Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

acpi.sys BSOD


  • This topic is locked This topic is locked
17 replies to this topic

#1 groundwire

groundwire

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 28 April 2010 - 06:07 PM

i'm getting an acpi.sys BSOD, i have found this site as a result of trying to fix this on my own.



*** STOP: 0x0000007E (0xC0000005, 0xBA5073D8, 0xBA5070D4)

*** ACPI.SYS - Address B9E74D65 base at B9E6E000, DateStamp 480252b1


the sequence of events so far has been: attack by security tool and antimalware xp, ran malwarebytes in safe mode, at the end of scan it said it found potential threats and i clicked to remove all, prompt to restart and began getting the BSOD referenced above (which at the time included PAGE_FAULT_IN_NONPAGED_AREA). i was still able to access safe mode at this time. started recovery console and ran chkdsk /r, which reported at end of scan that it found one or more errors that it had fixed. reboot. still getting BSOD and no longer able to access safe mode. please, any help would be greatly appreciated. are you out there fabar? anyone?



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 53,435 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:01 AM

Posted 29 April 2010 - 08:21 AM

Hi, could you please try the following steps?

OK this file is big Print these instruction out so that you know what you are doing

Two programs to download

First

ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


banner.png

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome


#3 groundwire

groundwire
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 29 April 2010 - 06:54 PM

OTL logfile created on: 4/29/2010 7:44:53 PM - Run
OTLPE by OldTimer - Version 3.1.38.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.23 Gb Total Space | 92.46 Gb Free Space | 41.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 8.63 Gb Total Space | 0.39 Gb Free Space | 4.48% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 11:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006/09/01 11:48:33 | 001,119,888 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/07/06 17:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/06/02 02:25:00 | 000,180,224 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe -- (ELService) Intel®
SRV - [2006/01/02 16:18:24 | 000,045,744 | ---- | M] (Symantec Corporation) [On_Demand] -- c:\Program Files\Norton Internet Security\comHost.exe -- (comHost)
SRV - [2005/12/31 01:42:18 | 000,133,792 | ---- | M] (Symantec Corporation) [Auto] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2005/10/13 11:48:40 | 000,072,280 | ---- | M] (Symantec Corporation) [On_Demand] -- c:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - [2005/09/24 18:10:56 | 000,749,696 | ---- | M] (Symantec Corporation) [On_Demand] -- c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2005/09/19 14:24:20 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/09/17 03:27:12 | 000,169,584 | ---- | M] (Symantec Corporation) [Auto] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/09/17 03:27:10 | 000,202,352 | ---- | M] (Symantec Corporation) [Auto] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2005/09/17 03:27:06 | 000,192,112 | ---- | M] (Symantec Corporation) [Auto] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/09/15 18:21:14 | 001,160,800 | ---- | M] (Symantec Corporation) [On_Demand] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/08/26 17:22:48 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Boot] -- -- (ptpj)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/04/28 19:25:52 | 000,823,808 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tayftvgx.sys -- (tayftvgx)
DRV - [2010/04/27 17:25:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2010/04/19 09:49:49 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/11/04 12:15:30 | 004,423,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/13 14:44:46 | 000,153,344 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/09/01 11:48:33 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/07/06 09:59:42 | 000,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2006/06/23 17:02:02 | 001,095,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/06/14 14:04:12 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/05/16 14:37:50 | 000,229,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/05/10 01:36:44 | 000,009,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2006/05/10 01:36:42 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\Elmon.sys -- (ELmon)
DRV - [2006/05/10 01:36:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\Elkbd.sys -- (ELkbd)
DRV - [2006/05/10 01:36:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\Elmou.sys -- (ELmou)
DRV - [2006/05/10 01:36:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\Elhid.sys -- (ELhid)
DRV - [2006/04/25 12:00:00 | 000,799,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060425.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2006/04/25 12:00:00 | 000,077,864 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060425.007\NAVENG.SYS -- (NAVENG)
DRV - [2005/12/12 20:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 14:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 14:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
DRV - [2005/12/06 14:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/11/10 10:54:56 | 000,402,944 | ---- | M] (Belkin Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin)
DRV - [2005/09/17 03:20:06 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/09/15 18:21:14 | 000,389,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/09/01 22:07:36 | 000,199,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20050901.036\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2005/08/26 17:22:50 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | Auto] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/08/26 17:22:48 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/06/29 20:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftsata2.sys -- (ftsata2)
DRV - [2004/10/25 14:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 10:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\HP_Administrator.4UR0R4_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\HP_Administrator.4UR0R4_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\HP_Administrator.4UR0R4_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\HP_Administrator.4UR0R4_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\HP_Administrator.4UR0R4_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\HP_Administrator.4UR0R4_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\HP_Administrator.4UR0R4_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/27 17:25:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/26 19:48:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2006/09/01 11:18:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/04/22 18:31:59 | 000,000,000 | ---D | M]

[2010/01/03 19:55:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/10 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {31a96cff-bc7c-4415-9f20-5d3b0e5244b9} - File not found
O2 - BHO: (C:\WINDOWS\system32\fouc7.dll) - {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - C:\WINDOWS\system32\fouc7.dll ()
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKU\HP_Administrator.4UR0R4_ON_C\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [hefiyivego] File not found
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\fix.exe.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\HP_Administrator.4UR0R4_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\HP_Administrator.4UR0R4_ON_C..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Temp\nvsvc32.exe ()
O4 - HKU\HP_Administrator.4UR0R4_ON_C..\Run: [mcexecwin] C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Temp\qsuovztxik.dll ()
O4 - HKU\HP_Administrator.4UR0R4_ON_C..\Run: [newupdate1142C.exe] C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\C1B37F9582687A7F8E16CEA7E8CC2545\newupdate1142C.exe ()
O4 - Startup: C:\Documents and Settings\Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Administrator.YOUR-4DACD0EA75.000\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnapDetect.lnk = C:\WINDOWS\twain_32\ca561a\SnapDetect.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HP_Administrator.4UR0R4\Start Menu\Programs\Startup\Antimalware Doctor.lnk = C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\C1B37F9582687A7F8E16CEA7E8CC2545\newupdate1142C.exe ()
O4 - Startup: C:\Documents and Settings\MCX1\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\MCX1\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\HP_Administrator.4UR0R4_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\HP_Administrator.4UR0R4_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\HP_Administrator.4UR0R4_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1271106319237 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1271113047562 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (baserijo.dll) - C:\WINDOWS\System32\baserijo.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O22 - SharedTaskScheduler: {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - kjsfi8sjefiuoshiefyhiusdhfdf - C:\WINDOWS\system32\fouc7.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/01 11:28:53 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - H:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 00:01:14 | 000,000,053 | -HS- | M] () - H:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{38239128-468c-11df-bef4-00173ffb5634}\Shell - "" = AutoRun
O33 - MountPoints2\{38239128-468c-11df-bef4-00173ffb5634}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{38239128-468c-11df-bef4-00173ffb5634}\Shell\AutoRun\command - "" = J:\WD SmartWare.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/28 14:46:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\orig
[2010/04/28 14:43:12 | 000,000,000 | ---D | C] -- C:\acpihotfix
[2010/04/28 14:42:55 | 000,576,729 | ---- | C] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\174523_ENU_i386_zip.exe
[2010/04/28 14:24:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/04/28 12:50:41 | 000,095,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\atapi.old
[2010/04/28 12:33:51 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\acpi.old
[2010/04/27 19:32:52 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/04/27 18:13:05 | 001,086,856 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\fix.exe.exe
[2010/04/27 18:11:52 | 001,086,856 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\fix.exe.exe
[2010/04/27 18:11:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/27 18:11:15 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 18:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/27 17:44:14 | 005,918,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\mbam-setup.exe
[2010/04/27 17:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/27 17:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/27 17:25:44 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2010/04/27 17:25:44 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2010/04/27 17:25:44 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2010/04/27 17:25:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\C1B37F9582687A7F8E16CEA7E8CC2545
[2010/04/27 17:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Sun
[2010/04/23 23:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\Downloads
[2010/04/22 18:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Apple Computer
[2010/04/22 18:33:24 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/04/22 18:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Apple
[2010/04/22 18:28:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Apple Computer
[2010/04/20 14:51:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\bio135
[2010/04/19 17:57:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/04/19 17:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\AdobeUM
[2010/04/19 17:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Adobe
[2010/04/19 10:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/04/19 10:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/04/19 10:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/04/19 09:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/04/19 09:58:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/04/19 09:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Microsoft Help
[2010/04/19 09:49:49 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/04/19 09:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\DAEMON Tools Lite
[2010/04/18 14:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\uTorrent
[2010/04/18 14:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Mozilla
[2010/04/18 14:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Mozilla
[2010/04/13 15:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Adobe
[2010/04/12 21:51:35 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/04/12 21:51:35 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/04/12 20:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Media Player Classic
[2010/04/12 20:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\BioWare
[2010/04/12 20:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Blizzard Entertainment
[2010/04/12 19:45:14 | 000,479,232 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIDEMGX.dll
[2010/04/12 19:45:14 | 000,311,296 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2010/04/12 19:36:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Western Digital
[2010/04/12 19:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\ATI
[2010/04/12 19:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\ATI
[2010/04/12 19:00:59 | 000,000,000 | ---D | C] -- C:\12ef9504d0de5b4ae734b6
[2010/04/12 18:56:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/04/12 18:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\dotnetfx_cleanup_tool
[2010/04/12 18:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/04/12 18:37:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Recent
[2010/04/12 18:36:50 | 000,000,000 | -HSD | C] -- C:\cmdcons
[2010/04/12 18:32:08 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Microsoft
[2010/04/12 18:32:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\SendTo
[2010/04/12 18:32:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data
[2010/04/12 18:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Start Menu
[2010/04/12 18:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\My Videos
[2010/04/12 18:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\My Pictures
[2010/04/12 18:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\My Music
[2010/04/12 18:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents
[2010/04/12 18:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Favorites
[2010/04/12 18:32:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\IETldCache
[2010/04/12 18:32:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Cookies
[2010/04/12 18:32:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Templates
[2010/04/12 18:32:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\PrintHood
[2010/04/12 18:32:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\NetHood
[2010/04/12 18:32:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\WINDOWS
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Wildtangent
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Symantec
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Real
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Microsoft
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Malwarebytes
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Intuit
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Identities
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\ApplicationHistory
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2010/04/12 18:24:35 | 000,000,000 | ---D | C] -- C:\Program Files\Support Tools
[2010/04/12 18:23:51 | 004,934,480 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\WindowsXP-KB838079-SupportTools-ENU.exe
[2010/04/12 18:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/04/12 18:16:47 | 000,359,656 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\msicuu2.exe
[2010/04/12 18:14:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/04/12 18:10:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\IECompatCache
[2010/04/12 18:08:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\PrivacIE
[2010/04/12 18:00:50 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/04/12 18:00:18 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/04/12 18:00:18 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/04/12 18:00:17 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/04/12 17:57:04 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2010/04/12 17:56:53 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2010/04/12 17:56:53 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2010/04/12 17:56:30 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/04/12 17:56:10 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/04/12 17:55:56 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/04/12 17:50:44 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/04/12 17:50:44 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/04/12 17:50:42 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/04/12 17:50:41 | 002,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/04/12 17:50:41 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/04/12 17:50:40 | 002,024,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/04/12 17:50:20 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/04/12 17:50:15 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/04/12 17:50:08 | 023,510,720 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\dotnetfx.exe
[2010/04/12 17:48:46 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010/04/12 17:48:31 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2010/04/12 17:47:45 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2010/04/12 17:47:41 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/04/12 17:45:48 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010/04/12 17:44:58 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010/04/12 17:42:48 | 002,869,264 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\dotNetFx35setup.exe
[2010/04/12 17:37:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/04/12 17:26:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/04/12 17:26:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/04/12 17:26:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/04/12 17:26:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/04/12 17:13:51 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2010/04/12 17:13:50 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2010/04/12 17:13:49 | 000,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2010/04/12 17:13:49 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2010/04/12 17:13:49 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2010/04/12 17:13:49 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2010/04/12 17:13:49 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2010/04/12 17:13:49 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2010/04/12 17:13:49 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2010/04/12 17:13:49 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2010/04/12 17:13:49 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2010/04/12 17:13:49 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2010/04/12 17:13:47 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2010/04/12 17:13:45 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2010/04/12 17:13:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2010/04/12 17:13:43 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2010/04/12 17:13:43 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2010/04/12 17:13:43 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2010/04/12 17:13:43 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2010/04/12 17:13:43 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2010/04/12 17:13:43 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2010/04/12 17:13:43 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2010/04/12 17:13:43 | 000,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys
[2010/04/12 17:13:43 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2010/04/12 17:13:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2010/04/12 17:13:43 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2010/04/12 17:13:43 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2010/04/12 17:13:43 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2010/04/12 17:13:42 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2010/04/12 17:13:42 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2010/04/12 17:13:41 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2010/04/12 17:13:41 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2010/04/12 17:13:41 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2010/04/12 17:13:41 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2010/04/12 17:13:40 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2010/04/12 17:13:40 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2010/04/12 17:13:40 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2010/04/12 17:13:40 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2010/04/12 17:13:39 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2010/04/12 17:13:38 | 001,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2010/04/12 17:13:37 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2010/04/12 17:13:37 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2010/04/12 17:13:35 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2010/04/12 17:13:35 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010/04/12 17:13:35 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2010/04/12 17:13:35 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2010/04/12 17:13:35 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2010/04/12 17:13:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2010/04/12 17:13:35 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2010/04/12 17:13:35 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2010/04/12 17:13:35 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2010/04/12 17:13:34 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2010/04/12 17:13:34 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2010/04/12 17:13:31 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2010/04/12 17:13:31 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2010/04/12 17:13:30 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2010/04/12 17:13:30 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2010/04/12 17:13:28 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2010/04/12 17:13:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2010/04/12 17:13:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2010/04/12 17:13:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2010/04/12 17:13:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2010/04/12 17:13:26 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2010/04/12 17:13:25 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2010/04/12 17:13:24 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2010/04/12 17:13:22 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2010/04/12 17:13:20 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2010/04/12 17:13:20 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2010/04/12 17:13:20 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2010/04/12 17:13:20 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2010/04/12 17:13:20 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2010/04/12 17:13:20 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2010/04/12 17:13:20 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2010/04/12 17:13:20 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2010/04/12 17:13:18 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2010/04/12 17:13:18 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2010/04/12 17:13:18 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2010/04/12 17:13:18 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2010/04/12 17:13:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2010/04/12 17:13:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2010/04/12 17:13:18 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2010/04/12 17:13:18 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2010/04/12 17:13:15 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2010/04/12 17:13:15 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2010/04/12 17:13:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2010/04/12 17:13:14 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2010/04/12 17:13:14 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2010/04/12 17:13:14 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010/04/12 17:13:14 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010/04/12 17:13:14 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010/04/12 17:13:14 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010/04/12 17:13:14 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010/04/12 17:13:14 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2010/04/12 17:13:14 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010/04/12 17:13:14 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010/04/12 17:13:14 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2010/04/12 17:13:14 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2010/04/12 17:13:14 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2010/04/12 17:13:14 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2010/04/12 17:13:14 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010/04/12 17:13:14 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2010/04/12 17:13:14 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010/04/12 17:13:14 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010/04/12 17:13:14 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2010/04/12 17:13:14 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2010/04/12 17:13:13 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2010/04/12 17:13:13 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2010/04/12 17:13:13 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2010/04/12 17:13:13 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2010/04/12 17:13:13 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys
[2010/04/12 17:13:13 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2010/04/12 17:13:13 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2010/04/12 17:13:13 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2010/04/12 17:13:13 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2010/04/12 17:13:13 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2010/04/12 17:13:13 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2010/04/12 17:13:13 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2010/04/12 17:13:13 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2010/04/12 17:13:13 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2010/04/12 17:13:13 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2010/04/12 17:13:13 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2010/04/12 17:13:13 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2010/04/12 17:13:13 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2010/04/12 17:13:13 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2010/04/12 17:13:13 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2010/04/12 17:13:12 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2010/04/12 17:07:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/04/12 17:05:53 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2010/04/12 17:05:53 | 000,021,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2010/04/12 17:05:53 | 000,017,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2010/04/12 17:05:53 | 000,015,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2010/04/12 17:05:53 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2010/04/12 17:05:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/04/12 17:00:24 | 013,000,704 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atioglxx.dll
[2010/04/12 17:00:24 | 003,526,656 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticaldd.dll
[2010/04/12 17:00:24 | 002,135,680 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\dllcache\ativvaxx.dll
[2010/04/12 17:00:24 | 002,135,680 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2010/04/12 17:00:24 | 000,638,976 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2cqag.dll
[2010/04/12 17:00:24 | 000,638,976 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2010/04/12 17:00:24 | 000,300,032 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvag.dll
[2010/04/12 17:00:24 | 000,300,032 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2010/04/12 17:00:24 | 000,155,648 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2010/04/12 17:00:24 | 000,155,648 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2evxx.dll
[2010/04/12 17:00:24 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atibtmon.exe
[2010/04/12 17:00:24 | 000,065,024 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\atimpc32.dll
[2010/04/12 17:00:24 | 000,065,024 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\amdpcom32.dll
[2010/04/12 17:00:24 | 000,053,248 | ---- | C] ( ATI Technologies Inc.) -- C:\WINDOWS\System32\ATIDDC.DLL
[2010/04/12 17:00:24 | 000,045,056 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalrt.dll
[2010/04/12 17:00:24 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2010/04/12 17:00:24 | 000,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2010/04/12 17:00:24 | 000,024,064 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ativcoxx.dll
[2010/04/12 17:00:24 | 000,017,408 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atitvo32.dll
[2010/04/12 17:00:23 | 004,423,168 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2010/04/12 17:00:23 | 004,423,168 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys
[2010/04/12 17:00:23 | 003,518,304 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3duag.dll
[2010/04/12 17:00:23 | 003,518,304 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2010/04/12 17:00:23 | 000,565,248 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atikvmag.dll
[2010/04/12 17:00:23 | 000,397,312 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiok3x2.dll
[2010/04/12 17:00:23 | 000,204,800 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2010/04/12 17:00:23 | 000,172,032 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiadlxx.dll
[2010/04/12 17:00:23 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiapfxx.exe
[2010/04/12 17:00:23 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2erec.dll
[2010/04/12 17:00:23 | 000,045,056 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalcl.dll
[2010/04/12 16:58:38 | 047,594,848 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\10-3_xp32_dd_ccc_wdm_enu.exe
[2010/04/12 16:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Macromedia
[2010/04/12 16:54:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\UserData
[2010/04/12 09:22:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp
[2010/04/09 16:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\SCM Microsystems
[2006/02/19 13:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/28 19:25:52 | 000,823,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\tayftvgx.sys
[2010/04/28 18:47:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/28 14:52:33 | 000,237,568 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/04/28 14:52:33 | 000,237,568 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/04/28 14:52:33 | 000,004,100 | -H-- | M] () -- C:\WINDOWS\System32\labigafa
[2010/04/28 14:52:29 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\NTUSER.DAT
[2010/04/28 14:52:29 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\ntuser.ini
[2010/04/28 14:42:58 | 000,576,729 | ---- | M] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\174523_ENU_i386_zip.exe
[2010/04/28 14:26:06 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/04/28 14:26:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/04/27 18:22:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/27 18:22:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5886F2C0-8E1B-4372-A56B-879EBD6230EE}.job
[2010/04/27 18:21:13 | 000,000,455 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/27 18:20:56 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\rkill.com
[2010/04/27 18:20:56 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\rkill.PIF
[2010/04/27 18:18:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/27 18:14:59 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/27 17:45:57 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/04/27 17:44:34 | 005,918,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\mbam-setup.exe
[2010/04/27 17:28:22 | 000,317,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/27 17:26:06 | 000,002,230 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\KLry0l
[2010/04/27 17:25:45 | 000,001,303 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/04/27 17:25:44 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2010/04/27 17:25:44 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2010/04/27 17:25:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2010/04/27 17:25:04 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\fouc7.dll
[2010/04/24 14:53:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/23 14:52:53 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\World of Warcraft.lnk
[2010/04/22 16:29:26 | 000,000,605 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/22 05:31:50 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/21 07:55:32 | 000,299,008 | ---- | M] () -- C:\WINDOWS\System32\omipwmyw.dll
[2010/04/20 17:57:09 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\Adobe Photoshop 7.0.lnk
[2010/04/19 10:54:12 | 000,089,680 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/19 10:41:29 | 000,435,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/19 10:41:29 | 000,068,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/19 10:41:28 | 000,509,536 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/19 09:49:49 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/04/14 04:01:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/12 18:58:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/12 18:53:07 | 000,261,246 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\dotnetfx_cleanup_tool.zip
[2010/04/12 18:37:08 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/12 18:35:24 | 000,001,857 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_RC663AA-ABA a1640n_YC_0Pavi_QCNH637_E64NAemMPA4_48_IBuckeye_SASUSTek Computer INC._V1.05_B3.17_T070821_WXP2_L409_M2047_J250_7Intel_8Core2 6300_91.87_#061103_N8086104C_Z14F12F20_G.MRK
[2010/04/12 18:34:14 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2010/04/12 18:30:38 | 000,001,111 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/04/12 18:29:54 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2010/04/12 18:24:07 | 004,934,480 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\WindowsXP-KB838079-SupportTools-ENU.exe
[2010/04/12 18:16:50 | 000,359,656 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\msicuu2.exe
[2010/04/12 17:50:12 | 023,510,720 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\dotnetfx.exe
[2010/04/12 17:42:58 | 002,869,264 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\dotNetFx35setup.exe
[2010/04/12 17:40:36 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/04/12 17:25:47 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/04/12 16:59:12 | 047,594,848 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\10-3_xp32_dd_ccc_wdm_enu.exe
[2010/04/09 16:38:54 | 000,001,129 | ---- | M] () -- C:\WINDOWS\HBCIKRNL.INI
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/27 18:20:56 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\rkill.PIF
[2010/04/27 17:34:30 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\rkill.com
[2010/04/27 17:26:01 | 000,823,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\tayftvgx.sys
[2010/04/27 17:25:45 | 000,001,303 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/04/27 17:25:29 | 000,002,230 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\KLry0l
[2010/04/27 17:25:04 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\fouc7.dll
[2010/04/21 07:55:32 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\omipwmyw.dll
[2010/04/20 17:57:09 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\Adobe Photoshop 7.0.lnk
[2010/04/14 16:11:43 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\World of Warcraft.lnk
[2010/04/12 19:45:14 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/04/12 19:45:14 | 000,195,855 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/04/12 19:45:14 | 000,018,618 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2010/04/12 19:45:14 | 000,007,167 | ---- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2010/04/12 19:45:14 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/04/12 19:07:56 | 000,024,451 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\CCCInstall_201004121807560000.log
[2010/04/12 18:53:06 | 000,261,246 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\dotnetfx_cleanup_tool.zip
[2010/04/12 18:46:44 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/12 18:35:56 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk
[2010/04/12 18:35:54 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk
[2010/04/12 18:35:20 | 000,001,857 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_RC663AA-ABA a1640n_YC_0Pavi_QCNH637_E64NAemMPA4_48_IBuckeye_SASUSTek Computer INC._V1.05_B3.17_T070821_WXP2_L409_M2047_J250_7Intel_8Core2 6300_91.87_#061103_N8086104C_Z14F12F20_G.MRK
[2010/04/12 18:34:14 | 000,000,480 | ---- | C] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2010/04/12 18:32:10 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\fusioncache.dat
[2010/04/12 18:32:08 | 003,670,016 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\NTUSER.DAT
[2010/04/12 18:32:08 | 000,077,824 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\ntuser.dat.LOG
[2010/04/12 18:32:08 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\NTUSER.DAT.COPY.TMP.LOG
[2010/04/12 18:32:08 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\ntuser.ini
[2010/04/12 17:13:37 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/04/12 17:13:25 | 000,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010/04/12 17:13:18 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/04/12 17:13:14 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/04/12 17:00:24 | 000,368,480 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/04/12 17:00:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/04/12 17:00:23 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/04/09 16:38:51 | 000,001,129 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI
[2010/01/27 17:25:14 | 000,127,488 | -HS- | C] () -- C:\WINDOWS\System32\baserijo.dll
[2010/01/24 22:25:49 | 000,000,313 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2010/01/13 08:53:03 | 000,000,110 | ---- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/10/27 22:51:48 | 000,000,651 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/03/10 19:49:33 | 000,047,104 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/25 20:44:06 | 000,014,385 | ---- | C] () -- C:\WINDOWS\Tw561a.ini
[2008/11/08 15:06:35 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/06/01 04:00:00 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT.COPY.TMP.LOG
[2008/05/06 17:31:47 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/09/11 22:37:26 | 000,000,321 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/06/22 17:55:45 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/05/29 16:53:17 | 000,000,180 | ---- | C] () -- C:\WINDOWS\ap561.ini
[2007/05/29 16:53:17 | 000,000,081 | ---- | C] () -- C:\WINDOWS\Setup8a.ini
[2007/05/23 18:11:19 | 000,000,858 | ---- | C] () -- C:\WINDOWS\EZLiveMonitor2.0.INI
[2007/05/23 18:10:50 | 000,000,012 | ---- | C] () -- C:\WINDOWS\EZMediaBox2.ini
[2007/05/23 18:09:51 | 000,000,812 | ---- | C] () -- C:\WINDOWS\EZVMail3.ini
[2007/02/12 20:20:39 | 000,000,046 | ---- | C] () -- C:\WINDOWS\VID_DirectX.INI
[2006/11/03 20:39:25 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/01 12:02:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/01 11:37:55 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/09/01 11:32:23 | 000,014,314 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/09/01 11:32:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/09/01 11:29:03 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/01 11:19:13 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/09/01 11:18:37 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/01 11:13:37 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/09/01 11:09:46 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/09/01 11:06:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4624.dll
[2006/09/01 11:06:02 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2006/09/01 10:50:56 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/09/01 10:48:40 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/09/01 10:48:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/09/01 10:48:26 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/09/01 10:46:35 | 000,237,568 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2006/09/01 10:46:35 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2006/09/01 10:46:35 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2006/09/01 10:46:34 | 000,237,568 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2006/09/01 10:46:34 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2006/09/01 10:46:34 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2006/06/16 14:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/31 00:17:36 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2005/08/31 00:17:36 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2005/08/31 00:17:36 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2005/08/06 00:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/12 15:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2004/09/16 23:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/10 00:00:00 | 000,153,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\dmio.sys
[2004/07/26 10:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/03/23 17:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll

========== LOP Check ==========

[2010/04/12 18:34:14 | 000,000,480 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job
[2010/04/27 18:22:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{5886F2C0-8E1B-4372-A56B-879EBD6230EE}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\rkill.com:SummaryInformation
< End of report >


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 53,435 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:01 AM

Posted 30 April 2010 - 04:57 AM

Hi, that looks like a rootkit or two. Before we can fix, it, we need to look for a replacement copy for a file.

Please rerun OTLPE, and copy/paste the following text into the "run scan/fix" field. Click the None button and then Run Scan.

CODE
/md5start
dmio.sys
/md5stop
Post me the resulting log please. It will be a lot shorter than this one.
regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


banner.png

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome


#5 groundwire

groundwire
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 30 April 2010 - 02:23 PM

thank you very much for your help so far. i wonder if you have the time, would you mind explaining a little more about what's going on and how you are interpreting these scan results? here is the modified scan:



OTL logfile created on: 4/30/2010 2:52:33 PM - Run
OTLPE by OldTimer - Version 3.1.38.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.23 Gb Total Space | 92.46 Gb Free Space | 41.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 8.63 Gb Total Space | 0.39 Gb Free Space | 4.48% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 11:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006/09/01 11:48:33 | 001,119,888 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/07/06 17:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/06/02 02:25:00 | 000,180,224 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe -- (ELService) Intel®
SRV - [2006/01/02 16:18:24 | 000,045,744 | ---- | M] (Symantec Corporation) [On_Demand] -- c:\Program Files\Norton Internet Security\comHost.exe -- (comHost)
SRV - [2005/12/31 01:42:18 | 000,133,792 | ---- | M] (Symantec Corporation) [Auto] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2005/10/13 11:48:40 | 000,072,280 | ---- | M] (Symantec Corporation) [On_Demand] -- c:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - [2005/09/24 18:10:56 | 000,749,696 | ---- | M] (Symantec Corporation) [On_Demand] -- c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2005/09/19 14:24:20 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/09/17 03:27:12 | 000,169,584 | ---- | M] (Symantec Corporation) [Auto] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/09/17 03:27:10 | 000,202,352 | ---- | M] (Symantec Corporation) [Auto] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2005/09/17 03:27:06 | 000,192,112 | ---- | M] (Symantec Corporation) [Auto] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/09/15 18:21:14 | 001,160,800 | ---- | M] (Symantec Corporation) [On_Demand] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/08/26 17:22:48 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Boot] -- -- (ptpj)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/04/28 19:25:52 | 000,823,808 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tayftvgx.sys -- (tayftvgx)
DRV - [2010/04/27 17:25:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2010/04/19 09:49:49 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/11/04 12:15:30 | 004,423,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/13 14:44:46 | 000,153,344 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/09/01 11:48:33 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/07/06 09:59:42 | 000,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2006/06/23 17:02:02 | 001,095,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/06/14 14:04:12 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/05/16 14:37:50 | 000,229,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/05/10 01:36:44 | 000,009,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2006/05/10 01:36:42 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\Elmon.sys -- (ELmon)
DRV - [2006/05/10 01:36:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\Elkbd.sys -- (ELkbd)
DRV - [2006/05/10 01:36:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\Elmou.sys -- (ELmou)
DRV - [2006/05/10 01:36:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\Elhid.sys -- (ELhid)
DRV - [2006/04/25 12:00:00 | 000,799,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060425.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2006/04/25 12:00:00 | 000,077,864 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060425.007\NAVENG.SYS -- (NAVENG)
DRV - [2005/12/12 20:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 14:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 14:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
DRV - [2005/12/06 14:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/11/10 10:54:56 | 000,402,944 | ---- | M] (Belkin Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin)
DRV - [2005/09/17 03:20:06 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/09/15 18:21:14 | 000,389,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/09/01 22:07:36 | 000,199,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20050901.036\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2005/08/26 17:22:50 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | Auto] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/08/26 17:22:48 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/06/29 20:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftsata2.sys -- (ftsata2)
DRV - [2004/10/25 14:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 10:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\HP_Administrator.4UR0R4_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\HP_Administrator.4UR0R4_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\HP_Administrator.4UR0R4_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\HP_Administrator.4UR0R4_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\HP_Administrator.4UR0R4_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\HP_Administrator.4UR0R4_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\HP_Administrator.4UR0R4_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/27 17:25:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/26 19:48:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2006/09/01 11:18:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/04/22 18:31:59 | 000,000,000 | ---D | M]

[2010/01/03 19:55:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/10 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {31a96cff-bc7c-4415-9f20-5d3b0e5244b9} - File not found
O2 - BHO: (C:\WINDOWS\system32\fouc7.dll) - {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - C:\WINDOWS\system32\fouc7.dll ()
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKU\HP_Administrator.4UR0R4_ON_C\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [hefiyivego] File not found
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\fix.exe.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\HP_Administrator.4UR0R4_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\HP_Administrator.4UR0R4_ON_C..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Temp\nvsvc32.exe ()
O4 - HKU\HP_Administrator.4UR0R4_ON_C..\Run: [mcexecwin] C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Temp\qsuovztxik.dll ()
O4 - HKU\HP_Administrator.4UR0R4_ON_C..\Run: [newupdate1142C.exe] C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\C1B37F9582687A7F8E16CEA7E8CC2545\newupdate1142C.exe ()
O4 - Startup: C:\Documents and Settings\Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Administrator.YOUR-4DACD0EA75.000\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnapDetect.lnk = C:\WINDOWS\twain_32\ca561a\SnapDetect.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HP_Administrator.4UR0R4\Start Menu\Programs\Startup\Antimalware Doctor.lnk = C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\C1B37F9582687A7F8E16CEA7E8CC2545\newupdate1142C.exe ()
O4 - Startup: C:\Documents and Settings\MCX1\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\MCX1\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\HP_Administrator.4UR0R4_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\HP_Administrator.4UR0R4_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\HP_Administrator.4UR0R4_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1271106319237 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1271113047562 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (baserijo.dll) - C:\WINDOWS\System32\baserijo.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O22 - SharedTaskScheduler: {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - kjsfi8sjefiuoshiefyhiusdhfdf - C:\WINDOWS\system32\fouc7.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/01 11:28:53 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - H:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 00:01:14 | 000,000,053 | -HS- | M] () - H:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{38239128-468c-11df-bef4-00173ffb5634}\Shell - "" = AutoRun
O33 - MountPoints2\{38239128-468c-11df-bef4-00173ffb5634}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{38239128-468c-11df-bef4-00173ffb5634}\Shell\AutoRun\command - "" = J:\WD SmartWare.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/28 14:46:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\orig
[2010/04/28 14:43:12 | 000,000,000 | ---D | C] -- C:\acpihotfix
[2010/04/28 14:42:55 | 000,576,729 | ---- | C] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\174523_ENU_i386_zip.exe
[2010/04/28 14:24:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/04/28 12:50:41 | 000,095,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\atapi.old
[2010/04/28 12:33:51 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\acpi.old
[2010/04/27 19:32:52 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/04/27 18:13:05 | 001,086,856 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\fix.exe.exe
[2010/04/27 18:11:52 | 001,086,856 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\fix.exe.exe
[2010/04/27 18:11:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/27 18:11:15 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 18:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/27 17:44:14 | 005,918,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\mbam-setup.exe
[2010/04/27 17:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/27 17:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/27 17:25:44 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2010/04/27 17:25:44 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2010/04/27 17:25:44 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2010/04/27 17:25:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\C1B37F9582687A7F8E16CEA7E8CC2545
[2010/04/27 17:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Sun
[2010/04/23 23:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\Downloads
[2010/04/22 18:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Apple Computer
[2010/04/22 18:33:24 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/04/22 18:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Apple
[2010/04/22 18:28:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Apple Computer
[2010/04/20 14:51:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\bio135
[2010/04/19 17:57:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/04/19 17:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\AdobeUM
[2010/04/19 17:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Adobe
[2010/04/19 10:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/04/19 10:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/04/19 10:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/04/19 09:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/04/19 09:58:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/04/19 09:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Microsoft Help
[2010/04/19 09:49:49 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/04/19 09:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\DAEMON Tools Lite
[2010/04/18 14:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\uTorrent
[2010/04/18 14:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Mozilla
[2010/04/18 14:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Mozilla
[2010/04/13 15:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Adobe
[2010/04/12 21:51:35 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/04/12 21:51:35 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/04/12 20:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Media Player Classic
[2010/04/12 20:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\BioWare
[2010/04/12 20:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Blizzard Entertainment
[2010/04/12 19:45:14 | 000,479,232 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIDEMGX.dll
[2010/04/12 19:45:14 | 000,311,296 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2010/04/12 19:36:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Western Digital
[2010/04/12 19:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\ATI
[2010/04/12 19:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\ATI
[2010/04/12 19:00:59 | 000,000,000 | ---D | C] -- C:\12ef9504d0de5b4ae734b6
[2010/04/12 18:56:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/04/12 18:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\dotnetfx_cleanup_tool
[2010/04/12 18:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/04/12 18:37:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Recent
[2010/04/12 18:36:50 | 000,000,000 | -HSD | C] -- C:\cmdcons
[2010/04/12 18:32:08 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Microsoft
[2010/04/12 18:32:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\SendTo
[2010/04/12 18:32:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data
[2010/04/12 18:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Start Menu
[2010/04/12 18:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\My Videos
[2010/04/12 18:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\My Pictures
[2010/04/12 18:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\My Music
[2010/04/12 18:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents
[2010/04/12 18:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Favorites
[2010/04/12 18:32:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\IETldCache
[2010/04/12 18:32:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Cookies
[2010/04/12 18:32:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Templates
[2010/04/12 18:32:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\PrintHood
[2010/04/12 18:32:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\NetHood
[2010/04/12 18:32:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\WINDOWS
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Wildtangent
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Symantec
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Real
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Microsoft
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Malwarebytes
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Intuit
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Identities
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\ApplicationHistory
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2010/04/12 18:24:35 | 000,000,000 | ---D | C] -- C:\Program Files\Support Tools
[2010/04/12 18:23:51 | 004,934,480 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\WindowsXP-KB838079-SupportTools-ENU.exe
[2010/04/12 18:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/04/12 18:16:47 | 000,359,656 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\msicuu2.exe
[2010/04/12 18:14:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/04/12 18:10:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\IECompatCache
[2010/04/12 18:08:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\PrivacIE
[2010/04/12 18:00:50 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/04/12 18:00:18 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/04/12 18:00:18 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/04/12 18:00:17 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/04/12 17:57:04 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2010/04/12 17:56:53 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2010/04/12 17:56:53 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2010/04/12 17:56:30 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/04/12 17:56:10 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/04/12 17:55:56 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/04/12 17:50:44 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/04/12 17:50:44 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/04/12 17:50:42 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/04/12 17:50:41 | 002,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/04/12 17:50:41 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/04/12 17:50:40 | 002,024,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/04/12 17:50:20 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/04/12 17:50:15 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/04/12 17:50:08 | 023,510,720 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\dotnetfx.exe
[2010/04/12 17:48:46 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010/04/12 17:48:31 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2010/04/12 17:47:45 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2010/04/12 17:47:41 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/04/12 17:45:48 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010/04/12 17:44:58 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010/04/12 17:42:48 | 002,869,264 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\dotNetFx35setup.exe
[2010/04/12 17:37:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/04/12 17:26:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/04/12 17:26:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/04/12 17:26:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/04/12 17:26:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/04/12 17:13:51 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2010/04/12 17:13:50 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2010/04/12 17:13:49 | 000,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2010/04/12 17:13:49 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2010/04/12 17:13:49 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2010/04/12 17:13:49 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2010/04/12 17:13:49 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2010/04/12 17:13:49 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2010/04/12 17:13:49 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2010/04/12 17:13:49 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2010/04/12 17:13:49 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2010/04/12 17:13:49 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2010/04/12 17:13:47 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2010/04/12 17:13:45 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2010/04/12 17:13:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2010/04/12 17:13:43 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2010/04/12 17:13:43 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2010/04/12 17:13:43 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2010/04/12 17:13:43 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2010/04/12 17:13:43 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2010/04/12 17:13:43 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2010/04/12 17:13:43 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2010/04/12 17:13:43 | 000,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys
[2010/04/12 17:13:43 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2010/04/12 17:13:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2010/04/12 17:13:43 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2010/04/12 17:13:43 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2010/04/12 17:13:43 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2010/04/12 17:13:42 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2010/04/12 17:13:42 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2010/04/12 17:13:41 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2010/04/12 17:13:41 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2010/04/12 17:13:41 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2010/04/12 17:13:41 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2010/04/12 17:13:40 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2010/04/12 17:13:40 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2010/04/12 17:13:40 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2010/04/12 17:13:40 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2010/04/12 17:13:39 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2010/04/12 17:13:38 | 001,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2010/04/12 17:13:37 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2010/04/12 17:13:37 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2010/04/12 17:13:35 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2010/04/12 17:13:35 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010/04/12 17:13:35 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2010/04/12 17:13:35 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2010/04/12 17:13:35 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2010/04/12 17:13:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2010/04/12 17:13:35 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2010/04/12 17:13:35 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2010/04/12 17:13:35 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2010/04/12 17:13:34 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2010/04/12 17:13:34 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2010/04/12 17:13:31 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2010/04/12 17:13:31 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2010/04/12 17:13:30 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2010/04/12 17:13:30 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2010/04/12 17:13:28 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2010/04/12 17:13:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2010/04/12 17:13:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2010/04/12 17:13:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2010/04/12 17:13:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2010/04/12 17:13:26 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2010/04/12 17:13:25 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2010/04/12 17:13:24 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2010/04/12 17:13:22 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2010/04/12 17:13:20 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2010/04/12 17:13:20 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2010/04/12 17:13:20 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2010/04/12 17:13:20 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2010/04/12 17:13:20 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2010/04/12 17:13:20 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2010/04/12 17:13:20 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2010/04/12 17:13:20 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2010/04/12 17:13:18 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2010/04/12 17:13:18 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2010/04/12 17:13:18 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2010/04/12 17:13:18 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2010/04/12 17:13:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2010/04/12 17:13:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2010/04/12 17:13:18 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2010/04/12 17:13:18 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2010/04/12 17:13:15 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2010/04/12 17:13:15 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2010/04/12 17:13:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2010/04/12 17:13:14 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2010/04/12 17:13:14 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2010/04/12 17:13:14 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010/04/12 17:13:14 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010/04/12 17:13:14 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010/04/12 17:13:14 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010/04/12 17:13:14 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010/04/12 17:13:14 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2010/04/12 17:13:14 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010/04/12 17:13:14 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010/04/12 17:13:14 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2010/04/12 17:13:14 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2010/04/12 17:13:14 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2010/04/12 17:13:14 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2010/04/12 17:13:14 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010/04/12 17:13:14 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2010/04/12 17:13:14 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010/04/12 17:13:14 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010/04/12 17:13:14 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2010/04/12 17:13:14 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2010/04/12 17:13:13 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2010/04/12 17:13:13 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2010/04/12 17:13:13 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2010/04/12 17:13:13 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2010/04/12 17:13:13 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys
[2010/04/12 17:13:13 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2010/04/12 17:13:13 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2010/04/12 17:13:13 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2010/04/12 17:13:13 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2010/04/12 17:13:13 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2010/04/12 17:13:13 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2010/04/12 17:13:13 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2010/04/12 17:13:13 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2010/04/12 17:13:13 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2010/04/12 17:13:13 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2010/04/12 17:13:13 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2010/04/12 17:13:13 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2010/04/12 17:13:13 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2010/04/12 17:13:13 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2010/04/12 17:13:13 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2010/04/12 17:13:12 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2010/04/12 17:07:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/04/12 17:05:53 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2010/04/12 17:05:53 | 000,021,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2010/04/12 17:05:53 | 000,017,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2010/04/12 17:05:53 | 000,015,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2010/04/12 17:05:53 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2010/04/12 17:05:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/04/12 17:00:24 | 013,000,704 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atioglxx.dll
[2010/04/12 17:00:24 | 003,526,656 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticaldd.dll
[2010/04/12 17:00:24 | 002,135,680 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\dllcache\ativvaxx.dll
[2010/04/12 17:00:24 | 002,135,680 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2010/04/12 17:00:24 | 000,638,976 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2cqag.dll
[2010/04/12 17:00:24 | 000,638,976 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2010/04/12 17:00:24 | 000,300,032 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvag.dll
[2010/04/12 17:00:24 | 000,300,032 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2010/04/12 17:00:24 | 000,155,648 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2010/04/12 17:00:24 | 000,155,648 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2evxx.dll
[2010/04/12 17:00:24 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atibtmon.exe
[2010/04/12 17:00:24 | 000,065,024 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\atimpc32.dll
[2010/04/12 17:00:24 | 000,065,024 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\amdpcom32.dll
[2010/04/12 17:00:24 | 000,053,248 | ---- | C] ( ATI Technologies Inc.) -- C:\WINDOWS\System32\ATIDDC.DLL
[2010/04/12 17:00:24 | 000,045,056 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalrt.dll
[2010/04/12 17:00:24 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2010/04/12 17:00:24 | 000,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2010/04/12 17:00:24 | 000,024,064 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ativcoxx.dll
[2010/04/12 17:00:24 | 000,017,408 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atitvo32.dll
[2010/04/12 17:00:23 | 004,423,168 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2010/04/12 17:00:23 | 004,423,168 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys
[2010/04/12 17:00:23 | 003,518,304 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3duag.dll
[2010/04/12 17:00:23 | 003,518,304 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2010/04/12 17:00:23 | 000,565,248 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atikvmag.dll
[2010/04/12 17:00:23 | 000,397,312 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiok3x2.dll
[2010/04/12 17:00:23 | 000,204,800 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2010/04/12 17:00:23 | 000,172,032 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiadlxx.dll
[2010/04/12 17:00:23 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiapfxx.exe
[2010/04/12 17:00:23 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2erec.dll
[2010/04/12 17:00:23 | 000,045,056 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalcl.dll
[2010/04/12 16:58:38 | 047,594,848 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\10-3_xp32_dd_ccc_wdm_enu.exe
[2010/04/12 16:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Macromedia
[2010/04/12 16:54:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\UserData
[2010/04/12 09:22:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp
[2010/04/09 16:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\SCM Microsystems
[2006/02/19 13:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/28 19:25:52 | 000,823,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\tayftvgx.sys
[2010/04/28 18:47:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/28 14:52:33 | 000,237,568 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/04/28 14:52:33 | 000,237,568 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/04/28 14:52:33 | 000,004,100 | -H-- | M] () -- C:\WINDOWS\System32\labigafa
[2010/04/28 14:52:29 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\NTUSER.DAT
[2010/04/28 14:52:29 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\ntuser.ini
[2010/04/28 14:42:58 | 000,576,729 | ---- | M] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\174523_ENU_i386_zip.exe
[2010/04/28 14:26:06 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/04/28 14:26:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/04/27 18:22:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/27 18:22:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5886F2C0-8E1B-4372-A56B-879EBD6230EE}.job
[2010/04/27 18:21:13 | 000,000,455 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/27 18:20:56 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\rkill.com
[2010/04/27 18:20:56 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\rkill.PIF
[2010/04/27 18:18:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/27 18:14:59 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/27 17:45:57 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/04/27 17:44:34 | 005,918,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\mbam-setup.exe
[2010/04/27 17:28:22 | 000,317,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/27 17:26:06 | 000,002,230 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\KLry0l
[2010/04/27 17:25:45 | 000,001,303 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/04/27 17:25:44 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2010/04/27 17:25:44 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2010/04/27 17:25:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2010/04/27 17:25:04 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\fouc7.dll
[2010/04/24 14:53:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/23 14:52:53 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\World of Warcraft.lnk
[2010/04/22 16:29:26 | 000,000,605 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/22 05:31:50 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/21 07:55:32 | 000,299,008 | ---- | M] () -- C:\WINDOWS\System32\omipwmyw.dll
[2010/04/20 17:57:09 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\Adobe Photoshop 7.0.lnk
[2010/04/19 10:54:12 | 000,089,680 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/19 10:41:29 | 000,435,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/19 10:41:29 | 000,068,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/19 10:41:28 | 000,509,536 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/19 09:49:49 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/04/14 04:01:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/12 18:58:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/12 18:53:07 | 000,261,246 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\dotnetfx_cleanup_tool.zip
[2010/04/12 18:37:08 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/12 18:35:24 | 000,001,857 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_RC663AA-ABA a1640n_YC_0Pavi_QCNH637_E64NAemMPA4_48_IBuckeye_SASUSTek Computer INC._V1.05_B3.17_T070821_WXP2_L409_M2047_J250_7Intel_8Core2 6300_91.87_#061103_N8086104C_Z14F12F20_G.MRK
[2010/04/12 18:34:14 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2010/04/12 18:30:38 | 000,001,111 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/04/12 18:29:54 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2010/04/12 18:24:07 | 004,934,480 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\WindowsXP-KB838079-SupportTools-ENU.exe
[2010/04/12 18:16:50 | 000,359,656 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\msicuu2.exe
[2010/04/12 17:50:12 | 023,510,720 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\dotnetfx.exe
[2010/04/12 17:42:58 | 002,869,264 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\dotNetFx35setup.exe
[2010/04/12 17:40:36 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/04/12 17:25:47 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/04/12 16:59:12 | 047,594,848 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\10-3_xp32_dd_ccc_wdm_enu.exe
[2010/04/09 16:38:54 | 000,001,129 | ---- | M] () -- C:\WINDOWS\HBCIKRNL.INI
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/27 18:20:56 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\rkill.PIF
[2010/04/27 17:34:30 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\rkill.com
[2010/04/27 17:26:01 | 000,823,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\tayftvgx.sys
[2010/04/27 17:25:45 | 000,001,303 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/04/27 17:25:29 | 000,002,230 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\KLry0l
[2010/04/27 17:25:04 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\fouc7.dll
[2010/04/21 07:55:32 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\omipwmyw.dll
[2010/04/20 17:57:09 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\Adobe Photoshop 7.0.lnk
[2010/04/14 16:11:43 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\World of Warcraft.lnk
[2010/04/12 19:45:14 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/04/12 19:45:14 | 000,195,855 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/04/12 19:45:14 | 000,018,618 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2010/04/12 19:45:14 | 000,007,167 | ---- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2010/04/12 19:45:14 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/04/12 19:07:56 | 000,024,451 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\CCCInstall_201004121807560000.log
[2010/04/12 18:53:06 | 000,261,246 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\dotnetfx_cleanup_tool.zip
[2010/04/12 18:46:44 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/12 18:35:56 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk
[2010/04/12 18:35:54 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk
[2010/04/12 18:35:20 | 000,001,857 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_RC663AA-ABA a1640n_YC_0Pavi_QCNH637_E64NAemMPA4_48_IBuckeye_SASUSTek Computer INC._V1.05_B3.17_T070821_WXP2_L409_M2047_J250_7Intel_8Core2 6300_91.87_#061103_N8086104C_Z14F12F20_G.MRK
[2010/04/12 18:34:14 | 000,000,480 | ---- | C] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2010/04/12 18:32:10 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\fusioncache.dat
[2010/04/12 18:32:08 | 003,670,016 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\NTUSER.DAT
[2010/04/12 18:32:08 | 000,118,784 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\ntuser.dat.LOG
[2010/04/12 18:32:08 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\NTUSER.DAT.COPY.TMP.LOG
[2010/04/12 18:32:08 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\ntuser.ini
[2010/04/12 17:13:37 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/04/12 17:13:25 | 000,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010/04/12 17:13:18 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/04/12 17:13:14 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/04/12 17:00:24 | 000,368,480 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/04/12 17:00:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/04/12 17:00:23 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/04/09 16:38:51 | 000,001,129 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI
[2010/01/27 17:25:14 | 000,127,488 | -HS- | C] () -- C:\WINDOWS\System32\baserijo.dll
[2010/01/24 22:25:49 | 000,000,313 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2010/01/13 08:53:03 | 000,000,110 | ---- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/10/27 22:51:48 | 000,000,651 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/03/10 19:49:33 | 000,047,104 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/25 20:44:06 | 000,014,385 | ---- | C] () -- C:\WINDOWS\Tw561a.ini
[2008/11/08 15:06:35 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/06/01 04:00:00 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT.COPY.TMP.LOG
[2008/05/06 17:31:47 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/09/11 22:37:26 | 000,000,321 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/06/22 17:55:45 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/05/29 16:53:17 | 000,000,180 | ---- | C] () -- C:\WINDOWS\ap561.ini
[2007/05/29 16:53:17 | 000,000,081 | ---- | C] () -- C:\WINDOWS\Setup8a.ini
[2007/05/23 18:11:19 | 000,000,858 | ---- | C] () -- C:\WINDOWS\EZLiveMonitor2.0.INI
[2007/05/23 18:10:50 | 000,000,012 | ---- | C] () -- C:\WINDOWS\EZMediaBox2.ini
[2007/05/23 18:09:51 | 000,000,812 | ---- | C] () -- C:\WINDOWS\EZVMail3.ini
[2007/02/12 20:20:39 | 000,000,046 | ---- | C] () -- C:\WINDOWS\VID_DirectX.INI
[2006/11/03 20:39:25 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/01 12:02:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/01 11:37:55 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/09/01 11:32:23 | 000,014,314 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/09/01 11:32:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/09/01 11:29:03 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/01 11:19:13 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/09/01 11:18:37 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/01 11:13:37 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/09/01 11:09:46 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/09/01 11:06:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4624.dll
[2006/09/01 11:06:02 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2006/09/01 10:50:56 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/09/01 10:48:40 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/09/01 10:48:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/09/01 10:48:26 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/09/01 10:46:35 | 000,237,568 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2006/09/01 10:46:35 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2006/09/01 10:46:35 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2006/09/01 10:46:34 | 000,237,568 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2006/09/01 10:46:34 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2006/09/01 10:46:34 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2006/06/16 14:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/31 00:17:36 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2005/08/31 00:17:36 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2005/08/31 00:17:36 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2005/08/06 00:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/12 15:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2004/09/16 23:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/10 00:00:00 | 000,153,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\dmio.sys
[2004/07/26 10:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/03/23 17:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll

========== LOP Check ==========

[2010/04/12 18:34:14 | 000,000,480 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job
[2010/04/27 18:22:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{5886F2C0-8E1B-4372-A56B-879EBD6230EE}.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: DMIO.SYS >
[2008/04/13 14:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) MD5=7C824CF7BBDE77D95C08005717A95F6F -- C:\WINDOWS\ServicePackFiles\i386\dmio.sys
[2008/04/13 14:44:46 | 000,153,344 | ---- | M] () MD5=B662055C7190445F9C561DEC5B6A7928 -- C:\WINDOWS\system32\drivers\dmio.sys
[2004/08/10 00:00:00 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) MD5=F5E7B358A732D09F4BCF2824B88B9E28 -- C:\WINDOWS\$NtServicePackUninstall$\dmio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\rkill.com:SummaryInformation
< End of report >


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 53,435 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:01 AM

Posted 30 April 2010 - 02:42 PM

Hi, please copy/paste the following text into OTLPE and click Run Fix. Afterwards see if you can boot normally.

CODE
:files
C:\WINDOWS\system32\drivers\dmio.sys|C:\WINDOWS\ServicePackFiles\i386\dmio.sys /replace

:otl
DRV - [2010/04/28 19:25:52 | 000,823,808 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tayftvgx.sys -- (tayftvgx)
O2 - BHO: (C:\WINDOWS\system32\fouc7.dll) - {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - C:\WINDOWS\system32\fouc7.dll ()
O4 - HKLM..\Run: [hefiyivego] File not found
O4 - HKU\HP_Administrator.4UR0R4_ON_C..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Temp\nvsvc32.exe ()
O4 - HKU\HP_Administrator.4UR0R4_ON_C..\Run: [mcexecwin] C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Temp\qsuovztxik.dll ()
O4 - HKU\HP_Administrator.4UR0R4_ON_C..\Run: [newupdate1142C.exe] C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\C1B37F9582687A7F8E16CEA7E8CC2545\newupdate1142C.exe ()
O7 - HKU\HP_Administrator.4UR0R4_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\HP_Administrator.4UR0R4_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - AppInit_DLLs: (baserijo.dll) - C:\WINDOWS\System32\baserijo.dll ()
O22 - SharedTaskScheduler: {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - kjsfi8sjefiuoshiefyhiusdhfdf - C:\WINDOWS\system32\fouc7.dll ()
O32 - AutoRun File - [2004/04/30 00:01:14 | 000,000,053 | -HS- | M] () - H:\Autorun.inf -- [ FAT32 ]
[2010/04/28 14:52:33 | 000,004,100 | -H-- | M] () -- C:\WINDOWS\System32\labigafa

:commands
[emptytemp]


regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


banner.png

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome


#7 groundwire

groundwire
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 30 April 2010 - 03:11 PM

cannot boot normally.

BSOD-
STOP:0x0000007B (0xBA4C3524, 0xC0000034, 0x00000000, 0x00000000)


and the fix log:

========== FILES ==========
File C:\WINDOWS\system32\drivers\dmio.sys successfully replaced with C:\WINDOWS\ServicePackFiles\i386\dmio.sys
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tayftvgx deleted successfully.
C:\WINDOWS\system32\drivers\tayftvgx.sys moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2BA40A0-74F1-52BD-F411-00B15A2C8953}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2BA40A0-74F1-52BD-F411-00B15A2C8953}\ deleted successfully.
C:\WINDOWS\system32\fouc7.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hefiyivego deleted successfully.
Registry value HKEY_USERS\HP_Administrator.4UR0R4_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\hsf87efjhdsf87f3jfsdi7fhsujfd deleted successfully.
C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Temp\nvsvc32.exe moved successfully.
Registry value HKEY_USERS\HP_Administrator.4UR0R4_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\mcexecwin deleted successfully.
C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Temp\qsuovztxik.dll moved successfully.
Registry value HKEY_USERS\HP_Administrator.4UR0R4_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\newupdate1142C.exe deleted successfully.
C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\C1B37F9582687A7F8E16CEA7E8CC2545\newupdate1142C.exe moved successfully.
Registry value HKEY_USERS\HP_Administrator.4UR0R4_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions deleted successfully.
Registry value HKEY_USERS\HP_Administrator.4UR0R4_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:baserijo.dll deleted successfully.
C:\WINDOWS\system32\baserijo.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{A2BA40A0-74F1-52BD-F411-00B15A2C8953} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2BA40A0-74F1-52BD-F411-00B15A2C8953}\ not found.
File C:\WINDOWS\system32\fouc7.dll not found.
H:\Autorun.inf moved successfully.
C:\WINDOWS\system32\labigafa moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 311296 bytes
->Temporary Internet Files folder emptied: 8778463 bytes

User: Administrator.YOUR-4DACD0EA75
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 35327 bytes

User: Administrator.YOUR-4DACD0EA75.000
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 35327 bytes

User: All Users

User: Application Data

User: Default User
->Temp folder emptied: 311296 bytes
->Temporary Internet Files folder emptied: 8752549 bytes
->Flash cache emptied: 41620 bytes

User: HP_Administrator
->Temp folder emptied: 130692634 bytes
->Temporary Internet Files folder emptied: 24880942 bytes
->Java cache emptied: 23086841 bytes
->FireFox cache emptied: 91934833 bytes
->Google Chrome cache emptied: 6457909 bytes
->Apple Safari cache emptied: 178828485 bytes
->Flash cache emptied: 382181 bytes

User: HP_Administrator.4UR0R4
->Temp folder emptied: 108703836 bytes
->Temporary Internet Files folder emptied: 350596490 bytes
->Java cache emptied: 30623 bytes
->FireFox cache emptied: 77498260 bytes
->Flash cache emptied: 51767 bytes

User: LocalService
->Temp folder emptied: 66062 bytes
->Temporary Internet Files folder emptied: 281672 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: MCX1
->Temp folder emptied: 1527610 bytes
->Temporary Internet Files folder emptied: 5176805 bytes
->Flash cache emptied: 526 bytes

User: NetworkService
->Temp folder emptied: 5118004 bytes
->Temporary Internet Files folder emptied: 3330631 bytes
->Flash cache emptied: 1620 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes

User: NetworkService.NT AUTHORITY.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1446897 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 83195387 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 11251336 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 8752549 bytes

Total Files Cleaned = 1,079.00 mb


OTLPE by OldTimer - Version 3.1.38.0 log created on 04302010_160314


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 53,435 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:01 AM

Posted 30 April 2010 - 03:13 PM

Could you please post me a new OTLPE log, but now, under drivers make sure ALL is ticked.

Is acpi.sys still mentioned in the BSOD?
regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


banner.png

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome


#9 groundwire

groundwire
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 30 April 2010 - 03:23 PM

ok currently waiting for reatogo to load will proceed to scan. the blue screen does not reference any files at this point.


edit: results of newest scan--


OTL logfile created on: 4/30/2010 5:24:10 PM - Run
OTLPE by OldTimer - Version 3.1.38.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.23 Gb Total Space | 93.55 Gb Free Space | 41.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 8.63 Gb Total Space | 0.39 Gb Free Space | 4.48% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 11:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006/09/01 11:48:33 | 001,119,888 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/07/06 17:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/06/02 02:25:00 | 000,180,224 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe -- (ELService) Intel®
SRV - [2006/01/02 16:18:24 | 000,045,744 | ---- | M] (Symantec Corporation) [On_Demand] -- c:\Program Files\Norton Internet Security\comHost.exe -- (comHost)
SRV - [2005/12/31 01:42:18 | 000,133,792 | ---- | M] (Symantec Corporation) [Auto] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2005/10/13 11:48:40 | 000,072,280 | ---- | M] (Symantec Corporation) [On_Demand] -- c:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - [2005/09/24 18:10:56 | 000,749,696 | ---- | M] (Symantec Corporation) [On_Demand] -- c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2005/09/19 14:24:20 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/09/17 03:27:12 | 000,169,584 | ---- | M] (Symantec Corporation) [Auto] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/09/17 03:27:10 | 000,202,352 | ---- | M] (Symantec Corporation) [Auto] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2005/09/17 03:27:06 | 000,192,112 | ---- | M] (Symantec Corporation) [Auto] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/09/15 18:21:14 | 001,160,800 | ---- | M] (Symantec Corporation) [On_Demand] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/08/26 17:22:48 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled] -- -- (symc810)
DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | Boot] -- -- (ptpj)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2010/04/27 17:25:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2010/04/19 09:49:49 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/11/04 12:15:30 | 004,423,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/10/20 12:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/24 07:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/13 20:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/13 20:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 20:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/13 20:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 15:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 15:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 15:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 15:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 15:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 15:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 15:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup)
DRV - [2008/04/13 15:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 15:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 15:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 14:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 14:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/04/13 14:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 14:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/13 14:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 14:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 14:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 14:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 14:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 14:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 14:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 14:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 14:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/13 14:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2008/04/13 14:51:25 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2008/04/13 14:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 14:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (usbstor)
DRV - [2008/04/13 14:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 14:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 14:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/04/13 14:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 14:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 14:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 14:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 14:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 14:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 14:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 14:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 14:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 14:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 14:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 14:40:31 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde)
DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 14:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde)
DRV - [2008/04/13 14:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 14:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 14:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 14:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 14:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 14:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 14:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 14:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 14:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 14:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 14:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
DRV - [2008/04/13 14:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 14:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2008/04/13 14:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 14:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/04/13 14:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008/04/13 14:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 14:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/13 14:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 14:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 14:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 14:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 06:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/09/01 11:48:33 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/07/06 09:59:42 | 000,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2006/06/23 17:02:02 | 001,095,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/06/14 14:04:12 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/05/16 14:37:50 | 000,229,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/05/10 01:36:44 | 000,009,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2006/05/10 01:36:42 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\Elmon.sys -- (ELmon)
DRV - [2006/05/10 01:36:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\Elkbd.sys -- (ELkbd)
DRV - [2006/05/10 01:36:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\Elmou.sys -- (ELmou)
DRV - [2006/05/10 01:36:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\Elhid.sys -- (ELhid)
DRV - [2006/04/25 12:00:00 | 000,799,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060425.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2006/04/25 12:00:00 | 000,077,864 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060425.007\NAVENG.SYS -- (NAVENG)
DRV - [2006/03/09 14:00:00 | 000,046,080 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2005/12/12 20:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 14:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 14:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
DRV - [2005/12/06 14:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/11/10 10:54:56 | 000,402,944 | ---- | M] (Belkin Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin)
DRV - [2005/10/05 18:57:08 | 000,012,544 | ---- | M] (Conexant) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/09/17 03:20:06 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/09/15 18:21:14 | 000,389,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/09/01 22:07:36 | 000,199,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20050901.036\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2005/08/26 17:22:50 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | Auto] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/08/26 17:22:48 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/06/29 20:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftsata2.sys -- (ftsata2)
DRV - [2004/10/25 14:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/08/10 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/10 05:45:04 | 000,011,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mhndrv.sys -- (MHNDRV)
DRV - [2004/08/10 00:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/10 00:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/10 00:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/10 00:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/10 00:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/10 00:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/10 00:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/10 00:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/10 00:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/10 00:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/10 00:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/10 00:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/10 00:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/10 00:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/10 00:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep)
DRV - [2004/08/10 00:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\null.sys -- (Null)
DRV - [2004/08/10 00:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 10:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\bb-run.sys -- (bb-run)
DRV - [2001/08/17 23:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2001/08/17 16:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/17 08:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\HP_Administrator.4UR0R4_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\HP_Administrator.4UR0R4_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\HP_Administrator.4UR0R4_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\HP_Administrator.4UR0R4_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\HP_Administrator.4UR0R4_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\HP_Administrator.4UR0R4_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\HP_Administrator.4UR0R4_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/27 17:25:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/26 19:48:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2006/09/01 11:18:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/04/22 18:31:59 | 000,000,000 | ---D | M]

[2010/01/03 19:55:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/10 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {31a96cff-bc7c-4415-9f20-5d3b0e5244b9} - File not found
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKU\HP_Administrator.4UR0R4_ON_C\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\fix.exe.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\HP_Administrator.4UR0R4_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Administrator.YOUR-4DACD0EA75.000\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnapDetect.lnk = C:\WINDOWS\twain_32\ca561a\SnapDetect.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HP_Administrator.4UR0R4\Start Menu\Programs\Startup\Antimalware Doctor.lnk = C:\Documents and Settings\Administrator\Application Data\C1B37F9582687A7F8E16CEA7E8CC2545\newupdate1142C.exe File not found
O4 - Startup: C:\Documents and Settings\MCX1\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\MCX1\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\HP_Administrator.4UR0R4_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1271106319237 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1271113047562 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/01 11:28:53 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - H:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/30 16:03:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/28 14:46:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\orig
[2010/04/28 14:43:12 | 000,000,000 | ---D | C] -- C:\acpihotfix
[2010/04/28 14:42:55 | 000,576,729 | ---- | C] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\174523_ENU_i386_zip.exe
[2010/04/28 14:24:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/04/28 12:50:41 | 000,095,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\atapi.old
[2010/04/28 12:33:51 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\acpi.old
[2010/04/27 19:32:52 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/04/27 18:13:05 | 001,086,856 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\fix.exe.exe
[2010/04/27 18:11:52 | 001,086,856 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\fix.exe.exe
[2010/04/27 18:11:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/27 18:11:15 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 18:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/27 17:44:14 | 005,918,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\mbam-setup.exe
[2010/04/27 17:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/27 17:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/27 17:25:44 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2010/04/27 17:25:44 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2010/04/27 17:25:44 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2010/04/27 17:25:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\C1B37F9582687A7F8E16CEA7E8CC2545
[2010/04/27 17:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Sun
[2010/04/23 23:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\Downloads
[2010/04/22 18:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Apple Computer
[2010/04/22 18:33:24 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/04/22 18:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Apple
[2010/04/22 18:28:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Apple Computer
[2010/04/20 14:51:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\bio135
[2010/04/19 17:57:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/04/19 17:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\AdobeUM
[2010/04/19 17:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Adobe
[2010/04/19 10:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/04/19 10:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/04/19 10:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/04/19 09:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/04/19 09:58:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/04/19 09:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Microsoft Help
[2010/04/19 09:49:49 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/04/19 09:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\DAEMON Tools Lite
[2010/04/18 14:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\uTorrent
[2010/04/18 14:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Mozilla
[2010/04/18 14:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Mozilla
[2010/04/13 15:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Adobe
[2010/04/12 21:51:35 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/04/12 21:51:35 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/04/12 20:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Media Player Classic
[2010/04/12 20:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\BioWare
[2010/04/12 20:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Blizzard Entertainment
[2010/04/12 19:45:14 | 000,479,232 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIDEMGX.dll
[2010/04/12 19:45:14 | 000,311,296 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2010/04/12 19:36:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Western Digital
[2010/04/12 19:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\ATI
[2010/04/12 19:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\ATI
[2010/04/12 19:00:59 | 000,000,000 | ---D | C] -- C:\12ef9504d0de5b4ae734b6
[2010/04/12 18:56:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/04/12 18:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\dotnetfx_cleanup_tool
[2010/04/12 18:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/04/12 18:37:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Recent
[2010/04/12 18:36:50 | 000,000,000 | -HSD | C] -- C:\cmdcons
[2010/04/12 18:32:08 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Microsoft
[2010/04/12 18:32:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\SendTo
[2010/04/12 18:32:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data
[2010/04/12 18:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Start Menu
[2010/04/12 18:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\My Videos
[2010/04/12 18:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\My Pictures
[2010/04/12 18:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\My Music
[2010/04/12 18:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents
[2010/04/12 18:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Favorites
[2010/04/12 18:32:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\IETldCache
[2010/04/12 18:32:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Cookies
[2010/04/12 18:32:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Templates
[2010/04/12 18:32:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\PrintHood
[2010/04/12 18:32:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\NetHood
[2010/04/12 18:32:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\WINDOWS
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Wildtangent
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Symantec
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Real
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Microsoft
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Malwarebytes
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Intuit
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Identities
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\ApplicationHistory
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2010/04/12 18:24:35 | 000,000,000 | ---D | C] -- C:\Program Files\Support Tools
[2010/04/12 18:23:51 | 004,934,480 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\WindowsXP-KB838079-SupportTools-ENU.exe
[2010/04/12 18:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/04/12 18:16:47 | 000,359,656 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\msicuu2.exe
[2010/04/12 18:14:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/04/12 18:10:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\IECompatCache
[2010/04/12 18:08:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\PrivacIE
[2010/04/12 18:00:50 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/04/12 18:00:18 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/04/12 18:00:18 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/04/12 18:00:17 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/04/12 17:57:04 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2010/04/12 17:56:53 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2010/04/12 17:56:53 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2010/04/12 17:56:30 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/04/12 17:56:10 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/04/12 17:55:56 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/04/12 17:50:44 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/04/12 17:50:44 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/04/12 17:50:42 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/04/12 17:50:41 | 002,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/04/12 17:50:41 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/04/12 17:50:40 | 002,024,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/04/12 17:50:20 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/04/12 17:50:15 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/04/12 17:50:08 | 023,510,720 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\dotnetfx.exe
[2010/04/12 17:48:46 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010/04/12 17:48:31 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2010/04/12 17:47:45 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2010/04/12 17:47:41 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/04/12 17:45:48 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010/04/12 17:44:58 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010/04/12 17:42:48 | 002,869,264 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\dotNetFx35setup.exe
[2010/04/12 17:37:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/04/12 17:26:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/04/12 17:26:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/04/12 17:26:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/04/12 17:26:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/04/12 17:13:51 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2010/04/12 17:13:50 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2010/04/12 17:13:49 | 000,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2010/04/12 17:13:49 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2010/04/12 17:13:49 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2010/04/12 17:13:49 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2010/04/12 17:13:49 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2010/04/12 17:13:49 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2010/04/12 17:13:49 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2010/04/12 17:13:49 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2010/04/12 17:13:49 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2010/04/12 17:13:49 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2010/04/12 17:13:47 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2010/04/12 17:13:45 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2010/04/12 17:13:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2010/04/12 17:13:43 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2010/04/12 17:13:43 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2010/04/12 17:13:43 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2010/04/12 17:13:43 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2010/04/12 17:13:43 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2010/04/12 17:13:43 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2010/04/12 17:13:43 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2010/04/12 17:13:43 | 000,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys
[2010/04/12 17:13:43 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2010/04/12 17:13:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2010/04/12 17:13:43 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2010/04/12 17:13:43 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2010/04/12 17:13:43 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2010/04/12 17:13:42 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2010/04/12 17:13:42 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2010/04/12 17:13:41 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2010/04/12 17:13:41 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2010/04/12 17:13:41 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2010/04/12 17:13:41 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2010/04/12 17:13:40 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2010/04/12 17:13:40 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2010/04/12 17:13:40 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2010/04/12 17:13:40 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2010/04/12 17:13:39 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2010/04/12 17:13:38 | 001,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2010/04/12 17:13:37 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2010/04/12 17:13:37 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2010/04/12 17:13:35 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2010/04/12 17:13:35 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010/04/12 17:13:35 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2010/04/12 17:13:35 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2010/04/12 17:13:35 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2010/04/12 17:13:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2010/04/12 17:13:35 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2010/04/12 17:13:35 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2010/04/12 17:13:35 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2010/04/12 17:13:34 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2010/04/12 17:13:34 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2010/04/12 17:13:31 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2010/04/12 17:13:31 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2010/04/12 17:13:30 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2010/04/12 17:13:30 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2010/04/12 17:13:28 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2010/04/12 17:13:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2010/04/12 17:13:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2010/04/12 17:13:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2010/04/12 17:13:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2010/04/12 17:13:26 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2010/04/12 17:13:25 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2010/04/12 17:13:24 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2010/04/12 17:13:22 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2010/04/12 17:13:20 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2010/04/12 17:13:20 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2010/04/12 17:13:20 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2010/04/12 17:13:20 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2010/04/12 17:13:20 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2010/04/12 17:13:20 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2010/04/12 17:13:20 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2010/04/12 17:13:20 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2010/04/12 17:13:18 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2010/04/12 17:13:18 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2010/04/12 17:13:18 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2010/04/12 17:13:18 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2010/04/12 17:13:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2010/04/12 17:13:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2010/04/12 17:13:18 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2010/04/12 17:13:18 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2010/04/12 17:13:15 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2010/04/12 17:13:15 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2010/04/12 17:13:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2010/04/12 17:13:14 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2010/04/12 17:13:14 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2010/04/12 17:13:14 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010/04/12 17:13:14 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010/04/12 17:13:14 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010/04/12 17:13:14 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010/04/12 17:13:14 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010/04/12 17:13:14 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2010/04/12 17:13:14 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010/04/12 17:13:14 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010/04/12 17:13:14 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2010/04/12 17:13:14 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2010/04/12 17:13:14 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2010/04/12 17:13:14 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2010/04/12 17:13:14 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010/04/12 17:13:14 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2010/04/12 17:13:14 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010/04/12 17:13:14 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010/04/12 17:13:14 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2010/04/12 17:13:14 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2010/04/12 17:13:13 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2010/04/12 17:13:13 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2010/04/12 17:13:13 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2010/04/12 17:13:13 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2010/04/12 17:13:13 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys
[2010/04/12 17:13:13 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2010/04/12 17:13:13 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2010/04/12 17:13:13 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2010/04/12 17:13:13 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2010/04/12 17:13:13 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2010/04/12 17:13:13 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2010/04/12 17:13:13 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2010/04/12 17:13:13 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2010/04/12 17:13:13 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2010/04/12 17:13:13 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2010/04/12 17:13:13 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2010/04/12 17:13:13 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2010/04/12 17:13:13 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2010/04/12 17:13:13 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2010/04/12 17:13:13 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2010/04/12 17:13:12 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2010/04/12 17:07:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/04/12 17:05:53 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2010/04/12 17:05:53 | 000,021,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2010/04/12 17:05:53 | 000,017,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2010/04/12 17:05:53 | 000,015,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2010/04/12 17:05:53 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2010/04/12 17:05:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/04/12 17:00:24 | 013,000,704 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atioglxx.dll
[2010/04/12 17:00:24 | 003,526,656 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticaldd.dll
[2010/04/12 17:00:24 | 002,135,680 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\dllcache\ativvaxx.dll
[2010/04/12 17:00:24 | 002,135,680 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2010/04/12 17:00:24 | 000,638,976 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2cqag.dll
[2010/04/12 17:00:24 | 000,638,976 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2010/04/12 17:00:24 | 000,300,032 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvag.dll
[2010/04/12 17:00:24 | 000,300,032 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2010/04/12 17:00:24 | 000,155,648 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2010/04/12 17:00:24 | 000,155,648 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2evxx.dll
[2010/04/12 17:00:24 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atibtmon.exe
[2010/04/12 17:00:24 | 000,065,024 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\atimpc32.dll
[2010/04/12 17:00:24 | 000,065,024 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\amdpcom32.dll
[2010/04/12 17:00:24 | 000,053,248 | ---- | C] ( ATI Technologies Inc.) -- C:\WINDOWS\System32\ATIDDC.DLL
[2010/04/12 17:00:24 | 000,045,056 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalrt.dll
[2010/04/12 17:00:24 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2010/04/12 17:00:24 | 000,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2010/04/12 17:00:24 | 000,024,064 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ativcoxx.dll
[2010/04/12 17:00:24 | 000,017,408 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atitvo32.dll
[2010/04/12 17:00:23 | 004,423,168 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2010/04/12 17:00:23 | 004,423,168 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys
[2010/04/12 17:00:23 | 003,518,304 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3duag.dll
[2010/04/12 17:00:23 | 003,518,304 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2010/04/12 17:00:23 | 000,565,248 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atikvmag.dll
[2010/04/12 17:00:23 | 000,397,312 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiok3x2.dll
[2010/04/12 17:00:23 | 000,204,800 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2010/04/12 17:00:23 | 000,172,032 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiadlxx.dll
[2010/04/12 17:00:23 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiapfxx.exe
[2010/04/12 17:00:23 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2erec.dll
[2010/04/12 17:00:23 | 000,045,056 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalcl.dll
[2010/04/12 16:58:38 | 047,594,848 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\10-3_xp32_dd_ccc_wdm_enu.exe
[2010/04/12 16:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Macromedia
[2010/04/12 16:54:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\UserData
[2010/04/12 09:22:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp
[2010/04/09 16:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\SCM Microsystems
[2006/02/19 13:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

========== Files - Modified Within 30 Days ==========

[2010/04/30 16:06:30 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\NTUSER.DAT
[2010/04/28 18:47:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/28 14:52:33 | 000,237,568 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/04/28 14:52:33 | 000,237,568 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/04/28 14:52:29 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\ntuser.ini
[2010/04/28 14:42:58 | 000,576,729 | ---- | M] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\174523_ENU_i386_zip.exe
[2010/04/28 14:26:06 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/04/28 14:26:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/04/27 18:22:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/27 18:22:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5886F2C0-8E1B-4372-A56B-879EBD6230EE}.job
[2010/04/27 18:21:13 | 000,000,455 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/27 18:20:56 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\rkill.com
[2010/04/27 18:20:56 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\rkill.PIF
[2010/04/27 18:18:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/27 18:14:59 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/27 17:45:57 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/04/27 17:44:34 | 005,918,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\mbam-setup.exe
[2010/04/27 17:28:22 | 000,317,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/27 17:26:06 | 000,002,230 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\KLry0l
[2010/04/27 17:25:45 | 000,001,303 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/04/27 17:25:44 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2010/04/27 17:25:44 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2010/04/27 17:25:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2010/04/24 14:53:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/23 14:52:53 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\World of Warcraft.lnk
[2010/04/22 16:29:26 | 000,000,605 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/22 05:31:50 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/21 07:55:32 | 000,299,008 | ---- | M] () -- C:\WINDOWS\System32\omipwmyw.dll
[2010/04/20 17:57:09 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\Adobe Photoshop 7.0.lnk
[2010/04/19 10:54:12 | 000,089,680 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/19 10:41:29 | 000,435,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/19 10:41:29 | 000,068,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/19 10:41:28 | 000,509,536 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/19 09:49:49 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/04/14 04:01:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/12 18:58:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/12 18:53:07 | 000,261,246 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\dotnetfx_cleanup_tool.zip
[2010/04/12 18:37:08 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/12 18:35:24 | 000,001,857 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_RC663AA-ABA a1640n_YC_0Pavi_QCNH637_E64NAemMPA4_48_IBuckeye_SASUSTek Computer INC._V1.05_B3.17_T070821_WXP2_L409_M2047_J250_7Intel_8Core2 6300_91.87_#061103_N8086104C_Z14F12F20_G.MRK
[2010/04/12 18:34:14 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2010/04/12 18:30:38 | 000,001,111 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/04/12 18:29:54 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2010/04/12 18:24:07 | 004,934,480 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\WindowsXP-KB838079-SupportTools-ENU.exe
[2010/04/12 18:16:50 | 000,359,656 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\msicuu2.exe
[2010/04/12 17:50:12 | 023,510,720 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\dotnetfx.exe
[2010/04/12 17:42:58 | 002,869,264 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\dotNetFx35setup.exe
[2010/04/12 17:40:36 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/04/12 17:25:47 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/04/12 16:59:12 | 047,594,848 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\10-3_xp32_dd_ccc_wdm_enu.exe
[2010/04/09 16:38:54 | 000,001,129 | ---- | M] () -- C:\WINDOWS\HBCIKRNL.INI

========== Files Created - No Company Name ==========

[2010/04/27 18:20:56 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\rkill.PIF
[2010/04/27 17:34:30 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\rkill.com
[2010/04/27 17:25:45 | 000,001,303 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/04/27 17:25:29 | 000,002,230 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\KLry0l
[2010/04/21 07:55:32 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\omipwmyw.dll
[2010/04/20 17:57:09 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\Adobe Photoshop 7.0.lnk
[2010/04/14 16:11:43 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\World of Warcraft.lnk
[2010/04/12 19:45:14 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/04/12 19:45:14 | 000,195,855 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/04/12 19:45:14 | 000,018,618 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2010/04/12 19:45:14 | 000,007,167 | ---- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2010/04/12 19:45:14 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/04/12 19:07:56 | 000,024,451 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\CCCInstall_201004121807560000.log
[2010/04/12 18:53:06 | 000,261,246 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\dotnetfx_cleanup_tool.zip
[2010/04/12 18:46:44 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/12 18:35:56 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk
[2010/04/12 18:35:54 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk
[2010/04/12 18:35:20 | 000,001,857 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_RC663AA-ABA a1640n_YC_0Pavi_QCNH637_E64NAemMPA4_48_IBuckeye_SASUSTek Computer INC._V1.05_B3.17_T070821_WXP2_L409_M2047_J250_7Intel_8Core2 6300_91.87_#061103_N8086104C_Z14F12F20_G.MRK
[2010/04/12 18:34:14 | 000,000,480 | ---- | C] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2010/04/12 18:32:10 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\fusioncache.dat
[2010/04/12 18:32:08 | 003,670,016 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\NTUSER.DAT
[2010/04/12 18:32:08 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\ntuser.dat.LOG
[2010/04/12 18:32:08 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\NTUSER.DAT.COPY.TMP.LOG
[2010/04/12 18:32:08 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\ntuser.ini
[2010/04/12 17:13:37 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/04/12 17:13:25 | 000,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010/04/12 17:13:18 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/04/12 17:13:14 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/04/12 17:00:24 | 000,368,480 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/04/12 17:00:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/04/12 17:00:23 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/04/09 16:38:51 | 000,001,129 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI
[2010/01/24 22:25:49 | 000,000,313 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2010/01/13 08:53:03 | 000,000,110 | ---- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/10/27 22:51:48 | 000,000,651 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/03/10 19:49:33 | 000,047,104 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/25 20:44:06 | 000,014,385 | ---- | C] () -- C:\WINDOWS\Tw561a.ini
[2008/11/08 15:06:35 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/06/01 04:00:00 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT.COPY.TMP.LOG
[2008/05/06 17:31:47 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/09/11 22:37:26 | 000,000,321 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/06/22 17:55:45 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/05/29 16:53:17 | 000,000,180 | ---- | C] () -- C:\WINDOWS\ap561.ini
[2007/05/29 16:53:17 | 000,000,081 | ---- | C] () -- C:\WINDOWS\Setup8a.ini
[2007/05/23 18:11:19 | 000,000,858 | ---- | C] () -- C:\WINDOWS\EZLiveMonitor2.0.INI
[2007/05/23 18:10:50 | 000,000,012 | ---- | C] () -- C:\WINDOWS\EZMediaBox2.ini
[2007/05/23 18:09:51 | 000,000,812 | ---- | C] () -- C:\WINDOWS\EZVMail3.ini
[2007/02/12 20:20:39 | 000,000,046 | ---- | C] () -- C:\WINDOWS\VID_DirectX.INI
[2006/11/03 20:39:25 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/01 12:02:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/01 11:37:55 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/09/01 11:32:23 | 000,014,314 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/09/01 11:32:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/09/01 11:29:03 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/01 11:19:13 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/09/01 11:18:37 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/01 11:13:37 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/09/01 11:09:46 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/09/01 11:06:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4624.dll
[2006/09/01 11:06:02 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2006/09/01 10:50:56 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/09/01 10:48:40 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/09/01 10:48:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/09/01 10:48:26 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/09/01 10:46:35 | 000,237,568 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2006/09/01 10:46:35 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2006/09/01 10:46:35 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2006/09/01 10:46:34 | 000,237,568 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2006/09/01 10:46:34 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2006/09/01 10:46:34 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2006/06/16 14:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/31 00:17:36 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2005/08/31 00:17:36 | 000,069,632 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2005/08/31 00:17:36 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2005/08/06 00:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/12 15:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2004/09/16 23:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/07/26 10:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/03/23 17:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll

========== LOP Check ==========

[2010/04/12 18:34:14 | 000,000,480 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job
[2010/04/27 18:22:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{5886F2C0-8E1B-4372-A56B-879EBD6230EE}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\rkill.com:SummaryInformation
< End of report >

Edited by groundwire, 30 April 2010 - 03:31 PM.


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 53,435 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:01 AM

Posted 30 April 2010 - 03:38 PM

With a bit of luck I found the problem; there was still an orphaned driver that wants to run on boot (I overlooked it in the last log).

Please run the following fix (click Run Fix).
CODE
:services
ptpj

regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


banner.png

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome


#11 groundwire

groundwire
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 30 April 2010 - 03:42 PM

did you see my edited post with the newest scan? i applied the fix in otlpe, it reported as removed successfully, but i am still receiving the same BSOD.

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 53,435 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:01 AM

Posted 30 April 2010 - 03:47 PM

In that case, lets go into paranoid mode and start hunting every remotely suspicious looking driver tongue.gif

Please copy/paste the following into OTLPE, click None and then Run Scan.
CODE
/md5start
mrxsmb.sys
iastor.sys
atapi.sys
/md5stop


regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


banner.png

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome


#13 groundwire

groundwire
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 30 April 2010 - 04:06 PM

just to confirm you meant to click none in the driver section?

results:

OTL logfile created on: 4/30/2010 7:03:21 PM - Run
OTLPE by OldTimer - Version 3.1.38.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.23 Gb Total Space | 93.55 Gb Free Space | 41.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 8.63 Gb Total Space | 0.39 Gb Free Space | 4.48% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 11:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006/09/01 11:48:33 | 001,119,888 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/07/06 17:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/06/02 02:25:00 | 000,180,224 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe -- (ELService) Intel®
SRV - [2006/01/02 16:18:24 | 000,045,744 | ---- | M] (Symantec Corporation) [On_Demand] -- c:\Program Files\Norton Internet Security\comHost.exe -- (comHost)
SRV - [2005/12/31 01:42:18 | 000,133,792 | ---- | M] (Symantec Corporation) [Auto] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2005/10/13 11:48:40 | 000,072,280 | ---- | M] (Symantec Corporation) [On_Demand] -- c:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - [2005/09/24 18:10:56 | 000,749,696 | ---- | M] (Symantec Corporation) [On_Demand] -- c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2005/09/19 14:24:20 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/09/17 03:27:12 | 000,169,584 | ---- | M] (Symantec Corporation) [Auto] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/09/17 03:27:10 | 000,202,352 | ---- | M] (Symantec Corporation) [Auto] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2005/09/17 03:27:06 | 000,192,112 | ---- | M] (Symantec Corporation) [Auto] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/09/15 18:21:14 | 001,160,800 | ---- | M] (Symantec Corporation) [On_Demand] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/08/26 17:22:48 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\HP_Administrator.4UR0R4_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\HP_Administrator.4UR0R4_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\HP_Administrator.4UR0R4_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\HP_Administrator.4UR0R4_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\HP_Administrator.4UR0R4_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\HP_Administrator.4UR0R4_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\HP_Administrator.4UR0R4_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/27 17:25:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/26 19:48:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2006/09/01 11:18:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/04/22 18:31:59 | 000,000,000 | ---D | M]

[2010/01/03 19:55:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/10 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {31a96cff-bc7c-4415-9f20-5d3b0e5244b9} - File not found
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKU\HP_Administrator.4UR0R4_ON_C\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\fix.exe.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\HP_Administrator.4UR0R4_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\Administrator.YOUR-4DACD0EA75\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Administrator.YOUR-4DACD0EA75.000\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe (Belkin Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnapDetect.lnk = C:\WINDOWS\twain_32\ca561a\SnapDetect.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HP_Administrator.4UR0R4\Start Menu\Programs\Startup\Antimalware Doctor.lnk = C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\C1B37F9582687A7F8E16CEA7E8CC2545\newupdate1142C.exe File not found
O4 - Startup: C:\Documents and Settings\MCX1\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\MCX1\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\HP_Administrator.4UR0R4_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1271106319237 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1271113047562 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/01 11:28:53 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - H:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{38239128-468c-11df-bef4-00173ffb5634}\Shell - "" = AutoRun
O33 - MountPoints2\{38239128-468c-11df-bef4-00173ffb5634}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{38239128-468c-11df-bef4-00173ffb5634}\Shell\AutoRun\command - "" = J:\WD SmartWare.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/30 16:03:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/28 14:46:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\orig
[2010/04/28 14:43:12 | 000,000,000 | ---D | C] -- C:\acpihotfix
[2010/04/28 14:42:55 | 000,576,729 | ---- | C] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\174523_ENU_i386_zip.exe
[2010/04/28 14:24:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/04/28 12:50:41 | 000,095,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\atapi.old
[2010/04/28 12:33:51 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\acpi.old
[2010/04/27 19:32:52 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/04/27 18:13:05 | 001,086,856 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\fix.exe.exe
[2010/04/27 18:11:52 | 001,086,856 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\fix.exe.exe
[2010/04/27 18:11:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/27 18:11:15 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 18:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/27 17:44:14 | 005,918,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\mbam-setup.exe
[2010/04/27 17:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/27 17:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/27 17:25:44 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2010/04/27 17:25:44 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2010/04/27 17:25:44 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2010/04/27 17:25:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\C1B37F9582687A7F8E16CEA7E8CC2545
[2010/04/27 17:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Sun
[2010/04/23 23:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\Downloads
[2010/04/22 18:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Apple Computer
[2010/04/22 18:33:24 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/04/22 18:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Apple
[2010/04/22 18:28:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Apple Computer
[2010/04/20 14:51:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\bio135
[2010/04/19 17:57:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/04/19 17:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\AdobeUM
[2010/04/19 17:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Adobe
[2010/04/19 10:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/04/19 10:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/04/19 10:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/04/19 09:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/04/19 09:58:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/04/19 09:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Microsoft Help
[2010/04/19 09:49:49 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/04/19 09:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\DAEMON Tools Lite
[2010/04/18 14:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\uTorrent
[2010/04/18 14:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Mozilla
[2010/04/18 14:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Mozilla
[2010/04/13 15:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Adobe
[2010/04/12 21:51:35 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/04/12 21:51:35 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/04/12 20:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Media Player Classic
[2010/04/12 20:26:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\BioWare
[2010/04/12 20:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Blizzard Entertainment
[2010/04/12 19:45:14 | 000,479,232 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIDEMGX.dll
[2010/04/12 19:45:14 | 000,311,296 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2010/04/12 19:36:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Western Digital
[2010/04/12 19:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\ATI
[2010/04/12 19:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\ATI
[2010/04/12 19:00:59 | 000,000,000 | ---D | C] -- C:\12ef9504d0de5b4ae734b6
[2010/04/12 18:56:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/04/12 18:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\dotnetfx_cleanup_tool
[2010/04/12 18:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/04/12 18:37:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Recent
[2010/04/12 18:36:50 | 000,000,000 | -HSD | C] -- C:\cmdcons
[2010/04/12 18:32:08 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Microsoft
[2010/04/12 18:32:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\SendTo
[2010/04/12 18:32:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data
[2010/04/12 18:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Start Menu
[2010/04/12 18:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\My Videos
[2010/04/12 18:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\My Pictures
[2010/04/12 18:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\My Music
[2010/04/12 18:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents
[2010/04/12 18:32:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Favorites
[2010/04/12 18:32:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\IETldCache
[2010/04/12 18:32:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Cookies
[2010/04/12 18:32:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Templates
[2010/04/12 18:32:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\PrintHood
[2010/04/12 18:32:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\NetHood
[2010/04/12 18:32:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\WINDOWS
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Wildtangent
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Symantec
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Real
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\Microsoft
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Malwarebytes
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Intuit
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Identities
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\ApplicationHistory
[2010/04/12 18:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2010/04/12 18:24:35 | 000,000,000 | ---D | C] -- C:\Program Files\Support Tools
[2010/04/12 18:23:51 | 004,934,480 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\WindowsXP-KB838079-SupportTools-ENU.exe
[2010/04/12 18:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/04/12 18:16:47 | 000,359,656 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\msicuu2.exe
[2010/04/12 18:14:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/04/12 18:10:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\IECompatCache
[2010/04/12 18:08:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\PrivacIE
[2010/04/12 18:00:50 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/04/12 18:00:18 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/04/12 18:00:18 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/04/12 18:00:17 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/04/12 17:57:04 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2010/04/12 17:56:53 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2010/04/12 17:56:53 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2010/04/12 17:56:30 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/04/12 17:56:10 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/04/12 17:55:56 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/04/12 17:50:44 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/04/12 17:50:44 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/04/12 17:50:42 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/04/12 17:50:41 | 002,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/04/12 17:50:41 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/04/12 17:50:40 | 002,024,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/04/12 17:50:20 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/04/12 17:50:15 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/04/12 17:50:08 | 023,510,720 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\dotnetfx.exe
[2010/04/12 17:48:46 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010/04/12 17:48:31 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2010/04/12 17:47:45 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2010/04/12 17:47:41 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/04/12 17:45:48 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010/04/12 17:44:58 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010/04/12 17:42:48 | 002,869,264 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\dotNetFx35setup.exe
[2010/04/12 17:37:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/04/12 17:26:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/04/12 17:26:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/04/12 17:26:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/04/12 17:26:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/04/12 17:13:51 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2010/04/12 17:13:50 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2010/04/12 17:13:49 | 000,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2010/04/12 17:13:49 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2010/04/12 17:13:49 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2010/04/12 17:13:49 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2010/04/12 17:13:49 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2010/04/12 17:13:49 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2010/04/12 17:13:49 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2010/04/12 17:13:49 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2010/04/12 17:13:49 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2010/04/12 17:13:49 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2010/04/12 17:13:47 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2010/04/12 17:13:45 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2010/04/12 17:13:45 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2010/04/12 17:13:43 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2010/04/12 17:13:43 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2010/04/12 17:13:43 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2010/04/12 17:13:43 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2010/04/12 17:13:43 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2010/04/12 17:13:43 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2010/04/12 17:13:43 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2010/04/12 17:13:43 | 000,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys
[2010/04/12 17:13:43 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2010/04/12 17:13:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2010/04/12 17:13:43 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2010/04/12 17:13:43 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2010/04/12 17:13:43 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2010/04/12 17:13:42 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2010/04/12 17:13:42 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2010/04/12 17:13:41 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2010/04/12 17:13:41 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2010/04/12 17:13:41 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2010/04/12 17:13:41 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2010/04/12 17:13:40 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2010/04/12 17:13:40 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2010/04/12 17:13:40 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2010/04/12 17:13:40 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2010/04/12 17:13:39 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2010/04/12 17:13:38 | 001,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2010/04/12 17:13:37 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2010/04/12 17:13:37 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2010/04/12 17:13:35 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2010/04/12 17:13:35 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010/04/12 17:13:35 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2010/04/12 17:13:35 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2010/04/12 17:13:35 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2010/04/12 17:13:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2010/04/12 17:13:35 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2010/04/12 17:13:35 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2010/04/12 17:13:35 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2010/04/12 17:13:34 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2010/04/12 17:13:34 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2010/04/12 17:13:31 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2010/04/12 17:13:31 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2010/04/12 17:13:30 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2010/04/12 17:13:30 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2010/04/12 17:13:28 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2010/04/12 17:13:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2010/04/12 17:13:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2010/04/12 17:13:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2010/04/12 17:13:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2010/04/12 17:13:26 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2010/04/12 17:13:25 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2010/04/12 17:13:24 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2010/04/12 17:13:22 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2010/04/12 17:13:20 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2010/04/12 17:13:20 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2010/04/12 17:13:20 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2010/04/12 17:13:20 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2010/04/12 17:13:20 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2010/04/12 17:13:20 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2010/04/12 17:13:20 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2010/04/12 17:13:20 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2010/04/12 17:13:18 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2010/04/12 17:13:18 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2010/04/12 17:13:18 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2010/04/12 17:13:18 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2010/04/12 17:13:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2010/04/12 17:13:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2010/04/12 17:13:18 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2010/04/12 17:13:18 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2010/04/12 17:13:15 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2010/04/12 17:13:15 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2010/04/12 17:13:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2010/04/12 17:13:14 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2010/04/12 17:13:14 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2010/04/12 17:13:14 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010/04/12 17:13:14 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010/04/12 17:13:14 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010/04/12 17:13:14 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010/04/12 17:13:14 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010/04/12 17:13:14 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2010/04/12 17:13:14 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010/04/12 17:13:14 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010/04/12 17:13:14 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2010/04/12 17:13:14 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2010/04/12 17:13:14 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2010/04/12 17:13:14 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2010/04/12 17:13:14 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010/04/12 17:13:14 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2010/04/12 17:13:14 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010/04/12 17:13:14 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010/04/12 17:13:14 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2010/04/12 17:13:14 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2010/04/12 17:13:13 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2010/04/12 17:13:13 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2010/04/12 17:13:13 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2010/04/12 17:13:13 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2010/04/12 17:13:13 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys
[2010/04/12 17:13:13 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2010/04/12 17:13:13 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2010/04/12 17:13:13 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2010/04/12 17:13:13 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2010/04/12 17:13:13 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2010/04/12 17:13:13 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2010/04/12 17:13:13 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2010/04/12 17:13:13 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2010/04/12 17:13:13 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2010/04/12 17:13:13 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2010/04/12 17:13:13 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2010/04/12 17:13:13 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2010/04/12 17:13:13 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2010/04/12 17:13:13 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2010/04/12 17:13:13 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2010/04/12 17:13:12 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2010/04/12 17:07:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/04/12 17:05:53 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2010/04/12 17:05:53 | 000,021,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2010/04/12 17:05:53 | 000,017,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2010/04/12 17:05:53 | 000,015,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2010/04/12 17:05:53 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2010/04/12 17:05:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/04/12 17:00:24 | 013,000,704 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atioglxx.dll
[2010/04/12 17:00:24 | 003,526,656 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticaldd.dll
[2010/04/12 17:00:24 | 002,135,680 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\dllcache\ativvaxx.dll
[2010/04/12 17:00:24 | 002,135,680 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2010/04/12 17:00:24 | 000,638,976 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2cqag.dll
[2010/04/12 17:00:24 | 000,638,976 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2010/04/12 17:00:24 | 000,300,032 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvag.dll
[2010/04/12 17:00:24 | 000,300,032 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2010/04/12 17:00:24 | 000,155,648 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2010/04/12 17:00:24 | 000,155,648 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2evxx.dll
[2010/04/12 17:00:24 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atibtmon.exe
[2010/04/12 17:00:24 | 000,065,024 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\atimpc32.dll
[2010/04/12 17:00:24 | 000,065,024 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\amdpcom32.dll
[2010/04/12 17:00:24 | 000,053,248 | ---- | C] ( ATI Technologies Inc.) -- C:\WINDOWS\System32\ATIDDC.DLL
[2010/04/12 17:00:24 | 000,045,056 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalrt.dll
[2010/04/12 17:00:24 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2010/04/12 17:00:24 | 000,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2010/04/12 17:00:24 | 000,024,064 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ativcoxx.dll
[2010/04/12 17:00:24 | 000,017,408 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atitvo32.dll
[2010/04/12 17:00:23 | 004,423,168 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2010/04/12 17:00:23 | 004,423,168 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys
[2010/04/12 17:00:23 | 003,518,304 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3duag.dll
[2010/04/12 17:00:23 | 003,518,304 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2010/04/12 17:00:23 | 000,565,248 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atikvmag.dll
[2010/04/12 17:00:23 | 000,397,312 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiok3x2.dll
[2010/04/12 17:00:23 | 000,204,800 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2010/04/12 17:00:23 | 000,172,032 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiadlxx.dll
[2010/04/12 17:00:23 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiapfxx.exe
[2010/04/12 17:00:23 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2erec.dll
[2010/04/12 17:00:23 | 000,045,056 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalcl.dll
[2010/04/12 16:58:38 | 047,594,848 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\10-3_xp32_dd_ccc_wdm_enu.exe
[2010/04/12 16:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\Application Data\Macromedia
[2010/04/12 16:54:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.4UR0R4\UserData
[2010/04/12 09:22:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp
[2010/04/09 16:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\SCM Microsystems
[2006/02/19 13:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

========== Files - Modified Within 30 Days ==========

[2010/04/30 17:39:30 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/04/30 16:06:30 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\NTUSER.DAT
[2010/04/28 18:47:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/28 14:52:33 | 000,237,568 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/04/28 14:52:33 | 000,237,568 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/04/28 14:52:29 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\ntuser.ini
[2010/04/28 14:42:58 | 000,576,729 | ---- | M] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\174523_ENU_i386_zip.exe
[2010/04/28 14:26:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/04/27 18:22:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/27 18:22:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5886F2C0-8E1B-4372-A56B-879EBD6230EE}.job
[2010/04/27 18:21:13 | 000,000,455 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/27 18:20:56 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\rkill.com
[2010/04/27 18:20:56 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\rkill.PIF
[2010/04/27 18:18:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/27 18:14:59 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/27 17:45:57 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/04/27 17:44:34 | 005,918,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\mbam-setup.exe
[2010/04/27 17:28:22 | 000,317,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/27 17:26:06 | 000,002,230 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\KLry0l
[2010/04/27 17:25:45 | 000,001,303 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/04/27 17:25:44 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2010/04/27 17:25:44 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2010/04/27 17:25:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2010/04/24 14:53:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/23 14:52:53 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\World of Warcraft.lnk
[2010/04/22 16:29:26 | 000,000,605 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/22 05:31:50 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/21 07:55:32 | 000,299,008 | ---- | M] () -- C:\WINDOWS\System32\omipwmyw.dll
[2010/04/20 17:57:09 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\Adobe Photoshop 7.0.lnk
[2010/04/19 10:54:12 | 000,089,680 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/19 10:41:29 | 000,435,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/19 10:41:29 | 000,068,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/19 10:41:28 | 000,509,536 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/19 09:49:49 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/04/14 04:01:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/12 18:58:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/12 18:53:07 | 000,261,246 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\dotnetfx_cleanup_tool.zip
[2010/04/12 18:37:08 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/12 18:35:24 | 000,001,857 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_RC663AA-ABA a1640n_YC_0Pavi_QCNH637_E64NAemMPA4_48_IBuckeye_SASUSTek Computer INC._V1.05_B3.17_T070821_WXP2_L409_M2047_J250_7Intel_8Core2 6300_91.87_#061103_N8086104C_Z14F12F20_G.MRK
[2010/04/12 18:34:14 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2010/04/12 18:30:38 | 000,001,111 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/04/12 18:29:54 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2010/04/12 18:24:07 | 004,934,480 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\WindowsXP-KB838079-SupportTools-ENU.exe
[2010/04/12 18:16:50 | 000,359,656 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\msicuu2.exe
[2010/04/12 17:50:12 | 023,510,720 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\dotnetfx.exe
[2010/04/12 17:42:58 | 002,869,264 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\dotNetFx35setup.exe
[2010/04/12 17:40:36 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/04/12 17:25:47 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/04/12 16:59:12 | 047,594,848 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\10-3_xp32_dd_ccc_wdm_enu.exe
[2010/04/09 16:38:54 | 000,001,129 | ---- | M] () -- C:\WINDOWS\HBCIKRNL.INI

========== Files Created - No Company Name ==========

[2010/04/27 18:20:56 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\rkill.PIF
[2010/04/27 17:34:30 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\rkill.com
[2010/04/27 17:25:45 | 000,001,303 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Start Menu\Programs\Startup\Antimalware Doctor.lnk
[2010/04/27 17:25:29 | 000,002,230 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\KLry0l
[2010/04/21 07:55:32 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\omipwmyw.dll
[2010/04/20 17:57:09 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\Adobe Photoshop 7.0.lnk
[2010/04/14 16:11:43 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\World of Warcraft.lnk
[2010/04/12 19:45:14 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/04/12 19:45:14 | 000,195,855 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/04/12 19:45:14 | 000,018,618 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2010/04/12 19:45:14 | 000,007,167 | ---- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2010/04/12 19:45:14 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/04/12 19:07:56 | 000,024,451 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\CCCInstall_201004121807560000.log
[2010/04/12 18:53:06 | 000,261,246 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\My Documents\dotnetfx_cleanup_tool.zip
[2010/04/12 18:46:44 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/12 18:35:56 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk
[2010/04/12 18:35:54 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk
[2010/04/12 18:35:20 | 000,001,857 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_RC663AA-ABA a1640n_YC_0Pavi_QCNH637_E64NAemMPA4_48_IBuckeye_SASUSTek Computer INC._V1.05_B3.17_T070821_WXP2_L409_M2047_J250_7Intel_8Core2 6300_91.87_#061103_N8086104C_Z14F12F20_G.MRK
[2010/04/12 18:34:14 | 000,000,480 | ---- | C] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2010/04/12 18:32:10 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\Local Settings\Application Data\fusioncache.dat
[2010/04/12 18:32:08 | 003,670,016 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\NTUSER.DAT
[2010/04/12 18:32:08 | 000,061,440 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\ntuser.dat.LOG
[2010/04/12 18:32:08 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\NTUSER.DAT.COPY.TMP.LOG
[2010/04/12 18:32:08 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator.4UR0R4\ntuser.ini
[2010/04/12 17:13:37 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/04/12 17:13:25 | 000,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010/04/12 17:13:18 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/04/12 17:13:14 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/04/12 17:00:24 | 000,368,480 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/04/12 17:00:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/04/12 17:00:23 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/04/09 16:38:51 | 000,001,129 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI
[2010/01/24 22:25:49 | 000,000,313 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2010/01/13 08:53:03 | 000,000,110 | ---- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/10/27 22:51:48 | 000,000,651 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/03/10 19:49:33 | 000,047,104 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/25 20:44:06 | 000,014,385 | ---- | C] () -- C:\WINDOWS\Tw561a.ini
[2008/11/08 15:06:35 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/06/01 04:00:00 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT.COPY.TMP.LOG
[2008/05/06 17:31:47 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/09/11 22:37:26 | 000,000,321 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/06/22 17:55:45 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/05/29 16:53:17 | 000,000,180 | ---- | C] () -- C:\WINDOWS\ap561.ini
[2007/05/29 16:53:17 | 000,000,081 | ---- | C] () -- C:\WINDOWS\Setup8a.ini
[2007/05/23 18:11:19 | 000,000,858 | ---- | C] () -- C:\WINDOWS\EZLiveMonitor2.0.INI
[2007/05/23 18:10:50 | 000,000,012 | ---- | C] () -- C:\WINDOWS\EZMediaBox2.ini
[2007/05/23 18:09:51 | 000,000,812 | ---- | C] () -- C:\WINDOWS\EZVMail3.ini
[2007/02/12 20:20:39 | 000,000,046 | ---- | C] () -- C:\WINDOWS\VID_DirectX.INI
[2006/11/03 20:39:25 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/01 12:02:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/01 11:37:55 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/09/01 11:32:23 | 000,014,314 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/09/01 11:32:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/09/01 11:29:03 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/01 11:19:13 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/09/01 11:18:37 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/01 11:13:37 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/09/01 11:09:46 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/09/01 11:06:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4624.dll
[2006/09/01 11:06:02 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2006/09/01 10:50:56 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/09/01 10:48:40 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/09/01 10:48:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/09/01 10:48:26 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/09/01 10:46:35 | 000,237,568 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2006/09/01 10:46:35 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2006/09/01 10:46:35 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2006/09/01 10:46:34 | 000,237,568 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2006/09/01 10:46:34 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2006/09/01 10:46:34 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2006/06/16 14:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/31 00:17:36 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2005/08/31 00:17:36 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2005/08/31 00:17:36 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2005/08/06 00:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/12 15:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2004/09/16 23:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/07/26 10:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/03/23 17:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll

========== LOP Check ==========

[2010/04/12 18:34:14 | 000,000,480 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job
[2010/04/27 18:22:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{5886F2C0-8E1B-4372-A56B-879EBD6230EE}.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: ATAPI.SYS >
[2008/05/17 18:35:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:atapi.sys
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/04/12 17:22:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/09 17:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2010/04/12 17:22:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: IASTOR.SYS >
[2006/07/06 09:59:42 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\cmdcons\iastor.sys
[2006/07/06 09:59:42 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\hp\drivers\Intel_raid\iastor.sys
[2006/07/06 16:59:42 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys
[2006/07/06 09:59:42 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\WINDOWS\system32\drivers\iaStor.sys
[2006/05/11 14:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\hp\drivers\Intel_6.0.0.1022_WHQL\iaStor.sys
[2006/05/11 14:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\iaStor.sys
[2006/07/06 17:01:32 | 000,484,864 | ---- | M] (Intel Corporation) MD5=6A3C354BFC163B81F6EF2FC421280DB5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2005/06/17 09:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys

< MD5 for: MRXSMB.SYS >
[2008/05/17 18:35:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:mrxsmb.sys
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:mrxsmb.sys
[2010/04/12 17:22:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:mrxsmb.sys
[2004/08/09 17:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:mrxsmb.sys
[2010/04/12 17:22:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:mrxsmb.sys
[2004/08/10 00:00:00 | 000,451,456 | ---- | M] (Microsoft Corporation) MD5=1FD607FC67F7F7C633C3DA65BFC53D18 -- C:\WINDOWS\$NtUninstallKB885250$\mrxsmb.sys
[2009/12/04 14:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) MD5=421F7B922CEC5A5F340E7574A98F7B7C -- C:\WINDOWS\$NtUninstallKB980232$\mrxsmb.sys
[2005/01/19 07:26:52 | 000,451,584 | ---- | M] (Microsoft Corporation) MD5=5DDC9A1B2EB5A4BF010CE8C019A18C1F -- C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys
[2005/01/19 07:26:52 | 000,451,584 | ---- | M] (Microsoft Corporation) MD5=5DDC9A1B2EB5A4BF010CE8C019A18C1F -- C:\WINDOWS\$NtUninstallKB914389$\mrxsmb.sys
[2009/12/04 13:25:56 | 000,456,832 | ---- | M] (Microsoft Corporation) MD5=602549D1E8A622E5746991F6C56B21CA -- C:\WINDOWS\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys
[2008/04/13 15:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\$NtUninstallKB957097$\mrxsmb.sys
[2008/04/13 15:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\$NtUninstallKB978251$\mrxsmb.sys
[2008/04/13 15:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys
[2008/10/24 07:41:11 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=7170AB42B51954DEF2781A4D1CCE65F4 -- C:\WINDOWS\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
[2006/05/05 06:16:39 | 000,454,400 | ---- | M] (Microsoft Corporation) MD5=7412CE77C6FD823F8889B4DF420C680B -- C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys
[2005/01/19 06:51:57 | 000,451,584 | ---- | M] (Microsoft Corporation) MD5=7B195060FF456FA65954C72C5C1640FF -- C:\WINDOWS\$hf_mig$\KB885250\SP2QFE\mrxsmb.sys
[2004/10/28 04:15:16 | 000,448,128 | ---- | M] (Microsoft Corporation) MD5=A1BE3CB080DCC0A8270D21E3CA3B7005 -- C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys
[2010/02/24 07:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\system32\dllcache\mrxsmb.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\system32\drivers\mrxsmb.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\HP_Administrator.4UR0R4\Desktop\rkill.com:SummaryInformation
< End of report >


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 53,435 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:01 AM

Posted 01 May 2010 - 05:03 AM

Hi, can you please try to boot in safe mode; you'll see some drivers rolling over the screen. Please let me know which one is the last to load before the BSOD occurs.
regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


banner.png

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome


#15 groundwire

groundwire
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 01 May 2010 - 08:55 PM

mup.sys




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users