behaving.

Let me know if you're able to get back in windows now.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 apached

apached
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 08 September 2012 - 06:24 PM

Hi Elise,
Sorry about this, but I am a bit confused about how to save Tdl_fix.sh to the xPud Cd.
Not sure if you mean create a new Cd or rewrite the previous Cd?
Edit: I read the instructions again and see that tdl_sh should be on the USB.
will do it now.
Thanks

Edited by apached, 08 September 2012 - 06:26 PM.


#6 apached

apached
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 08 September 2012 - 06:43 PM

Success. Managed to boot back into Windows.
A screen splash up with Critical error messages and scrolled by as it scanned and then terminated.
I suspect it was the free version Advanced system Care doing its cleanup.

The desktop looks different, but directories and files appear to be intact.
Icons are reappearing on the desktop.
The tdl_fix text file is attached.

Attached Files


Edited by apached, 08 September 2012 - 06:51 PM.


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:33 AM

Posted 09 September 2012 - 01:47 AM

glad to hear that! Next lets see what else needs to be fixed. :)

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 apached

apached
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 09 September 2012 - 03:28 AM

Hi Elise,
I downloaded from the DDs.com link.
Went to go Offline, but Control Panel was not in the Start Menu list.
Closed Internet Explorer and Ran DDs.com.
The scan started and series #'s began to appear, but then stopped about 3/4 across the box and nothing happened.
So forced a shutdown, to avoid any stealth activity .
Will restart and give it another try now.
Hope, I'm doing the right thing.
Regards,
DP

Edited by apached, 09 September 2012 - 03:31 AM.


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:33 AM

Posted 09 September 2012 - 04:15 AM

No problem, please do the following instead.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 apached

apached
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 09 September 2012 - 04:48 AM

Hi Elise,
Managed to download and run the TDss scan. No threats detected.
More icons have appeared on the desktop and the Start Menu looks normal and has Control Panel.
The log file is attached.
Thanks again for your assistance.
DP
File was there, but cannot find it now!

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:33 AM

Posted 09 September 2012 - 04:53 AM

No problem if nothing was detected. :)

OTL
-----
Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 apached

apached
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 09 September 2012 - 04:56 AM

Ran the scan again and saved to desktop.
19:50:58.0750 1376 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:50:59.0531 1376 ============================================================
19:50:59.0531 1376 Current date / time: 2012/09/09 19:50:59.0531
19:50:59.0531 1376 SystemInfo:
19:50:59.0531 1376
19:50:59.0531 1376 OS Version: 5.1.2600 ServicePack: 3.0
19:50:59.0531 1376 Product type: Workstation
19:50:59.0531 1376 ComputerName: INSPIRON
19:50:59.0531 1376 UserName: Douglas Pinto
19:50:59.0531 1376 Windows directory: C:\WINDOWS
19:50:59.0531 1376 System windows directory: C:\WINDOWS
19:50:59.0531 1376 Processor architecture: Intel x86
19:50:59.0531 1376 Number of processors: 2
19:50:59.0531 1376 Page size: 0x1000
19:50:59.0531 1376 Boot type: Normal boot
19:50:59.0531 1376 ============================================================
19:51:03.0187 1376 Drive \Device\Harddisk0\DR0 - Size: 0x1248119400 (73.13 Gb), SectorSize: 0x200,

Cylinders: 0x254A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:51:03.0281 1376 ============================================================
19:51:03.0281 1376 \Device\Harddisk0\DR0:
19:51:03.0281 1376 MBR partitions:
19:51:03.0281 1376 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum

0x8C278BC
19:51:03.0281 1376 ============================================================
19:51:03.0421 1376 C: <-> \Device\Harddisk0\DR0\Partition1
19:51:03.0421 1376 ============================================================
19:51:03.0421 1376 Initialize success
19:51:03.0421 1376 ============================================================
19:51:07.0031 3152 ============================================================
19:51:07.0031 3152 Scan started
19:51:07.0031 3152 Mode: Manual;
19:51:07.0031 3152 ============================================================
19:51:08.0750 3152 ================ Scan system memory ========================
19:51:10.0093 3152 System memory - ok
19:51:10.0093 3152 ================ Scan services =============================
19:51:10.0203 3152 Abiosdsk - ok
19:51:10.0234 3152 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32

\DRIVERS\ABP480N5.SYS
19:51:10.0250 3152 abp480n5 - ok
19:51:10.0296 3152 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32

\DRIVERS\ACPI.sys
19:51:10.0328 3152 ACPI - ok
19:51:10.0328 3152 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32

\drivers\ACPIEC.sys
19:51:10.0343 3152 ACPIEC - ok
19:51:10.0453 3152 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc

C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:51:10.0453 3152 AdobeFlashPlayerUpdateSvc - ok
19:51:10.0484 3152 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32

\DRIVERS\adpu160m.sys
19:51:10.0531 3152 adpu160m - ok
19:51:10.0750 3152 [ 96D6CDD0B32846E8CFBE592F4F32E608 ] AdvancedSystemCareService5 C:\Program

Files\IObit\Advanced SystemCare 5\ASCService.exe
19:51:10.0750 3152 AdvancedSystemCareService5 - ok
19:51:10.0796 3152 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32

\drivers\aec.sys
19:51:10.0859 3152 aec - ok
19:51:10.0890 3152 [ 91F3DF93F40A74D222CD166FE95DB633 ] AegisP C:\WINDOWS\system32

\DRIVERS\AegisP.sys
19:51:10.0921 3152 AegisP - ok
19:51:10.0953 3152 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32

\drivers\afd.sys
19:51:10.0953 3152 AFD - ok
19:51:10.0984 3152 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32

\DRIVERS\agp440.sys
19:51:11.0031 3152 agp440 - ok
19:51:11.0046 3152 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32

\DRIVERS\agpCPQ.sys
19:51:11.0093 3152 agpCPQ - ok
19:51:11.0109 3152 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32

\DRIVERS\aha154x.sys
19:51:11.0125 3152 Aha154x - ok
19:51:11.0187 3152 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32

\DRIVERS\aic78u2.sys
19:51:11.0218 3152 aic78u2 - ok
19:51:11.0218 3152 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32

\DRIVERS\aic78xx.sys
19:51:11.0250 3152 aic78xx - ok
19:51:11.0281 3152 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32

\alrsvc.dll
19:51:11.0312 3152 Alerter - ok
19:51:11.0328 3152 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:51:11.0406 3152 ALG - ok
19:51:11.0437 3152 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32

\DRIVERS\aliide.sys
19:51:11.0453 3152 AliIde - ok
19:51:11.0468 3152 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32

\DRIVERS\alim1541.sys
19:51:11.0515 3152 alim1541 - ok
19:51:11.0531 3152 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32

\DRIVERS\amdagp.sys
19:51:11.0562 3152 amdagp - ok
19:51:11.0578 3152 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32

\DRIVERS\amsint.sys
19:51:11.0593 3152 amsint - ok
19:51:11.0640 3152 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV C:\WINDOWS\SYSTEM32

\DRIVERS\APPDRV.SYS
19:51:11.0656 3152 APPDRV - ok
19:51:11.0656 3152 AppMgmt - ok
19:51:11.0671 3152 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32

\DRIVERS\arp1394.sys
19:51:11.0703 3152 Arp1394 - ok
19:51:11.0734 3152 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32

\DRIVERS\asc.sys
19:51:11.0750 3152 asc - ok
19:51:11.0765 3152 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32

\DRIVERS\asc3350p.sys
19:51:11.0781 3152 asc3350p - ok
19:51:11.0796 3152 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32

\DRIVERS\asc3550.sys
19:51:11.0812 3152 asc3550 - ok
19:51:11.0843 3152 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32

\drivers\ASCTRM.sys
19:51:11.0859 3152 ASCTRM - ok
19:51:11.0953 3152 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:51:11.0968 3152 aspnet_state - ok
19:51:11.0984 3152 Ast Service - ok
19:51:12.0015 3152 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32

\DRIVERS\asyncmac.sys
19:51:12.0031 3152 AsyncMac - ok
19:51:12.0062 3152 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32

\DRIVERS\atapi.sys
19:51:12.0062 3152 atapi - ok
19:51:12.0062 3152 Atdisk - ok
19:51:12.0093 3152 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32

\DRIVERS\atmarpc.sys
19:51:12.0140 3152 Atmarpc - ok
19:51:12.0171 3152 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32

\audiosrv.dll
19:51:12.0187 3152 AudioSrv - ok
19:51:12.0234 3152 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32

\DRIVERS\audstub.sys
19:51:12.0234 3152 audstub - ok
19:51:12.0250 3152 [ C768C8A463D32C219CE291645A0621A4 ] bcm4sbxp C:\WINDOWS\system32

\DRIVERS\bcm4sbxp.sys
19:51:12.0281 3152 bcm4sbxp - ok
19:51:12.0296 3152 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32

\drivers\Beep.sys
19:51:12.0328 3152 Beep - ok
19:51:12.0406 3152 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:51:12.0453 3152 BITS - ok
19:51:12.0515 3152 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program

Files\Bonjour\mDNSResponder.exe
19:51:12.0531 3152 Bonjour Service - ok
19:51:12.0562 3152 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32

\browser.dll
19:51:12.0562 3152 Browser - ok
19:51:12.0578 3152 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32

\DRIVERS\cbidf2k.sys
19:51:12.0593 3152 cbidf - ok
19:51:12.0609 3152 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32

\drivers\cbidf2k.sys
19:51:12.0609 3152 cbidf2k - ok
19:51:12.0625 3152 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32

\DRIVERS\CCDECODE.sys
19:51:12.0656 3152 CCDECODE - ok
19:51:12.0656 3152 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32

\DRIVERS\cd20xrnt.sys
19:51:12.0671 3152 cd20xrnt - ok
19:51:12.0671 3152 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32

\drivers\Cdaudio.sys
19:51:12.0718 3152 Cdaudio - ok
19:51:12.0734 3152 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32

\drivers\Cdfs.sys
19:51:12.0796 3152 Cdfs - ok
19:51:12.0828 3152 [ 7FC46240546C16C0448C29C9D233B915 ] cdrbsvsd C:\WINDOWS\system32

\drivers\cdrbsvsd.sys
19:51:12.0843 3152 cdrbsvsd - ok
19:51:12.0875 3152 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32

\DRIVERS\cdrom.sys
19:51:12.0921 3152 Cdrom - ok
19:51:12.0921 3152 Changer - ok
19:51:12.0968 3152 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32

\cisvc.exe
19:51:13.0015 3152 CiSvc - ok
19:51:13.0031 3152 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32

\clipsrv.exe
19:51:13.0078 3152 ClipSrv - ok
19:51:13.0125 3152 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:51:13.0171 3152 clr_optimization_v2.0.50727_32 - ok
19:51:13.0203 3152 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32

\DRIVERS\CmBatt.sys
19:51:13.0218 3152 CmBatt - ok
19:51:13.0250 3152 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32

\DRIVERS\cmdide.sys
19:51:13.0265 3152 CmdIde - ok
19:51:13.0281 3152 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32

\DRIVERS\compbatt.sys
19:51:13.0296 3152 Compbatt - ok
19:51:13.0312 3152 COMSysApp - ok
19:51:13.0343 3152 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32

\DRIVERS\cpqarray.sys
19:51:13.0359 3152 Cpqarray - ok
19:51:13.0390 3152 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32

\cryptsvc.dll
19:51:13.0484 3152 CryptSvc - ok
19:51:13.0515 3152 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32

\DRIVERS\dac2w2k.sys
19:51:13.0562 3152 dac2w2k - ok
19:51:13.0593 3152 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32

\DRIVERS\dac960nt.sys
19:51:13.0609 3152 dac960nt - ok
19:51:13.0687 3152 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32

\rpcss.dll
19:51:13.0703 3152 DcomLaunch - ok
19:51:13.0734 3152 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32

\dhcpcsvc.dll
19:51:13.0734 3152 Dhcp - ok
19:51:13.0750 3152 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32

\DRIVERS\disk.sys
19:51:13.0781 3152 Disk - ok
19:51:13.0781 3152 dmadmin - ok
19:51:13.0843 3152 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32

\drivers\dmboot.sys
19:51:13.0890 3152 dmboot - ok
19:51:13.0937 3152 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32

\drivers\dmio.sys
19:51:13.0953 3152 dmio - ok
19:51:14.0015 3152 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32

\drivers\dmload.sys
19:51:14.0031 3152 dmload - ok
19:51:14.0062 3152 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32

\dmserver.dll
19:51:14.0093 3152 dmserver - ok
19:51:14.0109 3152 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32

\drivers\DMusic.sys
19:51:14.0140 3152 DMusic - ok
19:51:14.0156 3152 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32

\dnsrslvr.dll
19:51:14.0156 3152 Dnscache - ok
19:51:14.0203 3152 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32

\dot3svc.dll
19:51:14.0265 3152 Dot3svc - ok
19:51:14.0281 3152 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32

\DRIVERS\dpti2o.sys
19:51:14.0312 3152 dpti2o - ok
19:51:14.0328 3152 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32

\drivers\drmkaud.sys
19:51:14.0343 3152 drmkaud - ok
19:51:14.0375 3152 [ E814854E6B246CCF498874839AB64D77 ] drvmcdb C:\WINDOWS\system32

\drivers\drvmcdb.sys
19:51:14.0390 3152 drvmcdb - ok
19:51:14.0421 3152 [ EE83A4EBAE70BC93CF14879D062F548B ] drvnddm C:\WINDOWS\system32

\drivers\drvnddm.sys
19:51:15.0671 3152 drvnddm - ok
19:51:15.0765 3152 [ 2AC2372FFAD9ADC85672CC8E8AE14BE9 ] DSproct C:\Program Files\Dell

Support\GTAction\triggers\DSproct.sys
19:51:15.0781 3152 DSproct - ok
19:51:15.0796 3152 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32

\DRIVERS\e100b325.sys
19:51:15.0843 3152 E100B - ok
19:51:15.0875 3152 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32

\eapsvc.dll
19:51:15.0906 3152 EapHost - ok
19:51:15.0953 3152 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32

\ersvc.dll
19:51:15.0968 3152 ERSvc - ok
19:51:16.0000 3152 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32

\services.exe
19:51:16.0000 3152 Eventlog - ok
19:51:16.0046 3152 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:51:16.0062 3152 EventSystem - ok
19:51:16.0093 3152 [ F96E450937BAD69FE4804D46829AA5C7 ] EvtEng C:\Program

Files\Intel\Wireless\Bin\EvtEng.exe
19:51:16.0140 3152 EvtEng - ok
19:51:16.0203 3152 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32

\drivers\Fastfat.sys
19:51:16.0234 3152 Fastfat - ok
19:51:16.0281 3152 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility

C:\WINDOWS\System32\shsvcs.dll
19:51:16.0281 3152 FastUserSwitchingCompatibility - ok
19:51:16.0312 3152 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32

\fxssvc.exe
19:51:16.0406 3152 Fax - ok
19:51:16.0437 3152 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32

\DRIVERS\fdc.sys
19:51:16.0484 3152 Fdc - ok
19:51:16.0500 3152 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32

\drivers\Fips.sys
19:51:16.0546 3152 Fips - ok
19:51:16.0578 3152 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32

\DRIVERS\flpydisk.sys
19:51:16.0609 3152 Flpydisk - ok
19:51:16.0656 3152 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32

\drivers\fltmgr.sys
19:51:16.0703 3152 FltMgr - ok
19:51:16.0781 3152 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0

C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:51:16.0812 3152 FontCache3.0.0.0 - ok
19:51:16.0843 3152 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32

\drivers\Fs_Rec.sys
19:51:16.0859 3152 Fs_Rec - ok
19:51:16.0875 3152 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32

\DRIVERS\ftdisk.sys
19:51:16.0906 3152 Ftdisk - ok
19:51:16.0921 3152 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32

\DRIVERS\msgpc.sys
19:51:16.0968 3152 Gpc - ok
19:51:17.0031 3152 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program

Files\Google\Update\GoogleUpdate.exe
19:51:17.0046 3152 gupdate - ok
19:51:17.0046 3152 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program

Files\Google\Update\GoogleUpdate.exe
19:51:17.0046 3152 gupdatem - ok
19:51:17.0109 3152 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:51:17.0109 3152 gusvc - ok
19:51:17.0140 3152 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32

\DRIVERS\HDAudBus.sys
19:51:17.0203 3152 HDAudBus - ok
19:51:17.0281 3152 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:51:17.0312 3152 helpsvc - ok
19:51:17.0328 3152 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32

\hidserv.dll
19:51:17.0390 3152 HidServ - ok
19:51:17.0421 3152 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32

\DRIVERS\hidusb.sys
19:51:17.0437 3152 HidUsb - ok
19:51:17.0500 3152 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32

\kmsvc.dll
19:51:17.0578 3152 hkmsvc - ok
19:51:17.0625 3152 [ 4B448655E25DE1F59A92F1A1A10C5099 ] hnmsvc C:\Program Files\Dell

Network Assistant\hnm_svc.exe
19:51:17.0734 3152 hnmsvc - ok
19:51:17.0765 3152 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32

\DRIVERS\hpn.sys
19:51:17.0796 3152 hpn - ok
19:51:17.0875 3152 [ 38D6B51F04DEF7FB248FA56E4C47407E ] hpqcxs08 C:\Program Files\HP\Digital

Imaging\bin\hpqcxs08.dll
19:51:17.0890 3152 hpqcxs08 - ok
19:51:17.0906 3152 [ 3EE4A63539EC04EE2D4BD293985087AB ] hpqddsvc C:\Program Files\HP\Digital

Imaging\bin\hpqddsvc.dll
19:51:18.0031 3152 hpqddsvc - ok
19:51:18.0078 3152 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32

\DRIVERS\HPZid412.sys
19:51:18.0109 3152 HPZid412 - ok
19:51:18.0109 3152 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32

\DRIVERS\HPZipr12.sys
19:51:18.0125 3152 HPZipr12 - ok
19:51:18.0140 3152 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32

\DRIVERS\HPZius12.sys
19:51:18.0156 3152 HPZius12 - ok
19:51:18.0203 3152 [ 1C8CAA80E91FB71864E9426F9EED048D ] HSFHWAZL C:\WINDOWS\system32

\DRIVERS\HSFHWAZL.sys
19:51:18.0234 3152 HSFHWAZL - ok
19:51:18.0281 3152 [ 698204D9C2832E53633E53A30A53FC3D ] HSF_DPV C:\WINDOWS\system32

\DRIVERS\HSF_DPV.sys
19:51:18.0328 3152 HSF_DPV - ok
19:51:18.0390 3152 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32

\Drivers\HTTP.sys
19:51:18.0390 3152 HTTP - ok
19:51:18.0421 3152 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32

\w3ssl.dll
19:51:18.0453 3152 HTTPFilter - ok
19:51:18.0484 3152 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32

\drivers\i2omgmt.sys
19:51:18.0500 3152 i2omgmt - ok
19:51:18.0515 3152 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32

\DRIVERS\i2omp.sys
19:51:18.0546 3152 i2omp - ok
19:51:18.0578 3152 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32

\DRIVERS\i8042prt.sys
19:51:18.0609 3152 i8042prt - ok
19:51:18.0687 3152 [ CC449157474D5E43DAEA7E20F52C635A ] ialm C:\WINDOWS\system32

\DRIVERS\ialmnt5.sys
19:51:18.0750 3152 ialm - ok
19:51:18.0890 3152 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:51:19.0109 3152 idsvc - ok
19:51:19.0140 3152 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32

\DRIVERS\imapi.sys
19:51:19.0171 3152 Imapi - ok
19:51:19.0218 3152 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32

\imapi.exe
19:51:19.0281 3152 ImapiService - ok
19:51:19.0312 3152 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32

\DRIVERS\ini910u.sys
19:51:19.0328 3152 ini910u - ok
19:51:19.0390 3152 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32

\DRIVERS\intelide.sys
19:51:19.0406 3152 IntelIde - ok
19:51:19.0453 3152 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32

\DRIVERS\intelppm.sys
19:51:19.0468 3152 intelppm - ok
19:51:19.0500 3152 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32

\drivers\ip6fw.sys
19:51:19.0531 3152 Ip6Fw - ok
19:51:19.0578 3152 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32

\DRIVERS\ipfltdrv.sys
19:51:19.0609 3152 IpFilterDriver - ok
19:51:19.0640 3152 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32

\DRIVERS\ipinip.sys
19:51:19.0671 3152 IpInIp - ok
19:51:19.0687 3152 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32

\DRIVERS\ipnat.sys
19:51:19.0734 3152 IpNat - ok
19:51:19.0750 3152 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32

\DRIVERS\ipsec.sys
19:51:19.0812 3152 IPSec - ok
19:51:19.0828 3152 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32

\DRIVERS\irenum.sys
19:51:19.0859 3152 IRENUM - ok
19:51:19.0890 3152 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32

\DRIVERS\isapnp.sys
19:51:19.0921 3152 isapnp - ok
19:51:20.0078 3152 [ 28E8A9984BA1297EFE44B6138D2CA51E ] JavaQuickStarterService C:\Program

Files\Java\jre6\bin\jqs.exe
19:51:20.0093 3152 JavaQuickStarterService - ok
19:51:20.0109 3152 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32

\DRIVERS\kbdclass.sys
19:51:20.0140 3152 Kbdclass - ok
19:51:20.0156 3152 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32

\drivers\kmixer.sys
19:51:20.0156 3152 kmixer - ok
19:51:20.0187 3152 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32

\drivers\KSecDD.sys
19:51:20.0187 3152 KSecDD - ok
19:51:20.0218 3152 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32

\srvsvc.dll
19:51:20.0218 3152 lanmanserver - ok
19:51:20.0265 3152 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32

\wkssvc.dll
19:51:20.0265 3152 lanmanworkstation - ok
19:51:20.0265 3152 lbrtfdc - ok
19:51:20.0296 3152 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32

\lmhsvc.dll
19:51:20.0328 3152 LmHosts - ok
19:51:20.0359 3152 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32

\drivers\mbam.sys
19:51:20.0406 3152 MBAMProtector - ok
19:51:20.0453 3152 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program

Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:51:20.0468 3152 MBAMService - ok
19:51:20.0484 3152 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32

\DRIVERS\mdmxsdk.sys
19:51:20.0500 3152 mdmxsdk - ok
19:51:20.0515 3152 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32

\msgsvc.dll
19:51:20.0546 3152 Messenger - ok
19:51:20.0562 3152 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32

\drivers\mnmdd.sys
19:51:20.0578 3152 mnmdd - ok
19:51:20.0609 3152 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32

\mnmsrvc.exe
19:51:20.0671 3152 mnmsrvc - ok
19:51:20.0703 3152 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32

\drivers\Modem.sys
19:51:20.0718 3152 Modem - ok
19:51:20.0734 3152 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32

\DRIVERS\mouclass.sys
19:51:20.0750 3152 Mouclass - ok
19:51:20.0781 3152 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32

\drivers\MountMgr.sys
19:51:20.0812 3152 MountMgr - ok
19:51:20.0859 3152 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla

Maintenance Service\maintenanceservice.exe
19:51:20.0859 3152 MozillaMaintenance - ok
19:51:20.0890 3152 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32

\DRIVERS\MPE.sys
19:51:20.0906 3152 MPE - ok
19:51:20.0921 3152 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\WINDOWS\system32

\DRIVERS\MpFilter.sys
19:51:20.0968 3152 MpFilter - ok
19:51:21.0015 3152 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32

\DRIVERS\mraid35x.sys
19:51:21.0031 3152 mraid35x - ok
19:51:21.0078 3152 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32

\DRIVERS\mrxdav.sys
19:51:21.0078 3152 MRxDAV - ok
19:51:21.0109 3152 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32

\DRIVERS\mrxsmb.sys
19:51:21.0125 3152 MRxSmb - ok
19:51:21.0171 3152 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32

\msdtc.exe
19:51:21.0187 3152 MSDTC - ok
19:51:21.0218 3152 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32

\drivers\Msfs.sys
19:51:21.0296 3152 Msfs - ok
19:51:21.0296 3152 MSIServer - ok
19:51:21.0328 3152 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32

\drivers\MSKSSRV.sys
19:51:21.0343 3152 MSKSSRV - ok
19:51:21.0421 3152 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft

Security Client\MsMpEng.exe
19:51:21.0421 3152 MsMpSvc - ok
19:51:21.0453 3152 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32

\drivers\MSPCLOCK.sys
19:51:21.0468 3152 MSPCLOCK - ok
19:51:21.0531 3152 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32

\drivers\MSPQM.sys
19:51:21.0531 3152 MSPQM - ok
19:51:21.0578 3152 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32

\DRIVERS\mssmbios.sys
19:51:21.0593 3152 mssmbios - ok
19:51:21.0625 3152 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32

\drivers\MSTEE.sys
19:51:21.0640 3152 MSTEE - ok
19:51:21.0671 3152 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32

\drivers\Mup.sys
19:51:21.0671 3152 Mup - ok
19:51:21.0687 3152 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32

\DRIVERS\NABTSFEC.sys
19:51:21.0718 3152 NABTSFEC - ok
19:51:21.0781 3152 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32

\qagentrt.dll
19:51:21.0843 3152 napagent - ok
19:51:21.0859 3152 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32

\drivers\NDIS.sys
19:51:21.0906 3152 NDIS - ok
19:51:21.0968 3152 [ B797EE2EF919C95561DEE78B72B33E5B ] ndiscm C:\WINDOWS\system32

\DRIVERS\NetMotCM.sys
19:51:22.0000 3152 ndiscm - ok
19:51:22.0015 3152 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32

\DRIVERS\NdisIP.sys
19:51:22.0031 3152 NdisIP - ok
19:51:22.0062 3152 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32

\DRIVERS\ndistapi.sys
19:51:22.0062 3152 NdisTapi - ok
19:51:22.0078 3152 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32

\DRIVERS\ndisuio.sys
19:51:22.0093 3152 Ndisuio - ok
19:51:22.0109 3152 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32

\DRIVERS\ndiswan.sys
19:51:22.0171 3152 NdisWan - ok
19:51:22.0203 3152 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32

\drivers\NDProxy.sys
19:51:22.0203 3152 NDProxy - ok
19:51:22.0234 3152 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32

\HPZinw12.dll
19:51:22.0265 3152 Net Driver HPZ12 - ok
19:51:22.0281 3152 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32

\DRIVERS\netbios.sys
19:51:22.0312 3152 NetBIOS - ok
19:51:22.0328 3152 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32

\DRIVERS\netbt.sys
19:51:22.0390 3152 NetBT - ok
19:51:22.0421 3152 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32

\netdde.exe
19:51:22.0500 3152 NetDDE - ok
19:51:22.0515 3152 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32

\netdde.exe
19:51:22.0515 3152 NetDDEdsdm - ok
19:51:22.0546 3152 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32

\lsass.exe
19:51:22.0546 3152 Netlogon - ok
19:51:22.0562 3152 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32

\netman.dll
19:51:22.0562 3152 Netman - ok
19:51:22.0625 3152 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:51:22.0656 3152 NetTcpPortSharing - ok
19:51:22.0703 3152 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32

\DRIVERS\nic1394.sys
19:51:22.0734 3152 NIC1394 - ok
19:51:22.0796 3152 [ 8A6FA8E0B302DF2496802AAFDA5CE810 ] NICCONFIGSVC C:\Program

Files\Dell\QuickSet\NICCONFIGSVC.exe
19:51:22.0921 3152 NICCONFIGSVC - ok
19:51:22.0953 3152 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32

\mswsock.dll
19:51:22.0953 3152 Nla - ok
19:51:22.0968 3152 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32

\drivers\Npfs.sys
19:51:23.0000 3152 Npfs - ok
19:51:23.0031 3152 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32

\drivers\Ntfs.sys
19:51:23.0062 3152 Ntfs - ok
19:51:23.0078 3152 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32

\lsass.exe
19:51:23.0078 3152 NtLmSsp - ok
19:51:23.0109 3152 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32

\ntmssvc.dll
19:51:23.0156 3152 NtmsSvc - ok
19:51:23.0187 3152 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32

\drivers\Null.sys
19:51:23.0203 3152 Null - ok
19:51:23.0312 3152 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32

\DRIVERS\nv4_mini.sys
19:51:23.0375 3152 nv - ok
19:51:23.0437 3152 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32

\DRIVERS\nwlnkflt.sys
19:51:23.0453 3152 NwlnkFlt - ok
19:51:23.0453 3152 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32

\DRIVERS\nwlnkfwd.sys
19:51:23.0484 3152 NwlnkFwd - ok
19:51:23.0531 3152 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32

\DRIVERS\nwlnkipx.sys
19:51:23.0578 3152 NwlnkIpx - ok
19:51:23.0593 3152 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32

\DRIVERS\nwlnknb.sys
19:51:23.0625 3152 NwlnkNb - ok
19:51:23.0640 3152 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32

\DRIVERS\nwlnkspx.sys
19:51:23.0671 3152 NwlnkSpx - ok
19:51:23.0687 3152 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32

\DRIVERS\ohci1394.sys
19:51:23.0718 3152 ohci1394 - ok
19:51:23.0750 3152 [ B17228142CEC9B3C222239FD935A37CA ] omci C:\WINDOWS\system32

\DRIVERS\omci.sys
19:51:23.0765 3152 omci - ok
19:51:23.0812 3152 [ 8F856DAE19383BD69DB444004D5D4F50 ] Packet C:\WINDOWS\system32

\DRIVERS\packet.sys
19:51:23.0828 3152 Packet - ok
19:51:23.0859 3152 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32

\DRIVERS\parport.sys
19:51:23.0906 3152 Parport - ok
19:51:23.0921 3152 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32

\drivers\PartMgr.sys
19:51:23.0953 3152 PartMgr - ok
19:51:23.0984 3152 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32

\drivers\ParVdm.sys
19:51:24.0000 3152 ParVdm - ok
19:51:24.0015 3152 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32

\DRIVERS\pci.sys
19:51:24.0062 3152 PCI - ok
19:51:24.0062 3152 PCIDump - ok
19:51:24.0093 3152 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32

\DRIVERS\pciide.sys
19:51:24.0109 3152 PCIIde - ok
19:51:24.0109 3152 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32

\drivers\Pcmcia.sys
19:51:24.0140 3152 Pcmcia - ok
19:51:24.0140 3152 PDCOMP - ok
19:51:24.0156 3152 PDFRAME - ok
19:51:24.0156 3152 PDRELI - ok
19:51:24.0171 3152 PDRFRAME - ok
19:51:24.0187 3152 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32

\DRIVERS\perc2.sys
19:51:24.0218 3152 perc2 - ok
19:51:24.0234 3152 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32

\DRIVERS\perc2hib.sys
19:51:24.0250 3152 perc2hib - ok
19:51:24.0312 3152 [ 957B82EC80AD7EAD64E5E47DF6B0DC40 ] pfc C:\WINDOWS\system32

\drivers\pfc.sys
19:51:24.0343 3152 pfc - ok
19:51:24.0390 3152 [ 4ADB3D6DF9EFA43B88AA2B001BBC4D5B ] piutkaci C:\WINDOWS\system32

\drivers\piutkaci.sys
19:51:24.0437 3152 piutkaci - ok
19:51:24.0468 3152 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32

\services.exe
19:51:24.0468 3152 PlugPlay - ok
19:51:24.0484 3152 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32

\HPZipm12.dll
19:51:24.0515 3152 Pml Driver HPZ12 - ok
19:51:24.0531 3152 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32

\lsass.exe
19:51:24.0531 3152 PolicyAgent - ok
19:51:24.0546 3152 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32

\DRIVERS\raspptp.sys
19:51:24.0578 3152 PptpMiniport - ok
19:51:24.0593 3152 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32

\lsass.exe
19:51:24.0593 3152 ProtectedStorage - ok
19:51:24.0593 3152 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32

\DRIVERS\psched.sys
19:51:24.0640 3152 PSched - ok
19:51:24.0640 3152 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32

\DRIVERS\ptilink.sys
19:51:24.0671 3152 Ptilink - ok
19:51:24.0687 3152 [ 7C81AE3C9B82BA2DA437ED4D31BC56CF ] PxHelp20 C:\WINDOWS\system32

\Drivers\PxHelp20.sys
19:51:24.0703 3152 PxHelp20 - ok
19:51:24.0718 3152 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32

\DRIVERS\ql1080.sys
19:51:24.0734 3152 ql1080 - ok
19:51:24.0734 3152 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32

\DRIVERS\ql10wnt.sys
19:51:24.0765 3152 Ql10wnt - ok
19:51:24.0765 3152 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32

\DRIVERS\ql12160.sys
19:51:24.0781 3152 ql12160 - ok
19:51:24.0812 3152 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32

\DRIVERS\ql1240.sys
19:51:24.0828 3152 ql1240 - ok
19:51:24.0828 3152 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32

\DRIVERS\ql1280.sys
19:51:24.0875 3152 ql1280 - ok
19:51:24.0890 3152 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32

\DRIVERS\rasacd.sys
19:51:24.0906 3152 RasAcd - ok
19:51:24.0937 3152 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32

\rasauto.dll
19:51:25.0000 3152 RasAuto - ok
19:51:25.0015 3152 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32

\DRIVERS\rasl2tp.sys
19:51:25.0046 3152 Rasl2tp - ok
19:51:25.0078 3152 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32

\rasmans.dll
19:51:25.0140 3152 RasMan - ok
19:51:25.0140 3152 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32

\DRIVERS\raspppoe.sys
19:51:25.0171 3152 RasPppoe - ok
19:51:25.0171 3152 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32

\DRIVERS\raspti.sys
19:51:25.0187 3152 Raspti - ok
19:51:25.0218 3152 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32

\DRIVERS\rdbss.sys
19:51:25.0234 3152 Rdbss - ok
19:51:25.0250 3152 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32

\DRIVERS\RDPCDD.sys
19:51:25.0265 3152 RDPCDD - ok
19:51:25.0296 3152 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32

\DRIVERS\rdpdr.sys
19:51:25.0328 3152 rdpdr - ok
19:51:25.0375 3152 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32

\drivers\RDPWD.sys
19:51:25.0375 3152 RDPWD - ok
19:51:25.0406 3152 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32

\sessmgr.exe
19:51:25.0484 3152 RDSessMgr - ok
19:51:25.0500 3152 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32

\DRIVERS\redbook.sys
19:51:25.0531 3152 redbook - ok
19:51:25.0562 3152 [ 6210679582240D54CC7FCC6278CA8B04 ] RegSrvc C:\Program

Files\Intel\Wireless\Bin\RegSrvc.exe
19:51:25.0625 3152 RegSrvc - ok
19:51:25.0656 3152 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32

\mprdim.dll
19:51:25.0734 3152 RemoteAccess - ok
19:51:25.0781 3152 [ 24ED7AF20651F9FA1F249482E7C1F165 ] rimmptsk C:\WINDOWS\system32

\DRIVERS\rimmptsk.sys
19:51:25.0796 3152 rimmptsk - ok
19:51:25.0828 3152 [ 1BDBA2D2D402415A78A4BA766DFE0F7B ] rimsptsk C:\WINDOWS\system32

\DRIVERS\rimsptsk.sys
19:51:25.0843 3152 rimsptsk - ok
19:51:25.0859 3152 [ F774ECD11A064F0DEBB2D4395418153C ] rismxdp C:\WINDOWS\system32

\DRIVERS\rixdptsk.sys
19:51:25.0890 3152 rismxdp - ok
19:51:25.0921 3152 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32

\locator.exe
19:51:25.0984 3152 RpcLocator - ok
19:51:26.0015 3152 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32

\rpcss.dll
19:51:26.0015 3152 RpcSs - ok
19:51:26.0062 3152 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:51:26.0093 3152 RSVP - ok
19:51:26.0156 3152 [ 99647323602BE0E77A9737E6EADA65BA ] S24EventMonitor C:\Program

Files\Intel\Wireless\Bin\S24EvMon.exe
19:51:26.0562 3152 S24EventMonitor - ok
19:51:26.0578 3152 [ 2C0E9E777AB1849B43494626C1F308B5 ] s24trans C:\WINDOWS\system32

\DRIVERS\s24trans.sys
19:51:26.0593 3152 s24trans - ok
19:51:26.0609 3152 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32

\lsass.exe
19:51:26.0625 3152 SamSs - ok
19:51:26.0640 3152 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32

\SCardSvr.exe
19:51:26.0687 3152 SCardSvr - ok
19:51:26.0718 3152 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32

\schedsvc.dll
19:51:26.0765 3152 Schedule - ok
19:51:26.0796 3152 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32

\DRIVERS\sdbus.sys
19:51:26.0812 3152 sdbus - ok
19:51:26.0859 3152 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32

\DRIVERS\secdrv.sys
19:51:26.0875 3152 Secdrv - ok
19:51:26.0890 3152 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32

\seclogon.dll
19:51:26.0921 3152 seclogon - ok
19:51:26.0937 3152 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:51:26.0953 3152 SENS - ok
19:51:26.0984 3152 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32

\DRIVERS\serenum.sys
19:51:27.0015 3152 serenum - ok
19:51:27.0046 3152 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32

\DRIVERS\serial.sys
19:51:27.0109 3152 Serial - ok
19:51:27.0140 3152 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32

\drivers\Sfloppy.sys
19:51:27.0156 3152 Sfloppy - ok
19:51:27.0203 3152 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32

\ipnathlp.dll
19:51:27.0281 3152 SharedAccess - ok
19:51:27.0312 3152 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32

\shsvcs.dll
19:51:27.0312 3152 ShellHWDetection - ok
19:51:27.0312 3152 Simbad - ok
19:51:27.0343 3152 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32

\DRIVERS\sisagp.sys
19:51:27.0390 3152 sisagp - ok
19:51:27.0421 3152 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32

\DRIVERS\SLIP.sys
19:51:27.0437 3152 SLIP - ok
19:51:27.0468 3152 [ C5DD7F223CB776119A0A6056A31DF9F7 ] SMIUSBAVCALL C:\WINDOWS\system32

\Drivers\SmiUsbGrabber3F.sys
19:51:27.0515 3152 SMIUSBAVCALL - ok
19:51:27.0562 3152 [ DFADFC2C86662F40759BF02ADD27D569 ] sonypvs1 C:\WINDOWS\system32

\DRIVERS\sonypvs1.sys
19:51:27.0609 3152 sonypvs1 - ok
19:51:27.0671 3152 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32

\DRIVERS\SONYPVU1.SYS
19:51:27.0687 3152 SONYPVU1 - ok
19:51:27.0687 3152 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32

\DRIVERS\sparrow.sys
19:51:27.0718 3152 Sparrow - ok
19:51:27.0734 3152 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32

\drivers\splitter.sys
19:51:27.0765 3152 splitter - ok
19:51:27.0796 3152 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32

\spoolsv.exe
19:51:27.0796 3152 Spooler - ok
19:51:27.0812 3152 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32

\DRIVERS\sr.sys
19:51:27.0875 3152 sr - ok
19:51:27.0906 3152 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32

\srsvc.dll
19:51:27.0953 3152 srservice - ok
19:51:27.0984 3152 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32

\DRIVERS\srv.sys
19:51:27.0984 3152 Srv - ok
19:51:28.0015 3152 [ D7968049BE0ADBB6A57CEE3960320911 ] sscdbhk5 C:\WINDOWS\system32

\drivers\sscdbhk5.sys
19:51:28.0046 3152 sscdbhk5 - ok
19:51:28.0062 3152 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32

\ssdpsrv.dll
19:51:28.0109 3152 SSDPSRV - ok
19:51:28.0125 3152 [ C3FFD65ABFB6441E7606CF74F1155273 ] ssrtln C:\WINDOWS\system32

\drivers\ssrtln.sys
19:51:28.0171 3152 ssrtln - ok
19:51:28.0234 3152 [ 3AD78E22210D3FBD9F76DE84A8DF19B5 ] STHDA C:\WINDOWS\system32

\drivers\sthda.sys
19:51:28.0281 3152 STHDA - ok
19:51:28.0312 3152 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32

\wiaservc.dll
19:51:28.0359 3152 stisvc - ok
19:51:28.0390 3152 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32

\DRIVERS\StreamIP.sys
19:51:28.0406 3152 streamip - ok
19:51:28.0421 3152 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32

\DRIVERS\swenum.sys
19:51:28.0437 3152 swenum - ok
19:51:28.0468 3152 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32

\drivers\swmidi.sys
19:51:28.0500 3152 swmidi - ok
19:51:28.0500 3152 SwPrv - ok
19:51:28.0531 3152 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32

\DRIVERS\symc810.sys
19:51:28.0546 3152 symc810 - ok
19:51:28.0562 3152 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32

\DRIVERS\symc8xx.sys
19:51:28.0578 3152 symc8xx - ok
19:51:28.0593 3152 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32

\DRIVERS\sym_hi.sys
19:51:28.0609 3152 sym_hi - ok
19:51:28.0609 3152 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32

\DRIVERS\sym_u3.sys
19:51:28.0640 3152 sym_u3 - ok
19:51:28.0687 3152 [ FA2DAA32BED908023272A0F77D625DAE ] SynTP C:\WINDOWS\system32

\DRIVERS\SynTP.sys
19:51:28.0750 3152 SynTP - ok
19:51:28.0796 3152 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32

\drivers\sysaudio.sys
19:51:28.0843 3152 sysaudio - ok
19:51:28.0875 3152 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32

\smlogsvc.exe
19:51:28.0937 3152 SysmonLog - ok
19:51:28.0937 3152 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32

\tapisrv.dll
19:51:28.0984 3152 TapiSrv - ok
19:51:29.0031 3152 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32

\DRIVERS\tcpip.sys
19:51:29.0031 3152 Tcpip - ok
19:51:29.0062 3152 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32

\drivers\TDPIPE.sys
19:51:29.0078 3152 TDPIPE - ok
19:51:29.0093 3152 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32

\drivers\TDTCP.sys
19:51:29.0125 3152 TDTCP - ok
19:51:29.0140 3152 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32

\DRIVERS\termdd.sys
19:51:29.0203 3152 TermDD - ok
19:51:29.0234 3152 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32

\termsrv.dll
19:51:29.0281 3152 TermService - ok
19:51:29.0328 3152 [ 30698355067D07DA5F9EB81132C9FDD6 ] tfsnboio C:\WINDOWS\system32

\dla\tfsnboio.sys
19:51:29.0359 3152 tfsnboio - ok
19:51:29.0375 3152 [ FB9D825BB4A2ABDF24600F7505050E2B ] tfsncofs C:\WINDOWS\system32

\dla\tfsncofs.sys
19:51:29.0406 3152 tfsncofs - ok
19:51:29.0406 3152 [ CAFD8CCA11AA1E8B6D2EA1BA8F70EC33 ] tfsndrct C:\WINDOWS\system32

\dla\tfsndrct.sys
19:51:29.0421 3152 tfsndrct - ok
19:51:29.0437 3152 [ 8DB1E78FBF7C426D8EC3D8F1A33D6485 ] tfsndres C:\WINDOWS\system32

\dla\tfsndres.sys
19:51:29.0453 3152 tfsndres - ok
19:51:29.0484 3152 [ B92F67A71CC8176F331B8AA8D9F555AD ] tfsnifs C:\WINDOWS\system32

\dla\tfsnifs.sys
19:51:29.0531 3152 tfsnifs - ok
19:51:29.0546 3152 [ 85985FAA9A71E2358FCC2EDEFC2A3C5C ] tfsnopio C:\WINDOWS\system32

\dla\tfsnopio.sys
19:51:29.0562 3152 tfsnopio - ok
19:51:29.0578 3152 [ BBA22094F0F7C210567EFDAF11F64495 ] tfsnpool C:\WINDOWS\system32

\dla\tfsnpool.sys
19:51:29.0593 3152 tfsnpool - ok
19:51:29.0609 3152 [ 81340BEF80B9811E98CE64611E67E3FF ] tfsnudf C:\WINDOWS\system32

\dla\tfsnudf.sys
19:51:29.0671 3152 tfsnudf - ok
19:51:29.0687 3152 [ C035FD116224CCC8325F384776B6A8BB ] tfsnudfa C:\WINDOWS\system32

\dla\tfsnudfa.sys
19:51:29.0734 3152 tfsnudfa - ok
19:51:29.0750 3152 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32

\shsvcs.dll
19:51:29.0750 3152 Themes - ok
19:51:29.0781 3152 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32

\DRIVERS\toside.sys
19:51:29.0796 3152 TosIde - ok
19:51:29.0843 3152 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32

\trkwks.dll
19:51:29.0875 3152 TrkWks - ok
19:51:29.0890 3152 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32

\drivers\Udfs.sys
19:51:29.0937 3152 Udfs - ok
19:51:29.0937 3152 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32

\DRIVERS\ultra.sys
19:51:29.0968 3152 ultra - ok
19:51:30.0015 3152 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32

\DRIVERS\update.sys
19:51:30.0031 3152 Update - ok
19:51:30.0093 3152 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32

\upnphost.dll
19:51:30.0125 3152 upnphost - ok
19:51:30.0156 3152 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:51:30.0218 3152 UPS - ok
19:51:30.0265 3152 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32

\drivers\usbaudio.sys
19:51:30.0296 3152 usbaudio - ok
19:51:30.0328 3152 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32

\DRIVERS\usbccgp.sys
19:51:30.0359 3152 usbccgp - ok
19:51:30.0375 3152 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32

\DRIVERS\usbehci.sys
19:51:30.0406 3152 usbehci - ok
19:51:30.0421 3152 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32

\DRIVERS\usbhub.sys
19:51:30.0468 3152 usbhub - ok
19:51:30.0468 3152 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32

\DRIVERS\usbprint.sys
19:51:30.0500 3152 usbprint - ok
19:51:30.0515 3152 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32

\DRIVERS\usbscan.sys
19:51:30.0531 3152 usbscan - ok
19:51:30.0546 3152 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32

\DRIVERS\USBSTOR.SYS
19:51:30.0578 3152 USBSTOR - ok
19:51:30.0578 3152 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32

\DRIVERS\usbuhci.sys
19:51:30.0593 3152 usbuhci - ok
19:51:30.0609 3152 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32

\drivers\vga.sys
19:51:30.0625 3152 VgaSave - ok
19:51:30.0656 3152 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32

\DRIVERS\viaagp.sys
19:51:30.0687 3152 viaagp - ok
19:51:30.0703 3152 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32

\DRIVERS\viaide.sys
19:51:30.0718 3152 ViaIde - ok
19:51:30.0734 3152 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32

\drivers\VolSnap.sys
19:51:30.0765 3152 VolSnap - ok
19:51:30.0796 3152 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32

\vssvc.exe
19:51:30.0890 3152 VSS - ok
19:51:30.0921 3152 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32

\w32time.dll
19:51:30.0953 3152 w32time - ok
19:51:31.0015 3152 [ 95C7421F8BAFC85BA09D33364058937D ] w39n51 C:\WINDOWS\system32

\DRIVERS\w39n51.sys
19:51:31.0078 3152 w39n51 - ok
19:51:31.0109 3152 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32

\DRIVERS\wanarp.sys
19:51:31.0140 3152 Wanarp - ok
19:51:31.0140 3152 WDICA - ok
19:51:31.0171 3152 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32

\drivers\wdmaud.sys
19:51:31.0234 3152 wdmaud - ok
19:51:31.0265 3152 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32

\webclnt.dll
19:51:31.0296 3152 WebClient - ok
19:51:31.0359 3152 [ 74CF3F2E4E40C4A2E18D39D6300A5C24 ] winachsf C:\WINDOWS\system32

\DRIVERS\HSF_CNXT.sys
19:51:31.0406 3152 winachsf - ok
19:51:31.0468 3152 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32

\wbem\WMIsvc.dll
19:51:31.0531 3152 winmgmt - ok
19:51:31.0578 3152 [ E876C33293AA5FFA81A1AA28D594712E ] WLANKEEPER C:\Program

Files\Intel\Wireless\Bin\WLKeeper.exe
19:51:31.0671 3152 WLANKEEPER - ok
19:51:31.0718 3152 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32

\mspmsnsv.dll
19:51:31.0750 3152 WmdmPmSN - ok
19:51:31.0781 3152 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32

\wbem\wmiapsrv.exe
19:51:31.0875 3152 WmiApSrv - ok
19:51:31.0921 3152 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32

\wscsvc.dll
19:51:31.0984 3152 wscsvc - ok
19:51:32.0000 3152 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32

\DRIVERS\WSTCODEC.SYS
19:51:32.0031 3152 WSTCODEC - ok
19:51:32.0046 3152 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32

\wuauserv.dll
19:51:32.0078 3152 wuauserv - ok
19:51:32.0125 3152 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32

\wzcsvc.dll
19:51:32.0140 3152 WZCSVC - ok
19:51:32.0171 3152 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32

\xmlprov.dll
19:51:32.0203 3152 xmlprov - ok
19:51:32.0218 3152 ================ Scan global ===============================
19:51:32.0250 3152 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:51:32.0328 3152 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:51:32.0343 3152 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:51:32.0375 3152 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:51:32.0375 3152 [Global] - ok
19:51:32.0375 3152 ================ Scan MBR ==================================
19:51:32.0406 3152 [ DEA9E81F0228B68C9ADAF84C9B0CF931 ] \Device\Harddisk0\DR0
19:51:32.0625 3152 \Device\Harddisk0\DR0 - ok
19:51:32.0625 3152 ================ Scan VBR ==================================
19:51:32.0625 3152 [ B0ACA857E9E64A8DF3F8A4720FFBFC5A ] \Device\Harddisk0\DR0\Partition1
19:51:32.0625 3152 \Device\Harddisk0\DR0\Partition1 - ok
19:51:32.0625 3152 ============================================================
19:51:32.0625 3152 Scan finished
19:51:32.0625 3152 ============================================================
19:51:32.0656 3252 Detected object count: 0
19:51:32.0656 3252 Actual detected object count: 0
19:51:37.0796 3908 Deinitialize success

#13 apached

apached
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 09 September 2012 - 05:10 AM

Here is the OTL scan:
OTL logfile created on: 09/09/2012 19:58:50 - Run 1
OTL by OldTimer - Version 3.2.61.2 Folder = C:\Documents and Settings\Douglas Pinto\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.37 Mb Total Physical Memory | 345.78 Mb Available Physical Memory | 34.09% Memory free
2.38 Gb Paging File | 1.92 Gb Available in Paging File | 80.82% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.08 Gb Total Space | 12.37 Gb Free Space | 17.66% Space Free | Partition Type: NTFS

Computer Name: INSPIRON | User Name: Douglas Pinto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/09 19:57:22 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Douglas Pinto\Desktop\OTL.exe
PRC - [2012/06/06 21:33:42 | 001,564,872 | -H-- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2012/05/28 15:56:36 | 000,288,128 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2012/05/26 12:04:52 | 000,913,792 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012/03/26 17:03:40 | 000,258,712 | -H-- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | -H-- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/01/18 14:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/27 10:36:34 | 000,111,912 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2006/10/03 18:08:37 | 000,555,008 | -H-- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2006/10/03 18:08:37 | 000,415,744 | -H-- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
PRC - [2006/10/03 18:03:14 | 000,026,112 | -H-- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2006/06/29 14:13:32 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/06/29 14:12:34 | 000,376,832 | -H-- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/05/01 11:34:00 | 000,262,217 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/03/24 18:30:44 | 000,282,624 | -H-- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/01/27 03:02:00 | 000,086,016 | -H-- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/09/02 16:51:50 | 000,221,184 | ---- | M] (ACD Systems, Ltd.) -- C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
PRC - [1997/01/10 11:23:00 | 000,016,384 | ---- | M] (Lotus Development Corporation) -- C:\lotus\wordpro\ltsstart.exe


========== Modules (No Company Name) ==========

MOD - [2011/04/21 16:54:40 | 000,347,024 | -H-- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011/04/21 16:54:40 | 000,179,088 | -H-- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011/04/21 16:54:40 | 000,046,480 | -H-- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl
MOD - [2006/10/03 18:08:37 | 000,574,976 | -H-- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
MOD - [2006/10/03 18:08:37 | 000,555,008 | -H-- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
MOD - [2006/10/03 18:08:37 | 000,415,744 | -H-- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
MOD - [2006/10/03 18:08:37 | 000,143,872 | -H-- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopHyper.dll
MOD - [2006/10/03 18:08:37 | 000,140,800 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopDeskbar2.dll
MOD - [2006/10/03 18:08:37 | 000,111,616 | -H-- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
MOD - [2006/10/03 18:08:37 | 000,095,744 | -H-- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
MOD - [2006/06/29 14:13:50 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2006/05/01 11:38:06 | 000,876,544 | -H-- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2006/05/01 11:38:06 | 000,208,965 | -H-- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/05/01 11:38:06 | 000,053,322 | -H-- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/01/27 03:02:00 | 000,086,016 | -H-- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\\AstSrv.exe -- (Ast Service)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/29 13:22:33 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/07 06:48:18 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | -H-- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/05/26 12:04:52 | 000,913,792 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2012/03/26 17:03:40 | 000,011,552 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2007/08/27 10:36:34 | 000,111,912 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2006/06/29 14:12:34 | 000,376,832 | -H-- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2006/05/01 11:34:00 | 000,262,217 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/09/09 19:40:07 | 000,043,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\piutkaci.sys -- (piutkaci)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/30 18:23:42 | 000,124,544 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SmiUsbGrabber3F.sys -- (SMIUSBAVCALL)
DRV - [2008/04/14 04:56:06 | 000,088,320 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 04:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2006/12/18 18:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/10/03 18:03:18 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/10/02 11:38:48 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2006/05/01 11:52:02 | 000,013,568 | -H-- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/04/26 18:13:04 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2006/03/24 18:34:30 | 001,156,648 | -H-- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/10 14:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/10/14 10:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 10:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 10:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 19:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 11:32:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/21 22:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/21 22:01:08 | 000,201,600 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/21 22:01:00 | 000,717,952 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/09/30 06:36:29 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
DRV - [2004/08/04 07:00:00 | 000,063,232 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 07:00:00 | 000,055,936 | -H-- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/02/13 11:46:00 | 000,017,153 | -H-- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/12/03 16:44:58 | 000,013,566 | -H-- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [2002/10/15 21:41:06 | 000,102,220 | -H-- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=5061003
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=5061003
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=5061003
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=5061003
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-378494298-3341163986-1655825625-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-378494298-3341163986-1655825625-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-378494298-3341163986-1655825625-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-378494298-3341163986-1655825625-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-378494298-3341163986-1655825625-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S-1-5-21-378494298-3341163986-1655825625-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-378494298-3341163986-1655825625-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 62 70 51 AC 5C CD 01 [binary data]
IE - HKU\S-1-5-21-378494298-3341163986-1655825625-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-378494298-3341163986-1655825625-1006\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-378494298-3341163986-1655825625-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-378494298-3341163986-1655825625-1006\..\SearchScopes,DefaultScope = {9C8B4497-8D39-40EB-82BE-895A452D110C}
IE - HKU\S-1-5-21-378494298-3341163986-1655825625-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-378494298-3341163986-1655825625-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-378494298-3341163986-1655825625-1006\..\SearchScopes\{9C8B4497-8D39-40EB-82BE-895A452D110C}: "URL" = http://au.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
IE - HKU\S-1-5-21-378494298-3341163986-1655825625-1006\..\SearchScopes\{AF43E9B1-242D-4C42-B9AE-4407F062DD88}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-378494298-3341163986-1655825625-1006\..\SearchScopes\{C6EA884F-178C-42C0-AAB2-8816F9886E22}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=U3&apn_dtid=OSJ000YYAU&apn_uid=7FACD49D-1361-43A2-9F59-CE0CD2FBDAB3&apn_sauid=06A47540-E214-492B-A323-EB2EE64DEC9F
IE - HKU\S-1-5-21-378494298-3341163986-1655825625-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-378494298-3341163986-1655825625-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost;http://localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=7FACD49D-1361-43A2-9F59-CE0CD2FBDAB3&apn_ptnrs=9M&apn_sauid=06A47540-E214-492B-A323-EB2EE64DEC9F&apn_dtid=OSJ000&&q="
FF - prefs.js..network.proxy.no_proxies_on: "http://localhost,http://localhost"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Douglas Pinto\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Douglas Pinto\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla 1.5\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components [2010/11/07 05:44:03 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla 1.5\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2012/07/25 16:35:37 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/07 06:48:20 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla 1.5\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components [2010/11/07 05:44:03 | 000,000,000 | -H-D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla 1.5\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2012/07/25 16:35:37 | 000,000,000 | -H-D | M]

[2009/06/21 17:11:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Douglas Pinto\Application Data\Mozilla\Extensions
[2012/08/20 15:55:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Douglas Pinto\Application Data\Mozilla\Firefox\Profiles\9n1umh6q.default\extensions
[2012/07/07 18:22:28 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Documents and Settings\Douglas Pinto\Application Data\Mozilla\Firefox\Profiles\9n1umh6q.default\extensions\ChoiceGuard@Microsoft
[2012/05/20 18:18:17 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Douglas Pinto\Application Data\Mozilla\Firefox\Profiles\9n1umh6q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012/08/18 17:00:04 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\Douglas Pinto\Application Data\Mozilla\Firefox\Profiles\9n1umh6q.default\searchplugins\askcom.xml
[2012/08/18 16:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/18 16:49:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/08/07 06:48:19 | 000,136,672 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/21 11:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/21 11:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo!7 (Enabled)
CHR - default_search_provider: search_url = http://au.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR - default_search_provider: suggest_url = http://aue-sayt.ff.search.yahoo.com/gossip-au-sayt?output=fxjson&command={searchTerms}
CHR - homepage: http://www.google.com.au/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Douglas Pinto\Local Settings\Application Data\Google\Chrome\Application\12.0.742.122\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Douglas Pinto\Local Settings\Application Data\Google\Chrome\Application\12.0.742.122\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Douglas Pinto\Local Settings\Application Data\Google\Chrome\Application\12.0.742.122\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Douglas Pinto\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Australia = C:\Documents and Settings\Douglas Pinto\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eigmjgegfedjaipogbhbdfimaamcfobo\1.3\

O1 HOSTS File: ([2009/05/11 12:00:14 | 000,611,053 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 z.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtb19.acecounter.com
O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com
O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
O1 - Hosts: 16309 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (Reg Error: Value error.) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-378494298-3341163986-1655825625-1006\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-378494298-3341163986-1655825625-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [Device Detector] C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe (ACD Systems, Ltd.)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [YcGJQkVIicuKSf.exe] C:\Documents and Settings\All Users\Application Data\YcGJQkVIicuKSf.exe File not found
O4 - HKU\S-1-5-21-378494298-3341163986-1655825625-1006..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2012/09/09 19:21:33 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Douglas Pinto\Start Menu\Programs\Startup\AutorunsDisabled [2008/08/11 17:45:44 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-378494298-3341163986-1655825625-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-378494298-3341163986-1655825625-1006\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-378494298-3341163986-1655825625-1006\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-378494298-3341163986-1655825625-1006\..Trusted Domains: lookatmyproperty.com.au ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-378494298-3341163986-1655825625-1006\..Trusted Domains: picasaweb,google.com ([]http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/70.16/uploader2.cab (UploadListView Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www4.snapfish.com.au/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167555173578 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01868C53-33BB-41A6-B975-2587F13BB43B}: DhcpNameServer = 203.2.75.132 198.142.0.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9BC01A4-7982-49CA-AE46-A4F781F0377D}: DhcpNameServer = 10.1.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Coffee Bean.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Coffee Bean.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{73be8dc4-0951-11de-8957-0015c5b34409}\Shell - "" = AutoRun
O33 - MountPoints2\{73be8dc4-0951-11de-8957-0015c5b34409}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{73be8dc4-0951-11de-8957-0015c5b34409}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{73be8dc5-0951-11de-8957-0015c5b34409}\Shell\AutoRun\command - "" = wscript.exe \SMRTNTKY\script.js
O33 - MountPoints2\{cebd8ec8-d165-11de-89fd-0015c5b34409}\Shell - "" = AutoRun
O33 - MountPoints2\{cebd8ec8-d165-11de-89fd-0015c5b34409}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cebd8ec8-d165-11de-89fd-0015c5b34409}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Phim_nguoi_lon.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/09 19:57:08 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Douglas Pinto\Desktop\OTL.exe
[2012/09/09 19:40:06 | 000,043,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\piutkaci.sys
[2012/09/09 19:29:27 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Douglas Pinto\Desktop\tdsskiller.exe
[2012/09/09 19:26:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Douglas Pinto\Recent
[2012/09/09 18:10:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/09/09 18:10:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Douglas Pinto\Start Menu\Programs\Administrative Tools
[2012/09/09 18:08:14 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Douglas Pinto\Desktop\dds.com
[2012/09/05 09:57:23 | 000,000,000 | ---D | C] -- C:\FRST
[2012/09/02 00:29:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Douglas Pinto\Start Menu\Programs\File Recovery
[2012/08/28 14:10:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/08/28 14:10:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 5
[2012/08/28 14:10:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Douglas Pinto\Application Data\IObit
[2012/08/28 14:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/08/18 16:59:53 | 000,000,000 | -H-D | C] -- C:\Program Files\Ask.com
[2012/08/18 16:59:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Douglas Pinto\Local Settings\Application Data\AskToolbar
[2012/08/18 16:49:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/08/18 16:49:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Ask
[2012/08/18 16:48:59 | 000,476,976 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/08/18 16:48:59 | 000,472,880 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/08/18 16:48:59 | 000,157,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/08/18 16:48:59 | 000,149,296 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/08/18 16:48:59 | 000,149,296 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/08/18 16:48:59 | 000,073,728 | -H-- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/09 20:06:01 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/09/09 19:57:22 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Douglas Pinto\Desktop\OTL.exe
[2012/09/09 19:49:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/09 19:47:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/09 19:40:07 | 000,043,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\piutkaci.sys
[2012/09/09 19:35:04 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-378494298-3341163986-1655825625-1006UA.job
[2012/09/09 19:30:08 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/09/09 19:29:27 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Douglas Pinto\Desktop\tdsskiller.exe
[2012/09/09 19:20:15 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/09 19:20:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/09 19:19:59 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/09 18:08:27 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Douglas Pinto\Desktop\dds.com
[2012/09/09 09:35:45 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/02 00:29:10 | 000,000,160 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-HTqJnca1DIqiXSr
[2012/09/02 00:29:10 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-HTqJnca1DIqiXS
[2012/09/02 00:29:07 | 000,000,368 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\HTqJnca1DIqiXS
[2012/09/01 13:38:28 | 000,002,380 | ---- | M] () -- C:\Documents and Settings\Douglas Pinto\Desktop\Google Chrome.lnk
[2012/09/01 13:38:28 | 000,002,358 | ---- | M] () -- C:\Documents and Settings\Douglas Pinto\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/01 13:35:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-378494298-3341163986-1655825625-1006Core.job
[2012/08/29 14:17:44 | 000,305,152 | -H-- | M] () -- C:\Documents and Settings\Douglas Pinto\My Documents\windiag.iso
[2012/08/29 13:22:32 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/29 13:22:32 | 000,073,416 | -H-- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/28 15:52:31 | 000,350,584 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/28 14:10:38 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Uninstaller.lnk
[2012/08/28 14:10:38 | 000,000,910 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 5.lnk
[2012/08/28 14:10:37 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\Douglas Pinto\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 5.lnk
[2012/08/18 16:48:37 | 000,157,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/08/18 16:48:37 | 000,149,296 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/08/18 16:48:37 | 000,149,296 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/08/18 16:48:37 | 000,073,728 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/08/18 16:48:36 | 000,476,976 | -H-- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/08/18 16:48:36 | 000,472,880 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/02 00:29:10 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-HTqJnca1DIqiXSr
[2012/09/02 00:29:10 | 000,000,144 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-HTqJnca1DIqiXS
[2012/09/02 00:29:01 | 000,000,368 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\HTqJnca1DIqiXS
[2012/08/29 14:17:34 | 000,305,152 | -H-- | C] () -- C:\Documents and Settings\Douglas Pinto\My Documents\windiag.iso
[2012/08/28 14:10:38 | 000,000,961 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Uninstaller.lnk
[2012/08/28 14:10:38 | 000,000,910 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 5.lnk
[2012/08/28 14:10:37 | 000,000,928 | ---- | C] () -- C:\Documents and Settings\Douglas Pinto\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare 5.lnk
[2012/08/18 16:59:59 | 000,000,250 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/07/05 18:33:48 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/06/14 15:09:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2011/01/05 17:19:06 | 000,075,720 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/02/29 15:59:45 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\Douglas Pinto\Application Data\ViewerApp.dat
[2006/10/25 20:47:42 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Douglas Pinto\Local Settings\Application Data\fusioncache.dat
[2006/10/20 23:15:11 | 000,001,470 | ---- | C] () -- C:\Documents and Settings\Douglas Pinto\Local Settings\Application Data\FASTWiz.html
[2006/10/15 23:56:18 | 000,124,928 | ---- | C] () -- C:\Documents and Settings\Douglas Pinto\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/11 23:37:43 | 000,000,574 | ---- | C] () -- C:\Documents and Settings\Douglas Pinto\Application Data\wklnhst.dat
[2006/10/03 18:01:21 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

========== Alternate Data Streams ==========

@Alternate Data Stream - 4933 bytes -> C:\Documents and Settings\Douglas Pinto\My Documents\Mercy Reunion Details.eml:OECustomProperty
@Alternate Data Stream - 1312 bytes -> C:\WINDOWS\System32\drivers\piutkaci.sys:changelist
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81

< End of report >

#14 apached

apached
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 09 September 2012 - 05:12 AM

This is the Extras file:
OTL Extras logfile created on: 09/09/2012 19:58:50 - Run 1
OTL by OldTimer - Version 3.2.61.2 Folder = C:\Documents and Settings\Douglas Pinto\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.37 Mb Total Physical Memory | 345.78 Mb Available Physical Memory | 34.09% Memory free
2.38 Gb Paging File | 1.92 Gb Available in Paging File | 80.82% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.08 Gb Total Space | 12.37 Gb Free Space | 17.66% Space Free | Partition Type: NTFS

Computer Name: INSPIRON | User Name: Douglas Pinto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-378494298-3341163986-1655825625-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Unwired\UwWiz.exe" = C:\Program Files\Unwired\UwWiz.exe:*:Enabled:Connection Assistant -- (Unwired Australia Pty Limited)
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Disabled:Dell Network Assistant -- (SingleClick Systems)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A2E33A-8ADA-42D1-9173-8F65149E952F}" = Microsoft Money
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7}" = Microsoft Money System Pack
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
"{200E847E-A6AE-4C33-A36F-082CC10C6570}" = BigPond Wireless Broadband 2.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{313855AD-F250-439C-904C-E56A129652E7}" = Unwired
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3846E811-639D-4DE1-844B-30491C0A6C0C}" = Dell Support 3.2
"{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = Got Money FX MT4 4.00
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ecaf021-478c-40c1-b777-3368a15f9966}" = Macromedia Flash Player
"{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B03B98E3-2795-48F6-BA33-793BBF5DF685}" = SMI USB Grabber
"{B0DC84A9-06CB-420A-B8FF-6769EB5EDE95}" = 810plc32
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C66FE99D-7C15-40A0-AE4A-A1A3900D9EE3}" = MyVirtualHome
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D8320DD6-FE47-41DE-B116-4158B7AE3F37}" = ACDSee for Pentax 2.0
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7887F0B-066C-4D26-AFD9-62B72CF24D9A}" = SyncToy
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"America Online au" = AOL Australia
"AOL|7 Broadband Demo" = AOL|7 Broadband Demo
"CAD X11" = CAD X11
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"ESET Online Scanner" = ESET Online Scanner v3
"FCharts Sample Database_is1" = FCharts
"FCharts_is1" = FCharts
"Free File Opener_is1" = Free File Opener version 2011.6.0
"Google Desktop" = Google Desktop
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"Hubb Investor" = Hubb Investor
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla (1.5)" = Mozilla (1.5)
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSNINST" = MSN
"PENTAX Optio 60 Driver" = PENTAX Optio 60 Driver
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer Basic
"SmartSuite V97.0" = Lotus SmartSuite 97
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"VLC media player" = VLC media player 0.9.8a
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-378494298-3341163986-1655825625-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Google Chrome" = Google Chrome
"MetaStock 11.0" = MetaStock 11.0
"MetaStock 7.2" = MetaStock 7.2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 26/07/2012 02:49:03 | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.265,
faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c2.

Error - 26/07/2012 08:00:04 | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application devdetect.exe, version 2.0.2.9, faulting module
mfc70.dll, version 7.0.9466.0, fault address 0x0000f442.

Error - 03/08/2012 09:04:38 | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application devdetect.exe, version 2.0.2.9, faulting module
mfc70.dll, version 7.0.9466.0, fault address 0x0000f442.

Error - 07/08/2012 19:11:28 | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application devdetect.exe, version 2.0.2.9, faulting module
mfc70.dll, version 7.0.9466.0, fault address 0x0000f442.

Error - 16/08/2012 21:46:46 | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application devdetect.exe, version 2.0.2.9, faulting module
mfc70.dll, version 7.0.9466.0, fault address 0x0000f442.

Error - 17/08/2012 01:50:35 | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application devdetect.exe, version 2.0.2.9, faulting module
mfc70.dll, version 7.0.9466.0, fault address 0x0000f442.

Error - 23/08/2012 04:35:02 | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application devdetect.exe, version 2.0.2.9, faulting module
mfc70.dll, version 7.0.9466.0, fault address 0x0000f442.

Error - 24/08/2012 01:56:25 | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application devdetect.exe, version 2.0.2.9, faulting module
mfc70.dll, version 7.0.9466.0, fault address 0x0000f442.

Error - 27/08/2012 23:31:31 | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application devdetect.exe, version 2.0.2.9, faulting module
mfc70.dll, version 7.0.9466.0, fault address 0x0000f442.

Error - 29/08/2012 00:58:01 | Computer Name = INSPIRON | Source = Application Error | ID = 1000
Description = Faulting application devdetect.exe, version 2.0.2.9, faulting module
mfc70.dll, version 7.0.9466.0, fault address 0x0000f442.

[ System Events ]
Error - 29/08/2012 00:57:36 | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000
Description = The Ast Service service failed to start due to the following error:
%%2

Error - 29/08/2012 03:05:29 | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000
Description = The Ast Service service failed to start due to the following error:
%%2

Error - 30/08/2012 00:37:54 | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000
Description = The Ast Service service failed to start due to the following error:
%%2

Error - 30/08/2012 03:31:13 | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000
Description = The Ast Service service failed to start due to the following error:
%%2

Error - 31/08/2012 23:31:07 | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000
Description = The Ast Service service failed to start due to the following error:
%%2

Error - 01/09/2012 05:41:04 | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000
Description = The Ast Service service failed to start due to the following error:
%%2

Error - 08/09/2012 19:36:01 | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000
Description = The Ast Service service failed to start due to the following error:
%%2

Error - 09/09/2012 04:00:18 | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000
Description = The Ast Service service failed to start due to the following error:
%%2

Error - 09/09/2012 04:10:24 | Computer Name = INSPIRON | Source = Microsoft Antimalware | ID = 1014
Description = %%860 has encountered an error trying to remove history of malware
and other potentially unwanted software. Time: 25/08/2012 18:10:09 User: NT AUTHORITY\SYSTEM

Error
Code: 0x80070005 Error description: Access is denied.

Error - 09/09/2012 05:20:23 | Computer Name = INSPIRON | Source = Service Control Manager | ID = 7000
Description = The Ast Service service failed to start due to the following error:
%%2


< End of report >

#15 apached

apached
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 09 September 2012 - 05:17 AM

Hi Elise,
I did a Google search to find out more about Partition Rootkits and found your Blog.
Thank you very much for guidance in this procedure.
Hopefully all is OK now, but will await any further directions.
Cheers,
DP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users