Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

10 PuP.Bundle.Installer.ol shows up with MalwareBytes scan...Plus Disp


  • Please log in to reply

#1
Mr. Rufus Sniff

Mr. Rufus Sniff

    Member

  • Member
  • PipPip
  • 22 posts
Hello to anyone reading this...and thank you in advance, if I don't get a chance later...
(if I drop dead or someone shoots me...)

Ok, I have this ol' computer system...a Dell Precision Workstation 360...running Windows MS XP
Pro Version 2002 Service Pk 3,
Processor Intel Pentium 4 CPU 2.8 GHz, 2.37 GB Ram
OS name Win XP Pro SP3 Build 2600 x86

I hope the rest of any of this info will be on the OTL txt log I'll be submitting below...

All the instructions to join and leave as much details as possible...so hope this helps

Here's my problem...I reinstalled my Win XP OS a few weeks back and didn't have any drivers
to install to get online etc...(didn't have the original driver discs)...

Using a previous downloaded and saved set of drivers from Dell, I was able to install the
Network Interface Card (NIC) and that got me online...and I was able to get some drivers from
Dell that I tried to install in somewhat of a correct order...

I eventually got things working somewhat...except for audio...no sound!...

Took me a couple weeks searching forums etc + speaking with Dell technical help (they were no help)
and they actually couldn't even help me with drivers period. Big headache...
Finally, I found the right driver and bam...worked...You'd think Dells technicians would know this...

(Sorry, I'm still peeved about that...because just yesterday, I had the unfortunate experience of a
repeat visit to them...giving them the benefit of the doubt, I had another issue....suddenly, my computer
when booting, would only go as far as a Windows logon...and then monitor would fade to "no signal")

And they just told me after 2 hrs sorry, couldn't help, maybe buy a new Dell from us, give you a good deal!

So on my own, and only booting into safe mode, and losing Restore also...I was just going thru a trial and
error process...checking everything I could think of...(keep in mind I'm not any wheres near an expert...just a user that's been slugging along for years...step by step)

Anyways, was able to log into "last known working configuration" and monitor would stay on for 60 sec and
temp quit...come back for another 30 sec...and quit...and I'd have to force a reboot...

So I uninstalled the NVidia GeForce4 MX 4000 adapter...and I was finally able to keep the monitor on...
Yet the sound was missing...so after repeated attempts to install an audio driver, I finally have sound...

And a little while ago, I just quarantined 10 Pup.Bundle.Installer.ol ...and I believe these are some kind
of virus...and I'm still just puttin' along...

Yet here's the dilemma...either my computer is OK...with the current drivers or I'm coasting towards a
hellacious nightmare with a convoluted mess I've brought unto myself...

That's about the time I found this forum...and the OTL software...so I thought...I'll sign up...run the
software and post it here...just like your instructions suggested...

I actually don't understand all of the log...so what I'm hoping is....with the results posted here and
one of your guys/gals expertise...maybe read this and let me know any and all issues...(for some reason,
I don't think you're going to get back to me stating "great shape!"...

After all my messing around, I've probably got some serious issues...I just don't recognize them...

As far as performance at this moment, the video and graphics is alittle shaky seems like (when scrolling
around on some sites, it'll roll like waves...and on some videos, sounds a little scrambled for a second and then it's ok...
My Display Adapters in Device Manager had yellow apostrophe mark for Video Controller (VGA compatible)

Ok, I know this is long and drawn out...yet I've tried this initial dialogue to be as informative and
complete as possible...

I'll post the log below...I want to thank everyone who considers helping me very much...
Just peruse the log and let me know where I stand...and possibly any remedies...

Now I've noticed there's 2 Notepad files the OTL gave me...one is OTL.txt and the other is Extras.txt...
so I guess I'll just paste both here...
......................................................
......................................................

OTL.Txt LogFile...

OTL logfile created on: 7/27/2012 1:11:37 AM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Nile R Vincent\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.37 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 76.13% Memory free
4.22 Gb Paging File | 3.81 Gb Available in Paging File | 90.19% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 63.64 Gb Free Space | 83.00% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 399.79 Gb Free Space | 85.84% Space Free | Partition Type: NTFS

Computer Name: NILE-VINCENT | User Name: Nile R Vincent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/27 00:12:47 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nile R Vincent\Desktop\OTL.exe
PRC - [2012/07/13 17:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/13 17:17:14 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe


========== Win32 Services (SafeList) ==========

SRV - [2012/07/14 00:30:34 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 17:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\dcdbas32.sys -- (dcdbas)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2012/06/19 23:19:01 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{019D1EAE-B095-404C-A7E7-13CFF2654E27}: "URL" = http://www.bing.com/...ferrer:source?}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000000cf1d79927
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekkosearch....q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-07-11 16:41:36&v=11.0.0.10&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{B639E40D-C186-4498-9583-A1DF627DC97D}: "URL" = http://websearch.ask...2-0C183E9F0FD5
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/22 11:08:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/06/17 18:00:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nile R Vincent\Application Data\Mozilla\Extensions
[2012/07/26 01:29:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nile R Vincent\Application Data\Mozilla\Firefox\Profiles\gmzugg1n.default\extensions
[2012/06/27 10:41:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Nile R Vincent\Application Data\Mozilla\Firefox\Profiles\gmzugg1n.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/07/26 14:55:37 | 000,000,000 | ---D | M] (PriceGong) -- C:\Documents and Settings\Nile R Vincent\Application Data\Mozilla\Firefox\Profiles\gmzugg1n.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2012/07/22 11:08:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/13 17:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/11 16:41:31 | 000,003,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/18 01:06:31 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/07/13 17:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/20 09:31:48 | 000,002,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2012/07/13 17:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/22 17:19:06 | 000,443,432 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15234 more lines...
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.6.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O15 - HKCU\..Trusted Domains: emily18.com ([www] https in Trusted sites)
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/...t/Ode/pcd86.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1340890774875 (MUWebControl Class)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 74.40.74.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B283AE8E-A72D-42FE-BF6E-5CB80116A1EE}: DhcpNameServer = 192.168.1.1 74.40.74.40
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Nile R Vincent\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nile R Vincent\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/06/17 15:56:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/06/15 00:47:30 | 000,000,062 | ---- | M] () - E:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/27 00:12:41 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nile R Vincent\Desktop\OTL.exe
[2012/07/26 20:04:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Nile R Vincent\Recent
[2012/07/26 19:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2012/07/26 19:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/07/26 19:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nile R Vincent\Application Data\InstallShield
[2012/07/26 18:57:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nile R Vincent\Application Data\driveridentifier
[2012/07/26 18:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Driver Identifier
[2012/07/26 18:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Identifier
[2012/07/26 18:41:37 | 000,000,000 | ---D | C] -- C:\ViewSonic
[2012/07/26 18:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nile R Vincent\Local Settings\Application Data\PC_Drivers_Headquarters
[2012/07/26 17:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nile R Vincent\Application Data\Dell Drivers Update Utility
[2012/07/26 17:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DELL Drivers Update Utility
[2012/07/26 17:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\DELL Drivers Update Utility
[2012/07/26 17:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nile R Vincent\Local Settings\Application Data\DELL Drivers Update Utility
[2012/07/26 17:39:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\VirtualEar
[2012/07/26 17:39:45 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2012/07/26 17:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2012/07/26 17:12:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\SBPCT
[2012/07/26 17:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\CREATIVE
[2012/07/26 17:12:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Creative
[2012/07/26 16:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nile R Vincent\Local Settings\Application Data\Zoom_Downloader
[2012/07/26 16:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PriceGong
[2012/07/26 16:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012/07/26 16:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/07/26 15:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2012/07/26 15:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012/07/26 03:48:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nile R Vincent\Application Data\PriceGong
[2012/07/26 01:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/07/26 01:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\PriceGong
[2012/07/26 01:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/07/26 01:12:23 | 000,000,000 | ---D | C] -- C:\ATI
[2012/07/25 01:47:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2012/07/24 11:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/24 11:25:40 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/24 11:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/22 11:22:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/07/22 11:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/07/21 23:22:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/07/14 00:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nile R Vincent\Application Data\vlc
[2012/07/14 00:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/07/12 01:01:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nile R Vincent\Desktop\Reviews
[2012/07/11 20:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/11 19:24:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nile R Vincent\Application Data\AVG
[2012/07/11 19:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/07/11 16:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nile R Vincent\Application Data\AVG2012
[2012/07/11 16:40:57 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/07/11 16:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/07/02 18:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
[2012/07/02 18:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2012/07/02 18:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2012/07/02 18:42:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2012/07/02 18:42:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/07/01 03:32:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nile R Vincent\Start Menu\Programs\Revo Uninstaller
[2012/07/01 03:32:22 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/07/01 03:31:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Nile R Vincent\My Documents\Downloads
[2012/06/28 17:33:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2012/06/28 06:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/06/28 06:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/06/27 04:40:01 | 000,000,000 | ---D | C] -- C:\e
[2012/06/27 04:40:01 | 000,000,000 | ---D | C] -- C:\Data
[2012/06/27 04:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nile R Vincent\Local Settings\Application Data\visi_coupon
[2012/06/27 04:28:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nile R Vincent\Application Data\Yahoo!
[2012/06/27 04:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012/06/21 02:30:28 | 000,055,808 | ---- | C] (N/A) -- C:\Documents and Settings\Nile R Vincent\CARDWAVE.DRV
[2012/06/17 22:50:30 | 016,094,856 | ---- | C] (Dell Inc.) -- C:\Documents and Settings\Nile R Vincent\Application Data\OM_APP_WIN_R300391.EXE
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/27 00:30:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/27 00:12:47 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nile R Vincent\Desktop\OTL.exe
[2012/07/27 00:03:19 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/26 23:53:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/26 23:53:17 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup Integrator Start On Nile R Vincent Logon.job
[2012/07/26 23:53:16 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-162531612-1417001333-1003.job
[2012/07/26 23:53:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/26 19:54:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/26 18:57:15 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Driver Identifier.lnk
[2012/07/26 17:33:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/26 17:15:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\Register Sound Blaster PCI Compact (Drivers Only) Web Release.lnk
[2012/07/23 23:31:12 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/07/22 17:19:06 | 000,443,432 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/22 12:25:02 | 000,443,432 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120722-171906.backup
[2012/07/22 11:08:19 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/07/19 01:35:42 | 000,443,432 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120722-122502.backup
[2012/07/18 17:23:26 | 000,443,432 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120719-013542.backup
[2012/07/18 00:27:51 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Nile R Vincent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/17 02:33:28 | 000,443,432 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120718-172326.backup
[2012/07/15 03:23:00 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-162531612-1417001333-1003.job
[2012/07/14 16:47:35 | 000,443,432 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120717-023328.backup
[2012/07/12 16:23:48 | 000,443,432 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120714-164735.backup
[2012/07/12 01:36:56 | 000,443,432 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120712-162348.backup
[2012/07/11 20:27:01 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/07/11 19:23:01 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\Nile R Vincent\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/07/11 15:29:18 | 000,443,432 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120712-013656.backup
[2012/07/11 06:36:44 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Nile R Vincent\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/11 05:00:04 | 000,443,432 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120711-152918.backup
[2012/07/11 04:57:27 | 000,115,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 04:55:58 | 000,443,432 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120711-050004.backup
[2012/07/11 04:55:37 | 000,443,432 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120711-045558.backup
[2012/07/11 04:42:22 | 000,000,256 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\qAm5R5h26tvRtd
[2012/07/11 04:30:57 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-qAm5R5h26tvRtdr
[2012/07/11 04:30:57 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-qAm5R5h26tvRtd
[2012/07/11 00:15:13 | 000,442,958 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120711-045537.backup
[2012/07/07 19:15:01 | 000,442,958 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120711-001513.backup
[2012/07/06 16:07:18 | 000,442,958 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120707-191501.backup
[2012/07/06 16:06:37 | 000,442,958 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120706-160718.backup
[2012/07/06 16:05:20 | 000,442,832 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120706-160637.backup
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/02 18:44:19 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012/07/01 15:56:35 | 000,442,832 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120706-160520.backup
[2012/07/01 03:32:23 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Nile R Vincent\Desktop\Revo Uninstaller.lnk
[2012/06/29 10:48:10 | 000,442,832 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120701-155635.backup
[2012/06/28 06:27:37 | 001,990,576 | -H-- | M] () -- C:\Documents and Settings\Nile R Vincent\Desktop\Sniff's Pics.zip
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/26 19:42:13 | 000,088,691 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2012/07/26 19:42:00 | 000,017,056 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2012/07/26 19:17:28 | 000,001,904 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
[2012/07/26 19:04:06 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2012/07/26 19:04:06 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2012/07/26 19:04:05 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2012/07/26 19:04:05 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2012/07/26 19:04:05 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\nvtuicpl.cpl
[2012/07/26 19:04:04 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2012/07/26 19:04:03 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2012/07/26 19:04:03 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2012/07/26 19:04:02 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2012/07/26 19:04:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2012/07/26 19:04:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2012/07/26 19:04:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2012/07/26 18:57:15 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Driver Identifier.lnk
[2012/07/26 18:36:11 | 000,007,786 | ---- | C] () -- C:\WINDOWS\g90f-3.cat
[2012/07/26 18:36:11 | 000,001,204 | ---- | C] () -- C:\WINDOWS\Q51-9.inf
[2012/07/26 18:36:11 | 000,001,164 | ---- | C] () -- C:\WINDOWS\G90f-3.inf
[2012/07/26 18:36:11 | 000,000,512 | ---- | C] () -- C:\WINDOWS\G90f-3.icm
[2012/07/26 18:36:10 | 000,007,794 | ---- | C] () -- C:\WINDOWS\vp171b-2.cat
[2012/07/26 18:36:10 | 000,007,782 | ---- | C] () -- C:\WINDOWS\q51-9.cat
[2012/07/26 18:36:10 | 000,001,224 | ---- | C] () -- C:\WINDOWS\VP171b-2.inf
[2012/07/26 18:36:10 | 000,000,512 | ---- | C] () -- C:\WINDOWS\VP171b-2.icm
[2012/07/26 18:36:10 | 000,000,512 | ---- | C] () -- C:\WINDOWS\Q51-9.icm
[2012/07/26 17:15:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\Register Sound Blaster PCI Compact (Drivers Only) Web Release.lnk
[2012/07/26 17:13:48 | 000,000,118 | ---- | C] () -- C:\WINDOWS\Inetreg.ini
[2012/07/25 02:24:09 | 000,089,258 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb
[2012/07/11 20:26:47 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/11 19:23:15 | 000,000,386 | ---- | C] () -- C:\WINDOWS\tasks\AVG PC Tuneup Integrator Start On Nile R Vincent Logon.job
[2012/07/11 19:23:01 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/07/11 06:36:44 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/11 06:36:44 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/11 06:36:44 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/07/11 04:30:57 | 000,000,144 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-qAm5R5h26tvRtdr
[2012/07/11 04:30:56 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-qAm5R5h26tvRtd
[2012/07/11 04:30:34 | 000,000,256 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\qAm5R5h26tvRtd
[2012/07/02 18:44:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/07/02 18:43:45 | 000,002,487 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
[2012/07/02 18:43:45 | 000,002,475 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint.lnk
[2012/07/02 18:43:45 | 000,002,046 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Outlook.lnk
[2012/07/02 18:43:45 | 000,002,022 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2012/07/02 18:43:45 | 000,001,990 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Access.lnk
[2012/07/01 03:32:23 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\Desktop\Revo Uninstaller.lnk
[2012/06/25 11:54:34 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7Q.DLL
[2012/06/23 02:10:13 | 000,013,440 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/06/22 19:40:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/21 02:30:28 | 000,192,494 | -H-- | C] () -- C:\Documents and Settings\Nile R Vincent\INTRO.WAV
[2012/06/21 02:30:28 | 000,146,432 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\MSUILSTF.DLL
[2012/06/21 02:30:28 | 000,083,456 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\MSCOMSTF.DLL
[2012/06/21 02:30:28 | 000,072,192 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\MSINSSTF.DLL
[2012/06/21 02:30:28 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\CARDMIDI.DRV
[2012/06/21 02:30:28 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\MSCUISTF.DLL
[2012/06/21 02:30:28 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\MSSHLSTF.DLL
[2012/06/21 02:30:28 | 000,022,234 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\INSTR.INI
[2012/06/21 02:30:28 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\MSDETSTF.DLL
[2012/06/21 02:30:28 | 000,017,206 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\WINAUDIO.INF
[2012/06/21 02:30:28 | 000,009,712 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\AUDPANEL.EXE
[2012/06/21 02:30:28 | 000,006,647 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\CARDWAVE.VXD
[2012/06/21 02:30:28 | 000,006,304 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\CONPANEL.EXE
[2012/06/21 02:30:28 | 000,003,497 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\OEM.INF
[2012/06/20 22:44:10 | 000,065,800 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/06/20 22:35:36 | 000,004,140 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2012/06/19 00:30:02 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/17 18:31:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/06/17 15:58:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/06/17 15:53:34 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/06/17 08:45:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/06/17 08:44:08 | 000,115,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/25 21:21:48 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OVDecoder.dll

========== LOP Check ==========

[2012/06/20 09:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
[2012/06/25 11:54:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/06/22 17:41:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/06/17 23:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverWizard
[2012/07/11 20:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/06/20 11:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2012/07/26 16:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2012/06/22 02:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/07/11 20:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/17 19:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\Ad-Aware Antivirus
[2012/07/11 20:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\AVG
[2012/07/11 20:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\AVG2012
[2012/06/25 02:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\BeNaughtyChat
[2012/06/20 22:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\Carambis
[2012/07/26 18:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\driveridentifier
[2012/06/22 22:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\ElevatedDiagnostics
[2012/06/24 20:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\KompoZer
[2012/06/19 23:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\Oracle
[2012/06/20 11:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\PCDr
[2012/07/26 17:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\PriceGong
[2012/06/20 00:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\SystemRequirementsLab
[2012/06/25 02:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\vcards
[2012/06/20 02:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\Windows Desktop Search
[2012/06/20 09:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\Windows Search
[2012/07/26 23:53:17 | 000,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\AVG PC Tuneup Integrator Start On Nile R Vincent Logon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

....................................................................................
.................................................................................

Extras.Txt Logfile

OTL Extras logfile created on: 7/27/2012 1:11:37 AM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Nile R Vincent\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.37 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 76.13% Memory free
4.22 Gb Paging File | 3.81 Gb Available in Paging File | 90.19% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 63.64 Gb Free Space | 83.00% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 399.79 Gb Free Space | 85.84% Space Free | Partition Type: NTFS

Computer Name: NILE-VINCENT | User Name: Nile R Vincent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1" = DriverIdentifier 4.1
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48963B63-7A10-49D6-8B08-61E6132453D0}" = ViewSonic Monitor Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9CC869F-DA2B-3E9B-EF47-29F831A41619}" = AMD Catalyst Install Manager
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows XP Signed Files
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"DELL Drivers Update Utility_is1" = DELL Drivers Update Utility
"Dell Support Center" = Dell Support Center
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PriceGong" = PriceGong 2.6.4
"PROSet" = Intel® PRO Network Connections Drivers
"Revo Uninstaller" = Revo Uninstaller 1.94
"SBPCIUnInstall" = Creative PCI Audio Drivers
"Sound Blaster PCI Compact Drivers Online Help" = Sound Blaster PCI Compact Drivers Online Help
"VLC media player" = VLC media player 2.0.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/26/2012 7:20:22 PM | Computer Name = NILE-VINCENT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\PRICEGONG\PRICEGONG
HELP.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 7/26/2012 7:20:22 PM | Computer Name = NILE-VINCENT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\PRICEGONG\PRICEGONG
CONTACT US.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 7/26/2012 7:20:22 PM | Computer Name = NILE-VINCENT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\PRICEGONG\PRICEGONG
CONTACT US.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 7/26/2012 7:20:22 PM | Computer Name = NILE-VINCENT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\PRICEGONG\UNINSTALL
PRICEGONG.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 7/26/2012 7:20:22 PM | Computer Name = NILE-VINCENT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\PRICEGONG\UNINSTALL
PRICEGONG.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 7/26/2012 9:03:44 PM | Computer Name = NILE-VINCENT | Source = MsiInstaller | ID = 11606
Description = Product: Driver Tool -- Error 1606.Could not access network location
http://c15045070.r70...m/Config~1.cab.

Error - 7/26/2012 9:03:47 PM | Computer Name = NILE-VINCENT | Source = MsiInstaller | ID = 11606
Description = Product: Driver Tool -- Error 1606.Could not access network location
http://c15045070.r70...m/Config~1.cab.

Error - 7/26/2012 9:32:52 PM | Computer Name = NILE-VINCENT | Source = Application Error | ID = 1000
Description = Faulting application setup.exe, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x0a0a0a7d.

Error - 7/26/2012 9:33:39 PM | Computer Name = NILE-VINCENT | Source = Application Hang | ID = 1002
Description = Hanging application Setup.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/26/2012 11:02:25 PM | Computer Name = NILE-VINCENT | Source = Microsoft Security Client | ID = 5000
Description =

[ Application Events ]
Error - 7/26/2012 7:20:22 PM | Computer Name = NILE-VINCENT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\PRICEGONG\PRICEGONG
HELP.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 7/26/2012 7:20:22 PM | Computer Name = NILE-VINCENT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\PRICEGONG\PRICEGONG
CONTACT US.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 7/26/2012 7:20:22 PM | Computer Name = NILE-VINCENT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\PRICEGONG\PRICEGONG
CONTACT US.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 7/26/2012 7:20:22 PM | Computer Name = NILE-VINCENT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\PRICEGONG\UNINSTALL
PRICEGONG.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 7/26/2012 7:20:22 PM | Computer Name = NILE-VINCENT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\PRICEGONG\UNINSTALL
PRICEGONG.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 7/26/2012 9:03:44 PM | Computer Name = NILE-VINCENT | Source = MsiInstaller | ID = 11606
Description = Product: Driver Tool -- Error 1606.Could not access network location
http://c15045070.r70...m/Config~1.cab.

Error - 7/26/2012 9:03:47 PM | Computer Name = NILE-VINCENT | Source = MsiInstaller | ID = 11606
Description = Product: Driver Tool -- Error 1606.Could not access network location
http://c15045070.r70...m/Config~1.cab.

Error - 7/26/2012 9:32:52 PM | Computer Name = NILE-VINCENT | Source = Application Error | ID = 1000
Description = Faulting application setup.exe, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x0a0a0a7d.

Error - 7/26/2012 9:33:39 PM | Computer Name = NILE-VINCENT | Source = Application Hang | ID = 1002
Description = Hanging application Setup.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/26/2012 11:02:25 PM | Computer Name = NILE-VINCENT | Source = Microsoft Security Client | ID = 5000
Description =

[ Application Events ]
Error - 7/26/2012 7:20:22 PM | Computer Name = NILE-VINCENT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\PRICEGONG\PRICEGONG
HELP.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 7/26/2012 7:20:22 PM | Computer Name = NILE-VINCENT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\PRICEGONG\PRICEGONG
CONTACT US.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 7/26/2012 7:20:22 PM | Computer Name = NILE-VINCENT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\PRICEGONG\PRICEGONG
CONTACT US.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 7/26/2012 7:20:22 PM | Computer Name = NILE-VINCENT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\PRICEGONG\UNINSTALL
PRICEGONG.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 7/26/2012 7:20:22 PM | Computer Name = NILE-VINCENT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\PRICEGONG\UNINSTALL
PRICEGONG.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 7/26/2012 9:03:44 PM | Computer Name = NILE-VINCENT | Source = MsiInstaller | ID = 11606
Description = Product: Driver Tool -- Error 1606.Could not access network location
http://c15045070.r70...m/Config~1.cab.

Error - 7/26/2012 9:03:47 PM | Computer Name = NILE-VINCENT | Source = MsiInstaller | ID = 11606
Description = Product: Driver Tool -- Error 1606.Could not access network location
http://c15045070.r70...m/Config~1.cab.

Error - 7/26/2012 9:32:52 PM | Computer Name = NILE-VINCENT | Source = Application Error | ID = 1000
Description = Faulting application setup.exe, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x0a0a0a7d.

Error - 7/26/2012 9:33:39 PM | Computer Name = NILE-VINCENT | Source = Application Hang | ID = 1002
Description = Hanging application Setup.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/26/2012 11:02:25 PM | Computer Name = NILE-VINCENT | Source = Microsoft Security Client | ID = 5000
Description =

[ System Events ]
Error - 7/26/2012 10:37:58 PM | Computer Name = NILE-VINCENT | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 7/26/2012 10:38:00 PM | Computer Name = NILE-VINCENT | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481

Error - 7/26/2012 10:47:01 PM | Computer Name = NILE-VINCENT | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 7/26/2012 10:47:02 PM | Computer Name = NILE-VINCENT | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481

Error - 7/26/2012 11:01:15 PM | Computer Name = NILE-VINCENT | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 7/26/2012 11:01:15 PM | Computer Name = NILE-VINCENT | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481

Error - 7/27/2012 2:53:23 AM | Computer Name = NILE-VINCENT | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 7/27/2012 2:53:24 AM | Computer Name = NILE-VINCENT | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481

Error - 7/27/2012 2:53:26 AM | Computer Name = NILE-VINCENT | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 7/27/2012 2:53:31 AM | Computer Name = NILE-VINCENT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde Pcmcia

[ System Events ]
Error - 7/26/2012 10:37:58 PM | Computer Name = NILE-VINCENT | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 7/26/2012 10:38:00 PM | Computer Name = NILE-VINCENT | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481

Error - 7/26/2012 10:47:01 PM | Computer Name = NILE-VINCENT | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 7/26/2012 10:47:02 PM | Computer Name = NILE-VINCENT | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481

Error - 7/26/2012 11:01:15 PM | Computer Name = NILE-VINCENT | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 7/26/2012 11:01:15 PM | Computer Name = NILE-VINCENT | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481

Error - 7/27/2012 2:53:23 AM | Computer Name = NILE-VINCENT | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 7/27/2012 2:53:24 AM | Computer Name = NILE-VINCENT | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481

Error - 7/27/2012 2:53:26 AM | Computer Name = NILE-VINCENT | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 7/27/2012 2:53:31 AM | Computer Name = NILE-VINCENT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde Pcmcia


< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
Near as I can tell you have a builtin Intel video so not sure how you got the NVidia driver. Booting into Safe Mode with Networking should have disabled the Nvidia driver and allowed you to correct the problem.

When reinstalling a system, always install the chipset first before worrying about other drivers. Especially if it's intel based as yours appears to be.
They call it the Dell Chipset on their site but it's really the intel chipset utility.
http://www.dell.com/...t/precision-360

You are showing some malware and some adware.

Uninstall:
PriceGong 2.6.4

Copy the text in the code box by highlighting and Ctrl + c

:OTL
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000000cf1d79927
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekkosearch....q={searchTerms}
IE - HKCU\..\SearchScopes\{B639E40D-C186-4498-9583-A1DF627DC97D}: "URL" = http://websearch.ask...2-0C183E9F0FD5
[2012/06/27 10:41:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Nile R Vincent\Application Data\Mozilla\Firefox\Profiles\gmzugg1n.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/07/26 14:55:37 | 000,000,000 | ---D | M] (PriceGong) -- C:\Documents and Settings\Nile R Vincent\Application Data\Mozilla\Firefox\Profiles\gmzugg1n.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2012/06/18 01:06:31 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/06/20 09:31:48 | 000,002,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2012/07/11 04:42:22 | 000,000,256 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\qAm5R5h26tvRtd
[2012/07/11 04:30:57 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-qAm5R5h26tvRtdr
[2012/07/11 04:30:57 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-qAm5R5h26tvRtd
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.6.4\PriceGongIE.dll (PriceGong)
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/...t/Ode/pcd86.cab (Reg Error: Key error.)
O32 - AutoRun File - [2012/06/15 00:47:30 | 000,000,062 | ---- | M] () - E:\Autorun.inf -- [ NTFS ]

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Documents and Settings\Nile R Vincent\Application Data\*.exe
C:\Documents and Settings\All Users\Application Data\*.exe
     
:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop (Free Version is what we want).

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a View Report option at the bottom. Click on it and copy and paste the report (even if it says nothing found).


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#3
Mr. Rufus Sniff

Mr. Rufus Sniff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hi Ron, thanks for contacting me...

Ok, I started your directions...
* Installed the Intel Chipset Utility
*Uninstalled PriceGong 2.6.4 (using Revo Uninstaller)

Now when I c/p the code in the box and ran the OTL as instructed and
clicked the Run Fix button, program ran for a few seconds and then instructed me to reboot.

OTL didn't reboot automatically...so where is the "saved log" located so I can c/p with the rest of
the info you need...(btw, I'm assuming you want me to c/p all the various steps you're requesting at the same time when all steps are completed)

Nile
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

PS...Just completed the MalwareBytes steps...heres the log...

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.28.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Nile R Vincent :: NILE-VINCENT [administrator]

7/28/2012 12:32:06 AM
mbam-log-2012-07-28 (00-32-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 244784
Time elapsed: 5 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

Ok, completed the ComboFix run you needed...

I did turn off the real-time protection for MS Security Essentials
since that was the only anti-virus program I have...yet ComboFix
alerted me re: disabling AVG Anti-virus Free 2012...

I don't have that anywhere on my system...checked with RevoUninstalller,
checked Add/remove, ran a search...Nada...

So I'm assuming it's referring to Malwarebytes...and I couldn't find
anywhere to temp disable..(even ran a Google search...nada for disabling)

So I just temp uninstalled again...ran the ComboFix and everything seemed
to run smoothly...here's the log you requested...(and I'll go back and
reinstall Malwarebytes and Enable the MS Sec Essentials anti-virus program)

Thanks again,

Nile and the cat Mr Rufus Sniff (he's doing all the work) :thumbsup:

ComboFix log

ComboFix 12-07-27.03 - Nile R Vincent 07/28/2012 1:24.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2431.1931 [GMT -7:00]
Running from: c:\documents and settings\Nile R Vincent\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\default\us_sres.data
c:\documents and settings\All Users\Application Data\TEMP
E:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))
.
.
2012-07-28 06:31 . 2012-07-28 06:31 -------- d-----w- C:\_OTL
2012-07-27 13:06 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2B5EEB41-71EB-47B8-8617-76CB9D8B3880}\mpengine.dll
2012-07-27 03:02 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-27 02:42 . 2006-10-22 22:22 208896 ----a-w- c:\windows\system32\nvudisp.exe
2012-07-27 02:41 . 2006-11-18 00:29 4541824 ----a-w- c:\windows\system32\nv4_disp.dll
2012-07-27 02:41 . 2006-11-18 00:29 3994688 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-07-27 02:23 . 2012-07-27 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2012-07-27 02:22 . 2012-07-27 02:22 -------- d-----w- c:\program files\NVIDIA Corporation
2012-07-27 02:17 . 2007-05-30 05:46 39800 ----a-w- c:\windows\system32\NicInstG.dll
2012-07-27 02:17 . 2007-01-17 22:02 28536 ----a-w- c:\windows\system32\NicCo.dll
2012-07-27 02:11 . 2012-07-27 02:11 -------- d-----w- c:\documents and settings\Nile R Vincent\Application Data\InstallShield
2012-07-27 02:05 . 2006-10-22 22:06 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2012-07-27 01:57 . 2012-07-27 01:57 -------- d-----w- c:\documents and settings\Nile R Vincent\Application Data\driveridentifier
2012-07-27 01:57 . 2012-07-27 01:57 -------- d-----w- c:\program files\Driver Identifier
2012-07-27 01:41 . 2012-07-27 01:43 -------- d-----w- C:\ViewSonic
2012-07-27 01:14 . 2012-07-27 01:14 -------- d-----w- c:\documents and settings\Nile R Vincent\Local Settings\Application Data\PC_Drivers_Headquarters
2012-07-27 00:54 . 2012-07-27 00:54 -------- d-----w- c:\documents and settings\Nile R Vincent\Application Data\Dell Drivers Update Utility
2012-07-27 00:53 . 2012-07-27 00:53 -------- d-----w- c:\documents and settings\Nile R Vincent\Local Settings\Application Data\DELL Drivers Update Utility
2012-07-27 00:53 . 2012-07-27 00:53 -------- d-----w- c:\program files\DELL Drivers Update Utility
2012-07-27 00:39 . 2012-07-27 00:39 -------- d-----w- c:\windows\VirtualEar
2012-07-27 00:39 . 2003-04-08 17:30 3744 ----a-w- c:\windows\system32\drivers\smsens.sys
2012-07-27 00:39 . 2002-04-01 20:15 4816 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2012-07-27 00:39 . 2001-09-19 20:47 765952 ----a-w- c:\windows\system\crlds3d.dll
2012-07-27 00:39 . 2001-09-19 20:47 720896 ----a-w- c:\windows\system32\Audio3d.dll
2012-07-27 00:39 . 2012-07-27 00:39 -------- d-----w- c:\program files\Analog Devices
2012-07-27 00:39 . 2003-10-30 16:48 593408 ----a-w- c:\windows\system32\drivers\smwdm.sys
2012-07-27 00:39 . 2003-06-16 14:32 49152 ----a-w- c:\windows\system32\DSndUp.exe
2012-07-27 00:39 . 2002-04-17 22:05 45056 ----a-w- c:\windows\system32\CleanUp.exe
2012-07-27 00:13 . 2001-10-11 20:40 80384 ----a-w- c:\windows\InetReg.crl
2012-07-27 00:13 . 2000-06-07 08:01 4848 ----a-w- c:\windows\Helper.exe
2012-07-27 00:13 . 2001-10-11 20:40 434688 ----a-w- c:\windows\InetReg.exe
2012-07-27 00:13 . 2000-06-07 08:01 41984 ----a-w- c:\windows\Ctregrun.exe
2012-07-27 00:12 . 2012-07-27 00:12 -------- d-----w- c:\windows\SBPCT
2012-07-27 00:12 . 2012-07-27 00:12 -------- d-----w- c:\program files\CREATIVE
2012-07-27 00:12 . 1998-10-29 23:45 306688 ----a-w- c:\windows\IsUninst.exe
2012-07-26 23:17 . 2012-07-26 23:17 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-26 23:16 . 2012-07-26 23:16 -------- d-----w- c:\documents and settings\Nile R Vincent\Local Settings\Application Data\Zoom_Downloader
2012-07-26 23:16 . 2012-07-26 23:16 -------- d-----w- c:\program files\AMD APP
2012-07-26 23:16 . 2012-07-26 23:16 -------- d-----w- c:\program files\ATI Technologies
2012-07-26 22:18 . 2012-07-26 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-07-26 22:18 . 2012-07-26 23:14 -------- d-----w- c:\program files\Security Task Manager
2012-07-26 08:59 . 2012-07-26 08:59 -------- d-----w- c:\program files\Realtek
2012-07-26 08:59 . 2011-12-13 18:01 1698408 ----a-w- c:\windows\RtlExUpd.dll
2012-07-26 08:13 . 2012-07-26 08:13 -------- d-----w- c:\program files\ATI
2012-07-26 08:12 . 2012-07-26 08:12 -------- d-----w- C:\ATI
2012-07-25 08:58 . 2012-07-26 23:16 -------- d-----w- c:\windows\NV35603564.TMP
2012-07-25 08:47 . 2012-07-27 02:45 -------- d-----w- c:\windows\nview
2012-07-25 08:46 . 2003-11-11 01:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-07-25 08:46 . 2003-11-11 01:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-07-25 08:46 . 2003-11-11 01:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-07-25 08:46 . 2003-11-11 01:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-07-25 08:46 . 2003-11-11 01:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-07-25 08:46 . 2012-07-25 08:46 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2012-07-25 08:46 . 2012-07-25 08:46 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2012-07-24 18:18 . 2012-07-24 18:18 -------- d-----w- c:\documents and settings\DownloadsC
2012-07-22 18:08 . 2012-07-22 18:08 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-07-22 18:08 . 2012-07-14 00:17 136672 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-07-22 18:08 . 2012-07-14 00:17 68576 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-07-22 18:08 . 2012-07-14 00:17 573920 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-07-22 18:08 . 2012-07-14 00:17 157608 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-07-22 18:08 . 2012-07-14 00:17 113120 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-07-22 18:08 . 2012-07-14 00:16 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-22 18:08 . 2012-07-14 00:16 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-07-14 07:44 . 2012-07-27 03:00 -------- d-----w- c:\documents and settings\Nile R Vincent\Application Data\vlc
2012-07-12 13:30 . 2012-07-12 13:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-07-12 03:26 . 2012-07-12 03:26 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-12 02:24 . 2012-07-12 03:22 -------- d-----w- c:\documents and settings\Nile R Vincent\Application Data\AVG
2012-07-11 23:40 . 2012-07-12 03:19 -------- d-----w- C:\$AVG
2012-07-11 23:37 . 2012-07-12 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-07-11 11:37 . 2012-07-11 11:45 -------- d-s---w- c:\documents and settings\Administrator
2012-07-03 01:43 . 2012-07-03 01:43 -------- d-----w- c:\program files\Microsoft ActiveSync
2012-07-03 01:42 . 2012-07-03 01:43 -------- d-----w- c:\windows\ShellNew
2012-07-01 10:32 . 2012-07-01 10:32 -------- d-----w- c:\program files\VS Revo Group
2012-06-29 00:33 . 2012-06-29 00:33 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-06-29 00:33 . 2012-06-29 00:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2012-06-28 13:11 . 2012-06-28 13:11 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 11:30 . 2012-06-18 03:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-27 11:30 . 2012-06-18 03:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-26 22:01 . 2012-06-17 15:44 98304 ----a-w- c:\windows\DUMP3c3d.tmp
2012-07-24 06:40 . 2012-06-17 15:44 98304 ----a-w- c:\windows\DUMP3f5a.tmp
2012-07-22 16:10 . 2012-06-17 15:44 98304 ----a-w- c:\windows\DUMP536f.tmp
2012-06-20 06:19 . 2012-06-20 06:19 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2012-06-13 13:19 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-05 00:35 . 2009-08-07 02:23 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2008-04-14 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2009-08-07 02:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2012-06-17 22:54 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2012-06-17 22:54 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2012-06-17 22:54 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2012-06-17 22:54 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-17 22:54 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2009-08-07 02:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2009-08-07 02:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2012-06-17 22:54 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-17 22:54 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2012-06-18 21:05 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2012-06-18 21:05 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-05-05 02:29 . 2012-06-20 06:28 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-05 02:29 . 2012-06-20 06:28 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-05 02:29 . 2012-06-20 06:28 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 13:12 . 2008-04-14 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2008-04-14 00:01 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2012-06-17 22:52 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-14 00:17 . 2012-07-22 18:08 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
S0 cerc6;cerc6; [x]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/17/2012 8:13 PM 250056]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 11:08 AM 11336]
S3 dcdbas;System Management Driver;c:\windows\system32\DRIVERS\dcdbas32.sys --> c:\windows\system32\DRIVERS\dcdbas32.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [6/19/2012 11:19 PM 23456]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/22/2012 11:08 AM 113120]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 11:30]
.
2012-07-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-07-28 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-27 00:03]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
Trusted Zone: emily18.com\www
TCP: DhcpNameServer = 192.168.1.1 74.40.74.40
FF - ProfilePath - c:\documents and settings\Nile R Vincent\Application Data\Mozilla\Firefox\Profiles\gmzugg1n.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110018&tt=060612_8_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 608180b8000000000000000cf1d79927
FF - user.js: extensions.BabylonToolbar_i.hardId - 608180b8000000000000000cf1d79927
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15509
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.171:06
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-28 01:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-07-28 01:31:15
ComboFix-quarantined-files.txt 2012-07-28 08:31
.
Pre-Run: 70,681,399,296 bytes free
Post-Run: 70,679,490,560 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - C9F2F5E8D818ED684AF4E8EE8DCCC3C4

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

Here's the 1st run of the TDSSKiller .txt log

02:08:10.0203 3796 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
02:08:10.0625 3796 ============================================================
02:08:10.0625 3796 Current date / time: 2012/07/28 02:08:10.0625
02:08:10.0625 3796 SystemInfo:
02:08:10.0625 3796
02:08:10.0625 3796 OS Version: 5.1.2600 ServicePack: 3.0
02:08:10.0625 3796 Product type: Workstation
02:08:10.0625 3796 ComputerName: NILE-VINCENT
02:08:10.0625 3796 UserName: Nile R Vincent
02:08:10.0625 3796 Windows directory: C:\WINDOWS
02:08:10.0625 3796 System windows directory: C:\WINDOWS
02:08:10.0625 3796 Processor architecture: Intel x86
02:08:10.0625 3796 Number of processors: 1
02:08:10.0625 3796 Page size: 0x1000
02:08:10.0625 3796 Boot type: Normal boot
02:08:10.0625 3796 ============================================================
02:08:12.0406 3796 Drive \Device\Harddisk0\DR0 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
02:08:12.0406 3796 Drive \Device\Harddisk1\DR2 - Size: 0x7470C05E00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:08:12.0406 3796 ============================================================
02:08:12.0406 3796 \Device\Harddisk0\DR0:
02:08:12.0406 3796 MBR partitions:
02:08:12.0406 3796 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x995C65B
02:08:12.0406 3796 \Device\Harddisk1\DR2:
02:08:12.0406 3796 MBR partitions:
02:08:12.0406 3796 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
02:08:12.0406 3796 ============================================================
02:08:12.0437 3796 C: <-> \Device\Harddisk0\DR0\Partition0
02:08:12.0765 3796 E: <-> \Device\Harddisk1\DR2\Partition0
02:08:12.0765 3796 ============================================================
02:08:12.0765 3796 Initialize success
02:08:12.0765 3796 ============================================================
02:09:04.0484 3952 ============================================================
02:09:04.0484 3952 Scan started
02:09:04.0484 3952 Mode: Manual;
02:09:04.0484 3952 ============================================================
02:09:05.0468 3952 Abiosdsk - ok
02:09:05.0500 3952 abp480n5 - ok
02:09:05.0562 3952 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:09:05.0562 3952 ACPI - ok
02:09:05.0609 3952 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
02:09:05.0609 3952 ACPIEC - ok
02:09:05.0687 3952 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
02:09:05.0687 3952 AdobeFlashPlayerUpdateSvc - ok
02:09:05.0718 3952 adpu160m - ok
02:09:05.0781 3952 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
02:09:05.0812 3952 aeaudio - ok
02:09:05.0843 3952 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
02:09:05.0843 3952 aec - ok
02:09:05.0906 3952 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
02:09:05.0906 3952 AFD - ok
02:09:05.0953 3952 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
02:09:05.0953 3952 agp440 - ok
02:09:05.0984 3952 Aha154x - ok
02:09:06.0015 3952 aic78u2 - ok
02:09:06.0046 3952 aic78xx - ok
02:09:06.0078 3952 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
02:09:06.0093 3952 Alerter - ok
02:09:06.0125 3952 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
02:09:06.0125 3952 ALG - ok
02:09:06.0156 3952 AliIde - ok
02:09:06.0187 3952 amsint - ok
02:09:06.0234 3952 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
02:09:06.0234 3952 AppMgmt - ok
02:09:06.0265 3952 asc - ok
02:09:06.0296 3952 asc3350p - ok
02:09:06.0328 3952 asc3550 - ok
02:09:06.0468 3952 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
02:09:06.0468 3952 aspnet_state - ok
02:09:06.0531 3952 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:09:06.0531 3952 AsyncMac - ok
02:09:06.0578 3952 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
02:09:06.0578 3952 atapi - ok
02:09:06.0625 3952 Atdisk - ok
02:09:06.0671 3952 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:09:06.0671 3952 Atmarpc - ok
02:09:06.0718 3952 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
02:09:06.0718 3952 AudioSrv - ok
02:09:06.0765 3952 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
02:09:06.0765 3952 audstub - ok
02:09:06.0828 3952 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
02:09:06.0828 3952 Beep - ok
02:09:06.0906 3952 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
02:09:06.0906 3952 BITS - ok
02:09:06.0968 3952 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
02:09:06.0968 3952 Browser - ok
02:09:07.0046 3952 catchme - ok
02:09:07.0078 3952 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
02:09:07.0078 3952 cbidf2k - ok
02:09:07.0125 3952 cd20xrnt - ok
02:09:07.0171 3952 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
02:09:07.0171 3952 Cdaudio - ok
02:09:07.0234 3952 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
02:09:07.0234 3952 Cdfs - ok
02:09:07.0281 3952 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:09:07.0281 3952 Cdrom - ok
02:09:07.0312 3952 cerc6 - ok
02:09:07.0359 3952 Changer - ok
02:09:07.0390 3952 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
02:09:07.0390 3952 CiSvc - ok
02:09:07.0468 3952 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
02:09:07.0468 3952 ClipSrv - ok
02:09:07.0500 3952 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:09:07.0500 3952 clr_optimization_v2.0.50727_32 - ok
02:09:07.0593 3952 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:09:07.0593 3952 clr_optimization_v4.0.30319_32 - ok
02:09:07.0625 3952 CmdIde - ok
02:09:07.0656 3952 COMSysApp - ok
02:09:07.0734 3952 Cpqarray - ok
02:09:07.0812 3952 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
02:09:07.0843 3952 cpudrv - ok
02:09:07.0890 3952 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
02:09:07.0890 3952 CryptSvc - ok
02:09:07.0921 3952 dac2w2k - ok
02:09:07.0968 3952 dac960nt - ok
02:09:08.0000 3952 dcdbas - ok
02:09:08.0078 3952 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
02:09:08.0078 3952 DcomLaunch - ok
02:09:08.0140 3952 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
02:09:08.0140 3952 Dhcp - ok
02:09:08.0171 3952 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
02:09:08.0171 3952 Disk - ok
02:09:08.0203 3952 dmadmin - ok
02:09:08.0281 3952 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
02:09:08.0296 3952 dmboot - ok
02:09:08.0343 3952 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
02:09:08.0343 3952 dmio - ok
02:09:08.0390 3952 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
02:09:08.0390 3952 dmload - ok
02:09:08.0437 3952 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
02:09:08.0437 3952 dmserver - ok
02:09:08.0500 3952 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
02:09:08.0515 3952 DMusic - ok
02:09:08.0562 3952 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
02:09:08.0578 3952 Dnscache - ok
02:09:08.0625 3952 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
02:09:08.0625 3952 Dot3svc - ok
02:09:08.0656 3952 dpti2o - ok
02:09:08.0703 3952 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
02:09:08.0703 3952 drmkaud - ok
02:09:08.0765 3952 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\WINDOWS\system32\Drivers\DrvAgent32.sys
02:09:08.0765 3952 DrvAgent32 - ok
02:09:08.0812 3952 E1000 (3044851b3c5286a908a6a4d1166328aa) C:\WINDOWS\system32\DRIVERS\e1000325.sys
02:09:08.0812 3952 E1000 - ok
02:09:08.0875 3952 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
02:09:08.0875 3952 EapHost - ok
02:09:08.0921 3952 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
02:09:08.0921 3952 ERSvc - ok
02:09:08.0968 3952 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
02:09:08.0968 3952 Eventlog - ok
02:09:09.0015 3952 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
02:09:09.0015 3952 EventSystem - ok
02:09:09.0078 3952 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
02:09:09.0078 3952 Fastfat - ok
02:09:09.0125 3952 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
02:09:09.0125 3952 FastUserSwitchingCompatibility - ok
02:09:09.0171 3952 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
02:09:09.0171 3952 Fdc - ok
02:09:09.0203 3952 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
02:09:09.0203 3952 Fips - ok
02:09:09.0265 3952 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
02:09:09.0265 3952 Flpydisk - ok
02:09:09.0312 3952 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
02:09:09.0312 3952 FltMgr - ok
02:09:09.0406 3952 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
02:09:09.0406 3952 FontCache3.0.0.0 - ok
02:09:09.0468 3952 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:09:09.0468 3952 Fs_Rec - ok
02:09:09.0515 3952 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:09:09.0515 3952 Ftdisk - ok
02:09:09.0562 3952 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:09:09.0562 3952 Gpc - ok
02:09:09.0625 3952 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:09:09.0625 3952 helpsvc - ok
02:09:09.0687 3952 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
02:09:09.0687 3952 HidServ - ok
02:09:09.0718 3952 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:09:09.0734 3952 hidusb - ok
02:09:09.0796 3952 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
02:09:09.0796 3952 hkmsvc - ok
02:09:09.0828 3952 hpn - ok
02:09:09.0890 3952 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
02:09:09.0890 3952 HTTP - ok
02:09:09.0937 3952 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
02:09:09.0937 3952 HTTPFilter - ok
02:09:09.0968 3952 i2omgmt - ok
02:09:10.0000 3952 i2omp - ok
02:09:10.0062 3952 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
02:09:10.0078 3952 i8042prt - ok
02:09:10.0171 3952 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:09:10.0187 3952 idsvc - ok
02:09:10.0234 3952 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
02:09:10.0234 3952 Imapi - ok
02:09:10.0296 3952 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
02:09:10.0296 3952 ImapiService - ok
02:09:10.0343 3952 ini910u - ok
02:09:10.0421 3952 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
02:09:10.0421 3952 IntelIde - ok
02:09:10.0453 3952 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
02:09:10.0453 3952 intelppm - ok
02:09:10.0500 3952 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
02:09:10.0500 3952 Ip6Fw - ok
02:09:10.0562 3952 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:09:10.0562 3952 IpFilterDriver - ok
02:09:10.0625 3952 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:09:10.0625 3952 IpInIp - ok
02:09:10.0671 3952 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:09:10.0671 3952 IpNat - ok
02:09:10.0703 3952 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:09:10.0703 3952 IPSec - ok
02:09:10.0765 3952 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
02:09:10.0765 3952 IRENUM - ok
02:09:10.0843 3952 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:09:10.0890 3952 isapnp - ok
02:09:10.0968 3952 JavaQuickStarterService (c2c1660ddcc9bd67eb98d6d5f91c107f) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
02:09:10.0968 3952 JavaQuickStarterService - ok
02:09:11.0031 3952 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:09:11.0031 3952 Kbdclass - ok
02:09:11.0062 3952 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:09:11.0078 3952 kbdhid - ok
02:09:11.0125 3952 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
02:09:11.0140 3952 kmixer - ok
02:09:11.0187 3952 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
02:09:11.0187 3952 KSecDD - ok
02:09:11.0250 3952 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
02:09:11.0250 3952 LanmanServer - ok
02:09:11.0328 3952 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
02:09:11.0343 3952 lanmanworkstation - ok
02:09:11.0375 3952 lbrtfdc - ok
02:09:11.0468 3952 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
02:09:11.0484 3952 LmHosts - ok
02:09:11.0578 3952 MatSvc (ddf15a42e27e8efe27b18fd403151a86) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
02:09:11.0593 3952 MatSvc - ok
02:09:11.0640 3952 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
02:09:11.0640 3952 Messenger - ok
02:09:11.0687 3952 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
02:09:11.0687 3952 mnmdd - ok
02:09:11.0765 3952 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
02:09:11.0765 3952 mnmsrvc - ok
02:09:11.0937 3952 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
02:09:11.0937 3952 Modem - ok
02:09:12.0000 3952 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:09:12.0000 3952 Mouclass - ok
02:09:12.0062 3952 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:09:12.0062 3952 mouhid - ok
02:09:12.0109 3952 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
02:09:12.0140 3952 MountMgr - ok
02:09:12.0218 3952 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
02:09:12.0218 3952 MozillaMaintenance - ok
02:09:12.0453 3952 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
02:09:12.0484 3952 MpFilter - ok
02:09:12.0640 3952 MpKsl0f900c05 (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0781912F-51DA-4BC6-B942-645C69BC2F5C}\MpKsl0f900c05.sys
02:09:12.0640 3952 MpKsl0f900c05 - ok
02:09:12.0671 3952 mraid35x - ok
02:09:12.0796 3952 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:09:12.0828 3952 MRxDAV - ok
02:09:13.0078 3952 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:09:13.0109 3952 MRxSmb - ok
02:09:13.0187 3952 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
02:09:13.0218 3952 MSDTC - ok
02:09:13.0343 3952 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
02:09:13.0375 3952 Msfs - ok
02:09:13.0390 3952 MSIServer - ok
02:09:13.0500 3952 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:09:13.0531 3952 MSKSSRV - ok
02:09:13.0625 3952 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
02:09:13.0656 3952 MsMpSvc - ok
02:09:13.0703 3952 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:09:13.0734 3952 MSPCLOCK - ok
02:09:13.0796 3952 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
02:09:13.0812 3952 MSPQM - ok
02:09:13.0875 3952 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:09:13.0890 3952 mssmbios - ok
02:09:14.0000 3952 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
02:09:14.0031 3952 Mup - ok
02:09:14.0187 3952 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
02:09:14.0234 3952 napagent - ok
02:09:14.0359 3952 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
02:09:14.0390 3952 NDIS - ok
02:09:14.0406 3952 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:09:14.0453 3952 NdisTapi - ok
02:09:14.0531 3952 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:09:14.0562 3952 Ndisuio - ok
02:09:14.0656 3952 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:09:14.0687 3952 NdisWan - ok
02:09:14.0734 3952 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
02:09:14.0750 3952 NDProxy - ok
02:09:14.0796 3952 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
02:09:14.0828 3952 NetBIOS - ok
02:09:14.0921 3952 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
02:09:14.0984 3952 NetBT - ok
02:09:15.0093 3952 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
02:09:15.0156 3952 NetDDE - ok
02:09:15.0171 3952 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
02:09:15.0171 3952 NetDDEdsdm - ok
02:09:15.0265 3952 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
02:09:15.0312 3952 Netlogon - ok
02:09:15.0453 3952 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
02:09:15.0484 3952 Netman - ok
02:09:15.0656 3952 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:09:15.0718 3952 NetTcpPortSharing - ok
02:09:15.0890 3952 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
02:09:15.0890 3952 Nla - ok
02:09:15.0953 3952 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
02:09:15.0984 3952 Npfs - ok
02:09:16.0265 3952 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
02:09:16.0328 3952 Ntfs - ok
02:09:16.0359 3952 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
02:09:16.0359 3952 NtLmSsp - ok
02:09:16.0593 3952 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
02:09:16.0625 3952 NtmsSvc - ok
02:09:16.0671 3952 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
02:09:16.0703 3952 Null - ok
02:09:16.0828 3952 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:09:16.0859 3952 NwlnkFlt - ok
02:09:16.0906 3952 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:09:16.0984 3952 NwlnkFwd - ok
02:09:17.0078 3952 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
02:09:17.0109 3952 Parport - ok
02:09:17.0140 3952 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
02:09:17.0171 3952 PartMgr - ok
02:09:17.0203 3952 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
02:09:17.0250 3952 ParVdm - ok
02:09:17.0375 3952 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
02:09:17.0484 3952 PCI - ok
02:09:17.0515 3952 PCIDump - ok
02:09:17.0593 3952 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
02:09:17.0625 3952 PCIIde - ok
02:09:17.0718 3952 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
02:09:17.0750 3952 Pcmcia - ok
02:09:17.0765 3952 PDCOMP - ok
02:09:17.0812 3952 PDFRAME - ok
02:09:17.0890 3952 PDRELI - ok
02:09:17.0984 3952 PDRFRAME - ok
02:09:18.0078 3952 perc2 - ok
02:09:18.0109 3952 perc2hib - ok
02:09:18.0453 3952 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
02:09:18.0453 3952 PlugPlay - ok
02:09:18.0484 3952 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
02:09:18.0484 3952 PolicyAgent - ok
02:09:18.0578 3952 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:09:18.0625 3952 PptpMiniport - ok
02:09:18.0656 3952 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
02:09:18.0656 3952 ProtectedStorage - ok
02:09:18.0750 3952 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
02:09:18.0781 3952 PSched - ok
02:09:18.0859 3952 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:09:18.0875 3952 Ptilink - ok
02:09:18.0906 3952 ql1080 - ok
02:09:18.0953 3952 Ql10wnt - ok
02:09:18.0984 3952 ql12160 - ok
02:09:19.0015 3952 ql1240 - ok
02:09:19.0078 3952 ql1280 - ok
02:09:19.0109 3952 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:09:19.0140 3952 RasAcd - ok
02:09:19.0203 3952 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
02:09:19.0250 3952 RasAuto - ok
02:09:19.0328 3952 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:09:19.0343 3952 Rasl2tp - ok
02:09:19.0390 3952 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
02:09:19.0390 3952 RasMan - ok
02:09:19.0421 3952 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:09:19.0437 3952 RasPppoe - ok
02:09:19.0484 3952 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
02:09:19.0484 3952 Raspti - ok
02:09:19.0546 3952 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:09:19.0546 3952 Rdbss - ok
02:09:19.0578 3952 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:09:19.0578 3952 RDPCDD - ok
02:09:19.0656 3952 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
02:09:19.0656 3952 rdpdr - ok
02:09:19.0750 3952 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
02:09:19.0750 3952 RDPWD - ok
02:09:19.0828 3952 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
02:09:19.0828 3952 RDSessMgr - ok
02:09:19.0875 3952 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
02:09:19.0875 3952 redbook - ok
02:09:19.0906 3952 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
02:09:19.0921 3952 RemoteAccess - ok
02:09:19.0968 3952 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
02:09:19.0968 3952 RemoteRegistry - ok
02:09:20.0046 3952 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
02:09:20.0046 3952 RpcLocator - ok
02:09:20.0109 3952 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
02:09:20.0109 3952 RpcSs - ok
02:09:20.0187 3952 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
02:09:20.0187 3952 RSVP - ok
02:09:20.0234 3952 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
02:09:20.0234 3952 SamSs - ok
02:09:20.0312 3952 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
02:09:20.0312 3952 SCardSvr - ok
02:09:20.0375 3952 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
02:09:20.0375 3952 Schedule - ok
02:09:20.0437 3952 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:09:20.0437 3952 Secdrv - ok
02:09:20.0468 3952 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
02:09:20.0468 3952 seclogon - ok
02:09:20.0531 3952 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
02:09:20.0546 3952 SENS - ok
02:09:20.0593 3952 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
02:09:20.0593 3952 serenum - ok
02:09:20.0640 3952 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
02:09:20.0640 3952 Serial - ok
02:09:20.0812 3952 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
02:09:20.0812 3952 Sfloppy - ok
02:09:20.0906 3952 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
02:09:20.0906 3952 SharedAccess - ok
02:09:20.0968 3952 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
02:09:20.0968 3952 ShellHWDetection - ok
02:09:21.0000 3952 Simbad - ok
02:09:21.0125 3952 smwdm (3a11abb30c6a64173f99c8c42e76827c) C:\WINDOWS\system32\drivers\smwdm.sys
02:09:21.0156 3952 smwdm - ok
02:09:21.0171 3952 Sparrow - ok
02:09:21.0265 3952 spkrmon (4a205d78d17e6234986ddcd0da2761e9) C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
02:09:21.0343 3952 spkrmon - ok
02:09:21.0390 3952 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
02:09:21.0390 3952 splitter - ok
02:09:21.0437 3952 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
02:09:21.0437 3952 Spooler - ok
02:09:21.0484 3952 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
02:09:21.0484 3952 sr - ok
02:09:21.0531 3952 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
02:09:21.0531 3952 srservice - ok
02:09:21.0609 3952 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
02:09:21.0609 3952 Srv - ok
02:09:21.0671 3952 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
02:09:21.0671 3952 SSDPSRV - ok
02:09:21.0734 3952 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
02:09:21.0734 3952 stisvc - ok
02:09:21.0781 3952 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
02:09:21.0781 3952 swenum - ok
02:09:21.0843 3952 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
02:09:21.0843 3952 swmidi - ok
02:09:21.0875 3952 SwPrv - ok
02:09:21.0906 3952 symc810 - ok
02:09:21.0953 3952 symc8xx - ok
02:09:21.0984 3952 sym_hi - ok
02:09:22.0015 3952 sym_u3 - ok
02:09:22.0062 3952 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
02:09:22.0062 3952 sysaudio - ok
02:09:22.0125 3952 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
02:09:22.0125 3952 SysmonLog - ok
02:09:22.0171 3952 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
02:09:22.0171 3952 TapiSrv - ok
02:09:22.0265 3952 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:09:22.0265 3952 Tcpip - ok
02:09:22.0328 3952 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
02:09:22.0328 3952 TDPIPE - ok
02:09:22.0390 3952 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
02:09:22.0390 3952 TDTCP - ok
02:09:22.0421 3952 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
02:09:22.0437 3952 TermDD - ok
02:09:22.0484 3952 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
02:09:22.0484 3952 TermService - ok
02:09:22.0531 3952 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
02:09:22.0546 3952 Themes - ok
02:09:22.0593 3952 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
02:09:22.0609 3952 TlntSvr - ok
02:09:22.0640 3952 TosIde - ok
02:09:22.0687 3952 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
02:09:22.0687 3952 TrkWks - ok
02:09:22.0765 3952 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
02:09:22.0765 3952 Udfs - ok
02:09:22.0828 3952 ultra - ok
02:09:22.0906 3952 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
02:09:22.0906 3952 Update - ok
02:09:22.0953 3952 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
02:09:22.0968 3952 upnphost - ok
02:09:23.0000 3952 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
02:09:23.0000 3952 UPS - ok
02:09:23.0078 3952 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:09:23.0078 3952 usbccgp - ok
02:09:23.0109 3952 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:09:23.0125 3952 usbehci - ok
02:09:23.0187 3952 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:09:23.0187 3952 usbhub - ok
02:09:23.0250 3952 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
02:09:23.0250 3952 usbprint - ok
02:09:23.0281 3952 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:09:23.0281 3952 USBSTOR - ok
02:09:23.0343 3952 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
02:09:23.0343 3952 usbuhci - ok
02:09:23.0406 3952 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
02:09:23.0406 3952 VgaSave - ok
02:09:23.0437 3952 ViaIde - ok
02:09:23.0484 3952 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
02:09:23.0484 3952 VolSnap - ok
02:09:23.0562 3952 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
02:09:23.0562 3952 VSS - ok
02:09:23.0625 3952 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
02:09:23.0625 3952 W32Time - ok
02:09:23.0671 3952 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:09:23.0671 3952 Wanarp - ok
02:09:23.0703 3952 WDICA - ok
02:09:23.0765 3952 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
02:09:23.0765 3952 wdmaud - ok
02:09:23.0812 3952 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
02:09:23.0812 3952 WebClient - ok
02:09:23.0906 3952 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
02:09:23.0906 3952 winmgmt - ok
02:09:24.0015 3952 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
02:09:24.0015 3952 WinRM - ok
02:09:24.0125 3952 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
02:09:24.0125 3952 WmdmPmSN - ok
02:09:24.0203 3952 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
02:09:24.0218 3952 Wmi - ok
02:09:24.0390 3952 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
02:09:24.0390 3952 WmiApSrv - ok
02:09:24.0500 3952 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
02:09:24.0515 3952 WMPNetworkSvc - ok
02:09:24.0640 3952 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
02:09:24.0640 3952 WPFFontCache_v0400 - ok
02:09:24.0750 3952 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
02:09:24.0750 3952 WS2IFSL - ok
02:09:24.0796 3952 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
02:09:24.0796 3952 wscsvc - ok
02:09:24.0828 3952 WSearch - ok
02:09:24.0890 3952 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
02:09:24.0906 3952 wuauserv - ok
02:09:24.0953 3952 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:09:24.0953 3952 WudfPf - ok
02:09:25.0015 3952 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:09:25.0015 3952 WudfRd - ok
02:09:25.0062 3952 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
02:09:25.0062 3952 WudfSvc - ok
02:09:25.0109 3952 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
02:09:25.0125 3952 WZCSVC - ok
02:09:25.0171 3952 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
02:09:25.0171 3952 xmlprov - ok
02:09:25.0265 3952 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
02:09:25.0703 3952 \Device\Harddisk0\DR0 - ok
02:09:25.0734 3952 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
02:09:25.0734 3952 \Device\Harddisk1\DR2 - ok
02:09:25.0765 3952 Boot (0x1200) (a9ce763c75c661af5d38945dd702fcf5) \Device\Harddisk0\DR0\Partition0
02:09:25.0765 3952 \Device\Harddisk0\DR0\Partition0 - ok
02:09:25.0796 3952 Boot (0x1200) (48759653e58f35debfa503fa01b4f44c) \Device\Harddisk1\DR2\Partition0
02:09:25.0796 3952 \Device\Harddisk1\DR2\Partition0 - ok
02:09:25.0812 3952 ============================================================
02:09:25.0812 3952 Scan finished
02:09:25.0812 3952 ============================================================
02:09:25.0875 2192 Detected object count: 0
02:09:25.0875 2192 Actual detected object count: 0

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

And the 2nd run of the TDSSKiller.txt log

02:23:54.0062 3596 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
02:23:54.0593 3596 ============================================================
02:23:54.0593 3596 Current date / time: 2012/07/28 02:23:54.0593
02:23:54.0593 3596 SystemInfo:
02:23:54.0593 3596
02:23:54.0593 3596 OS Version: 5.1.2600 ServicePack: 3.0
02:23:54.0593 3596 Product type: Workstation
02:23:54.0593 3596 ComputerName: NILE-VINCENT
02:23:54.0593 3596 UserName: Nile R Vincent
02:23:54.0593 3596 Windows directory: C:\WINDOWS
02:23:54.0593 3596 System windows directory: C:\WINDOWS
02:23:54.0593 3596 Processor architecture: Intel x86
02:23:54.0593 3596 Number of processors: 1
02:23:54.0593 3596 Page size: 0x1000
02:23:54.0593 3596 Boot type: Normal boot
02:23:54.0593 3596 ============================================================
02:23:56.0390 3596 Drive \Device\Harddisk0\DR0 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
02:23:56.0390 3596 Drive \Device\Harddisk1\DR2 - Size: 0x7470C05E00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:23:56.0390 3596 ============================================================
02:23:56.0390 3596 \Device\Harddisk0\DR0:
02:23:56.0390 3596 MBR partitions:
02:23:56.0390 3596 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x995C65B
02:23:56.0390 3596 \Device\Harddisk1\DR2:
02:23:56.0390 3596 MBR partitions:
02:23:56.0390 3596 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
02:23:56.0390 3596 ============================================================
02:23:56.0406 3596 C: <-> \Device\Harddisk0\DR0\Partition0
02:23:56.0750 3596 E: <-> \Device\Harddisk1\DR2\Partition0
02:23:56.0750 3596 ============================================================
02:23:56.0750 3596 Initialize success
02:23:56.0750 3596 ============================================================
02:24:04.0343 0132 ============================================================
02:24:04.0343 0132 Scan started
02:24:04.0343 0132 Mode: Manual; SigCheck; TDLFS;
02:24:04.0343 0132 ============================================================
02:24:05.0171 0132 Abiosdsk - ok
02:24:05.0203 0132 abp480n5 - ok
02:24:05.0265 0132 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:24:05.0609 0132 ACPI - ok
02:24:05.0640 0132 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
02:24:05.0796 0132 ACPIEC - ok
02:24:05.0875 0132 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
02:24:05.0906 0132 AdobeFlashPlayerUpdateSvc - ok
02:24:05.0921 0132 adpu160m - ok
02:24:05.0937 0132 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
02:24:05.0984 0132 aeaudio - ok
02:24:06.0015 0132 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
02:24:06.0156 0132 aec - ok
02:24:06.0203 0132 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
02:24:06.0234 0132 AFD - ok
02:24:06.0296 0132 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
02:24:06.0468 0132 agp440 - ok
02:24:06.0484 0132 Aha154x - ok
02:24:06.0515 0132 aic78u2 - ok
02:24:06.0546 0132 aic78xx - ok
02:24:06.0578 0132 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
02:24:06.0765 0132 Alerter - ok
02:24:06.0812 0132 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
02:24:06.0875 0132 ALG - ok
02:24:06.0890 0132 AliIde - ok
02:24:06.0937 0132 amsint - ok
02:24:06.0984 0132 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
02:24:07.0062 0132 AppMgmt - ok
02:24:07.0093 0132 asc - ok
02:24:07.0125 0132 asc3350p - ok
02:24:07.0156 0132 asc3550 - ok
02:24:07.0312 0132 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
02:24:07.0328 0132 aspnet_state - ok
02:24:07.0375 0132 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:24:07.0531 0132 AsyncMac - ok
02:24:07.0593 0132 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
02:24:07.0750 0132 atapi - ok
02:24:07.0765 0132 Atdisk - ok
02:24:07.0812 0132 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:24:07.0984 0132 Atmarpc - ok
02:24:08.0015 0132 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
02:24:08.0203 0132 AudioSrv - ok
02:24:08.0234 0132 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
02:24:08.0406 0132 audstub - ok
02:24:08.0484 0132 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
02:24:08.0656 0132 Beep - ok
02:24:08.0734 0132 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
02:24:08.0921 0132 BITS - ok
02:24:08.0984 0132 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
02:24:09.0171 0132 Browser - ok
02:24:09.0250 0132 catchme - ok
02:24:09.0296 0132 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
02:24:09.0484 0132 cbidf2k - ok
02:24:09.0500 0132 cd20xrnt - ok
02:24:09.0546 0132 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
02:24:09.0734 0132 Cdaudio - ok
02:24:09.0765 0132 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
02:24:09.0953 0132 Cdfs - ok
02:24:09.0984 0132 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:24:10.0171 0132 Cdrom - ok
02:24:10.0187 0132 cerc6 - ok
02:24:10.0218 0132 Changer - ok
02:24:10.0265 0132 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
02:24:10.0421 0132 CiSvc - ok
02:24:10.0484 0132 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
02:24:10.0671 0132 ClipSrv - ok
02:24:10.0718 0132 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:24:10.0734 0132 clr_optimization_v2.0.50727_32 - ok
02:24:10.0812 0132 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:24:10.0828 0132 clr_optimization_v4.0.30319_32 - ok
02:24:10.0875 0132 CmdIde - ok
02:24:10.0906 0132 COMSysApp - ok
02:24:10.0984 0132 Cpqarray - ok
02:24:11.0062 0132 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
02:24:11.0109 0132 cpudrv - ok
02:24:11.0140 0132 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
02:24:11.0343 0132 CryptSvc - ok
02:24:11.0375 0132 dac2w2k - ok
02:24:11.0406 0132 dac960nt - ok
02:24:11.0453 0132 dcdbas - ok
02:24:11.0515 0132 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
02:24:11.0562 0132 DcomLaunch - ok
02:24:11.0625 0132 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
02:24:11.0812 0132 Dhcp - ok
02:24:11.0843 0132 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
02:24:12.0031 0132 Disk - ok
02:24:12.0046 0132 dmadmin - ok
02:24:12.0140 0132 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
02:24:12.0343 0132 dmboot - ok
02:24:12.0390 0132 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
02:24:12.0578 0132 dmio - ok
02:24:12.0609 0132 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
02:24:12.0765 0132 dmload - ok
02:24:12.0812 0132 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
02:24:13.0015 0132 dmserver - ok
02:24:13.0062 0132 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
02:24:13.0265 0132 DMusic - ok
02:24:13.0312 0132 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
02:24:13.0343 0132 Dnscache - ok
02:24:13.0390 0132 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
02:24:13.0546 0132 Dot3svc - ok
02:24:13.0578 0132 dpti2o - ok
02:24:13.0640 0132 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
02:24:13.0812 0132 drmkaud - ok
02:24:13.0843 0132 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\WINDOWS\system32\Drivers\DrvAgent32.sys
02:24:13.0859 0132 DrvAgent32 ( UnsignedFile.Multi.Generic ) - warning
02:24:13.0859 0132 DrvAgent32 - detected UnsignedFile.Multi.Generic (1)
02:24:13.0937 0132 E1000 (3044851b3c5286a908a6a4d1166328aa) C:\WINDOWS\system32\DRIVERS\e1000325.sys
02:24:13.0953 0132 E1000 - ok
02:24:13.0984 0132 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
02:24:14.0171 0132 EapHost - ok
02:24:14.0218 0132 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
02:24:14.0390 0132 ERSvc - ok
02:24:14.0421 0132 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
02:24:14.0453 0132 Eventlog - ok
02:24:14.0515 0132 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
02:24:14.0546 0132 EventSystem - ok
02:24:14.0593 0132 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
02:24:14.0750 0132 Fastfat - ok
02:24:14.0812 0132 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
02:24:14.0843 0132 FastUserSwitchingCompatibility - ok
02:24:14.0875 0132 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
02:24:15.0078 0132 Fdc - ok
02:24:15.0093 0132 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
02:24:15.0265 0132 Fips - ok
02:24:15.0312 0132 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
02:24:15.0515 0132 Flpydisk - ok
02:24:15.0546 0132 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
02:24:15.0703 0132 FltMgr - ok
02:24:15.0796 0132 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
02:24:15.0812 0132 FontCache3.0.0.0 - ok
02:24:15.0843 0132 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:24:16.0046 0132 Fs_Rec - ok
02:24:16.0093 0132 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:24:16.0234 0132 Ftdisk - ok
02:24:16.0265 0132 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:24:16.0453 0132 Gpc - ok
02:24:16.0531 0132 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:24:16.0687 0132 helpsvc - ok
02:24:16.0734 0132 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
02:24:16.0921 0132 HidServ - ok
02:24:16.0968 0132 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:24:17.0140 0132 hidusb - ok
02:24:17.0187 0132 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
02:24:17.0406 0132 hkmsvc - ok
02:24:17.0437 0132 hpn - ok
02:24:17.0484 0132 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
02:24:17.0500 0132 HTTP - ok
02:24:17.0546 0132 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
02:24:17.0718 0132 HTTPFilter - ok
02:24:17.0734 0132 i2omgmt - ok
02:24:17.0765 0132 i2omp - ok
02:24:17.0812 0132 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
02:24:18.0000 0132 i8042prt - ok
02:24:18.0109 0132 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:24:18.0171 0132 idsvc - ok
02:24:18.0218 0132 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
02:24:18.0390 0132 Imapi - ok
02:24:18.0437 0132 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
02:24:18.0593 0132 ImapiService - ok
02:24:18.0625 0132 ini910u - ok
02:24:18.0687 0132 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
02:24:18.0875 0132 IntelIde - ok
02:24:18.0921 0132 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
02:24:19.0093 0132 intelppm - ok
02:24:19.0140 0132 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
02:24:19.0312 0132 Ip6Fw - ok
02:24:19.0343 0132 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:24:19.0531 0132 IpFilterDriver - ok
02:24:19.0578 0132 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:24:19.0765 0132 IpInIp - ok
02:24:19.0796 0132 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:24:19.0953 0132 IpNat - ok
02:24:20.0015 0132 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:24:20.0203 0132 IPSec - ok
02:24:20.0265 0132 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
02:24:20.0343 0132 IRENUM - ok
02:24:20.0406 0132 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:24:20.0578 0132 isapnp - ok
02:24:20.0656 0132 JavaQuickStarterService (c2c1660ddcc9bd67eb98d6d5f91c107f) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
02:24:20.0671 0132 JavaQuickStarterService - ok
02:24:20.0718 0132 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:24:20.0906 0132 Kbdclass - ok
02:24:20.0953 0132 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:24:21.0109 0132 kbdhid - ok
02:24:21.0140 0132 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
02:24:21.0328 0132 kmixer - ok
02:24:21.0375 0132 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
02:24:21.0390 0132 KSecDD - ok
02:24:21.0421 0132 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
02:24:21.0453 0132 LanmanServer - ok
02:24:21.0515 0132 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
02:24:21.0546 0132 lanmanworkstation - ok
02:24:21.0562 0132 lbrtfdc - ok
02:24:21.0625 0132 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
02:24:21.0796 0132 LmHosts - ok
02:24:21.0859 0132 MatSvc (ddf15a42e27e8efe27b18fd403151a86) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
02:24:21.0890 0132 MatSvc - ok
02:24:21.0921 0132 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
02:24:22.0125 0132 Messenger - ok
02:24:22.0156 0132 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
02:24:22.0312 0132 mnmdd - ok
02:24:22.0359 0132 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
02:24:22.0500 0132 mnmsrvc - ok
02:24:22.0531 0132 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
02:24:22.0734 0132 Modem - ok
02:24:22.0765 0132 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:24:22.0937 0132 Mouclass - ok
02:24:22.0984 0132 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:24:23.0125 0132 mouhid - ok
02:24:23.0156 0132 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
02:24:23.0328 0132 MountMgr - ok
02:24:23.0406 0132 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
02:24:23.0437 0132 MozillaMaintenance - ok
02:24:23.0468 0132 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
02:24:23.0500 0132 MpFilter - ok
02:24:23.0593 0132 MpKsl0f900c05 (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0781912F-51DA-4BC6-B942-645C69BC2F5C}\MpKsl0f900c05.sys
02:24:23.0609 0132 MpKsl0f900c05 - ok
02:24:23.0625 0132 mraid35x - ok
02:24:23.0687 0132 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:24:23.0843 0132 MRxDAV - ok
02:24:23.0906 0132 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:24:23.0953 0132 MRxSmb - ok
02:24:23.0984 0132 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
02:24:24.0156 0132 MSDTC - ok
02:24:24.0218 0132 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
02:24:24.0359 0132 Msfs - ok
02:24:24.0390 0132 MSIServer - ok
02:24:24.0421 0132 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:24:24.0593 0132 MSKSSRV - ok
02:24:24.0671 0132 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
02:24:24.0687 0132 MsMpSvc - ok
02:24:24.0734 0132 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:24:24.0906 0132 MSPCLOCK - ok
02:24:24.0953 0132 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
02:24:25.0125 0132 MSPQM - ok
02:24:25.0156 0132 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:24:25.0343 0132 mssmbios - ok
02:24:25.0390 0132 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
02:24:25.0406 0132 Mup - ok
02:24:25.0468 0132 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
02:24:25.0640 0132 napagent - ok
02:24:25.0671 0132 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
02:24:25.0828 0132 NDIS - ok
02:24:25.0875 0132 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:24:25.0906 0132 NdisTapi - ok
02:24:25.0921 0132 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:24:26.0109 0132 Ndisuio - ok
02:24:26.0156 0132 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:24:26.0296 0132 NdisWan - ok
02:24:26.0343 0132 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
02:24:26.0375 0132 NDProxy - ok
02:24:26.0421 0132 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
02:24:26.0578 0132 NetBIOS - ok
02:24:26.0640 0132 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
02:24:26.0781 0132 NetBT - ok
02:24:26.0812 0132 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
02:24:26.0984 0132 NetDDE - ok
02:24:27.0015 0132 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
02:24:27.0187 0132 NetDDEdsdm - ok
02:24:27.0234 0132 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
02:24:27.0390 0132 Netlogon - ok
02:24:27.0453 0132 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
02:24:27.0593 0132 Netman - ok
02:24:27.0671 0132 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:24:27.0687 0132 NetTcpPortSharing - ok
02:24:27.0765 0132 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
02:24:27.0796 0132 Nla - ok
02:24:27.0828 0132 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
02:24:28.0000 0132 Npfs - ok
02:24:28.0078 0132 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
02:24:28.0250 0132 Ntfs - ok
02:24:28.0265 0132 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
02:24:28.0453 0132 NtLmSsp - ok
02:24:28.0515 0132 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
02:24:28.0656 0132 NtmsSvc - ok
02:24:28.0687 0132 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
02:24:28.0859 0132 Null - ok
02:24:28.0953 0132 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:24:29.0093 0132 NwlnkFlt - ok
02:24:29.0140 0132 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:24:29.0312 0132 NwlnkFwd - ok
02:24:29.0343 0132 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
02:24:29.0484 0132 Parport - ok
02:24:29.0515 0132 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
02:24:29.0703 0132 PartMgr - ok
02:24:29.0734 0132 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
02:24:29.0890 0132 ParVdm - ok
02:24:29.0937 0132 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
02:24:30.0109 0132 PCI - ok
02:24:30.0140 0132 PCIDump - ok
02:24:30.0187 0132 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
02:24:30.0343 0132 PCIIde - ok
02:24:30.0421 0132 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
02:24:30.0562 0132 Pcmcia - ok
02:24:30.0609 0132 PDCOMP - ok
02:24:30.0640 0132 PDFRAME - ok
02:24:30.0671 0132 PDRELI - ok
02:24:30.0703 0132 PDRFRAME - ok
02:24:30.0750 0132 perc2 - ok
02:24:30.0781 0132 perc2hib - ok
02:24:30.0906 0132 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
02:24:30.0921 0132 PlugPlay - ok
02:24:30.0953 0132 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
02:24:31.0109 0132 PolicyAgent - ok
02:24:31.0187 0132 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:24:31.0359 0132 PptpMiniport - ok
02:24:31.0375 0132 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
02:24:31.0531 0132 ProtectedStorage - ok
02:24:31.0578 0132 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
02:24:31.0750 0132 PSched - ok
02:24:31.0812 0132 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:24:31.0984 0132 Ptilink - ok
02:24:32.0015 0132 ql1080 - ok
02:24:32.0046 0132 Ql10wnt - ok
02:24:32.0078 0132 ql12160 - ok
02:24:32.0109 0132 ql1240 - ok
02:24:32.0140 0132 ql1280 - ok
02:24:32.0203 0132 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:24:32.0343 0132 RasAcd - ok
02:24:32.0375 0132 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
02:24:32.0546 0132 RasAuto - ok
02:24:32.0593 0132 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:24:32.0765 0132 Rasl2tp - ok
02:24:32.0796 0132 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
02:24:32.0937 0132 RasMan - ok
02:24:32.0984 0132 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:24:33.0171 0132 RasPppoe - ok
02:24:33.0187 0132 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
02:24:33.0359 0132 Raspti - ok
02:24:33.0406 0132 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:24:33.0562 0132 Rdbss - ok
02:24:33.0609 0132 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:24:33.0734 0132 RDPCDD - ok
02:24:33.0812 0132 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
02:24:33.0937 0132 rdpdr - ok
02:24:34.0015 0132 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
02:24:34.0062 0132 RDPWD - ok
02:24:34.0109 0132 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
02:24:34.0265 0132 RDSessMgr - ok
02:24:34.0296 0132 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
02:24:34.0484 0132 redbook - ok
02:24:34.0546 0132 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
02:24:34.0703 0132 RemoteAccess - ok
02:24:34.0765 0132 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
02:24:34.0921 0132 RemoteRegistry - ok
02:24:34.0953 0132 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
02:24:35.0125 0132 RpcLocator - ok
02:24:35.0187 0132 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
02:24:35.0203 0132 RpcSs - ok
02:24:35.0265 0132 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
02:24:35.0421 0132 RSVP - ok
02:24:35.0453 0132 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
02:24:35.0609 0132 SamSs - ok
02:24:35.0640 0132 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
02:24:35.0812 0132 SCardSvr - ok
02:24:35.0859 0132 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
02:24:36.0015 0132 Schedule - ok
02:24:36.0046 0132 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:24:36.0125 0132 Secdrv - ok
02:24:36.0171 0132 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
02:24:36.0328 0132 seclogon - ok
02:24:36.0375 0132 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
02:24:36.0546 0132 SENS - ok
02:24:36.0578 0132 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
02:24:36.0750 0132 serenum - ok
02:24:36.0781 0132 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
02:24:36.0921 0132 Serial - ok
02:24:37.0062 0132 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
02:24:37.0218 0132 Sfloppy - ok
02:24:37.0281 0132 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
02:24:37.0437 0132 SharedAccess - ok
02:24:37.0468 0132 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
02:24:37.0500 0132 ShellHWDetection - ok
02:24:37.0531 0132 Simbad - ok
02:24:37.0609 0132 smwdm (3a11abb30c6a64173f99c8c42e76827c) C:\WINDOWS\system32\drivers\smwdm.sys
02:24:37.0640 0132 smwdm - ok
02:24:37.0656 0132 Sparrow - ok
02:24:37.0750 0132 spkrmon (4a205d78d17e6234986ddcd0da2761e9) C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
02:24:37.0750 0132 spkrmon ( UnsignedFile.Multi.Generic ) - warning
02:24:37.0750 0132 spkrmon - detected UnsignedFile.Multi.Generic (1)
02:24:37.0812 0132 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
02:24:37.0953 0132 splitter - ok
02:24:38.0000 0132 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
02:24:38.0015 0132 Spooler - ok
02:24:38.0078 0132 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
02:24:38.0140 0132 sr - ok
02:24:38.0187 0132 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
02:24:38.0250 0132 srservice - ok
02:24:38.0343 0132 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
02:24:38.0375 0132 Srv - ok
02:24:38.0406 0132 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
02:24:38.0484 0132 SSDPSRV - ok
02:24:38.0531 0132 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
02:24:38.0671 0132 stisvc - ok
02:24:38.0734 0132 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
02:24:38.0906 0132 swenum - ok
02:24:38.0953 0132 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
02:24:39.0125 0132 swmidi - ok
02:24:39.0140 0132 SwPrv - ok
02:24:39.0156 0132 symc810 - ok
02:24:39.0187 0132 symc8xx - ok
02:24:39.0218 0132 sym_hi - ok
02:24:39.0250 0132 sym_u3 - ok
02:24:39.0296 0132 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
02:24:39.0484 0132 sysaudio - ok
02:24:39.0515 0132 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
02:24:39.0671 0132 SysmonLog - ok
02:24:39.0718 0132 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
02:24:39.0859 0132 TapiSrv - ok
02:24:39.0937 0132 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:24:39.0953 0132 Tcpip - ok
02:24:40.0015 0132 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
02:24:40.0156 0132 TDPIPE - ok
02:24:40.0187 0132 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
02:24:40.0359 0132 TDTCP - ok
02:24:40.0406 0132 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
02:24:40.0562 0132 TermDD - ok
02:24:40.0625 0132 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
02:24:40.0781 0132 TermService - ok
02:24:40.0828 0132 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
02:24:40.0859 0132 Themes - ok
02:24:40.0906 0132 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
02:24:41.0000 0132 TlntSvr - ok
02:24:41.0031 0132 TosIde - ok
02:24:41.0078 0132 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
02:24:41.0250 0132 TrkWks - ok
02:24:41.0296 0132 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
02:24:41.0484 0132 Udfs - ok
02:24:41.0531 0132 ultra - ok
02:24:41.0593 0132 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
02:24:41.0750 0132 Update - ok
02:24:41.0781 0132 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
02:24:41.0859 0132 upnphost - ok
02:24:41.0890 0132 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
02:24:42.0078 0132 UPS - ok
02:24:42.0156 0132 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:24:42.0296 0132 usbccgp - ok
02:24:42.0343 0132 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:24:42.0515 0132 usbehci - ok
02:24:42.0546 0132 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:24:42.0687 0132 usbhub - ok
02:24:42.0734 0132 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
02:24:42.0890 0132 usbprint - ok
02:24:42.0953 0132 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:24:43.0125 0132 USBSTOR - ok
02:24:43.0156 0132 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
02:24:43.0328 0132 usbuhci - ok
02:24:43.0375 0132 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
02:24:43.0531 0132 VgaSave - ok
02:24:43.0578 0132 ViaIde - ok
02:24:43.0625 0132 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
02:24:43.0765 0132 VolSnap - ok
02:24:43.0828 0132 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
02:24:43.0906 0132 VSS - ok
02:24:43.0953 0132 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
02:24:44.0125 0132 W32Time - ok
02:24:44.0187 0132 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:24:44.0359 0132 Wanarp - ok
02:24:44.0375 0132 WDICA - ok
02:24:44.0437 0132 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
02:24:44.0578 0132 wdmaud - ok
02:24:44.0640 0132 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
02:24:44.0796 0132 WebClient - ok
02:24:44.0875 0132 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
02:24:45.0015 0132 winmgmt - ok
02:24:45.0109 0132 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
02:24:45.0187 0132 WinRM - ok
02:24:45.0265 0132 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
02:24:45.0281 0132 WmdmPmSN - ok
02:24:45.0359 0132 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
02:24:45.0421 0132 Wmi - ok
02:24:45.0515 0132 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
02:24:45.0656 0132 WmiApSrv - ok
02:24:45.0765 0132 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
02:24:45.0812 0132 WMPNetworkSvc - ok
02:24:45.0968 0132 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
02:24:46.0000 0132 WPFFontCache_v0400 - ok
02:24:46.0093 0132 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
02:24:46.0281 0132 WS2IFSL - ok
02:24:46.0296 0132 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
02:24:46.0484 0132 wscsvc - ok
02:24:46.0500 0132 WSearch - ok
02:24:46.0546 0132 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
02:24:46.0718 0132 wuauserv - ok
02:24:46.0750 0132 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:24:46.0781 0132 WudfPf - ok
02:24:46.0828 0132 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:24:46.0859 0132 WudfRd - ok
02:24:46.0890 0132 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
02:24:46.0906 0132 WudfSvc - ok
02:24:46.0968 0132 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
02:24:47.0140 0132 WZCSVC - ok
02:24:47.0187 0132 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
02:24:47.0343 0132 xmlprov - ok
02:24:47.0406 0132 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
02:24:47.0859 0132 \Device\Harddisk0\DR0 - ok
02:24:47.0890 0132 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
02:24:48.0000 0132 \Device\Harddisk1\DR2 - ok
02:24:48.0046 0132 Boot (0x1200) (a9ce763c75c661af5d38945dd702fcf5) \Device\Harddisk0\DR0\Partition0
02:24:48.0046 0132 \Device\Harddisk0\DR0\Partition0 - ok
02:24:48.0062 0132 Boot (0x1200) (48759653e58f35debfa503fa01b4f44c) \Device\Harddisk1\DR2\Partition0
02:24:48.0062 0132 \Device\Harddisk1\DR2\Partition0 - ok
02:24:48.0078 0132 ============================================================
02:24:48.0078 0132 Scan finished
02:24:48.0078 0132 ============================================================
02:24:48.0234 3072 Detected object count: 2
02:24:48.0234 3072 Actual detected object count: 2
02:25:00.0546 3072 DrvAgent32 ( UnsignedFile.Multi.Generic ) - skipped by user
02:25:00.0546 3072 DrvAgent32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:25:00.0562 3072 spkrmon ( UnsignedFile.Multi.Generic ) - skipped by user
02:25:00.0562 3072 spkrmon ( UnsignedFile.Multi.Generic ) - User select action: Skip
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

Edited by Mr. Rufus Sniff, 28 July 2012 - 03:28 AM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
The OTL log should be in the same folder as the OTL.exe file but if you can't find it that's OK. I'll be able to see if it worked when you run it again near the end of the instructions.

The AVG indication is a leftover in windows from a previous AVG install. As usual AVG did a poor job of removing their software. We can fix it and remove a missing driver entry with Combofix.



Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************


AtJob::

SecCenter::
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

DirLook::
C:\Program Files\Common
%user%\library

Driver::
cerc6


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.
  • 0

#5
Mr. Rufus Sniff

Mr. Rufus Sniff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hey Ron,

Ok, here's the log for the latest script you had me drop into ComboFix...
This time, a little ways thru the process, the warning balloon came up and stated
I didn't have any virus protection...

Also, the ComboFix program stated this time it'll boot automatically and did let
me know where the log was located when done...

Yet it did advise me initially that the AVG was still running and I'd be at my own
risk...so I assumed you'd know this so I proceeded anyways...

PS...and the Sec Center now states the system doesn't have the AVG...

Nile


ComboFix 12-07-27.03 - Nile R Vincent 07/28/2012 16:59:12.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2431.2080 [GMT -7:00]
Running from: c:\documents and settings\Nile R Vincent\Desktop\GTG\ComboFix.exe
Command switches used :: c:\documents and settings\Nile R Vincent\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_cerc6
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-28 12:13 . 2012-07-28 12:13 -------- d-----w- c:\program files\Defraggler
2012-07-28 09:21 . 2012-07-28 09:21 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-28 09:04 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-28 09:04 . 2012-07-28 09:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-28 06:31 . 2012-07-28 06:31 -------- d-----w- C:\_OTL
2012-07-27 02:41 . 2006-11-18 00:29 4541824 ------w- c:\windows\system32\nv4_disp.dll
2012-07-27 02:41 . 2006-11-18 00:29 3994688 ------w- c:\windows\system32\drivers\nv4_mini.sys
2012-07-27 02:23 . 2012-07-28 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2012-07-27 02:22 . 2012-07-27 02:22 -------- d-----w- c:\program files\NVIDIA Corporation
2012-07-27 02:17 . 2007-05-30 05:46 39800 ----a-w- c:\windows\system32\NicInstG.dll
2012-07-27 02:17 . 2007-01-17 22:02 28536 ----a-w- c:\windows\system32\NicCo.dll
2012-07-27 02:11 . 2012-07-27 02:11 -------- d-----w- c:\documents and settings\Nile R Vincent\Application Data\InstallShield
2012-07-27 01:57 . 2012-07-27 01:57 -------- d-----w- c:\documents and settings\Nile R Vincent\Application Data\driveridentifier
2012-07-27 01:57 . 2012-07-27 01:57 -------- d-----w- c:\program files\Driver Identifier
2012-07-27 01:41 . 2012-07-27 01:43 -------- d-----w- C:\ViewSonic
2012-07-27 01:14 . 2012-07-27 01:14 -------- d-----w- c:\documents and settings\Nile R Vincent\Local Settings\Application Data\PC_Drivers_Headquarters
2012-07-27 00:54 . 2012-07-27 00:54 -------- d-----w- c:\documents and settings\Nile R Vincent\Application Data\Dell Drivers Update Utility
2012-07-27 00:53 . 2012-07-27 00:53 -------- d-----w- c:\documents and settings\Nile R Vincent\Local Settings\Application Data\DELL Drivers Update Utility
2012-07-27 00:53 . 2012-07-27 00:53 -------- d-----w- c:\program files\DELL Drivers Update Utility
2012-07-27 00:39 . 2012-07-27 00:39 -------- d-----w- c:\windows\VirtualEar
2012-07-27 00:39 . 2003-04-08 17:30 3744 ----a-w- c:\windows\system32\drivers\smsens.sys
2012-07-27 00:39 . 2002-04-01 20:15 4816 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2012-07-27 00:39 . 2001-09-19 20:47 765952 ----a-w- c:\windows\system\crlds3d.dll
2012-07-27 00:39 . 2001-09-19 20:47 720896 ----a-w- c:\windows\system32\Audio3d.dll
2012-07-27 00:39 . 2012-07-27 00:39 -------- d-----w- c:\program files\Analog Devices
2012-07-27 00:39 . 2003-10-30 16:48 593408 ----a-w- c:\windows\system32\drivers\smwdm.sys
2012-07-27 00:39 . 2003-06-16 14:32 49152 ----a-w- c:\windows\system32\DSndUp.exe
2012-07-27 00:39 . 2002-04-17 22:05 45056 ----a-w- c:\windows\system32\CleanUp.exe
2012-07-27 00:13 . 2001-10-11 20:40 80384 ----a-w- c:\windows\InetReg.crl
2012-07-27 00:13 . 2000-06-07 08:01 4848 ----a-w- c:\windows\Helper.exe
2012-07-27 00:13 . 2001-10-11 20:40 434688 ----a-w- c:\windows\InetReg.exe
2012-07-27 00:13 . 2000-06-07 08:01 41984 ----a-w- c:\windows\Ctregrun.exe
2012-07-27 00:12 . 2012-07-27 00:12 -------- d-----w- c:\windows\SBPCT
2012-07-27 00:12 . 2012-07-27 00:12 -------- d-----w- c:\program files\CREATIVE
2012-07-27 00:12 . 1998-10-29 23:45 306688 ----a-w- c:\windows\IsUninst.exe
2012-07-26 23:17 . 2012-07-26 23:17 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-26 23:16 . 2012-07-26 23:16 -------- d-----w- c:\documents and settings\Nile R Vincent\Local Settings\Application Data\Zoom_Downloader
2012-07-26 23:16 . 2012-07-26 23:16 -------- d-----w- c:\program files\AMD APP
2012-07-26 23:16 . 2012-07-26 23:16 -------- d-----w- c:\program files\ATI Technologies
2012-07-26 22:18 . 2012-07-26 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-07-26 22:18 . 2012-07-26 23:14 -------- d-----w- c:\program files\Security Task Manager
2012-07-26 08:59 . 2012-07-26 08:59 -------- d-----w- c:\program files\Realtek
2012-07-26 08:59 . 2011-12-13 18:01 1698408 ----a-w- c:\windows\RtlExUpd.dll
2012-07-26 08:13 . 2012-07-26 08:13 -------- d-----w- c:\program files\ATI
2012-07-26 08:12 . 2012-07-26 08:12 -------- d-----w- C:\ATI
2012-07-25 08:58 . 2012-07-26 23:16 -------- d-----w- c:\windows\NV35603564.TMP
2012-07-25 08:46 . 2003-11-11 01:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2012-07-25 08:46 . 2003-11-11 01:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2012-07-25 08:46 . 2003-11-11 01:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2012-07-25 08:46 . 2003-11-11 01:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2012-07-25 08:46 . 2003-11-11 01:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2012-07-25 08:46 . 2012-07-25 08:46 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2012-07-25 08:46 . 2012-07-25 08:46 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2012-07-24 18:18 . 2012-07-24 18:18 -------- d-----w- c:\documents and settings\DownloadsC
2012-07-22 18:08 . 2012-07-22 18:08 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-07-22 18:08 . 2012-07-14 00:17 136672 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-07-22 18:08 . 2012-07-14 00:17 68576 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-07-22 18:08 . 2012-07-14 00:17 573920 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-07-22 18:08 . 2012-07-14 00:17 157608 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-07-22 18:08 . 2012-07-14 00:17 113120 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-07-22 18:08 . 2012-07-14 00:16 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-22 18:08 . 2012-07-14 00:16 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-07-14 07:44 . 2012-07-28 10:31 -------- d-----w- c:\documents and settings\Nile R Vincent\Application Data\vlc
2012-07-12 13:30 . 2012-07-12 13:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-07-11 11:37 . 2012-07-11 11:45 -------- d-s---w- c:\documents and settings\Administrator
2012-07-03 01:43 . 2012-07-03 01:43 -------- d-----w- c:\program files\Microsoft ActiveSync
2012-07-03 01:42 . 2012-07-03 01:43 -------- d-----w- c:\windows\ShellNew
2012-07-01 10:32 . 2012-07-01 10:32 -------- d-----w- c:\program files\VS Revo Group
2012-06-29 00:33 . 2012-06-29 00:33 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-06-29 00:33 . 2012-06-29 00:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 11:30 . 2012-06-18 03:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-27 11:30 . 2012-06-18 03:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-26 22:01 . 2012-06-17 15:44 98304 ----a-w- c:\windows\DUMP3c3d.tmp
2012-07-24 06:40 . 2012-06-17 15:44 98304 ----a-w- c:\windows\DUMP3f5a.tmp
2012-07-22 16:10 . 2012-06-17 15:44 98304 ----a-w- c:\windows\DUMP536f.tmp
2012-06-20 06:19 . 2012-06-20 06:19 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2012-06-13 13:19 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-05 00:35 . 2009-08-07 02:23 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2008-04-14 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2009-08-07 02:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2012-06-17 22:54 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2012-06-17 22:54 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2012-06-17 22:54 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2012-06-17 22:54 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-17 22:54 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2009-08-07 02:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2009-08-07 02:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2012-06-17 22:54 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-17 22:54 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2012-06-18 21:05 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2012-06-18 21:05 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-05-05 02:29 . 2012-06-20 06:28 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-05 02:29 . 2012-06-20 06:28 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-05 02:29 . 2012-06-20 06:28 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 13:12 . 2008-04-14 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2008-04-14 00:01 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2012-06-17 22:52 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-14 00:17 . 2012-07-22 18:08 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((( [email protected]_08.28.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-29 00:05 . 2012-07-29 00:05 16384 c:\windows\Temp\Perflib_Perfdata_404.dat
+ 2012-06-23 01:12 . 2012-07-28 12:13 471040 c:\windows\system32\config\systemprofile\ntuser.dat
- 2012-06-23 01:12 . 2012-06-23 01:12 471040 c:\windows\system32\config\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/17/2012 8:13 PM 250056]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 11:08 AM 11336]
S3 dcdbas;System Management Driver;c:\windows\system32\DRIVERS\dcdbas32.sys --> c:\windows\system32\DRIVERS\dcdbas32.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [6/19/2012 11:19 PM 23456]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/22/2012 11:08 AM 113120]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 11:30]
.
2012-07-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
Trusted Zone: emily18.com\www
TCP: DhcpNameServer = 192.168.1.1 74.40.74.40
FF - ProfilePath - c:\documents and settings\Nile R Vincent\Application Data\Mozilla\Firefox\Profiles\gmzugg1n.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110018&tt=060612_8_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 608180b8000000000000000cf1d79927
FF - user.js: extensions.BabylonToolbar_i.hardId - 608180b8000000000000000cf1d79927
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15509
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.171:06
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-28 17:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2252)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\spkrmon.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-07-28 17:08:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-29 00:08
ComboFix2.txt 2012-07-28 08:31
.
Pre-Run: 70,767,308,800 bytes free
Post-Run: 70,655,651,840 bytes free
.
- - End Of File - - 5512598139DE87F942317B3F5B65D788
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
Looks like the CF script worked as planned.

Now go on to aswMBR, ESET and BitDefender. The first two may each take hours. The last one is very quick.
  • 0

#7
Mr. Rufus Sniff

Mr. Rufus Sniff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hi Ron,

Here's the aswMBR log...

You'd mentioned it may take hrs...yet mine ran for just under 4 min.
And the "Fix" button was not enabled...

Yet the ESET scan did take over 4 hours... :wacko:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-28 17:54:31
-----------------------------
17:54:31.078 OS Version: Windows 5.1.2600 Service Pack 3
17:54:31.078 Number of processors: 1 586 0x303
17:54:31.078 ComputerName: NILE-VINCENT UserName:
17:54:31.687 Initialize success
17:56:51.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:56:51.171 Disk 0 Vendor: HDS728080PLAT20 PF2OA21B Size: 78533MB BusType: 3
17:56:51.203 Disk 0 MBR read successfully
17:56:51.218 Disk 0 MBR scan
17:56:51.234 Disk 0 Windows XP default MBR code
17:56:51.250 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 78520 MB offset 63
17:56:51.265 Disk 0 scanning sectors +160810650
17:56:51.343 Disk 0 scanning C:\WINDOWS\system32\drivers
17:56:56.359 Service scanning
17:57:02.531 Service MpKslf642c09c C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C56FB71A-4C51-4F0D-842B-D05AB922D8D7}\MpKslf642c09c.sys **LOCKED** 32
17:57:10.843 Modules scanning
17:57:18.843 Scan finished successfully
17:58:26.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Nile R Vincent\Desktop\MBR.dat"
17:58:26.984 The log file has been saved successfully to "C:\Documents and Settings\Nile R Vincent\Desktop\aswMBR.txt"

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

And here is the 1st ESET log

C:\Documents and Settings\Nile R Vincent\Desktop\Initial DLs and Installs\cnet2_11-11_xp32_dd_exe.exe a variant of Win32/InstallCore.D application
C:\Documents and Settings\Nile R Vincent\Desktop\Initial DLs and Installs\cnet2_WDM_R268_exe.exe a variant of Win32/InstallCore.D application

And here's the 2nd log you requested upon closing ESET scanner...

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6a951d95b7da844ba0a3f8dcf1c1d92c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-29 05:45:27
# local_time=2012-07-28 10:45:27 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776869 42 93 0 10301887 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=183528
# found=2
# cleaned=0
# scan_time=15788
C:\Documents and Settings\Nile R Vincent\Desktop\Initial DLs and Installs\cnet2_11-11_xp32_dd_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Nile R Vincent\Desktop\Initial DLs and Installs\cnet2_WDM_R268_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000

Here's the BitDefender log...


QuickScan 32-bit v0.9.9.119
---------------------------
Scan date: Sat Jul 28 23:48:21 2012
Machine ID: 608180B8



No infection found.
-------------------



Processes
---------
Firefox 548 C:\Program Files\Mozilla Firefox\firefox.exe
Firefox 3336 C:\Program Files\Mozilla Firefox\plugin-container.exe
Java™ Platform SE 7 U5 1028 C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
Java™ Platform SE Auto Updater 2 0 1652 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Microsoft Malware Protection 2896 C:\Program Files\Microsoft Security Client\MsMpEng.exe
Microsoft Security Client 560 C:\Program Files\Microsoft Security Client\msseces.exe
Microsoft® Windows® Operating System 2012 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
Microsoft® Windows® Operating System 1772 C:\WINDOWS\system32\spoolsv.exe
spkrmon Module 1384 C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
(verified) Microsoft® Windows® Operating System 2252 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 3256 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 648 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 2244 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 728 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 1828 C:\WINDOWS\system32\scardsvr.exe
(verified) Microsoft® Windows® Operating System 632 C:\WINDOWS\system32\searchindexer.exe
(verified) Microsoft® Windows® Operating System 716 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 576 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 488 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 884 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 964 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1060 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1100 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1144 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1320 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1404 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 464 C:\WINDOWS\system32\wbem\wmiapsrv.exe
(verified) Microsoft® Windows® Operating System 672 C:\WINDOWS\system32\winlogon.exe


Network activity
----------------
Process firefox.exe (548) connected on port 80 (HTTP) --> 96.16.97.24
Process firefox.exe (548) connected on port 80 (HTTP) --> 173.194.79.95
Process firefox.exe (548) connected on port 443 (HTTP over SSL) --> 173.194.33.6
Process firefox.exe (548) connected on port 80 (HTTP) --> 173.194.79.95
Process firefox.exe (548) connected on port 80 (HTTP) --> 69.192.207.139
Process firefox.exe (548) connected on port 80 (HTTP) --> 173.194.33.26
Process firefox.exe (548) connected on port 80 (HTTP) --> 173.194.33.25
Process firefox.exe (548) connected on port 80 (HTTP) --> 173.194.33.0
Process firefox.exe (548) connected on port 443 (HTTP over SSL) --> 173.194.33.15
Process firefox.exe (548) connected on port 443 (HTTP over SSL) --> 173.194.33.9

Process svchost.exe (964) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Adobe® Flash® Player Update Service C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Microsoft Malware Protection C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Microsoft Office XP C:\Program Files\Microsoft Office\Office10\OSA.EXE
Microsoft Security Client C:\Program Files\Microsoft Security Client\msseces.exe
Microsoft® Windows® Operating System C:\Program Files\Windows Desktop Search\WindowsSearch.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
Windows® Search C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
(verified) Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Bitdefender QuickScan C:\Documents and Settings\Nile R Vincent\Application Data\Mozilla\Firefox\Profiles\gmzugg1n.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
DellSystemLite C:\WINDOWS\Downloaded Program Files\DellSystemLite.ocx
Java Deployment Toolkit 7.0.50.255 C:\WINDOWS\system32\npDeployJava1.dll
Java™ Platform SE 7 U5 c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
Java™ Platform SE 7 U5 C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
Java™ Platform SE 7 U5 c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
NPSWF32_11_3_300_268.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll
Silverlight Plug-In C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
VLC Web Plugin C:\Program Files\VideoLAN\VLC\npvlc.dll
Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
(verified) Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


Scan
----
MD5: 217386d2a7e4a151149b5de9f5ae9b75 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{19B98502-3137-424C-A002-63DE9EC035FF}\mpengine.dll
MD5: 163db46b803e4c83c444a026ff17d269 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{19B98502-3137-424C-A002-63DE9EC035FF}\offreg.dll
MD5: c9e3864fb9cbfa93d9010bcfe18a5697 C:\Documents and Settings\Nile R Vincent\Application Data\Mozilla\Firefox\Profiles\gmzugg1n.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: 7ec56424e3e77ebf4bf5e0798175e4e5 C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
MD5: 4a205d78d17e6234986ddcd0da2761e9 C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
MD5: 34ebd4ff6a24d86bb4716d6afcc1a89b C:\Program Files\Apple Software Update\SoftwareUpdate.exe
MD5: 60e5af8b7b4140c711b050fae5a3ab70 c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: 1582cdeeb5866625e48202cc35662390 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
MD5: b8e421c0890356cd4a793d8a346d9096 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: 995beb69ae5c50d354894354f5a6cd5a C:\Program Files\Common Files\Java\Java Update\jusched.exe
MD5: a0c2cb21f4b521429f033fdeb18d63d7 C:\Program Files\Common Files\System\directdb.dll
MD5: 5e559e6a42a0c04b32f5e3e2a19a6026 C:\Program Files\Defraggler\DefragglerShell.dll
MD5: 05d6b219b8279e928ecddb11df8d5934 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
MD5: ddf15a42e27e8efe27b18fd403151a86 C:\Program Files\Microsoft Fix it Center\Matsvc.exe
MD5: 5bc65464354a9fd3beaa28e18839734a C:\Program Files\Microsoft Office\Office10\OSA.EXE
MD5: a8e35801e04a4183a27df60829402867 C:\Program Files\Microsoft Security Client\EppManifest.dll
MD5: 410ccadf699cee2c0c741df0fd90f204 C:\Program Files\Microsoft Security Client\mpclient.dll
MD5: d66e48aba96afb61a29580713fb19d4b C:\Program Files\Microsoft Security Client\MpCmdRun.exe
MD5: 0b3e2a065bb0e0c8854fef37f90dc3be C:\Program Files\Microsoft Security Client\mprtp.dll
MD5: 120aa0938e8b76ce044d5307dd6caa11 C:\Program Files\Microsoft Security Client\mpsvc.dll
MD5: d5bd2608a465a5867e6220ff84e58768 C:\Program Files\Microsoft Security Client\MsMpCom.dll
MD5: 24516bf4e12a46cb67302e2cdcb8cddf C:\Program Files\Microsoft Security Client\MsMpEng.exe
MD5: 687b71c161b246ece1a13d24aacf0413 C:\Program Files\Microsoft Security Client\msseces.exe
MD5: 711a2e6a55ec7bfd59b5f649d58b704b C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
MD5: 6d3ce6a1fe3be6d51a90c3aef6d545ac C:\Program Files\Mozilla Firefox\components\browsercomps.dll
MD5: 3f677172f23fc17283d9bce4b42e3f65 C:\Program Files\Mozilla Firefox\firefox.exe
MD5: 7ad79ebf2915bb6c9b821932d8d90879 C:\Program Files\Mozilla Firefox\freebl3.dll
MD5: be005b2321b30219b43986c713ed31a0 C:\Program Files\Mozilla Firefox\gkmedias.dll
MD5: d44761290b0861c8df045cde34eb0705 C:\Program Files\Mozilla Firefox\mozalloc.dll
MD5: 4009aca971c4d4e5fa8891b076917069 C:\Program Files\Mozilla Firefox\mozglue.dll
MD5: 0fce648f8031872f7b8049f13fa0edc4 C:\Program Files\Mozilla Firefox\mozjs.dll
MD5: fde476cfa50f0e1c3ca7b732334b5c3a C:\Program Files\Mozilla Firefox\mozsqlite3.dll
MD5: 03e9314004f504a14a61c3d364b62f66 C:\Program Files\Mozilla Firefox\MSVCP100.dll
MD5: 67ec459e42d3081dd8fd34356f7cafc1 C:\Program Files\Mozilla Firefox\MSVCR100.dll
MD5: d7cb45bead7ff63b8d82abbfb9d74102 C:\Program Files\Mozilla Firefox\nspr4.dll
MD5: 714e3f17d0e2e23354f15fd01b4f4ea8 C:\Program Files\Mozilla Firefox\nss3.dll
MD5: f661ecddf6b287683139f4bd365478cb C:\Program Files\Mozilla Firefox\nssckbi.dll
MD5: eeff5623465b383677699a06070becea C:\Program Files\Mozilla Firefox\nssdbm3.dll
MD5: 80d6b31fa7618b97ca9a0112b7cbb0ea C:\Program Files\Mozilla Firefox\nssutil3.dll
MD5: 476f7d54970aea25dea456825c64d733 C:\Program Files\Mozilla Firefox\plc4.dll
MD5: 5127cdc241d32568dd458cb0d1c4cea1 C:\Program Files\Mozilla Firefox\plds4.dll
MD5: a06ab1550658a19e871a6fd7ff1c2cdb C:\Program Files\Mozilla Firefox\plugin-container.exe
MD5: ba6db597377c3d29128aa201e1d94297 C:\Program Files\Mozilla Firefox\smime3.dll
MD5: dd74fb796f5d9a2bf5b4f24201429ab8 C:\Program Files\Mozilla Firefox\softokn3.dll
MD5: a5a40243d737326e61d296abd4c8aece C:\Program Files\Mozilla Firefox\ssl3.dll
MD5: a24cdf378df91a4304a1f3e7247bd513 C:\Program Files\Mozilla Firefox\xpcom.dll
MD5: 0bdd5b8ac394de23edbbf8998cbbe2a7 C:\Program Files\Mozilla Firefox\xul.dll
MD5: 46297fa8e30a6007f14118fc2b942fbc C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
MD5: 49f948cc887587ca8f933cb0b6f2c8ac c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
MD5: c2c1660ddcc9bd67eb98d6d5f91c107f C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
MD5: 67ec459e42d3081dd8fd34356f7cafc1 C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\MSVCR100.dll
MD5: d0da6b2fb50a0667cf4bacc2aefea009 C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
MD5: cc5835e8f89b4355bcca3b2603ac0679 c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
MD5: 116aa2b169abd0b620961caff0aeac84 C:\Program Files\Outlook Express\msoeres.dll
MD5: 3f9f8e0f93d6fa7b7552077a3df171de C:\Program Files\VideoLAN\VLC\npvlc.dll
MD5: 0e28e671281ebf1f1f8fe093d2bd4a7b C:\Program Files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
MD5: 56183fb6413b7c5cb42b8ac1541a4ee8 C:\Program Files\Windows Desktop Search\en-us\WindowsSearchRes.dll.mui
MD5: 994ad0d8550b8b26990a6e3aa0791502 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
MD5: f23a5d407b753f2e5e2bb6a95ab6d12b C:\Program Files\Windows Desktop Search\WdsMktTools.dll
MD5: 2c2830b08045e2a1c1930eb064a8fac0 C:\Program Files\Windows Desktop Search\wdsShell.dll
MD5: b5c9f63c01fcfec3f64ec6a0940a1825 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
MD5: cbfd0fb0a9491ed3f1bab4c64a04d2f1 C:\Program Files\Windows Desktop Search\WindowsSearchRes.dll
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: 492016673352550a7d4d10b9b1424771 C:\WINDOWS\Downloaded Program Files\DellSystemLite.ocx
MD5: 219af0f9a54ebeeb3e7e20025d801034 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll
MD5: 36ba8022693af7e967359ff3f97531d7 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: 215ce077258cedd5be4c56e9d614db9f C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll
MD5: f5df6846f30e9f54ea60ccaeb3fb2055 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
MD5: 260af897a982a69fb557c146757519f1 C:\WINDOWS\system32\BROWSEUI.dll
MD5: 64ba6f46952d6fa759f973d3c313fd6a C:\WINDOWS\system32\CNCF2Lb.DLL
MD5: 518430898509d8b63641d8cddc73fa55 C:\WINDOWS\system32\CNMLM7Q.DLL
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll
MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll
MD5: 64416c6e07606720c1ece6dd374bdffd C:\WINDOWS\system32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\System32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll
MD5: dd40363abad230a84c5e2178b11efa88 C:\WINDOWS\system32\CSRSRV.dll
MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll
MD5: f69189eb97b118b690acca93760ad738 c:\windows\system32\dot3gpclnt.dll
MD5: ea39da293c8bbaa0f89419ba64734cc7 c:\windows\system32\dot3msm.dll
MD5: 11c04b17ed2abbb4833694bcd644ac90 C:\WINDOWS\system32\drivers\aeaudio.sys
MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys
MD5: 651554e483712b708ede864d0ca1aa73 C:\WINDOWS\system32\Drivers\DrvAgent32.sys
MD5: 3044851b3c5286a908a6a4d1166328aa C:\WINDOWS\system32\DRIVERS\e1000325.sys
MD5: d993bea500e7382dc4e760bf4f35efcb C:\WINDOWS\system32\DRIVERS\MpFilter.sys
MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\system32\DRIVERS\ndistapi.sys
MD5: 3a11abb30c6a64173f99c8c42e76827c C:\WINDOWS\system32\drivers\smwdm.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys
MD5: 0bcb0ebc1b08fa384ec68f253c7253ef C:\WINDOWS\System32\eapphost.dll
MD5: ffb3115aa757abefba7fba90bad5dd0a C:\WINDOWS\system32\en-us\tQuery.dll.mui
MD5: f5b754cdea20bbb3a31e16a776ede6d6 C:\WINDOWS\system32\esent.dll
MD5: 303a63f4b913aa5d8998161cb77a8ce7 C:\WINDOWS\system32\feclient.dll
MD5: 3618313f7dfb605571a48fcf55d7868f C:\WINDOWS\system32\ieframe.dll
MD5: ad850c33a8ac45cf66574e62d1645272 C:\WINDOWS\system32\iertutil.dll
MD5: ffc01a72d1c25ccb39f61b202ce60819 C:\WINDOWS\system32\IMAGEHLP.dll
MD5: 57aa18b2896055e8cb269b19dd85e7f3 C:\WINDOWS\system32\INETCOMM.dll
MD5: b6932761058dc21beaa7a1245b1b20e6 C:\WINDOWS\system32\infosoft.dll
MD5: 1e6c47b63cd2f812de0f4a9f610fabb4 C:\WINDOWS\system32\jscript.dll
MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll
MD5: 3879d931fbb110292a16c8a3a11d7ed4 c:\windows\system32\l2gpstore.dll
MD5: 20fa028cb6506591a99c51432a3c0174 C:\WINDOWS\system32\LangWrbk.dll
MD5: 6358c181bf021970a897c1fab0ecf5d2 C:\WINDOWS\system32\loadperf.dll
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll
MD5: 6c40d5ed8951ab7b90d08af655224ee4 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
MD5: 90abbbffd282900cfaaabab53bedebdb C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll
MD5: 855f6333e3a4dfc6f3c8b0520c261fcd C:\WINDOWS\system32\MSFTEDIT.DLL
MD5: 886b62a906b3967cbbf0fd2c833a30bf C:\WINDOWS\system32\mshtml.dll
MD5: d3f72d50de53f9f1f55240115af4d42e c:\windows\system32\msi.dll
MD5: 85ac5f11d4759d13674b3e92eac3f140 C:\WINDOWS\system32\msident.dll
MD5: 7ed041c7f82a381417aa3f43ab55f95a C:\WINDOWS\system32\msidntld.dll
MD5: 6e914eedd145c5acce56f4d5f3d606fc C:\WINDOWS\system32\mssph.dll
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll
MD5: acfee2392503dd5e457363a0510b8bcb C:\WINDOWS\system32\msxml3.dll
MD5: a0ae7f043497c9971e9d7fe291099d40 C:\WINDOWS\system32\msxml6.dll
MD5: 2b8b64aa14f817bdf3e3204fb041a61d C:\WINDOWS\System32\mtxoci.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\System32\netshell.dll
MD5: 7a1e2af50ddcdd49c114c1099dbef6e1 C:\WINDOWS\system32\npDeployJava1.dll
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll
MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll
MD5: d59a7119054d70fc745a1bf9c06dcc65 C:\WINDOWS\system32\oeph.dll
MD5: 6bad1bed9872e62049e487fb91ae2f3a C:\WINDOWS\system32\ole32.dll
MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll
MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll
MD5: 0f64207b49390c8063c36ae7cbf9c2db C:\WINDOWS\system32\schannel.dll
MD5: a80388f8be1fe15e86747cb35d55be5c C:\WINDOWS\system32\shdocvw.dll
MD5: 6843d54bc4a40cc8c5741af750233d10 C:\WINDOWS\system32\SHELL32.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll
MD5: a70936c9af9253aac603fe8503b03da4 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD7Q.DLL
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll
MD5: d0049860b63dd87a73a5d165c829c65f C:\WINDOWS\system32\t2embed.dll
MD5: ba8fdf82d0b1316d5eaf60f5a0498de1 C:\WINDOWS\system32\uncdms.dll
MD5: fdf44991cb9a33c901ffcbdf19ce95be C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll
MD5: eb7494ecfe01b70b83e781eeb8f88c8a C:\WINDOWS\system32\wbem\WMIApRes.dll
MD5: 684559a03cbc1d05ba120a18b0d8ba5d c:\windows\system32\WINHTTP.dll
MD5: 6b1774334e2975aa60596e54f5ea1430 C:\WINDOWS\system32\WININET.dll
MD5: 4a953f13942867ba8fb41f141ec1b80c C:\WINDOWS\system32\WINMM.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 8c7dca4b158bf16894120786a7a5f366 C:\WINDOWS\system32\winsrv.dll
MD5: 95f5c420e9bdd4c3569602911420a774 C:\WINDOWS\system32\WINTRUST.dll
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: fc3ec24fce372c89423e015a2ac1a31e C:\WINDOWS\system32\wuaueng.dll
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCR90.dll
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 80776884e7a05d6da5040926f82b0273 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\gdiplus.dll


No file uploaded.

Scan finished - communication took 5 sec
Total traffic - 0.01 MB sent, 0.61 KB recvd
Scanned 545 files and modules - 83 seconds

==============================================================================

I


,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

Here's the OTL logs...both of them...in the order I received them...

OTL logfile created on: 7/28/2012 11:59:07 PM - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Nile R Vincent\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.37 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 72.56% Memory free
4.22 Gb Paging File | 3.76 Gb Available in Paging File | 89.06% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 65.29 Gb Free Space | 85.14% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 399.26 Gb Free Space | 85.72% Space Free | Partition Type: NTFS

Computer Name: NILE-VINCENT | User Name: Nile R Vincent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/27 00:12:47 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nile R Vincent\Desktop\OTL.exe
PRC - [2012/07/13 17:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/13 17:17:14 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe


========== Win32 Services (SafeList) ==========

SRV - [2012/07/27 04:30:19 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 17:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2003/08/28 14:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\NILERV~1\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\dcdbas32.sys -- (dcdbas)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\NILERV~1\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/06/19 23:19:01 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{019D1EAE-B095-404C-A7E7-13CFF2654E27}: "URL" = http://www.bing.com/...ferrer:source?}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-07-11 16:41:36&v=11.0.0.10&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/22 11:08:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/06/17 18:00:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nile R Vincent\Application Data\Mozilla\Extensions
[2012/07/28 23:47:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nile R Vincent\Application Data\Mozilla\Firefox\Profiles\gmzugg1n.default\extensions
[2012/07/28 23:47:38 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\Nile R Vincent\Application Data\Mozilla\Firefox\Profiles\gmzugg1n.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012/07/22 11:08:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/13 17:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/13 17:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/13 17:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/28 17:05:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O15 - HKCU\..Trusted Domains: emily18.com ([www] https in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1340890774875 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 74.40.74.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B283AE8E-A72D-42FE-BF6E-5CB80116A1EE}: DhcpNameServer = 192.168.1.1 74.40.74.40
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Nile R Vincent\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nile R Vincent\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/06/17 15:56:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A38B334A-A0A2-436D-BAA0-34FE5E517E44} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/28 23:47:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nile R Vincent\Application Data\QuickScan
[2012/07/28 18:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/07/28 17:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/28 17:15:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/28 05:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
[2012/07/28 05:13:35 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2012/07/28 05:11:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Nile R Vincent\Recent
[2012/07/28 02:21:49 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/28 02:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/28 02:04:25 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/28 02:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/28 01:22:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/07/28 01:21:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/28 01:21:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/28 01:21:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/28 01:21:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/28 01:04:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/28 01:04:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/07/27 23:31:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/27 23:03:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nile R Vincent\Desktop\GTG
[2012/07/27 01:39:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nile R Vincent\Desktop\Sniff's Pics
[2012/07/27 00:12:41 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nile R Vincent\Desktop\OTL.exe
[2012/07/26 19:41:47 | 004,541,824 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2012/07/26 19:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2012/07/26 19:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/07/26 19:17:15 | 000,039,800 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicInstG.dll
[2012/07/26 19:17:15 | 000,028,536 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicCo.dll
[2012/07/26 19:11:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nile R Vincent\Application Data\InstallShield
[2012/07/26 18:57:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nile R Vincent\Application Data\driveridentifier
[2012/07/26 18:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Driver Identifier
[2012/07/26 18:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Identifier
[2012/07/26 18:41:37 | 000,000,000 | ---D | C] -- C:\ViewSonic
[2012/07/26 18:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nile R Vincent\Local Settings\Application Data\PC_Drivers_Headquarters
[2012/07/26 17:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nile R Vincent\Application Data\Dell Drivers Update Utility
[2012/07/26 17:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DELL Drivers Update Utility
[2012/07/26 17:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\DELL Drivers Update Utility
[2012/07/26 17:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nile R Vincent\Local Settings\Application Data\DELL Drivers Update Utility
[2012/07/26 17:39:46 | 000,765,952 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System\crlds3d.dll
[2012/07/26 17:39:46 | 000,720,896 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\Audio3d.dll
[2012/07/26 17:39:46 | 000,003,744 | ---- | C] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smsens.sys
[2012/07/26 17:39:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\VirtualEar
[2012/07/26 17:39:45 | 000,049,152 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\DSndUp.exe
[2012/07/26 17:39:45 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2012/07/26 17:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2012/07/26 17:13:48 | 000,080,384 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\InetReg.crl
[2012/07/26 17:13:48 | 000,004,848 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\Helper.exe
[2012/07/26 17:13:47 | 000,434,688 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\InetReg.exe
[2012/07/26 17:13:47 | 000,041,984 | ---- | C] (Creative Technology Ltd ) -- C:\WINDOWS\Ctregrun.exe
[2012/07/26 17:12:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\SBPCT
[2012/07/26 17:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\CREATIVE
[2012/07/26 17:12:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Creative
[2012/07/26 17:12:47 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2012/07/26 16:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nile R Vincent\Local Settings\Application Data\Zoom_Downloader
[2012/07/26 16:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012/07/26 16:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/07/26 15:18:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2012/07/26 15:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012/07/26 01:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/07/26 01:59:31 | 001,698,408 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2012/07/26 01:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/07/26 01:12:23 | 000,000,000 | ---D | C] -- C:\ATI
[2012/07/22 11:22:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/07/22 11:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/07/21 23:22:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/07/14 00:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nile R Vincent\Application Data\vlc
[2012/07/14 00:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/07/12 01:01:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nile R Vincent\Desktop\Reviews
[2012/07/02 18:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
[2012/07/02 18:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2012/07/02 18:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2012/07/02 18:42:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2012/07/02 18:42:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/07/01 03:32:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nile R Vincent\Start Menu\Programs\Revo Uninstaller
[2012/07/01 03:32:22 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/07/01 03:31:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Nile R Vincent\My Documents\Downloads
[2012/06/21 02:30:28 | 000,055,808 | ---- | C] (N/A) -- C:\Documents and Settings\Nile R Vincent\CARDWAVE.DRV
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/28 23:43:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/28 23:30:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/28 17:36:21 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/28 17:26:33 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/07/28 17:25:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/28 17:05:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/28 17:04:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/28 15:44:04 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/07/27 20:26:24 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/07/27 04:30:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/07/27 04:30:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/07/27 00:12:47 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nile R Vincent\Desktop\OTL.exe
[2012/07/26 18:57:15 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Driver Identifier.lnk
[2012/07/26 17:33:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/26 17:15:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\Register Sound Blaster PCI Compact (Drivers Only) Web Release.lnk
[2012/07/22 12:25:02 | 000,443,432 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120722-171906.backup
[2012/07/22 11:08:19 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/07/19 01:35:42 | 000,443,432 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120722-122502.backup
[2012/07/18 17:23:26 | 000,443,432 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120719-013542.backup
[2012/07/18 00:27:51 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Nile R Vincent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/17 02:33:28 | 000,443,432 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120718-172326.backup
[2012/07/14 16:47:35 | 000,443,432 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120717-023328.backup
[2012/07/12 16:23:48 | 000,443,432 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120714-164735.backup
[2012/07/12 01:36:56 | 000,443,432 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120712-162348.backup
[2012/07/11 15:29:18 | 000,443,432 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120712-013656.backup
[2012/07/11 06:36:44 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Nile R Vincent\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/11 05:00:04 | 000,443,432 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120711-152918.backup
[2012/07/11 04:57:27 | 000,115,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 04:55:58 | 000,443,432 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120711-050004.backup
[2012/07/11 04:55:37 | 000,443,432 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120711-045558.backup
[2012/07/11 00:15:13 | 000,442,958 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120711-045537.backup
[2012/07/07 19:15:01 | 000,442,958 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120711-001513.backup
[2012/07/06 16:07:18 | 000,442,958 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120707-191501.backup
[2012/07/06 16:06:37 | 000,442,958 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120706-160718.backup
[2012/07/06 16:05:20 | 000,442,832 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120706-160637.backup
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/02 18:44:19 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012/07/02 18:43:45 | 000,001,730 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/07/01 15:56:35 | 000,442,832 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120706-160520.backup
[2012/07/01 03:32:23 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Nile R Vincent\Desktop\Revo Uninstaller.lnk
[2012/06/29 10:48:10 | 000,442,832 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120701-155635.backup
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/28 17:36:20 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/28 17:26:22 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/28 15:44:03 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2012/07/28 01:22:49 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/07/28 01:22:47 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/07/28 01:21:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/28 01:21:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/28 01:21:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/28 01:21:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/28 01:21:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/27 20:26:18 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/07/26 19:17:28 | 000,001,904 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
[2012/07/26 18:57:15 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Driver Identifier.lnk
[2012/07/26 18:36:11 | 000,007,786 | ---- | C] () -- C:\WINDOWS\g90f-3.cat
[2012/07/26 18:36:11 | 000,001,204 | ---- | C] () -- C:\WINDOWS\Q51-9.inf
[2012/07/26 18:36:11 | 000,001,164 | ---- | C] () -- C:\WINDOWS\G90f-3.inf
[2012/07/26 18:36:11 | 000,000,512 | ---- | C] () -- C:\WINDOWS\G90f-3.icm
[2012/07/26 18:36:10 | 000,007,794 | ---- | C] () -- C:\WINDOWS\vp171b-2.cat
[2012/07/26 18:36:10 | 000,007,782 | ---- | C] () -- C:\WINDOWS\q51-9.cat
[2012/07/26 18:36:10 | 000,001,224 | ---- | C] () -- C:\WINDOWS\VP171b-2.inf
[2012/07/26 18:36:10 | 000,000,512 | ---- | C] () -- C:\WINDOWS\VP171b-2.icm
[2012/07/26 18:36:10 | 000,000,512 | ---- | C] () -- C:\WINDOWS\Q51-9.icm
[2012/07/26 17:15:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\Register Sound Blaster PCI Compact (Drivers Only) Web Release.lnk
[2012/07/26 17:13:48 | 000,000,118 | ---- | C] () -- C:\WINDOWS\Inetreg.ini
[2012/07/25 02:24:09 | 000,089,258 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb
[2012/07/11 06:36:44 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/11 06:36:44 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/11 06:36:44 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/07/02 18:44:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/07/02 18:43:45 | 000,002,487 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
[2012/07/02 18:43:45 | 000,002,475 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint.lnk
[2012/07/02 18:43:45 | 000,002,046 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Outlook.lnk
[2012/07/02 18:43:45 | 000,002,022 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2012/07/02 18:43:45 | 000,001,990 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Access.lnk
[2012/07/01 03:32:23 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\Desktop\Revo Uninstaller.lnk
[2012/06/25 11:54:34 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7Q.DLL
[2012/06/23 02:10:13 | 000,013,440 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/06/22 19:40:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/21 02:30:28 | 000,192,494 | -H-- | C] () -- C:\Documents and Settings\Nile R Vincent\INTRO.WAV
[2012/06/21 02:30:28 | 000,146,432 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\MSUILSTF.DLL
[2012/06/21 02:30:28 | 000,083,456 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\MSCOMSTF.DLL
[2012/06/21 02:30:28 | 000,072,192 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\MSINSSTF.DLL
[2012/06/21 02:30:28 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\CARDMIDI.DRV
[2012/06/21 02:30:28 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\MSCUISTF.DLL
[2012/06/21 02:30:28 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\MSSHLSTF.DLL
[2012/06/21 02:30:28 | 000,022,234 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\INSTR.INI
[2012/06/21 02:30:28 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\MSDETSTF.DLL
[2012/06/21 02:30:28 | 000,017,206 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\WINAUDIO.INF
[2012/06/21 02:30:28 | 000,009,712 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\AUDPANEL.EXE
[2012/06/21 02:30:28 | 000,006,647 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\CARDWAVE.VXD
[2012/06/21 02:30:28 | 000,006,304 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\CONPANEL.EXE
[2012/06/21 02:30:28 | 000,003,497 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\OEM.INF
[2012/06/20 22:44:10 | 000,065,800 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/06/20 22:35:36 | 000,004,140 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2012/06/19 00:30:02 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Nile R Vincent\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/17 18:31:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/06/17 15:58:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/06/17 15:53:34 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/06/17 08:45:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/06/17 08:44:08 | 000,115,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/25 21:21:48 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OVDecoder.dll

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: HDS728080PLAT20
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed\thard disk media
Interface type: USB
Media Type: Fixed\thard disk media
Model: Seagate FreeAgent Go USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 77.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 466.00GB
Starting Offset: 32256
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/06/17 19:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\Ad-Aware Antivirus
[2012/06/18 23:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\Adobe
[2012/06/23 02:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\Apple Computer
[2012/06/20 22:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\Carambis
[2012/06/20 11:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\Dell
[2012/07/26 17:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\Dell Drivers Update Utility
[2012/07/26 18:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\driveridentifier
[2012/06/22 22:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\ElevatedDiagnostics
[2012/06/17 16:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\Identities
[2012/07/26 19:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\InstallShield
[2012/06/24 20:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\KompoZer
[2012/06/17 20:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\Macromedia
[2012/06/17 18:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\Malwarebytes
[2012/07/18 00:59:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\Microsoft
[2012/06/17 18:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\Mozilla
[2012/06/19 23:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\Oracle
[2012/06/20 11:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\PCDr
[2012/07/28 23:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\QuickScan
[2012/07/01 03:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\Real
[2012/06/19 23:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\Sun
[2012/06/20 00:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\SystemRequirementsLab
[2012/06/25 02:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\vcards
[2012/07/28 03:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\vlc
[2012/06/20 02:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\Windows Desktop Search
[2012/06/20 09:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\Windows Search
[2012/06/27 04:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nile R Vincent\Application Data\Yahoo!

< MD5 for: ATAPI.SYS >
[2008/04/14 05:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008/04/14 05:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/04/14 05:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2008/04/14 05:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\dllcache\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008/06/20 09:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\erdnt\cache\mswsock.dll
[2008/06/20 09:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 09:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/06/20 10:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll

< MD5 for: NWPROVAU.DLL >
[2008/04/14 05:00:00 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\dllcache\nwprovau.dll
[2008/04/14 05:00:00 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\nwprovau.dll

< MD5 for: PNRPNSP.DLL >
[2008/04/14 05:00:00 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\dllcache\pnrpnsp.dll
[2008/04/14 05:00:00 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 04:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\erdnt\cache\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINRNR.DLL >
[2008/04/14 05:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\system32\dllcache\winrnr.dll
[2008/04/14 05:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\system32\winrnr.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/13 17:17:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/13 17:17:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/13 17:17:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/13 17:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/13 17:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/13 17:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 04:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 04:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 04:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/13 17:17:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/13 17:17:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/13 17:17:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/13 17:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/13 17:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/13 17:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 04:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 04:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 04:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >

And the 2nd OTL log

OTL Extras logfile created on: 7/28/2012 11:59:07 PM - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Nile R Vincent\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.37 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 72.56% Memory free
4.22 Gb Paging File | 3.76 Gb Available in Paging File | 89.06% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 65.29 Gb Free Space | 85.14% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 399.26 Gb Free Space | 85.72% Space Free | Partition Type: NTFS

Computer Name: NILE-VINCENT | User Name: Nile R Vincent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1" = DriverIdentifier 4.1
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48963B63-7A10-49D6-8B08-61E6132453D0}" = ViewSonic Monitor Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9CC869F-DA2B-3E9B-EF47-29F831A41619}" = AMD Catalyst Install Manager
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows XP Signed Files
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"DELL Drivers Update Utility_is1" = DELL Drivers Update Utility
"Dell Support Center" = Dell Support Center
"ESET Online Scanner" = ESET Online Scanner v3
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROSet" = Intel® PRO Network Connections Drivers
"Revo Uninstaller" = Revo Uninstaller 1.94
"SBPCIUnInstall" = Creative PCI Audio Drivers
"Sound Blaster PCI Compact Drivers Online Help" = Sound Blaster PCI Compact Drivers Online Help
"VLC media player" = VLC media player 2.0.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/26/2012 7:20:22 PM | Computer Name = NILE-VINCENT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\PRICEGONG\PRICEGONG
CONTACT US.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 7/26/2012 7:20:22 PM | Computer Name = NILE-VINCENT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\PRICEGONG\UNINSTALL
PRICEGONG.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 7/26/2012 7:20:22 PM | Computer Name = NILE-VINCENT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\PRICEGONG\UNINSTALL
PRICEGONG.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 7/26/2012 9:03:44 PM | Computer Name = NILE-VINCENT | Source = MsiInstaller | ID = 11606
Description = Product: Driver Tool -- Error 1606.Could not access network location
http://c15045070.r70...m/Config~1.cab.

Error - 7/26/2012 9:03:47 PM | Computer Name = NILE-VINCENT | Source = MsiInstaller | ID = 11606
Description = Product: Driver Tool -- Error 1606.Could not access network location
http://c15045070.r70...m/Config~1.cab.

Error - 7/26/2012 9:32:52 PM | Computer Name = NILE-VINCENT | Source = Application Error | ID = 1000
Description = Faulting application setup.exe, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x0a0a0a7d.

Error - 7/26/2012 9:33:39 PM | Computer Name = NILE-VINCENT | Source = Application Hang | ID = 1002
Description = Hanging application Setup.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/26/2012 11:02:25 PM | Computer Name = NILE-VINCENT | Source = Microsoft Security Client | ID = 5000
Description =

Error - 7/28/2012 12:15:00 AM | Computer Name = NILE-VINCENT | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 7/28/2012 8:26:18 PM | Computer Name = NILE-VINCENT | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.0.1526.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

[ Application Events ]
Error - 7/26/2012 7:20:22 PM | Computer Name = NILE-VINCENT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\PRICEGONG\PRICEGONG
CONTACT US.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 7/26/2012 7:20:22 PM | Computer Name = NILE-VINCENT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\PRICEGONG\UNINSTALL
PRICEGONG.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 7/26/2012 7:20:22 PM | Computer Name = NILE-VINCENT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\PRICEGONG\UNINSTALL
PRICEGONG.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 7/26/2012 9:03:44 PM | Computer Name = NILE-VINCENT | Source = MsiInstaller | ID = 11606
Description = Product: Driver Tool -- Error 1606.Could not access network location
http://c15045070.r70...m/Config~1.cab.

Error - 7/26/2012 9:03:47 PM | Computer Name = NILE-VINCENT | Source = MsiInstaller | ID = 11606
Description = Product: Driver Tool -- Error 1606.Could not access network location
http://c15045070.r70...m/Config~1.cab.

Error - 7/26/2012 9:32:52 PM | Computer Name = NILE-VINCENT | Source = Application Error | ID = 1000
Description = Faulting application setup.exe, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x0a0a0a7d.

Error - 7/26/2012 9:33:39 PM | Computer Name = NILE-VINCENT | Source = Application Hang | ID = 1002
Description = Hanging application Setup.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/26/2012 11:02:25 PM | Computer Name = NILE-VINCENT | Source = Microsoft Security Client | ID = 5000
Description =

Error - 7/28/2012 12:15:00 AM | Computer Name = NILE-VINCENT | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 7/28/2012 8:26:18 PM | Computer Name = NILE-VINCENT | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.0.1526.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

[ Application Events ]
Error - 7/26/2012 7:20:22 PM | Computer Name = NILE-VINCENT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\PRICEGONG\PRICEGONG
CONTACT US.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 7/26/2012 7:20:22 PM | Computer Name = NILE-VINCENT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\PRICEGONG\UNINSTALL
PRICEGONG.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 7/26/2012 7:20:22 PM | Computer Name = NILE-VINCENT | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\PRICEGONG\UNINSTALL
PRICEGONG.LNK> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 7/26/2012 9:03:44 PM | Computer Name = NILE-VINCENT | Source = MsiInstaller | ID = 11606
Description = Product: Driver Tool -- Error 1606.Could not access network location
http://c15045070.r70...m/Config~1.cab.

Error - 7/26/2012 9:03:47 PM | Computer Name = NILE-VINCENT | Source = MsiInstaller | ID = 11606
Description = Product: Driver Tool -- Error 1606.Could not access network location
http://c15045070.r70...m/Config~1.cab.

Error - 7/26/2012 9:32:52 PM | Computer Name = NILE-VINCENT | Source = Application Error | ID = 1000
Description = Faulting application setup.exe, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x0a0a0a7d.

Error - 7/26/2012 9:33:39 PM | Computer Name = NILE-VINCENT | Source = Application Hang | ID = 1002
Description = Hanging application Setup.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/26/2012 11:02:25 PM | Computer Name = NILE-VINCENT | Source = Microsoft Security Client | ID = 5000
Description =

Error - 7/28/2012 12:15:00 AM | Computer Name = NILE-VINCENT | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 7/28/2012 8:26:18 PM | Computer Name = NILE-VINCENT | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.0.1526.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 7/27/2012 5:30:25 AM | Computer Name = NILE-VINCENT | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 7/27/2012 5:30:26 AM | Computer Name = NILE-VINCENT | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481

Error - 7/27/2012 11:03:17 PM | Computer Name = NILE-VINCENT | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 7/27/2012 11:03:17 PM | Computer Name = NILE-VINCENT | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481

Error - 7/27/2012 11:06:23 PM | Computer Name = NILE-VINCENT | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 7/27/2012 11:06:23 PM | Computer Name = NILE-VINCENT | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481

Error - 7/27/2012 11:27:08 PM | Computer Name = NILE-VINCENT | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 7/27/2012 11:27:13 PM | Computer Name = NILE-VINCENT | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481

Error - 7/28/2012 12:32:41 AM | Computer Name = NILE-VINCENT | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 7/28/2012 12:32:42 AM | Computer Name = NILE-VINCENT | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481

[ System Events ]
Error - 7/27/2012 5:30:25 AM | Computer Name = NILE-VINCENT | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 7/27/2012 5:30:26 AM | Computer Name = NILE-VINCENT | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481

Error - 7/27/2012 11:03:17 PM | Computer Name = NILE-VINCENT | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 7/27/2012 11:03:17 PM | Computer Name = NILE-VINCENT | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481

Error - 7/27/2012 11:06:23 PM | Computer Name = NILE-VINCENT | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 7/27/2012 11:06:23 PM | Computer Name = NILE-VINCENT | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481

Error - 7/27/2012 11:27:08 PM | Computer Name = NILE-VINCENT | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 7/27/2012 11:27:13 PM | Computer Name = NILE-VINCENT | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481

Error - 7/28/2012 12:32:41 AM | Computer Name = NILE-VINCENT | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 7/28/2012 12:32:42 AM | Computer Name = NILE-VINCENT | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481


< End of report >

Here are the 2 VEW logs you requested...


#1


Vino's Event Viewer v01c run on Windows XP in English
Report run at 29/07/2012 12:27:24 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/07/2012 12:27:15 AM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 29/07/2012 12:16:07 AM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

#2

Vino's Event Viewer v01c run on Windows XP in English
Report run at 29/07/2012 12:32:03 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by Mr. Rufus Sniff, 29 July 2012 - 01:32 AM.

  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
Sorry, lost your notice that you had replied.

An error was detected on device \Device\Harddisk1\D during a paging operation.


Run check disk on each drive as follows:


1. Double-click My Computer, and then right-click the hard disk that you want to check. C: (next time do E:)
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check.

Reboot. The disk check will run and will probably take an hour or more to finish for C and E.

You are showing some errors in applications:

Error - 7/26/2012 9:03:44 PM | Computer Name = NILE-VINCENT | Source = MsiInstaller | ID = 11606
Description = Product: Driver Tool -- Error 1606.Could not access network location
http://c15045070.r70...m/Config~1.cab.


Don't know much about Driver Tool but I would uninstall it. If you use it then download a new copy and reinstall it. (Right click on the install program and Run As Admin)

Error - 7/27/2012 5:30:25 AM | Computer Name = NILE-VINCENT | Source = UPS | ID = 2481
Description = The UPS service is not configured correctly.

Error - 7/27/2012 5:30:26 AM | Computer Name = NILE-VINCENT | Source = Service Control Manager | ID = 7023
Description = The Uninterruptible Power Supply service terminated with the following
error: %%2481



I would uninstall Uninterruptible Power Supply or if you can't find it to uninstall then just change the Startup Type on the service to Disabled.

(Right click on (My) Computer and select Manage then Services and Applications then Services. Find Uninterruptible Power Supply service and right click on it and select Properties then change the Startup Type to Disabled. Apply or OK.

While you are there I would turn off Windows Search the same way. You don't need it and it is having problems.

ESET did not like two files. I would delete them:

C:\Documents and Settings\Nile R Vincent\Desktop\Initial DLs and Installs\cnet2_11-11_xp32_dd_exe.exe
C:\Documents and Settings\Nile R Vincent\Desktop\Initial DLs and Installs\cnet2_WDM_R268_exe.exe

Other than that I would say you are clean. If you have no other problems we can clean up:


We need to cleanup System Restore:

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#9
Mr. Rufus Sniff

Mr. Rufus Sniff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ron,

Ok, I'm at the point where we do the "Clean-up System Restore"

(Right after disabling the Uninteruptible Power Supply and Windows Search)

(ESET's 2 files you said it didn't like were no where to be found)

You stated " If you have no other problems we can clean up..."

Question...in Device Manager, under 'Other Devices' the Video Controller (VGA Compatible)
still has that 'Yellow Question Mark'...

Is this any issue at all??

Edited by Mr. Rufus Sniff, 01 August 2012 - 09:33 PM.

  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
If you haven't already, download and install

Intel 845 G/GL Integrated Video

http://www.dell.com/...oductCode=False

If you still have the problem then right click on it and uninstall and reboot.
  • 0

Advertisements


#11
Mr. Rufus Sniff

Mr. Rufus Sniff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ok,
When I downloaded and installed "Intel 845 G/GL Integrated Video"...
I had this error:
"Error: The INF file does not contain info for this system hardware...Setup will abort"

So I uninstalled and rebooted, as you asked.

The issue with the yellow question mark "Other Devices' the Video Controller (VGA Compatible)"
is still there...

Also, all my video sound is "echoing and doubling over itself"...sounding warped...

Plus I'm still having issues with the monitor...when you advise to reboot...when I do, the monitor fades to "no signal, analog"...just as it did initially right before I signed up...so I have to "hard reboot"...(I hate that :( )...I've heard that ain't good for the ol' system...

What do you advise?
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
It's acting like the PC is not what Dell says it is.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.
  • 0

#13
Mr. Rufus Sniff

Mr. Rufus Sniff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ok, here's the summary of the Speccy run...


Summary
Operating System
MS Windows XP Professional 32-bit SP3
CPU
Intel Pentium 4
Prescott 90nm Technology
RAM
2.00 GB Single-Channel DDR @ 133MHz (2.5-3-3-6)
Motherboard
Dell Computer Corp. 0W2563 (Microprocessor) 35 C
Graphics
Standard Monitor ([email protected])
Hard Drives
77GB Hitachi HDS728080PLAT20 (PATA) 35 C
Optical Drives
HL-DT-ST RW/DVD GCC-4480B
Audio
SoundMAX Integrated Digital Audio
Operating System
MS Windows XP Professional 32-bit SP3
Computer type: Mini Tower
Installation Date: 17 June 2012, 15:58
Serial Number:
Windows Security Center
Firewall Enabled
Windows Update
AutoUpdate Download Automatically and Install at Set Scheduled time
Schedule Frequency Every day
Schedule Time 6 am
Antivirus
Antivirus Enabled
Company Name Microsoft
Display Name Microsoft Security Essentials
Product Version 4.0.1526.0
Environment Variables
USERPROFILE C:\Documents and Settings\Nile R Vincent
SystemRoot C:\WINDOWS
User Variables
TEMP C:\Documents and Settings\Nile R Vincent\Local Settings\Temp
TMP C:\Documents and Settings\Nile R Vincent\Local Settings\Temp
Machine Variables
ComSpec C:\WINDOWS\system32\cmd.exe
Path C:\WINDOWS\system32
C:\WINDOWS
C:\WINDOWS\system32\wbem
C:\Program Files\AMD APP\bin\x86
C:\WINDOWS\system32\WindowsPowerShell\v1.0
windir C:\WINDOWS
FP_NO_HOST_CHECK NO
OS Windows_NT
PROCESSOR_ARCHITECTURE x86
PROCESSOR_LEVEL 15
PROCESSOR_IDENTIFIER x86 Family 15 Model 3 Stepping 3, GenuineIntel
PROCESSOR_REVISION 0303
NUMBER_OF_PROCESSORS 1
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
TEMP C:\WINDOWS\TEMP
TMP C:\WINDOWS\TEMP
PSModulePath C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
AMDAPPSDKROOT C:\Program Files\AMD APP\
Battery
AC line Online
Battery full time Unknown
Battery Charge % Unknown
Battery State No Battery
Amount of time remaining (sec) Unknown
Power Profile
Active power scheme Home/Office Desk
Hibernation Disabled
Power Shutdown Enabled
Power Suspend Disabled
Turn Off Monitor after: (On AC Power) 20 min
Turn Off Monitor after: (On Battery Power) 5 min
Turn Off Hard Disk after: (On AC Power) Never
Turn Off Hard Disk after: (On Battery Power) 10 min
Suspend after: (On AC Power) Never
Suspend after: (On Battery Power) 5 min
Screen saver Disabled
Uptime
Current Session
Current Time 8/2/2012 2:54:11 AM
Current Uptime 457 sec (0 d, 00 h, 07 m, 37 s)
Last Boot Time 8/2/2012 2:46:34 AM
Last ShutDown Time 8/2/2012 2:46:16 AM
Uptime Statistics
First Boot Time 7/29/2012 12:17:04 AM
First Shutdown Time 7/29/2012 12:16:26 AM
Total Uptime 320434 sec (3 d, 17 h, 00 m, 34 s)
Total Downtime 27806 sec (0 d, 07 h, 43 m, 26 s)
Longest Uptime 58044 sec (0 d, 16 h, 07 m, 24 s)
Longest Downtime 24539 sec (0 d, 06 h, 48 m, 59 s)
Total Reboots 24
System Availability 92.02%
TimeZone
TimeZone GMT -8 Hours
Language English
Country United States
Currency $
Date Format M/d/yyyy
Time Format h:mm:ss tt
Process List
alg.exe
Process ID 2320
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\WINDOWS\System32\alg.exe
Memory Usage 3.48 MB
Peak Memory Usage 3.49 MB
csrss.exe
Process ID 640
User SYSTEM
Domain NT AUTHORITY
Path \??\C:\WINDOWS\system32\csrss.exe
Memory Usage 3.73 MB
Peak Memory Usage 4.09 MB
ctfmon.exe
Process ID 472
User Nile R Vincent
Domain NILE-VINCENT
Path C:\WINDOWS\system32\ctfmon.exe
Memory Usage 3.16 MB
Peak Memory Usage 3.16 MB
explorer.exe
Process ID 1520
User Nile R Vincent
Domain NILE-VINCENT
Path C:\WINDOWS\Explorer.EXE
Memory Usage 30 MB
Peak Memory Usage 34 MB
firefox.exe
Process ID 3036
User Nile R Vincent
Domain NILE-VINCENT
Path C:\Program Files\Mozilla Firefox\firefox.exe
Memory Usage 122 MB
Peak Memory Usage 178 MB
jqs.exe
Process ID 1232
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
Memory Usage 1.47 MB
Peak Memory Usage 3.92 MB
jusched.exe
Process ID 432
User Nile R Vincent
Domain NILE-VINCENT
Path C:\Program Files\Common Files\Java\Java Update\jusched.exe
Memory Usage 2.82 MB
Peak Memory Usage 2.82 MB
lsass.exe
Process ID 728
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\lsass.exe
Memory Usage 6.10 MB
Peak Memory Usage 6.14 MB
msmpeng.exe
Process ID 1096
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Microsoft Security Client\MsMpEng.exe
Memory Usage 61 MB
Peak Memory Usage 95 MB
msseces.exe
Process ID 452
User Nile R Vincent
Domain NILE-VINCENT
Path C:\Program Files\Microsoft Security Client\msseces.exe
Memory Usage 9.47 MB
Peak Memory Usage 11 MB
plugin-container.exe
Process ID 3340
User Nile R Vincent
Domain NILE-VINCENT
Path C:\Program Files\Mozilla Firefox\plugin-container.exe
Memory Usage 22 MB
Peak Memory Usage 39 MB
scardsvr.exe
Process ID 1908
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\WINDOWS\System32\SCardSvr.exe
Memory Usage 2.58 MB
Peak Memory Usage 2.58 MB
services.exe
Process ID 716
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\services.exe
Memory Usage 3.60 MB
Peak Memory Usage 3.60 MB
smss.exe
Process ID 568
User SYSTEM
Domain NT AUTHORITY
Path \SystemRoot\System32\smss.exe
Memory Usage 416 KB
Peak Memory Usage 736 KB
speccy.exe
Process ID 1960
User Nile R Vincent
Domain NILE-VINCENT
Path C:\Program Files\Speccy\Speccy.exe
Memory Usage 19 MB
Peak Memory Usage 19 MB
spoolsv.exe
Process ID 1860
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\spoolsv.exe
Memory Usage 5.05 MB
Peak Memory Usage 5.07 MB
svchost.exe
Process ID 888
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 4.75 MB
Peak Memory Usage 4.80 MB
svchost.exe
Process ID 1004
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 4.21 MB
Peak Memory Usage 4.23 MB
svchost.exe
Process ID 1136
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\System32\svchost.exe
Memory Usage 24 MB
Peak Memory Usage 131 MB
svchost.exe
Process ID 1260
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 3.66 MB
Peak Memory Usage 3.98 MB
svchost.exe
Process ID 1468
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\System32\svchost.exe
Memory Usage 4.91 MB
Peak Memory Usage 4.93 MB
svchost.exe
Process ID 1592
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 5.05 MB
Peak Memory Usage 5.07 MB
svchost.exe
Process ID 1660
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\System32\svchost.exe
Memory Usage 6.27 MB
Peak Memory Usage 6.29 MB
svchost.exe
Process ID 916
Path C:\WINDOWS\system32\svchost.exe
Memory Usage 3.66 MB
Peak Memory Usage 3.66 MB
system
Process ID 4
Memory Usage 212 KB
Peak Memory Usage 1.99 MB
system idle process
Process ID 0
windowssearch.exe
Process ID 504
User Nile R Vincent
Domain NILE-VINCENT
Path C:\Program Files\Windows Desktop Search\WindowsSearch.exe
Memory Usage 9.52 MB
Peak Memory Usage 9.52 MB
winlogon.exe
Process ID 664
User SYSTEM
Domain NT AUTHORITY
Path \??\C:\WINDOWS\system32\winlogon.exe
Memory Usage 4.16 MB
Peak Memory Usage 12 MB
wmiapsrv.exe
Process ID 1452
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\wbem\wmiapsrv.exe
Memory Usage 3.93 MB
Peak Memory Usage 3.94 MB
wmiprvse.exe
Process ID 348
Path C:\WINDOWS\system32\wbem\wmiprvse.exe
Memory Usage 6.37 MB
Peak Memory Usage 6.70 MB
wuauclt.exe
Process ID 1160
User SYSTEM
Domain NT AUTHORITY
Path C:\WINDOWS\system32\wuauclt.exe
Memory Usage 45 MB
Peak Memory Usage 115 MB
Scheduler
8/2/2012 3:30 AM;Every 1 hour(s) from 12:30 AM for 24 hour(s) every day, starting 1/1/2000 Adobe Flash Player Updater
8/2/2012 5:33 PM;At 5:33 PM every Thu of every week, starting 6/23/2012 AppleSoftwareUpdate
8/5/2012 1:54 AM;At 1:54 AM every Sun of every week, starting 8/2/2012 Microsoft Antimalware Scheduled Scan
Hotfixes
8/1/2012 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.131.1201.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
7/31/2012 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.131.1082.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
7/30/2012 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.131.1006.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
7/30/2012 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.131.973.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
7/29/2012 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.131.925.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
7/29/2012 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.131.912.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
7/28/2012 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.131.912.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
7/27/2012 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.131.805.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
7/27/2012 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.131.765.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
7/26/2012 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.131.765.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
7/26/2012 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.131.740.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
7/26/2012 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.131.694.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
7/25/2012 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.131.622.0)
Install this update to revise the definition files that are used
to detect viruses, spyware, and other potentially unwanted software.
Once you have installed this item, it cannot be removed.
System Folders
Path for burning CD C:\Documents and Settings\Nile R Vincent\Local Settings\Application Data\Microsoft\CD Burning
Application Data C:\Documents and Settings\All Users\Application Data
Public Desktop C:\Documents and Settings\All Users\Desktop
Documents C:\Documents and Settings\All Users\Documents
Global Favorites C:\Documents and Settings\All Users\Favorites
Music C:\Documents and Settings\All Users\Documents\My Music
Pictures C:\Documents and Settings\All Users\Documents\My Pictures
Start Menu Programs C:\Documents and Settings\All Users\Start Menu\Programs
Start Menu C:\Documents and Settings\All Users\Start Menu
Startup C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Templates C:\Documents and Settings\All Users\Templates
Videos C:\Documents and Settings\All Users\Documents\My Videos
Cookies C:\Documents and Settings\Nile R Vincent\Cookies
Desktop C:\Documents and Settings\Nile R Vincent\Desktop
Physical Desktop C:\Documents and Settings\Nile R Vincent\Desktop
User Favorites C:\Documents and Settings\Nile R Vincent\Favorites
Fonts C:\WINDOWS\Fonts
Internet History C:\Documents and Settings\Nile R Vincent\Local Settings\History
Temporary Internet Files C:\Documents and Settings\Nile R Vincent\Local Settings\Temporary Internet Files
Local Application Data C:\Documents and Settings\Nile R Vincent\Local Settings\Application Data
Windows directory C:\WINDOWS
Windows/System C:\WINDOWS\system32
Program Files C:\Program Files
Security Options
Accounts: Administrator account status Enabled
Accounts: Guest account status Disabled
Accounts: Limit local account use of blank passwords to console logon only Enabled
Accounts: Rename administrator account Administrator
Accounts: Rename guest account Guest
Audit: Audit the access of global system objects Disabled
Audit: Audit the use of Backup and Restore privilege Disabled
Audit: Shut down system immediately if unable to log security audits Disabled
DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax Not defined
DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax Not defined
Devices: Allow undock without having to log on Enabled
Devices: Allowed to format and eject removable media Administrators
Devices: Prevent users from installing printer drivers Disabled
Devices: Restrict CD-ROM access to locally logged-on user only 0
Devices: Restrict floppy access to locally logged-on user only 0
Devices: Unsigned driver installation behavior 00
Domain controller: Allow server operators to schedule tasks Not defined
Domain controller: LDAP server signing requirements Not defined
Domain controller: Refuse machine account password changes Not defined
Domain member: Digitally encrypt or sign secure channel data (always) Enabled
Domain member: Digitally encrypt secure channel data (when possible) Enabled
Domain member: Digitally sign secure channel data (when possible) Enabled
Domain member: Disable machine account password changes Disabled
Domain member: Maximum machine account password age 30 days
Domain member: Require strong (Windows 2000 or later) session key Disabled
Interactive logon: Display user information when the session is locked Not defined
Interactive logon: Do not display last user name Disabled
Interactive logon: Do not require CTRL+ALT+DEL Not defined
Interactive logon: Message text for users attempting to log on Not defined
Interactive logon: Message title for users attempting to log on
Interactive logon: Number of previous logons to cache (in case domain controller is not available) 10 logons
Interactive logon: Prompt user to change password before expiration 14 days
Interactive logon: Require Domain Controller authentication to unlock workstation Disabled
Interactive logon: Require smart card Not defined
Interactive logon: Smart card removal behavior No Action
Microsoft network client: Digitally sign communications (always) Disabled
Microsoft network client: Digitally sign communications (if server agrees) Enabled
Microsoft network client: Send unencrypted password to third-party SMB servers Disabled
Microsoft network server: Amount of idle time required before suspending session 15 minutes
Microsoft network server: Digitally sign communications (always) Disabled
Microsoft network server: Digitally sign communications (if client agrees) Disabled
Microsoft network server: Disconnect clients when logon hours expire Enabled
Network access: Allow anonymous SID/Name translation Disabled
Network access: Do not allow anonymous enumeration of SAM accounts Enabled
Network access: Do not allow anonymous enumeration of SAM accounts and shares Disabled
Network access: Do not allow storage of credentials or .NET Passports for network authentication Disabled
Network access: Let Everyone permissions apply to anonymous users Disabled
Network access: Named Pipes that can be accessed anonymously COMNAP,COMNODE,SQL\QUERY,SPOOLSS,LLSRPC,browser
Network access: Remotely accessible registry paths System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Control\Server Applications,System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server,Software\Microsoft\Windows NT\CurrentVersion,System\CurrentControlSet\Control\ContentIndex,System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig,System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration
Network access: Shares that can be accessed anonymously COMCFG,DFS$
Network access: Sharing and security model for local accounts Guest only - local users authenticate as Guest
Network security: Do not store LAN Manager hash value on next password change Disabled
Network security: Force logoff when logon hours expire Disabled
Network security: LAN Manager authentication level Send LM & NTLM responses
Network security: LDAP client signing requirements Negotiate signing
Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
Recovery console: Allow automatic administrative logon Enabled
Recovery console: Allow floppy copy and access to all drives and all folders Enabled
Shutdown: Allow system to be shut down without having to log on Enabled
Shutdown: Clear virtual memory pagefile Disabled
System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing Disabled
System objects: Default owner for objects created by members of the Administrators group Object creator
System objects: Require case insensitivity for non-Windows subsystems Enabled
System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) Enabled
Services
Running Application Layer Gateway Service
Running Automatic Updates
Running Background Intelligent Transfer Service
Running COM+ Event System
Running CryptSvc
Running DCOM Server Process Launcher
Running DHCP Client
Running Distributed Link Tracking Client
Running DNS Client
Running Error Reporting Service
Running Event Log
Running Extensible Authentication Protocol Service
Running Fast User Switching Compatibility
Running Help and Support
Running HID Input Service
Running IPSEC Services
Running Java Quick Starter
Running Logical Disk Manager
Running Microsoft Antimalware Service
Running Network Connections
Running Network Location Awareness (NLA)
Running Plug and Play
Running Print Spooler
Running Protected Storage
Running Remote Access Connection Manager
Running Remote Procedure Call (RPC)
Running Remote Registry
Running Secondary Logon
Running Security Accounts Manager
Running Security Center
Running Server
Running Shell Hardware Detection
Running Smart Card
Running SSDP Discovery Service
Running System Event Notification
Running System Restore Service
Running Task Scheduler
Running TCP/IP NetBIOS Helper
Running Telephony
Running Terminal Services
Running Themes
Running Universal Plug and Play Device Host
Running WebClient
Running Windows Audio
Running Windows Firewall/Internet Connection Sharing (ICS)
Running Windows Management Instrumentation
Running Windows Time
Running Wired AutoConfig
Running Wireless Zero Configuration
Running WMI Performance Adapter
Running Workstation
Stopped .NET Runtime Optimization Service v2.0.50727_X86
Stopped Adobe Flash Player Update Service
Stopped Alerter
Stopped Application Management
Stopped ASP.NET State Service
Stopped ClipBook
Stopped COM+ System Application
Stopped Computer Browser
Stopped Distributed Transaction Coordinator
Stopped Health Key and Certificate Management Service
Stopped HTTP SSL
Stopped IMAPI CD-Burning COM Service
Stopped Indexing Service
Stopped Logical Disk Manager Administrative Service
Stopped Messenger
Stopped Microsoft .NET Framework NGEN v4.0.30319_X86
Stopped Microsoft Automated Troubleshooting Service
Stopped Mozilla Maintenance Service
Stopped MS Software Shadow Copy Provider
Stopped Net Logon
Stopped Net.Tcp Port Sharing Service
Stopped NetMeeting Remote Desktop Sharing
Stopped Network Access Protection Agent
Stopped Network DDE
Stopped Network DDE DSDM
Stopped Network Provisioning Service
Stopped NT LM Security Support Provider
Stopped Performance Logs and Alerts
Stopped Portable Media Serial Number Service
Stopped QoS RSVP
Stopped Remote Access Auto Connection Manager
Stopped Remote Desktop Help Session Manager
Stopped Remote Procedure Call (RPC) Locator
Stopped Removable Storage
Stopped Routing and Remote Access
Stopped Telnet
Stopped Uninterruptible Power Supply
Stopped Volume Shadow Copy
Stopped Windows CardSpace
Stopped Windows Driver Foundation - User-mode Driver Framework
Stopped Windows Image Acquisition (WIA)
Stopped Windows Installer
Stopped Windows Management Instrumentation Driver Extensions
Stopped Windows Media Player Network Sharing Service
Stopped Windows Presentation Foundation Font Cache 3.0.0.0
Stopped Windows Presentation Foundation Font Cache 4.0.0.0
Stopped Windows Remote Management (WS-Management)
Stopped Windows Search
Device Tree
ACPI Uniprocessor PC
Microsoft ACPI-Compliant System
ACPI Power Button
Intel® Pentium® 4 CPU 2.80GHz
System board
ACPI Fixed Feature Button
PCI bus
Intel® 82875P/E7210 Memory Controller Hub - 2578
Intel® 82875P Processor to AGP Controller - 2579
Intel® 82801EB Ultra ATA Storage Controllers - 24D1
Intel® 82801EB SMBus Controller - 24D3
SoundMAX Integrated Digital Audio
Intel® 82801EB USB Universal Host Controller - 24D2
USB Root Hub
USB Human Interface Device
HID-compliant mouse
HID-compliant consumer control device
HID-compliant device
Intel® 82801EB USB Universal Host Controller - 24D4
USB Root Hub
USB Human Interface Device
HID Keyboard Device
Intel® 82801EB USB Universal Host Controller - 24D7
USB Root Hub
Intel® 82801EB USB Universal Host Controller - 24DE
USB Root Hub
Intel® 82801EB USB2 Enhanced Host Controller - 24DD
USB Root Hub
USB Mass Storage Device
Seagate FreeAgent Go USB Device
Intel® 82801BA/CA PCI Bridge - 244E
Video Controller (VGA Compatible)
Intel® PRO/1000 MT Network Connection
Intel® 82801EB LPC Interface Controller - 24D0
ISAPNP Read Data Port
Direct memory access controller
Numeric data processor
Programmable interrupt controller
System speaker
System CMOS/real time clock
System timer
Communications Port (COM1)
Communications Port (COM2)
System board
Standard floppy disk controller
Floppy disk drive
ECP Printer Port (LPT1)
Printer Port Logical Interface
Intel® 82801EB Ultra ATA Storage Controllers - 24DB
Primary IDE Channel
HDS728080PLAT20
Secondary IDE Channel
HL-DT-ST RW/DVD GCC-4480B
CPU
Intel Pentium 4
Cores 1
Threads 1
Name Intel Pentium 4
Code Name Prescott
Package Socket 478 mPGA
Technology 90nm
Specification Intel® Pentium® 4 CPU 2.80GHz
Family F
Extended Family F
Model 3
Extended Model 3
Stepping 3
Revision C0
Instructions MMX, SSE, SSE2, SSE3
Virtualization Unsupported
Hyperthreading Not supported
Bus Speed 199.8 MHz
Rated Bus Speed 799.2 MHz
Stock Core Speed 2800 MHz
Stock Bus Speed 200 MHz
Caches
L1 Data Cache Size 16 KBytes
L1 trace cache 12 Kops
L2 Unified Cache Size 1024 KBytes
Core 0
Core Speed 2798.4 MHz
Multiplier x 14.0
Bus Speed 199.8 MHz
Rated Bus Speed 799.2 MHz
Thread 1
APIC ID 0
RAM
Memory slots
Total memory slots 4
Used memory slots 4
Free memory slots 0
Memory
Type DDR
Size 2432 MBytes
Channels # Single
DRAM Frequency 133.2 MHz
CAS# Latency (CL) 2.5 clocks
RAS# to CAS# Delay (tRCD) 3 clocks
RAS# Precharge (tRP) 3 clocks
Cycle Time (tRAS) 6 clocks
Physical Memory
Memory Usage 24 %
Total Physical 2.37 GB
Available Physical 1.79 GB
Total Virtual 4.22 GB
Available Virtual 3.81 GB
SPD
Number Of SPD Modules 4
Slot #1
Type DDR
Size 1024 MBytes
Manufacturer Kingston
Max Bandwidth PC3200 (200 MHz)
Part Number K
Serial Number 6512F4B5
Week/year 06 / 10
SPD Ext. EPP
JEDEC #2
Frequency 200.0 MHz
CAS# Latency 3.0
RAS# To CAS# 3
RAS# Precharge 3
tRAS 8
Voltage 2.500 V
JEDEC #1
Frequency 166.7 MHz
CAS# Latency 2.5
RAS# To CAS# 3
RAS# Precharge 3
tRAS 7
Voltage 2.500 V
Slot #2
Type DDR
Size 1024 MBytes
Manufacturer Kingston
Max Bandwidth PC3200 (200 MHz)
Part Number K
Serial Number 86363619
Week/year 52 / 09
SPD Ext. EPP
JEDEC #2
Frequency 200.0 MHz
CAS# Latency 3.0
RAS# To CAS# 3
RAS# Precharge 3
tRAS 8
Voltage 2.500 V
JEDEC #1
Frequency 166.7 MHz
CAS# Latency 2.5
RAS# To CAS# 3
RAS# Precharge 3
tRAS 7
Voltage 2.500 V
Slot #3
Type DDR
Size 128 MBytes
Manufacturer Nanya Technology
Max Bandwidth PC2300 (142 MHz)
Part Number NT128D64S88A0G-7K
Serial Number 7201011A
Week/year 30 / 02
SPD Ext. EPP
JEDEC #2
Frequency 142.9 MHz
CAS# Latency 2.5
RAS# To CAS# 3
RAS# Precharge 3
tRAS 7
Voltage 2.500 V
JEDEC #1
Frequency 133.3 MHz
CAS# Latency 2.0
RAS# To CAS# 3
RAS# Precharge 3
tRAS 6
Voltage 2.500 V
Slot #4
Type DDR
Size 256 MBytes
Manufacturer Nanya Technology
Max Bandwidth PC2300 (142 MHz)
Part Number NT256D64S88AAG-7K
Serial Number C8034200
Week/year 39 / 02
SPD Ext. EPP
JEDEC #2
Frequency 142.9 MHz
CAS# Latency 2.5
RAS# To CAS# 3
RAS# Precharge 3
tRAS 7
Voltage 2.500 V
JEDEC #1
Frequency 133.3 MHz
CAS# Latency 2.0
RAS# To CAS# 3
RAS# Precharge 3
tRAS 6
Voltage 2.500 V
Motherboard
Manufacturer Dell Computer Corp.
Model 0W2563 (Microprocessor)
Chipset Vendor Intel
Chipset Model i875P
Chipset Revision A2
Southbridge Vendor Intel
Southbridge Model 82801EB (ICH5)
Southbridge Revision 02
System Temperature 35 C
BIOS
Brand Dell Computer Corporation
Version A05
Date 02/19/2004
Voltage
+1.5V 1.497 V
CPU CORE 1.353 V
ATX +3.3V 3.281 V
ATX +5V 5.070 V
ATX +12V 11.922 V
PCI Data
Slot PCI
Slot Type PCI
Slot Usage Available
Bus Width 32 bit
Slot Designation PCI1
Slot Number 0
Slot PCI
Slot Type PCI
Slot Usage Available
Bus Width 32 bit
Slot Designation PCI2
Slot Number 1
Slot PCI
Slot Type PCI
Slot Usage Available
Bus Width 32 bit
Slot Designation PCI3
Slot Number 2
Slot PCI
Slot Type PCI
Slot Usage Available
Bus Width 32 bit
Slot Designation PCI4
Slot Number 3
Slot UNKNOWN
Slot Type UNKNOWN
Slot Usage Available
Bus Width 32 bit
Slot Designation AGP1
Slot Number 4
Graphics
Monitor
Name Standard Monitor on
Current Resolution 1024x768 pixels
Work Resolution 1024x738 pixels
State enabled, primary
Monitor Width 1024
Monitor Height 768
Monitor BPP 32 bits per pixel
Monitor Frequency 1 Hz
Device \\.\DISPLAY1
OpenGL
Version 1.1.0
Vendor Microsoft Corporation
Renderer GDI Generic
GLU Version 1.2.2.0 Microsoft Corporation
Values
GL_MAX_LIGHTS 8
GL_MAX_TEXTURE_SIZE 1024
GL_MAX_TEXTURE_STACK_DEPTH 10
GL Extensions
GL_WIN_swap_hint
GL_EXT_bgra
GL_EXT_paletted_texture
GL_EXT_bgra
Hard Drives
HDS728080PLAT20
Manufacturer Hitachi
Product Family Deskstar
Series Prefix Standard
Model Capacity For This Specific Drive 800GB
Heads 16
Cylinders 16383
Device type Fixed
ATA Standard ATA/ATAPI-7
Serial Number PFD8T5SER0DADX
LBA Size 48-bit LBA
Power On Count 1950 times
Power On Time 1324.3 days
Features S.M.A.R.T., APM, AAM
Transfer Mode Ultra DMA/133
Interface PATA
Capacity 77GB
Real size 82,348,277,760 bytes
RAID Type None
S.M.A.R.T
01 Read Error Rate 100 (100 worst) Data 0000000000
02 Throughput Performance 100 (100) Data 0000000000
03 Spin-Up Time 100 (100) Data 0000C600C7
04 Start/Stop Count 100 (100) Data 00000007BE
05 Reallocated Sectors Count 100 (100) Data 0000000000
07 Seek Error Rate 100 (100) Data 0000000000
08 Seek Time Performance 100 (100) Data 0000000000
09 Power-On Hours (POH) 096 (096) Data 0000007C27
0A Spin Retry Count 100 (100) Data 0000000000
0C Device Power Cycle Count 100 (100) Data 000000079E
C0 Power-off Retract Count 098 (098) Data 0000000C77
C1 Load/Unload Cycle Count 098 (098) Data 0000000C77
C2 Temperature 157 (157) Data 0000050023
C4 Reallocation Event Count 100 (100) Data 0000000000
C5 Current Pending Sector Count 100 (100) Data 0000000000
C6 Uncorrectable Sector Count 100 (100) Data 0000000000
C7 UltraDMA CRC Error Count 200 (200) Data 000000000C
Temperature 35 C
Temperature Range ok (less than 50 C)
Status Good
Partition 0
Partition ID Disk #0, Partition #0
Disk Letter C:
File System NTFS
Volume Serial Number 608180B8
Size 77GB
Used Space 12.1GB (16%)
Free Space 65GB (84%)
Optical Drives
HL-DT-ST RW/DVD GCC-4480B
Media Type CD-ROM
Name HL-DT-ST RW/DVD GCC-4480B
Availability Running/Full Power
Capabilities Random Access, Supports Removable Media
Config Manager Error Code Device is working properly
Config Manager User Config FALSE
Drive D:
Media Loaded FALSE
SCSI Bus 0
SCSI Logical Unit 0
SCSI Port 1
SCSI Target Id 0
Status OK
Audio
Sound Card
SoundMAX Integrated Digital Audio
Playback Device
SoundMAX Digital Audio
Recording Device
SoundMAX Digital Audio
Peripherals
HID Keyboard Device
Device Kind Keyboard
Device Name HID Keyboard Device
Vendor Unknown
Location Location 0
Driver
Date 7-1-2001
Version 5.1.2600.5512
File C:\WINDOWS\system32\DRIVERS\kbdhid.sys
File C:\WINDOWS\system32\DRIVERS\kbdclass.sys
HID-compliant mouse
Device Kind Mouse
Device Name HID-compliant mouse
Vendor Unknown
Location Location 0
Driver
Date 7-1-2001
Version 5.1.2600.0
File C:\WINDOWS\system32\DRIVERS\mouclass.sys
File C:\WINDOWS\system32\DRIVERS\mouhid.sys
Disk drive
Device Kind USB storage
Device Name Disk drive
Vendor SEAGATE
Comment Seagate FreeAgent Go USB Device
Location Location 0
Driver
Date 7-1-2001
Version 5.1.2535.0
File C:\WINDOWS\system32\DRIVERS\disk.sys
Printers
IBM 4019 LaserPrinter (Default Printer)
Printer Port LPT1:
Print Processor WinPrint
Availability Always
Priority 1
Duplex None
Print Quality 300 * 300 dpi Monochrome
Status Unknown
Driver
Driver Name IBM 4019 LaserPrinter (v6.00)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRV.DLL
Microsoft XPS Document Writer
Printer Port XPSPort:
Print Processor WinPrint
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Color
Status Unknown
Driver
Driver Name Microsoft XPS Document Writer (v6.00)
Driver Path C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mxdwdrv.dll
Network
You are connected to the internet
Connected through Intel® PRO/1000 MT Network Connection - Packet Scheduler Miniport
IP Address 192.168.1.65
Subnet mask 255.255.255.0
Gateway server 192.168.1.1
Preferred DNS server 192.168.1.1
Alternate DNS server 74.40.74.40
DHCP Enabled
DHCP server 192.168.1.1
External IP Address 50.125.11.239
Adapter Type Ethernet
NetBIOS over TCP/IP Enabled via DHCP
NETBIOS Node Type Unknown node type
Link Speed 0 kbps
Computer Name
NetBIOS Name NILE-VINCENT
DNS Name nile-vincent
Domain Name NILE-VINCENT
Remote Desktop
Console
State Active
Domain NILE-VINCENT
WinInet Info
LAN Connection
Local system uses a local area network to connect to the Internet
Local system has RAS to connect to the Internet
Wi-Fi Info
Wi-Fi not enabled
WinHTTPInfo
WinHTTPSessionProxyType No proxy
Session Proxy
Session Proxy Bypass
Connect Retries 5
Connect Timeout 60000
HTTP Version HTTP 1.1
Max Connects Per 1.0 Servers INFINITE
Max Connects Per Servers INFINITE
Max HTTP automatic redirects 10
Max HTTP status continue 10
Send Timeout 30000
IEProxy Auto Detect No
IEProxy Auto Config
IEProxy
IEProxy Bypass
Default Proxy Config Access Type No proxy
Default Config Proxy
Default Config Proxy Bypass
Sharing and Discovery
Simple File Sharing Disabled
Administrative Shares Enabled
Adapters List
Intel® PRO/1000 MT Network Connection - Packet Scheduler Miniport
IP Address 192.168.1.65
Subnet mask 255.255.255.0
Gateway server 192.168.1.1
Network Shares
No network shares
Current TCP Connections
C:\Program Files\Mozilla Firefox\firefox.exe (3036)
Local 127.0.0.1:1031 ESTABLISHED Remote 127.0.0.1:1030 (Querying... )
Local 127.0.0.1:1030 ESTABLISHED Remote 127.0.0.1:1031 (Querying... )
Local 192.168.1.65:1079 ESTABLISHED Remote 69.171.224.53:80 (Querying... ) (HTTP)
Local 192.168.1.65:1118 ESTABLISHED Remote 173.194.33.9:80 (Querying... ) (HTTP)
Local 192.168.1.65:1132 ESTABLISHED Remote 173.194.33.26:80 (Querying... ) (HTTP)
Local 192.168.1.65:1146 ESTABLISHED Remote 173.194.33.26:80 (Querying... ) (HTTP)
Local 192.168.1.65:1227 ESTABLISHED Remote 74.125.127.104:80 (Querying... ) (HTTP)
Local 192.168.1.65:1228 ESTABLISHED Remote 173.194.33.0:443 (Querying... ) (HTTPS)
Local 192.168.1.65:1229 ESTABLISHED Remote 173.194.33.15:443 (Querying... ) (HTTPS)
Local 192.168.1.65:1230 ESTABLISHED Remote 173.194.33.1:443 (Querying... ) (HTTPS)
Local 192.168.1.65:1231 ESTABLISHED Remote 173.194.33.15:80 (Querying... ) (HTTP)
Local 192.168.1.65:1232 ESTABLISHED Remote 173.194.33.15:80 (Querying... ) (HTTP)
Local 192.168.1.65:1233 ESTABLISHED Remote 173.194.33.15:80 (Querying... ) (HTTP)
Local 192.168.1.65:1234 ESTABLISHED Remote 173.194.33.15:80 (Querying... ) (HTTP)
Local 192.168.1.65:1083 ESTABLISHED Remote 69.192.207.144:80 (Querying... ) (HTTP)
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (1232)
Local 127.0.0.1:5152 LISTEN
C:\WINDOWS\System32\alg.exe (2320)
Local 127.0.0.1:1028 LISTEN
System Process
Local 192.168.1.65:1171 TIME-WAIT Remote 96.16.97.16:80 (Querying... ) (HTTP)
Local 192.168.1.65:1172 TIME-WAIT Remote 96.16.97.16:80 (Querying... ) (HTTP)
Local 192.168.1.65:1173 TIME-WAIT Remote 96.16.97.16:80 (Querying... ) (HTTP)
Local 192.168.1.65:1174 TIME-WAIT Remote 96.16.97.16:80 (Querying... ) (HTTP)
Local 192.168.1.65:1175 TIME-WAIT Remote 173.194.33.26:80 (Querying... ) (HTTP)
Local 192.168.1.65:1177 TIME-WAIT Remote 173.194.33.15:80 (Querying... ) (HTTP)
Local 192.168.1.65:1193 TIME-WAIT Remote 96.16.97.18:80 (Querying... ) (HTTP)
Local 192.168.1.65:1204 TIME-WAIT Remote 74.54.247.132:80 (Querying... ) (HTTP)
Local 192.168.1.65:1129 TIME-WAIT Remote 69.192.207.144:80 (Querying... ) (HTTP)
Local 192.168.1.65:1205 TIME-WAIT Remote 74.54.247.132:80 (Querying... ) (HTTP)
Local 192.168.1.65:1207 TIME-WAIT Remote 74.54.247.132:80 (Querying... ) (HTTP)
Local 192.168.1.65:1209 TIME-WAIT Remote 216.137.35.123:80 (Querying... ) (HTTP)
Local 192.168.1.65:1211 TIME-WAIT Remote 216.137.35.123:80 (Querying... ) (HTTP)
Local 192.168.1.65:1212 TIME-WAIT Remote 216.137.35.123:80 (Querying... ) (HTTP)
Local 192.168.1.65:1213 TIME-WAIT Remote 216.137.35.123:80 (Querying... ) (HTTP)
Local 192.168.1.65:1214 TIME-WAIT Remote 216.137.35.123:80 (Querying... ) (HTTP)
Local 192.168.1.65:1215 TIME-WAIT Remote 69.192.204.20:80 (Querying... ) (HTTP)
Local 192.168.1.65:1218 TIME-WAIT Remote 69.192.204.20:80 (Querying... ) (HTTP)
Local 192.168.1.65:1222 TIME-WAIT Remote 69.192.204.20:80 (Querying... ) (HTTP)
Local 192.168.1.65:1223 TIME-WAIT Remote 67.228.177.87:80 (Querying... ) (HTTP)
Local 192.168.1.65:1056 TIME-WAIT Remote 96.16.97.34:80 (Querying... ) (HTTP)
Local 192.168.1.65:1071 TIME-WAIT Remote 69.192.207.144:80 (Querying... ) (HTTP)
Local 192.168.1.65:1080 TIME-WAIT Remote 69.192.207.144:80 (Querying... ) (HTTP)
Local 192.168.1.65:1085 TIME-WAIT Remote 69.192.207.144:80 (Querying... ) (HTTP)
Local 192.168.1.65:1087 TIME-WAIT Remote 96.16.97.49:80 (Querying... ) (HTTP)
Local 192.168.1.65:1111 TIME-WAIT Remote 173.194.33.26:80 (Querying... ) (HTTP)
Local 192.168.1.65:1112 TIME-WAIT Remote 173.194.33.0:80 (Querying... ) (HTTP)
Local 192.168.1.65:1117 TIME-WAIT Remote 96.16.97.50:80 (Querying... ) (HTTP)
Local 192.168.1.65:1119 TIME-WAIT Remote 173.194.33.3:80 (Querying... ) (HTTP)
Local 192.168.1.65:1122 TIME-WAIT Remote 173.194.33.8:80 (Querying... ) (HTTP)
Local 192.168.1.65:1123 TIME-WAIT Remote 173.194.33.8:80 (Querying... ) (HTTP)
Local 192.168.1.65:1124 TIME-WAIT Remote 173.194.33.8:80 (Querying... ) (HTTP)
Local 192.168.1.65:1126 TIME-WAIT Remote 69.192.207.144:80 (Querying... ) (HTTP)
Local 192.168.1.65:1127 TIME-WAIT Remote 69.192.207.144:80 (Querying... ) (HTTP)
Local 192.168.1.65:1210 TIME-WAIT Remote 216.137.35.123:80 (Querying... ) (HTTP)
Local 192.168.1.65:1137 TIME-WAIT Remote 96.16.97.41:80 (Querying... ) (HTTP)
Local 192.168.1.65:1138 TIME-WAIT Remote 96.16.97.41:80 (Querying... ) (HTTP)
Local 192.168.1.65:1139 TIME-WAIT Remote 96.16.97.41:80 (Querying... ) (HTTP)
Local 192.168.1.65:1140 TIME-WAIT Remote 96.16.97.49:80 (Querying... ) (HTTP)
Local 192.168.1.65:1142 TIME-WAIT Remote 96.16.97.49:80 (Querying... ) (HTTP)
Local 192.168.1.65:1145 TIME-WAIT Remote 173.194.33.26:80 (Querying... ) (HTTP)
Local 192.168.1.65:1149 TIME-WAIT Remote 173.194.33.2:80 (Querying... ) (HTTP)
Local 192.168.1.65:1151 TIME-WAIT Remote 74.125.127.104:80 (Querying... ) (HTTP)
Local 192.168.1.65:1160 TIME-WAIT Remote 74.125.127.95:80 (Querying... ) (HTTP)
Local 192.168.1.65:1162 TIME-WAIT Remote 74.125.127.95:80 (Querying... ) (HTTP)
Local 192.168.1.65:1165 TIME-WAIT Remote 173.194.33.26:80 (Querying... ) (HTTP)
Local 192.168.1.65:1167 TIME-WAIT Remote 173.194.33.25:80 (Querying... ) (HTTP)
Local 192.168.1.65:1169 TIME-WAIT Remote 96.16.97.16:80 (Querying... ) (HTTP)
Local 192.168.1.65:1170 TIME-WAIT Remote 96.16.97.16:80 (Querying... ) (HTTP)
System Process
Local 0.0.0.0:445 (Windows shares) LISTEN
Local 192.168.1.65:139 (NetBIOS session service) LISTEN
svchost.exe (1004)
Local 0.0.0.0:135 (DCE) LISTEN
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,796 posts
  • MVP
It does seem to think your video is working at better than VGA so it has some kind of video driver. It's definitely the 828 chipset from intel.

Uninstall speccy now as otherwise it stays resident.

Try the intel Driver Update Utility.

http://www.intel.com.../support/detect

Click on " Check your system for the latest updates " then follow the instructions. It should look at your system and tell you if you need any intel drivers.

If that doesn't help then go in to Device Manager and right click on the Video Controller (VGA Compatible) and select Properties then Details, change it to Hardware Ids. It should give you one or more long strings of characters like:

PCI\VEN_1002&DEV_9802&SUBSYS_2ABD103C&REV_00
PCI\VEN_1002&DEV_9802&SUBSYS_2ABD103C
PCI\VEN_1002&DEV_9802&CC_030000
PCI\VEN_1002&DEV_9802&CC_0300

What do you see?

(On my Win 7 I can right click on one and Select All then right click on the selection and Copy then move to a reply and edit, paste (Ctrl + v) rather than retype them.)
  • 0

#15
Mr. Rufus Sniff

Mr. Rufus Sniff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
1

Edited by Mr. Rufus Sniff, 03 August 2012 - 11:07 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP