Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Hjt Log


  • This topic is locked This topic is locked
15 replies to this topic

#1 dannny

dannny

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 24 September 2008 - 10:44 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:52 PM, on 9/24/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode with network support

im running safe mode with networking and im running dr Web its indicating i have a trojan called trojan.click

Running processes:
C:\program files\Mozilla Firefox\firefox.exe
C:\Program Files\DrWeb\drweb32w.exe
C:\Windows\explorer.exe
C:\Windows\regedit.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\takeown.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60446
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb\spiderml.exe"
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{BBE2F~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{BBE2F~1\reboot.ini -l0x9
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Scan link by Dr.Web - http://www.drweb.com/online/drweb-online-en.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.tvkoo.com/update/UKooPlayer.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://aolsvc.aol.com/onlinegames/chuzzled...ploader_v10.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Unknown owner - C:\Program Files\Common Files\Steam\SteamService.exe (file missing)

--
End of file - 5076 bytes

PS plz help soon im seeing in folders that files are be created in the folder while im in it without me creating it? i think my computer has been hijacked

Edited by dannny, 25 September 2008 - 06:54 AM.


BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:00 AM

Posted 29 September 2008 - 07:24 PM

Hello, dannny.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you would still like help, please post a new HiJack This log below (Taken from normal, not safe, mode) , as things may have changed on your system.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 dannny

dannny
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 30 September 2008 - 12:41 AM

omfg plz help man i cant even download anything everytime i download say the hijackthis program it says this

C:\Users\Dannyd86\AppData\Local\Temp could not be saved, because you cannot change the contents of that folder.

Change the folder properties and try again, or try saving in a different location. wtf i have full rights im the administrator also when i go to that folder click properties and go to the tab security i get the users who can access the folders which is (System) then it had Dannyd86-pc/dannyd86)? then it has Administrators(dannyd86-PC/Administrators) i denied access to the dannyd86-pc/dannyd86 because i already have the administrators one with full privealage sorry cant spell lol ill try to download the hijackthis program again and see what happens i think its pretty funny how i have one user thats me which is dannyd86 but i see three users who can access this specific folder wtf

ok i got the download and will see what happens if it installs or says i dont have adminstrative rights wow after this ordeal im going to buy another computer and not windows trash im going mac
wow i just found an avi file named virus thats in this temp folder wtf
ok and now when i download anything and try to install it nothing works i cant save the file because it says i dont have permission wow man ill never buy a windows product for the rest of my life on earth

**update** i found where i downloaded the hjt and i right clicked it run as administrator this is what it says
windows cannot access the path device or file you may not have the appropriate permission to access them umm okay thers one bleepin user and its administrator the one whose logged on typing this yet i dont have permission wow man plz help

Edited by dannny, 30 September 2008 - 12:45 AM.


#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:00 AM

Posted 30 September 2008 - 05:38 AM

Hello, dannny.
We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 dannny

dannny
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 30 September 2008 - 11:33 AM

ok im using firefox the latest version and for some reason it will not let me download anything off the internet so i used internet explorer to download the thing and it worked here they are
OTViewIt logfile created on: 9/30/2008 12:26:22 PM - Run
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Users\Dannyd86\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I7255XEY
Windows Vista (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16711)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 59.48% Memory free
3.96 Gb Paging File | 3.06 Gb Available in Paging File | 77.08% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.31 Gb Total Space | 260.69 Gb Free Space | 90.11% Space Free | Partition Type: NTFS
Drive D: | 8.78 Gb Total Space | 0.71 Gb Free Space | 8.08% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANNYD86-PC
Current User Name: Dannyd86
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/11/02 05:45:57 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininit.exe
[2006/11/02 05:45:21 | 00,210,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsm.exe
[2008/09/29 19:50:23 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SLsvc.exe
[2007/01/09 17:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[2007/01/04 20:19:28 | 00,047,712 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
[2008/07/14 05:09:28 | 00,073,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\CBOClean\BOCore.exe
[2007/01/09 17:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[2008/09/29 19:53:59 | 00,519,936 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cmdagent.exe
[2006/11/02 05:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskeng.exe
[2007/01/17 14:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2006/11/02 05:45:04 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dwm.exe
[2006/11/02 08:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SearchIndexer.exe
[2006/11/02 05:46:02 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WUDFHost.exe
[2006/11/02 05:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskeng.exe
[2008/09/29 20:16:58 | 01,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
[2006/09/28 09:42:24 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
[2007/02/15 06:59:00 | 00,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
[2007/03/01 11:38:48 | 04,390,912 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
[2005/02/17 02:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2007/01/09 17:59:52 | 00,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[2008/09/29 19:57:58 | 00,278,264 | ---- | M] (COMODO) -- C:\Program Files\COMODO\SafeSurf\cssurf.exe
[2008/09/29 19:53:54 | 01,655,552 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cfp.exe
[2008/09/29 19:59:49 | 02,236,160 | ---- | M] (COMODO) -- C:\Program Files\COMODO\Memory Firewall\cmf.exe
[2008/09/29 20:09:25 | 00,225,864 | ---- | M] (COMODO) -- C:\Program Files\COMODO\LaunchPad\CLPGuiApp.exe
[2008/09/29 20:09:23 | 00,229,448 | ---- | M] (COMODO) -- C:\Program Files\COMODO\LaunchPad\CLPTray.exe
[2008/09/29 20:06:03 | 01,478,312 | ---- | M] (C.O.M.O.D.O.) -- C:\Program Files\COMODO\AntiSpam\Cas32.exe
[2008/07/14 05:09:26 | 00,351,480 | ---- | M] (COMODO) -- C:\Program Files\COMODO\CBOClean\BOC427.EXE
[2008/09/29 19:47:14 | 01,232,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
[2006/11/02 08:35:32 | 00,125,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
[2006/11/02 08:35:32 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
[2006/11/02 05:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rundll32.exe
[2008/09/25 09:51:54 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2006/11/02 08:36:00 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
[2005/02/02 12:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
[2006/11/02 05:46:00 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\WmiPrvSE.exe
[2008/09/29 17:53:47 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe
[2008/09/29 20:00:20 | 00,301,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
[2008/09/29 20:00:22 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
File not found -- \?\C:\Windows\system32\wbem\WMIADAP.EXE
[2006/11/02 05:46:00 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\WmiPrvSE.exe
[2008/09/30 12:26:15 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Users\Dannyd86\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I7255XEY\OTViewIt[1].exe
[2006/11/02 08:34:43 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SearchProtocolHost.exe
[2006/11/02 08:34:44 | 00,076,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SearchFilterHost.exe
[2006/11/02 05:44:59 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\consent.exe

========== (O23) Win32 Services ==========

[2008/07/14 05:09:28 | 00,073,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\CBOClean\BOCore.exe -- (BOCore [Auto | Running])
[2007/01/09 17:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
[2007/01/09 17:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
[2006/11/02 02:34:11 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/01/09 17:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
[2008/09/29 19:53:59 | 00,519,936 | ---- | M] () -- C:\Program Files\COMODO\Firewall\cmdagent.exe -- (cmdAgent [Auto | Running])
[2007/01/12 15:40:58 | 00,049,248 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
[2006/11/02 08:36:25 | 02,089,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2006/11/02 05:46:04 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2006/11/02 08:35:28 | 00,291,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006/11/02 08:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2006/11/02 08:36:00 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Running])
[2006/11/02 05:46:05 | 00,569,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
[2004/10/22 06:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2006/11/02 08:36:02 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2007/01/13 19:11:06 | 00,080,504 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc [On_Demand | Stopped])
[2007/01/17 14:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2006/11/02 09:04:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2006/11/02 08:36:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2006/10/26 22:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/03/26 16:21:20 | 00,887,544 | ---- | M] (Sonic Solutions) -- c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
[2006/11/02 05:46:12 | 00,545,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll -- (RpcSs [Unknown | Running])
[2006/11/02 05:46:12 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
[2008/09/29 19:50:23 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 05:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2007/03/08 21:54:46 | 00,074,656 | R--- | M] (MicroVision Development, Inc.) -- c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
[2007/04/24 14:50:56 | 01,174,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
[2007/01/04 20:19:28 | 00,047,712 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore [Auto | Running])
[2008/09/29 19:55:51 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\servicing\TrustedInstaller.exe -- (TrustedInstaller [Unknown | Stopped])
[2006/11/02 05:45:50 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2006/11/02 05:45:50 | 00,392,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vds.exe -- (vds [On_Demand | Stopped])
[2006/11/02 08:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2006/11/02 08:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2006/11/02 05:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006/11/02 05:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006/11/02 05:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006/11/02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006/11/02 05:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006/11/02 05:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006/11/02 05:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006/11/02 04:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2006/11/02 04:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk8.sys -- (AmdK8 [On_Demand | Running])
[2006/11/02 05:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006/11/02 05:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
File not found -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive [Disabled | Stopped])
[2007/04/17 15:14:10 | 00,015,376 | ---- | M] () -- C:\Program Files\COMODO\CBOClean\BOCDRIVE.SYS -- (BOCDRIVE [On_Demand | Running])
[2006/11/02 04:31:12 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006/11/02 04:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2006/11/02 04:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008/09/29 19:55:58 | 00,224,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\clfs.sys -- (CLFS [Unknown | Running])
[2008/09/29 19:54:04 | 00,085,008 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys -- (cmdGuard [System | Running])
[2008/09/29 19:54:04 | 00,025,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys -- (cmdHlp [System | Running])
[2006/11/02 05:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2008/09/29 19:59:52 | 00,011,768 | ---- | M] () -- C:\Program Files\COMODO\Memory Firewall\cmfd.sys -- (cmfd [Auto | Running])
[2006/11/02 05:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006/11/02 04:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2006/11/02 04:31:04 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2006/11/02 04:38:51 | 00,617,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2006/11/02 03:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2006/11/02 08:34:35 | 00,132,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2007/01/09 21:00:00 | 00,387,384 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2006/11/02 05:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\WINDOWS\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2006/11/02 05:49:58 | 00,056,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2006/11/02 04:32:55 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2006/11/02 05:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2006/11/02 03:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2007/04/24 14:08:50 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 04:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 04:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006/11/02 05:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006/11/02 05:49:49 | 00,027,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i2omp.sys -- (i2omp [Disabled | Stopped])
[2006/11/02 05:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2006/12/27 18:48:26 | 00,212,280 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070108.003\IDSvix86.sys -- (IDSvix86 [On_Demand | Stopped])
[2006/11/02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\WINDOWS\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2008/09/29 19:54:04 | 00,073,232 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys -- (Inspect [On_Demand | Running])
[2007/03/01 12:21:10 | 01,744,928 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
[2006/11/02 04:30:18 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelppm.sys -- (intelppm [Disabled | Stopped])
[2006/11/02 04:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2006/11/02 05:51:12 | 00,168,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\WINDOWS\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\WINDOWS\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2006/11/02 04:51:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys -- (kbdhid [Disabled | Stopped])
[2006/11/02 04:56:49 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006/11/02 05:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006/11/02 05:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006/11/02 05:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2006/11/02 04:33:07 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2006/11/02 05:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\WINDOWS\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2006/11/02 04:54:05 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006/11/02 05:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2008/09/29 20:11:28 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\WINDOWS\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2006/11/02 04:31:27 | 00,211,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2008/09/29 19:45:47 | 00,058,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2006/11/02 05:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006/11/02 05:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2006/11/02 05:49:20 | 00,013,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2006/11/02 05:51:09 | 00,160,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2006/11/02 04:51:13 | 00,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mstee.sys -- (MSTEE [On_Demand | Stopped])
[2008/09/29 20:07:28 | 00,154,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Stopped])
[2007/01/09 21:00:00 | 00,080,408 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070110.052\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2007/01/09 21:00:00 | 00,833,048 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070110.052\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2006/11/02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2006/11/02 04:57:30 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\WINDOWS\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2007/05/04 01:29:10 | 01,065,384 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD [On_Demand | Running])
[2007/02/10 20:18:00 | 07,409,024 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2006/11/02 05:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2006/11/02 05:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2007/03/19 09:58:50 | 00,101,672 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvstor32.sys -- (nvstor32 [Boot | Running])
[2006/11/02 05:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2006/11/02 05:49:20 | 00,013,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciide.sys -- (pciide [Boot | Running])
[2006/11/02 05:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2006/11/02 04:30:18 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\processr.sys -- (Processor [Disabled | Stopped])
[2005/12/12 13:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2 [On_Demand | Running])
[2006/11/02 04:57:33 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pacer.sys -- (PSched [System | Running])
[2007/02/02 06:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2006/11/02 05:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2006/11/02 08:34:31 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2006/11/02 05:02:01 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2006/11/02 04:56:49 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2006/11/02 05:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2006/11/02 02:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2006/11/02 04:51:11 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2006/11/02 04:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2006/11/02 04:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2006/11/02 04:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2006/11/02 05:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2006/11/02 05:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006/11/02 05:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\WINDOWS\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2006/11/02 04:57:10 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smb.sys -- (Smb [System | Running])
[2007/01/03 03:05:02 | 00,417,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])
[2006/11/02 05:49:35 | 00,018,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2007/01/11 14:22:14 | 00,247,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtsp.sys -- (SRTSP [On_Demand | Running])
[2007/01/11 14:22:20 | 00,276,792 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtspl.sys -- (SRTSPL [On_Demand | Stopped])
[2007/01/11 14:22:18 | 00,025,400 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\srtspx.sys -- (SRTSPX [System | Running])
[2008/09/29 19:45:46 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2008/09/29 19:45:46 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2006/11/02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2007/04/24 14:52:38 | 00,115,000 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped])
[2006/11/02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2006/11/02 04:57:47 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2006/11/02 04:57:35 | 00,068,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdx.sys -- (tdx [System | Running])
[2006/11/02 05:02:07 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2008/09/29 20:11:26 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2008/09/29 20:11:26 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2006/11/02 05:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2006/11/02 05:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006/11/02 05:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\WINDOWS\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006/11/02 05:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2006/11/02 04:55:24 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2006/11/02 04:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2007/04/24 14:09:20 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2007/04/24 14:09:20 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbohci.sys -- (usbohci [On_Demand | Running])
[2006/11/02 04:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006/11/02 05:49:52 | 00,054,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\VIAAGP.SYS -- (viaagp [On_Demand | Stopped])
[2006/11/02 04:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2006/11/02 05:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2006/11/02 05:50:24 | 00,050,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2006/11/02 05:51:30 | 00,290,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2006/11/02 05:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\WINDOWS\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 03:41:53 | 00,251,904 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\VSTBS23.SYS -- (VSTHWBS2 [On_Demand | Running])
[2006/11/02 03:41:50 | 00,987,648 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\VSTDPV3.SYS -- (VST_DPV [On_Demand | Running])
[2006/11/02 04:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006/11/02 05:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008/09/29 19:55:50 | 00,495,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2006/11/02 03:41:48 | 00,654,336 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\VSTCNXT3.SYS -- (winachsf [On_Demand | Running])
[2006/11/02 04:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])
[2006/11/02 04:58:26 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (ws2ifsl [System | Running])
[2006/11/02 04:54:52 | 00,082,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WUDFRd.sys -- (WUDFRd [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-41296723-3226328286-4117142555-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
"StartPageCache"=

[HKEY_USERS\S-1-5-21-41296723-3226328286-4117142555-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-41296723-3226328286-4117142555-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} (HKLM) -- c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
{487CA274-DDC9-45CA-BF51-2017CE8D6D8A} (HKLM) -- C:\Program Files\COMODO\i-Vault\i-Vault.dll ()

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{90222687-F593-4738-B738-FBEE9C7B26DF}" (HKLM) -- c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"BOC-427"=C:\PROGRA~1\Comodo\CBOClean\BOC427.exe (COMODO)
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" -h ()
"Comodo Launch Pad App"=C:\Program Files\Comodo\LaunchPad\CLPGuiApp.exe (COMODO)
"Comodo Launch Pad Tray"=C:\Program Files\Comodo\LaunchPad\CLPTray.exe (COMODO)
"COMODO Memory Firewall"="C:\Program Files\COMODO\Memory Firewall\cmf.exe" -s (COMODO)
"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s (COMODO)
"ComodoAntiSpam"=C:\Program Files\Comodo\AntiSpam\CAS32.exe -q (C.O.M.O.D.O.)
"HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
"hpsysdrv"=c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
"IS CfgWiz"="c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT" (Symantec Corporation)
"KBD"=C:\HP\KBD\KbdStub.EXE ()
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"NvSvc"=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart (NVIDIA Corporation)
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" (OsdMaestro)
"RtHDVCpl"=RtHDVCpl.exe (Realtek Semiconductor)
"SnapfishMediaDetector"=C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe ()
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun (Hewlett-Packard)
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun (Hewlett-Packard)
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=%WINDIR%\SMINST\launcher.exe (soft thinks)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Send to OneNote -- C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: S&end to OneNote -- C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Research -- C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Range1: ":Range"=127.0.0.1 -- http in Local intranet |

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Range1: ":Range"=127.0.0.1 -- http in Local intranet |

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Range1: ":Range"=127.0.0.1 -- http in Local intranet |

[HKEY_USERS\S-1-5-21-41296723-3226328286-4117142555-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Range1: ":Range"=127.0.0.1 -- http in Local intranet |

========== (O17) DNS Name Servers ==========

{E7290651-9D3D-43CA-81B8-906877A714B3} (Servers: | Description: NVIDIA nForce Networking Controller)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\Windows\system32\guard32.dll C:\Windows\system32\cssdll32.dll
>[2008/09/29 19:54:04 | 00,143,104 | ---- | M] () -- C:\WINDOWS\System32\guard32.dll
>[2008/09/29 19:57:58 | 00,249,592 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cssdll32.dll

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2006/11/02 05:46:03 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2006/11/02 05:46:13 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[2007/04/24 14:36:00 | 00,000,074 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

autorun.inf [[autorun] | OPEN=Start.exe | shellexecute=Start.exe | shell=Auto | shell\Auto=&Autoplay | shell\Auto\command=Start.exe | ]
[2008/07/02 12:05:03 | 00,000,115 | -HS- | M] () -- D:\autorun.inf -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00f174da-8e87-11dd-ae09-806e6f6e6963}\Shell\Auto\command]
""=Start.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00f174da-8e87-11dd-ae09-806e6f6e6963}\Shell\AutoRun\command]
""=C:\WINDOWS\System32\shell32.dll -- [2008/09/29 19:48:45 | 11,315,200 | ---- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2008/09/30 02:04:11 | 02,417,560 | -H-- | C] () -- C:\Users\Dannyd86\AppData\Local\IconCache.db
[2008/09/30 01:37:46 | 00,004,608 | ---- | C] () -- C:\Users\Dannyd86\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/30 01:32:51 | 00,001,647 | ---- | C] () -- C:\Users\Dannyd86\Desktop\HijackThis.lnk
[2008/09/30 01:32:51 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/09/30 01:16:41 | 00,000,000 | ---D | C] -- C:\Users\Dannyd86\AppData\Roaming\Adobe
[2008/09/30 01:16:41 | 00,000,000 | ---D | C] -- C:\Users\Dannyd86\AppData\Local\Adobe
[2008/09/30 01:06:08 | 00,000,000 | ---D | C] -- C:\setacl-cmdline-2.0.3.0-binary-x64
[2008/09/30 00:48:13 | 00,000,000 | ---D | C] -- C:\Users\Dannyd86\Desktop\antivir
[2008/09/30 00:21:15 | 20,117,50400 | -HS- | C] () -- C:\hiberfil.sys
[2008/09/29 23:46:06 | 00,000,000 | ---D | C] -- C:\Users\Dannyd86\AppData\Roaming\Malwarebytes
[2008/09/29 23:45:44 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2008/09/29 23:45:44 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/09/29 23:45:43 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2008/09/29 23:45:42 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2008/09/29 23:45:35 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/09/29 23:33:52 | 00,000,424 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{F12FD6D3-828C-4E3D-888F-1C583064AF86}.job
[2008/09/29 23:30:58 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2008/09/29 23:25:22 | 00,000,000 | ---D | C] -- C:\Users\Dannyd86\AppData\Local\Comodo
[2008/09/29 22:40:00 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Collaboration
[2008/09/29 20:37:17 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2008/09/29 20:35:14 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2008/09/29 20:35:01 | 00,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2008/09/29 20:27:15 | 00,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/09/29 20:15:35 | 01,060,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2008/09/29 20:14:45 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2008/09/29 20:13:27 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2008/09/29 20:12:43 | 08,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2008/09/29 20:12:42 | 10,617,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2008/09/29 20:12:42 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2008/09/29 20:12:41 | 00,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2008/09/29 20:12:41 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2008/09/29 20:12:41 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2008/09/29 20:11:28 | 00,396,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPSSVC.dll
[2008/09/29 20:11:28 | 00,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
[2008/09/29 20:11:28 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys
[2008/09/29 20:11:27 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll
[2008/09/29 20:11:27 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll
[2008/09/29 20:11:27 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll
[2008/09/29 20:11:26 | 00,178,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iphlpsvc.dll
[2008/09/29 20:11:26 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys
[2008/09/29 20:11:26 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS
[2008/09/29 20:07:58 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dlb
[2008/09/29 20:07:48 | 00,205,560 | ---- | C] (COMODO) -- C:\Windows\UNBOC.EXE
[2008/09/29 20:07:47 | 00,212,728 | ---- | C] (COMODO) -- C:\Windows\CMDLIC.DLL
[2008/09/29 20:07:41 | 00,000,000 | ---D | C] -- C:\ProgramData\BOC427
[2008/09/29 20:07:36 | 00,000,385 | ---- | C] () -- C:\Windows\BOC427.INI
[2008/09/29 20:07:29 | 03,504,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2008/09/29 20:07:29 | 03,470,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2008/09/29 20:07:28 | 00,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2008/09/29 20:06:49 | 01,191,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2008/09/29 20:06:49 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2008/09/29 20:06:31 | 00,593,576 | ---- | C] (COMODO) -- C:\Windows\System32\CEmLSP.dll
[2008/09/29 20:05:13 | 00,001,781 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Launch Pad.lnk
[2008/09/29 20:04:08 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2008/09/29 20:04:07 | 00,803,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2008/09/29 20:04:07 | 00,216,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2008/09/29 20:04:07 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2008/09/29 20:04:07 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2008/09/29 20:03:27 | 01,808,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2008/09/29 20:03:27 | 01,793,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2008/09/29 20:03:27 | 01,558,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2008/09/29 20:03:27 | 01,411,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2008/09/29 20:03:26 | 05,499,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2008/09/29 20:03:26 | 02,136,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2008/09/29 20:03:26 | 01,782,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2008/09/29 20:03:26 | 01,236,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2008/09/29 20:03:25 | 07,964,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2008/09/29 20:03:25 | 06,224,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2008/09/29 20:03:25 | 05,791,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2008/09/29 20:03:24 | 04,981,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2008/09/29 20:03:24 | 04,175,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2008/09/29 20:03:24 | 03,331,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2008/09/29 20:03:24 | 02,466,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2008/09/29 20:03:23 | 11,722,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2008/09/29 20:03:23 | 06,781,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2008/09/29 20:03:22 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2008/09/29 20:03:22 | 04,164,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2008/09/29 20:03:22 | 01,452,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2008/09/29 20:03:21 | 03,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2008/09/29 20:03:21 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2008/09/29 20:03:21 | 01,702,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2008/09/29 20:03:20 | 04,093,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2008/09/29 20:03:20 | 04,045,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2008/09/29 20:03:20 | 01,972,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2008/09/29 20:03:20 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2008/09/29 20:03:19 | 06,585,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2008/09/29 20:03:19 | 06,346,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2008/09/29 20:03:19 | 06,014,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2008/09/29 20:03:18 | 09,892,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2008/09/29 20:03:18 | 06,237,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2008/09/29 20:03:18 | 01,722,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2008/09/29 20:03:17 | 05,654,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2008/09/29 20:03:17 | 05,090,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2008/09/29 20:03:17 | 04,616,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2008/09/29 20:03:16 | 07,042,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2008/09/29 20:03:16 | 05,071,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2008/09/29 20:03:16 | 05,031,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2008/09/29 20:03:15 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2008/09/29 20:03:15 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2008/09/29 20:03:15 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2008/09/29 20:03:15 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2008/09/29 20:03:15 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2008/09/29 20:03:14 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2008/09/29 20:03:14 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2008/09/29 20:03:14 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2008/09/29 20:03:14 | 01,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2008/09/29 20:03:14 | 01,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2008/09/29 20:03:13 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2008/09/29 20:03:13 | 02,655,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2008/09/29 20:03:13 | 01,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2008/09/29 20:03:12 | 04,495,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2008/09/29 20:03:12 | 03,464,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2008/09/29 20:03:12 | 02,597,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2008/09/29 20:03:12 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2008/09/29 20:03:12 | 01,523,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2008/09/29 20:03:11 | 04,874,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2008/09/29 20:03:11 | 02,241,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2008/09/29 20:03:11 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2008/09/29 20:03:11 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2008/09/29 20:03:10 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2008/09/29 20:03:10 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2008/09/29 20:03:10 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2008/09/29 20:03:09 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2008/09/29 20:03:09 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2008/09/29 20:03:09 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2008/09/29 20:03:09 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2008/09/29 20:03:09 | 01,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2008/09/29 20:03:09 | 01,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2008/09/29 20:03:08 | 09,845,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2008/09/29 20:03:08 | 02,641,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2008/09/29 20:03:07 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2008/09/29 20:03:07 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2008/09/29 20:03:07 | 02,340,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2008/09/29 20:03:07 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2008/09/29 20:03:07 | 00,797,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2008/09/29 20:03:06 | 06,917,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2008/09/29 20:03:06 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2008/09/29 20:03:06 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2008/09/29 20:03:06 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
[2008/09/29 20:02:30 | 00,000,901 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Memory Firewall.lnk
[2008/09/29 20:00:30 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2008/09/29 20:00:30 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2008/09/29 20:00:30 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2008/09/29 20:00:29 | 00,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2008/09/29 20:00:29 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2008/09/29 20:00:29 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2008/09/29 20:00:29 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2008/09/29 20:00:28 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2008/09/29 20:00:27 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2008/09/29 20:00:26 | 00,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2008/09/29 20:00:25 | 03,592,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2008/09/29 20:00:25 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2008/09/29 20:00:24 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2008/09/29 20:00:23 | 01,831,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2008/09/29 20:00:23 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2008/09/29 20:00:21 | 01,159,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2008/09/29 20:00:21 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2008/09/29 20:00:20 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2008/09/29 20:00:20 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2008/09/29 20:00:20 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2008/09/29 20:00:20 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2008/09/29 19:59:59 | 00,077,568 | ---- | C] () -- C:\Windows\System32\cmfdll32.dll
[2008/09/29 19:59:20 | 00,000,860 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall Pro.lnk
[2008/09/29 19:58:01 | 00,249,592 | ---- | C] (COMODO) -- C:\Windows\System32\cssdll32.dll
[2008/09/29 19:57:00 | 01,585,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
[2008/09/29 19:56:01 | 00,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2008/09/29 19:56:01 | 00,313,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2008/09/29 19:56:01 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
[2008/09/29 19:56:01 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2008/09/29 19:56:00 | 00,905,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2008/09/29 19:56:00 | 00,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2008/09/29 19:56:00 | 00,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2008/09/29 19:55:59 | 00,944,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2008/09/29 19:55:58 | 00,620,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2008/09/29 19:55:58 | 00,224,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2008/09/29 19:55:57 | 00,221,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umpnpmgr.dll
[2008/09/29 19:55:57 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2008/09/29 19:55:57 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
[2008/09/29 19:55:56 | 00,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2008/09/29 19:55:55 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2008/09/29 19:55:55 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2008/09/29 19:55:54 | 00,558,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2008/09/29 19:55:53 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2008/09/29 19:55:53 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2008/09/29 19:55:53 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2008/09/29 19:55:53 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
[2008/09/29 19:55:51 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedsvc.dll
[2008/09/29 19:55:50 | 00,495,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys
[2008/09/29 19:55:50 | 00,035,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2008/09/29 19:55:50 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2008/09/29 19:55:50 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2008/09/29 19:55:49 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2008/09/29 19:54:26 | 00,000,000 | ---D | C] -- C:\Users\Dannyd86\AppData\Roaming\Comodo
[2008/09/29 19:54:24 | 00,143,104 | ---- | C] () -- C:\Windows\System32\guard32.dll
[2008/09/29 19:54:24 | 00,073,232 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2008/09/29 19:54:24 | 00,000,000 | ---D | C] -- C:\ProgramData\comodo
[2008/09/29 19:54:23 | 00,025,104 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2008/09/29 19:54:22 | 00,085,008 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2008/09/29 19:54:06 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2008/09/29 19:52:55 | 02,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2008/09/29 19:51:38 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2008/09/29 19:51:38 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2008/09/29 19:51:38 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2008/09/29 19:51:13 | 00,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2008/09/29 19:50:25 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2008/09/29 19:50:25 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2008/09/29 19:50:25 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2008/09/29 19:50:24 | 00,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2008/09/29 19:50:24 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2008/09/29 19:50:23 | 02,605,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2008/09/29 19:50:23 | 00,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2008/09/29 19:50:23 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUINotify.dll
[2008/09/29 19:50:23 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2008/09/29 19:49:41 | 01,335,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2008/09/29 19:49:40 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2008/09/29 19:48:48 | 00,704,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2008/09/29 19:48:44 | 11,315,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2008/09/29 19:48:44 | 00,269,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2008/09/29 19:48:44 | 00,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2008/09/29 19:48:44 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2008/09/29 19:48:42 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
[2008/09/29 19:48:42 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2008/09/29 19:48:42 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2008/09/29 19:48:40 | 01,984,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2008/09/29 19:48:39 | 00,712,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2008/09/29 19:48:39 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2008/09/29 19:48:39 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2008/09/29 19:48:39 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2008/09/29 19:48:39 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sendmail.dll
[2008/09/29 19:48:39 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2008/09/29 19:48:39 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvidc32.dll
[2008/09/29 19:48:39 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrle32.dll
[2008/09/29 19:48:37 | 08,138,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2008/09/29 19:47:44 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2008/09/29 19:47:44 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2008/09/29 19:47:14 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2008/09/29 19:46:05 | 00,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
[2008/09/29 19:46:05 | 00,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr.dll
[2008/09/29 19:46:04 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2008/09/29 19:45:47 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2008/09/29 19:45:46 | 00,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2008/09/29 19:45:46 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2008/09/29 19:45:46 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2008/09/29 19:45:33 | 00,788,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2008/09/29 19:45:10 | 00,737,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2008/09/29 19:45:10 | 00,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2008/09/29 19:44:49 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fs_rec.sys
[2008/09/29 19:44:49 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmi.dll
[2008/09/29 19:44:48 | 00,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll
[2008/09/29 19:44:29 | 01,327,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2008/09/29 19:44:22 | 00,000,000 | ---D | C] -- C:\Users\Dannyd86\AppData\Roaming\Mozilla
[2008/09/29 19:44:22 | 00,000,000 | ---D | C] -- C:\Users\Dannyd86\AppData\Local\Mozilla
[2008/09/29 19:44:16 | 00,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2008/09/29 19:43:41 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2008/09/29 19:43:24 | 01,244,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2008/09/29 19:43:24 | 00,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2008/09/29 19:43:24 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2008/09/29 19:43:23 | 00,292,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2008/09/29 19:43:23 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2008/09/29 19:43:23 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2008/09/29 19:43:23 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2008/09/29 19:42:46 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2008/09/29 19:42:36 | 00,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2008/09/29 19:42:02 | 00,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
[2008/09/29 19:40:37 | 00,092,472 | ---- | C] () -- C:\Users\Dannyd86\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/09/29 19:40:28 | 00,750,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qmgr.dll
[2008/09/29 19:39:50 | 00,000,000 | ---D | C] -- C:\Users\Dannyd86\AppData\Roaming\Snapfish
[2008/09/29 19:39:16 | 00,000,402 | -HS- | C] () -- C:\Users\Dannyd86\Documents\desktop.ini
[2008/09/29 19:39:16 | 00,000,282 | -HS- | C] () -- C:\Users\Dannyd86\Desktop\desktop.ini
[2008/09/29 19:39:16 | 00,000,174 | -HS- | C] () -- C:\Users\Dannyd86\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2008/09/29 19:39:05 | 00,000,000 | ---D | C] -- C:\Users\Dannyd86\AppData\Roaming\Identities
[2008/09/29 19:38:55 | 00,000,000 | ---D | C] -- C:\Users\Dannyd86\AppData\Local\VirtualStore
[2008/09/29 19:38:09 | 00,001,434 | ---- | C] () -- C:\Users\Public\Desktop\Snapfish Photos - First 25 Prints Free.lnk
[2008/09/29 19:37:50 | 00,002,059 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2008/09/29 19:37:50 | 00,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Try AOL Today.lnk
[2008/09/29 19:37:50 | 00,002,017 | ---- | C] () -- C:\Users\Public\Desktop\Vonage.lnk
[2008/09/29 19:37:50 | 00,001,989 | ---- | C] () -- C:\Users\Public\Desktop\MSN.lnk
[2008/09/29 19:37:50 | 00,001,871 | ---- | C] () -- C:\Users\Public\Desktop\High-Speed Services.lnk
[2008/09/29 19:37:50 | 00,001,843 | ---- | C] () -- C:\Users\Public\Desktop\Easy Internet Services.lnk
[2008/09/29 19:37:50 | 00,000,754 | ---- | C] () -- C:\Users\Public\Desktop\Rhapsody.lnk
[2008/09/29 19:35:48 | 00,000,000 | ---D | C] -- C:\Users\Dannyd86\AppData\Roaming\Macromedia
[2008/09/29 19:33:27 | 00,000,000 | -HSD | C] -- C:\Users\Dannyd86\Documents\My Videos
[2008/09/29 19:33:27 | 00,000,000 | -HSD | C] -- C:\Users\Dannyd86\Documents\My Pictures
[2008/09/29 19:33:27 | 00,000,000 | -HSD | C] -- C:\Users\Dannyd86\Documents\My Music
[2008/09/29 19:33:27 | 00,000,000 | -HSD | C] -- C:\Users\Dannyd86\AppData\Local\History
[2008/09/29 19:33:26 | 00,000,000 | --SD | C] -- C:\Users\Dannyd86\AppData\Roaming\Microsoft
[2008/09/29 19:33:26 | 00,000,000 | ---D | C] -- C:\Users\Dannyd86\AppData\Roaming\Media Center Programs
[2008/09/29 19:33:26 | 00,000,000 | ---D | C] -- C:\Users\Dannyd86\AppData\Local\Temp
[2008/09/29 19:33:26 | 00,000,000 | ---D | C] -- C:\Users\Dannyd86\AppData\Local\Microsoft
[2008/09/29 17:53:47 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2008/09/29 17:53:47 | 00,053,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2008/09/29 17:53:47 | 00,045,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2008/09/29 17:53:46 | 01,811,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2008/09/29 17:52:35 | 00,163,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2008/09/29 17:52:35 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2008/09/29 17:51:21 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2008/09/29 17:51:21 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2008/09/29 17:51:21 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2008/09/29 17:51:21 | 00,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2008/09/29 17:51:21 | 00,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2008/09/29 17:51:21 | 00,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2008/09/29 17:51:21 | 00,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2008/09/29 17:51:21 | 00,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2008/09/29 17:51:21 | 00,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2008/09/29 17:51:21 | 00,000,000 | -HSD | C] -- C:\Documents and Settings

========== Files - Modified Within 30 Days ==========

[2008/09/30 12:21:53 | 00,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2008/09/30 12:21:52 | 00,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2008/09/30 12:21:47 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2008/09/30 12:21:41 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2008/09/30 12:21:34 | 20,117,50400 | -HS- | M] () -- C:\hiberfil.sys
[2008/09/30 02:04:11 | 02,417,560 | -H-- | M] () -- C:\Users\Dannyd86\AppData\Local\IconCache.db
[2008/09/30 01:55:43 | 00,001,647 | ---- | M] () -- C:\Users\Dannyd86\Desktop\HijackThis.lnk
[2008/09/30 01:39:11 | 00,004,608 | ---- | M] () -- C:\Users\Dannyd86\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/30 00:28:01 | 00,640,984 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2008/09/30 00:28:01 | 00,106,318 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2008/09/30 00:28:00 | 00,742,182 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2008/09/30 00:21:29 | 00,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F12FD6D3-828C-4E3D-888F-1C583064AF86}.job
[2008/09/29 23:45:44 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/09/29 22:42:40 | 00,000,280 | -HS- | M] () -- C:\Users\Public\Documents\desktop.ini
[2008/09/29 22:42:40 | 00,000,174 | -HS- | M] () -- C:\Users\Public\Desktop\desktop.ini
[2008/09/29 22:42:40 | 00,000,174 | -HS- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2008/09/29 20:53:20 | 00,354,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2008/09/29 20:15:35 | 01,060,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2008/09/29 20:14:45 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2008/09/29 20:13:27 | 00,303,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2008/09/29 20:12:43 | 08,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2008/09/29 20:12:42 | 10,617,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2008/09/29 20:12:42 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2008/09/29 20:12:41 | 00,356,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2008/09/29 20:12:41 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2008/09/29 20:12:41 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2008/09/29 20:11:28 | 00,396,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MPSSVC.dll
[2008/09/29 20:11:28 | 00,392,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
[2008/09/29 20:11:28 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys
[2008/09/29 20:11:27 | 00,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll
[2008/09/29 20:11:27 | 00,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll
[2008/09/29 20:11:27 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll
[2008/09/29 20:11:26 | 00,178,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iphlpsvc.dll
[2008/09/29 20:11:26 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys
[2008/09/29 20:11:26 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS
[2008/09/29 20:08:19 | 00,000,385 | ---- | M] () -- C:\Windows\BOC427.INI
[2008/09/29 20:07:30 | 03,504,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2008/09/29 20:07:29 | 03,470,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2008/09/29 20:07:28 | 00,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2008/09/29 20:06:49 | 01,191,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2008/09/29 20:06:49 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2008/09/29 20:06:03 | 00,593,576 | ---- | M] (COMODO) -- C:\Windows\System32\CEmLSP.dll
[2008/09/29 20:05:13 | 00,001,781 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Launch Pad.lnk
[2008/09/29 20:04:08 | 00,216,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2008/09/29 20:04:08 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2008/09/29 20:04:07 | 00,803,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2008/09/29 20:04:07 | 00,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2008/09/29 20:04:07 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2008/09/29 20:03:27 | 01,808,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2008/09/29 20:03:27 | 01,793,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2008/09/29 20:03:27 | 01,558,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2008/09/29 20:03:27 | 01,411,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2008/09/29 20:03:27 | 01,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2008/09/29 20:03:26 | 05,499,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2008/09/29 20:03:26 | 02,136,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2008/09/29 20:03:26 | 01,782,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2008/09/29 20:03:25 | 07,964,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2008/09/29 20:03:25 | 06,224,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2008/09/29 20:03:25 | 05,791,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2008/09/29 20:03:24 | 04,981,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2008/09/29 20:03:24 | 04,175,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2008/09/29 20:03:24 | 03,331,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2008/09/29 20:03:24 | 02,466,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2008/09/29 20:03:23 | 11,722,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2008/09/29 20:03:23 | 06,781,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2008/09/29 20:03:22 | 12,240,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2008/09/29 20:03:22 | 04,164,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2008/09/29 20:03:22 | 01,452,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2008/09/29 20:03:21 | 03,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2008/09/29 20:03:21 | 02,644,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2008/09/29 20:03:21 | 01,702,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2008/09/29 20:03:20 | 06,014,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2008/09/29 20:03:20 | 04,093,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2008/09/29 20:03:20 | 04,045,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2008/09/29 20:03:20 | 01,972,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2008/09/29 20:03:20 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2008/09/29 20:03:19 | 09,892,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2008/09/29 20:03:19 | 06,585,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2008/09/29 20:03:19 | 06,346,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2008/09/29 20:03:18 | 06,237,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2008/09/29 20:03:18 | 01,722,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2008/09/29 20:03:17 | 05,654,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2008/09/29 20:03:17 | 05,090,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2008/09/29 20:03:17 | 05,031,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2008/09/29 20:03:17 | 04,616,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2008/09/29 20:03:16 | 07,042,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2008/09/29 20:03:16 | 05,071,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2008/09/29 20:03:15 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2008/09/29 20:03:15 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2008/09/29 20:03:15 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2008/09/29 20:03:15 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2008/09/29 20:03:15 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2008/09/29 20:03:14 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2008/09/29 20:03:14 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2008/09/29 20:03:14 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2008/09/29 20:03:14 | 01,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2008/09/29 20:03:14 | 01,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2008/09/29 20:03:13 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2008/09/29 20:03:13 | 02,655,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2008/09/29 20:03:13 | 01,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2008/09/29 20:03:12 | 04,495,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2008/09/29 20:03:12 | 03,464,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2008/09/29 20:03:12 | 02,597,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2008/09/29 20:03:12 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2008/09/29 20:03:12 | 01,523,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2008/09/29 20:03:11 | 04,874,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2008/09/29 20:03:11 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2008/09/29 20:03:11 | 02,241,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2008/09/29 20:03:11 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2008/09/29 20:03:11 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2008/09/29 20:03:10 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2008/09/29 20:03:10 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2008/09/29 20:03:10 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2008/09/29 20:03:09 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2008/09/29 20:03:09 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2008/09/29 20:03:09 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2008/09/29 20:03:09 | 01,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2008/09/29 20:03:09 | 01,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2008/09/29 20:03:08 | 09,845,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2008/09/29 20:03:08 | 02,641,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2008/09/29 20:03:08 | 02,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2008/09/29 20:03:07 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2008/09/29 20:03:07 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2008/09/29 20:03:07 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2008/09/29 20:03:07 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2008/09/29 20:03:07 | 00,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2008/09/29 20:03:06 | 06,917,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2008/09/29 20:03:06 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2008/09/29 20:03:06 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
[2008/09/29 20:02:30 | 00,000,901 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Memory Firewall.lnk
[2008/09/29 20:00:30 | 02,455,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2008/09/29 20:00:30 | 00,383,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2008/09/29 20:00:30 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2008/09/29 20:00:29 | 00,826,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2008/09/29 20:00:29 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2008/09/29 20:00:29 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2008/09/29 20:00:29 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2008/09/29 20:00:28 | 00,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2008/09/29 20:00:27 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2008/09/29 20:00:26 | 00,477,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2008/09/29 20:00:25 | 03,592,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2008/09/29 20:00:25 | 01,383,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2008/09/29 20:00:24 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2008/09/29 20:00:23 | 01,831,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2008/09/29 20:00:23 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2008/09/29 20:00:21 | 01,159,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2008/09/29 20:00:21 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2008/09/29 20:00:20 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2008/09/29 20:00:20 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2008/09/29 20:00:20 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2008/09/29 20:00:20 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2008/09/29 19:59:52 | 00,077,568 | ---- | M] () -- C:\Windows\System32\cmfdll32.dll
[2008/09/29 19:59:20 | 00,000,860 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall Pro.lnk
[2008/09/29 19:57:58 | 00,249,592 | ---- | M] (COMODO) -- C:\Windows\System32\cssdll32.dll
[2008/09/29 19:57:00 | 01,585,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
[2008/09/29 19:56:07 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\i8042prt.sys.mui
[2008/09/29 19:56:07 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\sermouse.sys.mui
[2008/09/29 19:56:07 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mouclass.sys.mui
[2008/09/29 19:56:07 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
[2008/09/29 19:56:07 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mouhid.sys.mui
[2008/09/29 19:56:07 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\kbdhid.sys.mui
[2008/09/29 19:56:01 | 00,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2008/09/29 19:56:01 | 00,371,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2008/09/29 19:56:01 | 00,313,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2008/09/29 19:56:01 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
[2008/09/29 19:56:01 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2008/09/29 19:56:00 | 00,905,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2008/09/29 19:56:00 | 00,019,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2008/09/29 19:55:59 | 00,944,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2008/09/29 19:55:58 | 00,620,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2008/09/29 19:55:58 | 00,224,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2008/09/29 19:55:57 | 00,221,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\umpnpmgr.dll
[2008/09/29 19:55:57 | 00,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2008/09/29 19:55:57 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
[2008/09/29 19:55:56 | 00,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2008/09/29 19:55:55 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2008/09/29 19:55:55 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2008/09/29 19:55:54 | 00,558,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2008/09/29 19:55:53 | 00,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2008/09/29 19:55:53 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2008/09/29 19:55:53 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2008/09/29 19:55:53 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
[2008/09/29 19:55:52 | 00,595,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schedsvc.dll
[2008/09/29 19:55:50 | 00,495,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys
[2008/09/29 19:55:50 | 00,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2008/09/29 19:55:50 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2008/09/29 19:55:50 | 00,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2008/09/29 19:55:49 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2008/09/29 19:54:04 | 00,143,104 | ---- | M] () -- C:\Windows\System32\guard32.dll
[2008/09/29 19:54:04 | 00,085,008 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2008/09/29 19:54:04 | 00,073,232 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2008/09/29 19:54:04 | 00,025,104 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2008/09/29 19:52:56 | 02,027,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2008/09/29 19:51:38 | 00,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2008/09/29 19:51:38 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2008/09/29 19:51:38 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2008/09/29 19:51:13 | 00,296,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2008/09/29 19:50:25 | 00,268,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2008/09/29 19:50:25 | 00,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2008/09/29 19:50:25 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2008/09/29 19:50:24 | 00,566,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2008/09/29 19:50:24 | 00,351,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2008/09/29 19:50:23 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2008/09/29 19:50:23 | 00,186,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2008/09/29 19:50:23 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLUINotify.dll
[2008/09/29 19:50:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2008/09/29 19:49:41 | 01,335,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2008/09/29 19:49:41 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2008/09/29 19:48:49 | 00,704,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2008/09/29 19:48:45 | 11,315,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2008/09/29 19:48:44 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2008/09/29 19:48:44 | 00,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2008/09/29 19:48:44 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2008/09/29 19:48:42 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
[2008/09/29 19:48:42 | 00,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2008/09/29 19:48:42 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2008/09/29 19:48:41 | 01,984,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2008/09/29 19:48:39 | 00,712,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2008/09/29 19:48:39 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2008/09/29 19:48:39 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2008/09/29 19:48:39 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2008/09/29 19:48:39 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sendmail.dll
[2008/09/29 19:48:39 | 00,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2008/09/29 19:48:39 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvidc32.dll
[2008/09/29 19:48:39 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrle32.dll
[2008/09/29 19:48:38 | 08,138,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2008/09/29 19:47:44 | 00,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2008/09/29 19:47:44 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2008/09/29 19:47:14 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2008/09/29 19:46:05 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
[2008/09/29 19:46:05 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr.dll
[2008/09/29 19:46:05 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2008/09/29 19:45:47 | 00,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2008/09/29 19:45:46 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2008/09/29 19:45:46 | 00,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2008/09/29 19:45:46 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2008/09/29 19:45:33 | 00,788,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2008/09/29 19:45:10 | 00,737,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2008/09/29 19:45:10 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2008/09/29 19:44:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fs_rec.sys
[2008/09/29 19:44:49 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmi.dll
[2008/09/29 19:44:48 | 00,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll
[2008/09/29 19:44:29 | 01,327,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2008/09/29 19:44:16 | 00,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2008/09/29 19:43:24 | 01,244,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2008/09/29 19:43:24 | 00,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2008/09/29 19:43:24 | 00,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2008/09/29 19:43:24 | 00,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2008/09/29 19:43:23 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2008/09/29 19:43:23 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2008/09/29 19:43:23 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2008/09/29 19:42:36 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2008/09/29 19:42:02 | 00,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
[2008/09/29 19:40:37 | 00,092,472 | ---- | M] () -- C:\Users\Dannyd86\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/09/29 19:40:28 | 00,750,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\qmgr.dll
[2008/09/29 19:39:16 | 00,000,402 | -HS- | M] () -- C:\Users\Dannyd86\Documents\desktop.ini
[2008/09/29 19:39:16 | 00,000,282 | -HS- | M] () -- C:\Users\Dannyd86\Desktop\desktop.ini
[2008/09/29 19:39:16 | 00,000,174 | -HS- | M] () -- C:\Users\Dannyd86\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2008/09/29 19:38:09 | 00,001,434 | ---- | M] () -- C:\Users\Public\Desktop\Snapfish Photos - First 25 Prints Free.lnk
[2008/09/29 19:37:50 | 00,001,843 | ---- | M] () -- C:\Users\Public\Desktop\Easy Internet Services.lnk
[2008/09/29 17:53:47 | 01,524,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2008/09/29 17:53:47 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2008/09/29 17:53:47 | 00,045,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2008/09/29 17:53:46 | 01,811,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2008/09/29 17:52:35 | 00,163,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2008/09/29 17:52:35 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2008/09/10 00:04:02 | 00,038,528 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2008/09/10 00:03:56 | 00,017,200 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
< End of report >

OTViewIt Extras logfile created on: 9/30/2008 12:26:22 PM - Run
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Users\Dannyd86\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I7255XEY
Windows Vista (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16711)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 59.48% Memory free
3.96 Gb Paging File | 3.06 Gb Available in Paging File | 77.08% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.31 Gb Total Space | 260.69 Gb Free Space | 90.11% Space Free | Partition Type: NTFS
Drive D: | 8.78 Gb Total Space | 0.71 Gb Free Space | 8.08% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANNYD86-PC
Current User Name: Dannyd86
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2006/08/30 07:35:12 | 00,952,088 | ---- | M] (EarthLink, Inc.) -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\WINDOWS\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\WINDOWS\System32\NapiNSP.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000005 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000006 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\System32\CEmLSP.dll (COMODO)
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\System32\CEmLSP.dll (COMODO)
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\System32\CEmLSP.dll (COMODO)
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\System32\CEmLSP.dll (COMODO)
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\System32\CEmLSP.dll (COMODO)
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\System32\CEmLSP.dll (COMODO)
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\System32\CEmLSP.dll (COMODO)
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\WINDOWS\System32\CEmLSP.dll (COMODO)
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\WINDOWS\System32\CEmLSP.dll (COMODO)
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\WINDOWS\System32\CEmLSP.dll (COMODO)
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\WINDOWS\System32\CEmLSP.dll (COMODO)
Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\WINDOWS\System32\CEmLSP.dll (COMODO)
Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\WINDOWS\System32\CEmLSP.dll (COMODO)
Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\WINDOWS\System32\CEmLSP.dll (COMODO)
Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\WINDOWS\System32\CEmLSP.dll (COMODO)
Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\WINDOWS\System32\CEmLSP.dll (COMODO)
Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\WINDOWS\System32\CEmLSP.dll (COMODO)
Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\WINDOWS\System32\CEmLSP.dll (COMODO)
Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\WINDOWS\System32\CEmLSP.dll (COMODO)

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 16:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])
[2001/06/20 05:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) c:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/27 00:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}"=Roxio Creator Tools
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}"=PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}"=Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}"=Roxio Creator EasyArchive
"{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}"=HP Total Care Advisor
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}"=SymNet
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}"=Rhapsody Player Engine
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}"=Roxio Activation Module
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}"=Norton Internet Security
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}"=ccCommon
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}"=HP Easy Setup - Frontend
"{48185814-A224-447A-81DA-71BD20580E1B}"=Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}"=Norton Confidential Browser Component
"{4EF6FDB0-3B11-4820-9860-8E08E9965195}"=Snapfish Media Detector
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}"=HP Picasso Media Center Add-In
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}"=Norton Internet Security
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}"=Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}"=Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Roxio Express Labeler 3
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}"=muvee autoProducer 6.0
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{6D68F5E6-0C59-4B61-A140-50557D80DBE4}"=Comodo i-Vault
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}"=Python 2.4.3
"{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC 32bit
"{830D8CBD-C668-49e2-A969-C2C2106332E0}"=Norton AntiVirus
"{83FFCFC7-88C6-41c6-8752-958A45325C82}"=Roxio Creator Audio
"{8C6027FD-53DC-446D-BB75-CACD7028A134}"=HP Update
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}"=HP Photosmart Essential2.5
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}"=Microsoft Office Home and Student 2007
"{938B1CD7-7C60-491E-AA90-1F1888168240}"=Roxio MyDVD Basic v9
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}"=Norton Protection Center
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}"=HP Customer Feedback
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}"=HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A80000000002}"=Adobe Reader 8
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}"=MSRedist
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}"=Roxio Creator Basic v9
"{CE386A4E-D0DA-4208-8235-BCE43275C694}"=LightScribe 1.4.142.1
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}"=Norton Confidential Web Protection Component
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}"=Symantec Real Time Storage Protection Component
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}"=Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}"=Norton Internet Security
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}"=AppCore
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F4DB525F-A986-4249-B98B-42A8066251CA}"=AV
"Activation Assistant for the 2007 Microsoft Office suites"=Activation Assistant for the 2007 Microsoft Office suites
"AntiSpam 2.1.0.0"=Comodo AntiSpam 2.1.0.0
"CBOClean"=BOClean
"COMODO Firewall Pro"=COMODO Firewall Pro
"COMODO Memory Firewall"=COMODO Memory Firewall
"COMODO SafeSurf"=COMODO SafeSurf
"HOMESTUDENTR"=Microsoft Office Home and Student 2007
"HP Photosmart Essential"=HP Photosmart Essential 2.0
"InstallShield_{6D68F5E6-0C59-4B61-A140-50557D80DBE4}"=Comodo i-Vault
"KBD"=Enhanced Multimedia Keyboard Solution
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"NVIDIA Drivers"=NVIDIA Drivers
"OsdMaestro"=HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows"=Hardware Diagnostic Tools
"RealPlayer 6.0"=RealPlayer
"Rhapsody"=Rhapsody
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}"=Norton Internet Security (Symantec Corporation)
"WildTangent hpdesktop Master Uninstall"=My HP Games

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/29/2008 11:43:44 PM | Computer Name = Dannyd86-PC | Source = MsiInstaller | ID = 11722
Description =

Error - 9/29/2008 11:52:57 PM | Computer Name = Dannyd86-PC | Source = EventSystem | ID = 4609
Description =

Error - 9/29/2008 11:53:41 PM | Computer Name = Dannyd86-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 9/30/2008 12:17:03 AM | Computer Name = Dannyd86-PC | Source = MBAMTrayCtrl | ID = 131073
Description =

Error - 9/30/2008 12:17:03 AM | Computer Name = Dannyd86-PC | Source = MBAMTrayCtrl | ID = 131073
Description =

Error - 9/30/2008 12:17:03 AM | Computer Name = Dannyd86-PC | Source = MBAMTrayCtrl | ID = 131073
Description =

Error - 9/30/2008 12:25:15 AM | Computer Name = Dannyd86-PC | Source = Application Hang | ID = 1002
Description = The program BOC427.EXE version 4.2.7.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: f48 Start Time: 01c922b429d9f533 Termination Time: 10

Error - 9/30/2008 12:46:10 AM | Computer Name = Dannyd86-PC | Source = Application Hang | ID = 1002
Description = The program explorer.exe version 6.0.6000.16386 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1714 Start Time: 01c922b760aadb83 Termination Time: 31

Error - 9/30/2008 12:22:40 PM | Computer Name = Dannyd86-PC | Source = Application Error | ID = 1000
Description = Faulting application SnapfishMediaDetector.exe, version 1.7.0.15,
time stamp 0x45e8ab44, faulting module SnapfishMediaDetector.exe, version 1.7.0.15,
time stamp 0x45e8ab44, exception code 0x40000015, fault offset 0x0008f18b, process
id 0x98c, application start time 0x01c92318b5fca946.

Error - 9/30/2008 12:22:43 PM | Computer Name = Dannyd86-PC | Source = Application Error | ID = 1000
Description = Faulting application SnapfishMediaDetector.exe, version 1.7.0.15,
time stamp 0x45e8ab44, faulting module SnapfishMediaDetector.exe, version 1.7.0.15,
time stamp 0x45e8ab44, exception code 0x40000015, fault offset 0x0008f18b, process
id 0xe48, application start time 0x01c92318b1272c66.

[ System Events ]
Error - 9/29/2008 11:52:57 PM | Computer Name = Dannyd86-PC | Source = DCOM | ID = 10005
Description =

Error - 9/29/2008 11:52:58 PM | Computer Name = Dannyd86-PC | Source = DCOM | ID = 10005
Description =

Error - 9/29/2008 11:52:58 PM | Computer Name = Dannyd86-PC | Source = DCOM | ID = 10005
Description =

Error - 9/29/2008 11:52:59 PM | Computer Name = Dannyd86-PC | Source = DCOM | ID = 10005
Description =

Error - 9/29/2008 11:53:32 PM | Computer Name = Dannyd86-PC | Source = DCOM | ID = 10005
Description =

Error - 9/29/2008 11:53:32 PM | Computer Name = Dannyd86-PC | Source = DCOM | ID = 10005
Description =

Error - 9/29/2008 11:53:39 PM | Computer Name = Dannyd86-PC | Source = DCOM | ID = 10005
Description =

Error - 9/30/2008 12:23:04 AM | Computer Name = Dannyd86-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/30/2008 12:21:20 PM | Computer Name = Dannyd86-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
9, function 0. Please contact your system vendor for technical assistance.

Error - 9/30/2008 12:21:20 PM | Computer Name = Dannyd86-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
11, function 0. Please contact your system vendor for technical assistance.


< End of report >

i will also see if i cant download the hjt in ie
ok i tried and 2 no success it says this when i try to install the hijackthis tool Run TIme Error 481
Invalid Picture??

also i know that you cannot have two firewalls installed and them run at the same time i went to go into my control panel and it just flickers and closes i already have the comodo firewall etc installed so i tried to unistall norton internet security but because i cant access the control panel i cant uninstall it
ok i finally gave my self full permission over everything and got the log from the hjt here it is

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:59 PM, on 9/30/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\COMODO\Memory Firewall\cmf.exe
C:\Program Files\COMODO\LaunchPad\CLPTray.exe
C:\Program Files\COMODO\AntiSpam\Cas32.exe
C:\Program Files\COMODO\CBOClean\BOC427.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Dannyd86\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I7255XEY\OTViewIt[1].exe
C:\Program Files\COMODO\Firewall\cfpsbmit.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: DiABLO - {487CA274-DDC9-45CA-BF51-2017CE8D6D8A} - C:\Program Files\Comodo\i-Vault\i-Vault.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Memory Firewall] "C:\Program Files\COMODO\Memory Firewall\cmf.exe" -s
O4 - HKLM\..\Run: [Comodo Launch Pad App] C:\Program Files\Comodo\LaunchPad\CLPGuiApp.exe
O4 - HKLM\..\Run: [Comodo Launch Pad Tray] C:\Program Files\Comodo\LaunchPad\CLPTray.exe
O4 - HKLM\..\Run: [ComodoAntiSpam] C:\Program Files\Comodo\AntiSpam\CAS32.exe -q
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\cemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cemlsp.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll C:\Windows\system32\cssdll32.dll
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8209 bytes

Edited by dannny, 30 September 2008 - 12:00 PM.


#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:00 AM

Posted 30 September 2008 - 02:21 PM

Hello, dannny.
You can uninstall norton completely using the Norton Removal Tool.
That is located here:
http://service1.symantec.com/Support/tsgen...005033108162039

Go ahead and remove that. Once you have done that, do this:

I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 dannny

dannny
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 30 September 2008 - 05:19 PM

hello billy thx for all the help heres what you requested

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3484 (20080930)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=642c5c7be3525545a42fa9acbfb55436
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-09-30 09:37:08
# local_time=2008-09-30 05:37:08 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.0.6000 NT
# scanned=346102
# found=1
# scan_time=3807
D:\autorun.inf Win32/AutoRun.UG worm (unable to clean - deleted) 00000000000000000000000000000000

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:00 AM

Posted 30 September 2008 - 06:22 PM

That log appears clean. Are you still having problems?

Can you get to Control Panel now?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 dannny

dannny
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 30 September 2008 - 09:40 PM

yes after two system recoverys i finally have a virus free system thanks a bunch and yes control panel is working i was wondering since my computer is like brand new what would you suggest i download say antivirus software free if possible and firewall etc for my computers protection?

i really dont understand how i had an worm in that directory thing thats scares me is that that directory the D: is a recovery partition for system recovery

i just found out i was missing 59 critical updates from windows update so im currently downloading/installing the updates last time this happened the updates installed and it said i need to restart the computer i did then when it booted back up it said configuring updates..............................................................long process then it said shutdown thats why i did my second recovery i couldnt load up my system it froze saying configuring updates hopefully this doesnt happen again
cant thank you enough thx for the awesome tech help

Edited by dannny, 30 September 2008 - 09:42 PM.


#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:00 AM

Posted 01 October 2008 - 05:44 AM

Hello, dannny.

yes after two system recoverys i finally have a virus free system thanks a bunch and yes control panel is working i was wondering since my computer is like brand new what would you suggest i download say antivirus software free if possible and firewall etc for my computers protection?

It appears you already have an anti-virus. Doesn't Commodo provide that function?
Two good free AVs for non commercial home use are Avast and [urlhttp://free-av.com]Avira[/url].

i really dont understand how i had an worm in that directory thing thats scares me is that that directory the D: is a recovery partition for system recovery

That's not a worm, its a false positive on the part of ESET. Autorun.inf simply controls autorun functionality on a drive. Because hard disks generally aren't supposed to be autorunning anything, ESET decided to nuke it. In reality thoiugh all it does is make the "Recovery" thing show up when you click on the drive in this case.

i just found out i was missing 59 critical updates from windows update so im currently downloading/installing the updates last time this happened the updates installed and it said i need to restart the computer i did then when it booted back up it said configuring updates..............................................................long process then it said shutdown thats why i did my second recovery i couldnt load up my system it froze saying configuring updates hopefully this doesnt happen again
cant thank you enough thx for the awesome tech help

You're welcome and good luck :)

Congratulations! You now appear clean! :thumbsup:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware


We Need to Clean Up Our Mess
  • Please download OTCleanIt from one of the following mirrors and save it to your desktop:
  • Double click the Posted Image icon.
  • Push the large "Cleanup" button.
  • Allow your system to reboot.
Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.
  • Go to Start -> Control Panel -> System and Maintenance -> System.
  • Select "System Protection" in the upper left hand corner.
  • Click the button marked "Create" in the bottom of the window.
  • Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Open Vista's Searchbox (on your start menu) and type in "cleanmgr.exe"
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up", and then "Delete" in the "System Restore and Shadow Copies" section to remove all previous restore points except the newly created one.
Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 dannny

dannny
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 01 October 2008 - 11:43 AM

i created a restore point and named it virus free system however it did not ask me to save the restore point anywhere so how would i be able to access the restore point i just created also i did disk cleanup and cleaned the system restore shadow copies in the more options plus removed a bunch of excess garbage on my computer
also ive decided to download the zone alarm free firewall but since i have the windows firewall on and running can i just disable the windows firewall or will i have to uninstall it?
i did the otview thing and im about to reboot my computer also i got all those 59 valuable updates i needed and one i cant figure out is aol keeps showing up on my computer i went into uninstall programs from the control panel and didnt say AOL i figured the AOL thing was on my computer to begin with because when i start my computer up it pops up saying HP recommends AOL
one more thing becuase i know this forum is pretty busy with alot of people needing help i have an laptop this is the main computer thats plugged into a router my laptop receives the internet through the wireless signal so my question is if my laptop had a bunch of viruses worms etc is it possible they could manifest themselves over to this computer
i would like to post another hijackthis log would u like me to create a new thread from my laptop or just post it here thx

oh yea one more thing i just seen im my programs to unstall i have this i dont know what it is but everytime i run windows update it asks me to download it its called sofrdata fax modem with smartCP i dont have a fax machine on this computer so i dont understand why windows update asks me to download it

1. okay i completed step number one in your recommendations and got the zone alarm firewall and just disabled the windows firewall
2. i downloaded spyblaster but i cant seem to manual update when i click on check for updates it says make sure your connected to the internet
3. i updated the host file wow i dont even know what it is lol but i updated and turned off uac after i did the updating i turned it back on
4. im currently running an scan with malwarebytes after i updated, just a quick scan well i ran the quick scan and it said one object infected which it looks like its in my registry its called hijack.homepage since i found somethen im going to go ahead and do a complete scan
5. im going to go ahead and also download and install superantispyware

Edited by dannny, 01 October 2008 - 12:51 PM.


#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:00 AM

Posted 01 October 2008 - 08:13 PM

i created a restore point and named it virus free system however it did not ask me to save the restore point anywhere so how would i be able to access the restore point i just created

You would access that restore point by using system restore.

also i did disk cleanup and cleaned the system restore shadow copies in the more options plus removed a bunch of excess garbage on my computer
also ive decided to download the zone alarm free firewall but since i have the windows firewall on and running can i just disable the windows firewall or will i have to uninstall it?

Windows firewall will automaticly be disabled by the zonealarm installer. Be sure to UNCHECK the "ZoneAlarm Spyblocker Toolbar" during installation, as this item is AdWare. The firewall is okay though.

i did the otview thing and im about to reboot my computer also i got all those 59 valuable updates i needed and one i cant figure out is aol keeps showing up on my computer i went into uninstall programs from the control panel and didnt say AOL i figured the AOL thing was on my computer to begin with because when i start my computer up it pops up saying HP recommends AOL
one more thing becuase i know this forum is pretty busy with alot of people needing help i have an laptop this is the main computer thats plugged into a router my laptop receives the internet through the wireless signal so my question is if my laptop had a bunch of viruses worms etc is it possible they could manifest themselves over to this computer
i would like to post another hijackthis log would u like me to create a new thread from my laptop or just post it here thx

Go ahead and post a log from your laptop and I'll analyse it for you.

oh yea one more thing i just seen im my programs to unstall i have this i dont know what it is but everytime i run windows update it asks me to download it its called sofrdata fax modem with smartCP i dont have a fax machine on this computer so i dont understand why windows update asks me to download it

If your computer has a modem, even if the modem is not used it will complain. I'm not sure how to prevent the installation though. You could post about that over in the Windows XP Home and Professional forum, where people will be better qualified to help with that sort of problem.

1. okay i completed step number one in your recommendations and got the zone alarm firewall and just disabled the windows firewall
2. i downloaded spyblaster but i cant seem to manual update when i click on check for updates it says make sure your connected to the internet
3. i updated the host file wow i dont even know what it is lol but i updated and turned off uac after i did the updating i turned it back on
4. im currently running an scan with malwarebytes after i updated, just a quick scan well i ran the quick scan and it said one object infected which it looks like its in my registry its called hijack.homepage since i found somethen im going to go ahead and do a complete scan
5. im going to go ahead and also download and install superantispyware

Alrighty :thumbsup:

Go ahead and post a log from your lappy below :)

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 dannny

dannny
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:00 AM

Posted 02 October 2008 - 12:58 PM

okay heres my laptop hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:52:56 PM, on 10/2/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Mail\WinMail.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\Program Files\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8593 bytes

heres also the otview.txt

OTViewIt logfile created on: 10/2/2008 1:55:11 PM - Run
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Users\holly\Downloads
Windows Vista Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 63.00% Memory free
3.99 Gb Paging File | 2.99 Gb Available in Paging File | 74.98% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.42 Gb Total Space | 184.03 Gb Free Space | 79.52% Space Free | Partition Type: NTFS
Drive D: | 2.04 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOLLY-PC
Current User Name: holly
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/01/19 03:33:37 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2008/01/19 03:33:14 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2008/01/05 07:21:53 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
[2007/04/25 00:55:58 | 00,593,920 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
[2008/01/19 03:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2007/04/25 00:55:58 | 00,593,920 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
[2006/12/03 19:51:38 | 00,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
[2006/10/05 15:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
[2006/11/14 23:33:10 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
[2006/11/08 16:18:42 | 00,554,600 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
[2006/10/30 20:20:26 | 00,362,064 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe
[2006/11/10 18:14:14 | 00,349,784 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2006/11/02 15:29:40 | 00,239,200 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
[2006/10/26 12:55:50 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2006/11/17 14:32:40 | 00,833,064 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2006/11/03 12:31:36 | 00,028,752 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
[2007/01/25 20:47:50 | 00,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe
[2007/01/25 20:50:26 | 00,063,096 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
[2007/04/27 23:15:46 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
[2006/05/25 21:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
[2007/03/29 13:39:20 | 00,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
[2007/02/26 00:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
[2006/08/23 19:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
[2008/05/27 01:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2006/11/08 21:09:34 | 00,894,504 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPS\mps.exe
[2008/01/19 03:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/01/19 03:33:08 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2006/11/08 21:09:38 | 00,304,680 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPS\mpsevh.exe
[2007/04/10 19:40:28 | 00,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
[2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2006/09/11 18:21:16 | 00,180,224 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
[2006/09/29 12:57:30 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
[2007/04/25 14:14:16 | 04,444,160 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2006/11/15 01:02:36 | 01,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
[2007/03/29 13:39:18 | 00,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
[2006/12/03 19:34:56 | 00,054,288 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
[2007/03/22 14:46:54 | 00,448,632 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
[2007/04/26 21:56:10 | 00,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
[2007/04/11 12:19:48 | 04,443,136 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
[2006/11/15 00:19:42 | 00,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
[2006/09/29 12:57:36 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
[2008/01/19 03:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2007/11/01 19:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
[2006/11/06 20:14:44 | 00,034,352 | ---- | M] () -- C:\Program Files\Toshiba\Utilities\KeNotify.exe
[2006/11/03 12:31:24 | 00,161,360 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\MSK\mskagent.exe
[2007/05/21 14:49:13 | 01,862,144 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[2007/01/22 11:59:08 | 00,417,792 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
[2006/09/08 17:54:30 | 00,042,544 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApMsgFwd.exe
[2007/05/21 14:49:13 | 01,862,144 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[2006/09/08 18:06:08 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApntEx.exe
[2008/01/19 03:33:37 | 00,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2007/11/01 19:12:38 | 00,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
[2007/01/25 20:45:42 | 00,468,600 | ---- | M] (TOSHIBA Corporation) -- C:\Toshiba\IVP\ISM\Ivpsvmgr.exe
[2008/09/28 19:48:50 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/01/19 03:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/10/02 13:52:31 | 00,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
[2008/01/19 03:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\notepad.exe
[2008/05/27 01:18:16 | 00,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2008/05/27 01:17:55 | 00,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2008/10/02 13:54:40 | 00,419,840 | ---- | M] (OldTimer Tools) -- C:\Users\holly\Downloads\OTViewIt.exe

========== (O23) Win32 Services ==========

[2006/10/05 15:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])
[2007/04/25 00:55:58 | 00,593,920 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])
[2006/11/14 23:33:10 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
[2008/01/05 07:26:41 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/01/19 03:33:06 | 02,091,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2008/01/19 03:34:06 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2008/01/19 03:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006/11/02 08:34:14 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2006/10/28 23:59:38 | 00,337,488 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe -- (Emproxy [On_Demand | Stopped])
[2008/01/19 03:33:11 | 00,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FXSSVC.exe -- (Fax [On_Demand | Stopped])
[2008/01/05 07:21:53 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [Auto | Running])
[2007/05/21 14:49:13 | 01,862,144 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager [On_Demand | Stopped])
[2008/01/19 03:34:25 | 00,574,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
[2007/05/16 22:13:44 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/11/14 04:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/01/05 07:21:39 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2006/11/08 16:18:42 | 00,554,600 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe -- (McAfee HackerWatch Service [Auto | Running])
[2008/01/09 16:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2006/10/30 20:20:26 | 00,362,064 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [Auto | Running])
[2006/11/10 18:14:14 | 00,349,784 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2006/11/02 15:29:40 | 00,239,200 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe -- (McRedirector [Auto | Running])
[2006/10/26 12:55:50 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2006/11/10 18:18:12 | 00,624,720 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Stopped])
[2006/11/17 14:32:40 | 00,833,064 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [Auto | Running])
[2006/11/08 21:09:34 | 00,894,504 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPS\mps.exe -- (MPS9 [Auto | Running])
[2006/11/02 09:02:42 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2006/11/03 12:31:36 | 00,028,752 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe -- (MSK80Service [Auto | Running])
[2008/01/05 07:21:39 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2006/10/26 22:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/01/25 20:47:50 | 00,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger [Auto | Running])
[2008/01/19 03:36:17 | 00,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll -- (RpcSs [Unknown | Running])
[2008/01/19 03:36:19 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
[2008/01/19 03:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 05:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2007/01/25 20:50:26 | 00,063,096 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr [Auto | Running])
[2007/04/27 23:15:46 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv [Auto | Running])
[2006/05/25 21:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv [Auto | Running])
[2007/03/29 13:39:20 | 00,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv [Auto | Running])
[2007/02/26 00:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service [Auto | Running])
[2008/01/19 03:33:33 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller [Unknown | Stopped])
[2008/01/19 03:33:33 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2006/08/23 19:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
[2008/01/19 03:33:33 | 00,382,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
[2008/01/19 03:33:35 | 00,917,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbengine.exe -- (wbengine [On_Demand | Stopped])
[2008/01/19 03:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2008/05/27 01:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2006/11/02 05:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006/11/02 05:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006/11/02 05:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006/11/28 18:11:00 | 01,161,888 | ---- | M] (Agere Systems) -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
[2006/11/02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006/11/02 05:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006/11/02 05:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006/11/02 05:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006/11/02 04:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2008/01/19 01:27:20 | 00,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [On_Demand | Running])
[2006/08/30 12:35:58 | 00,140,800 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2006/11/02 05:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006/11/02 05:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2007/02/28 21:04:58 | 00,694,784 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys -- (athr [On_Demand | Running])
[2007/04/25 01:07:14 | 02,590,720 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag [On_Demand | Running])
File not found -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive [Disabled | Stopped])
[2008/01/19 01:28:26 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006/11/02 04:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2006/11/02 04:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008/01/19 03:42:58 | 00,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2006/11/02 05:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2006/11/02 05:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006/11/02 04:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2008/01/19 01:28:57 | 00,350,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\csc.sys -- (CSC [System | Running])
[2008/01/19 01:28:20 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2008/08/01 21:01:23 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2006/11/02 03:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2008/01/19 03:42:11 | 00,143,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2006/11/02 05:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2008/01/19 01:28:01 | 00,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys -- (exfat [On_Demand | Stopped])
[2008/01/19 03:42:31 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2008/01/19 01:30:23 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2008/01/19 03:42:12 | 00,145,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fvevol.sys -- (fvevol [Boot | Running])
[2006/11/02 05:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2006/11/02 03:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2008/01/19 00:30:49 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 04:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 04:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006/11/02 05:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006/11/02 05:49:49 | 00,027,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp [Disabled | Stopped])
[2006/11/02 05:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2006/11/02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2007/04/25 20:03:58 | 01,771,944 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
[2006/11/02 04:30:18 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm [Disabled | Stopped])
[2006/11/02 04:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2008/01/19 03:42:35 | 00,181,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2006/11/02 04:51:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [Disabled | Stopped])
[2006/02/14 14:50:00 | 00,216,320 | ---- | M] (TOSHIBA CORPORATION) -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I [Disabled | Stopped])
[2005/09/27 19:57:00 | 00,207,104 | ---- | M] (TOSHIBA CORPORATION) -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N [Disabled | Stopped])
[2006/09/27 23:06:00 | 00,479,488 | ---- | M] (TOSHIBA CORPORATION) -- C:\Windows\System32\drivers\kr3npxp.sys -- (KR3NPXP [Disabled | Stopped])
[2008/01/19 01:55:03 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006/07/28 19:25:26 | 00,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter [Boot | Running])
[2006/11/02 05:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006/11/02 05:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006/11/02 05:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2008/01/19 01:30:36 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2006/11/02 05:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2006/10/26 12:56:30 | 00,071,496 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2006/10/26 12:56:08 | 00,034,120 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2006/10/26 12:56:10 | 00,168,392 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk [On_Demand | Running])
[2006/10/26 12:56:14 | 00,031,944 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2006/10/26 12:56:14 | 00,035,048 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Stopped])
[2008/01/19 01:52:19 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006/12/13 14:19:30 | 00,107,608 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2006/11/02 05:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2008/01/19 01:54:46 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2008/05/08 15:21:56 | 00,211,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2008/01/19 01:28:37 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2006/11/02 05:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006/11/02 05:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2008/01/19 03:41:14 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2008/01/19 03:42:29 | 00,163,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2008/01/19 01:49:19 | 00,006,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE [On_Demand | Stopped])
[2008/05/19 22:07:31 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])
[2006/11/02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2008/01/19 01:55:50 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2006/11/02 05:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2006/11/02 05:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2006/11/02 05:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2008/01/19 03:41:13 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciide.sys -- (pciide [Boot | Running])
[2006/11/02 05:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2006/11/02 04:30:18 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\processr.sys -- (Processor [Disabled | Stopped])
[2008/04/04 21:21:42 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2006/10/18 06:00:00 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2006/11/02 05:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2008/01/19 01:56:07 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2008/01/19 01:56:43 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp [On_Demand | Running])
[2008/01/19 02:01:09 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2008/01/19 01:55:03 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2006/12/25 21:35:08 | 00,067,072 | ---- | M] (Realtek Corporation) -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169 [On_Demand | Running])
[2006/11/02 05:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2008/01/19 01:32:56 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2006/11/02 02:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008/01/19 01:49:16 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2006/11/02 04:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2006/11/02 04:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2006/11/02 04:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2006/11/02 05:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2006/11/02 05:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006/11/02 05:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2008/01/19 01:55:27 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2008/01/19 03:41:30 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2008/01/19 01:29:15 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2008/01/19 01:29:12 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2006/11/02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2006/11/02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2008/01/19 01:56:07 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2006/12/03 19:21:10 | 00,039,056 | ---- | M] (UPEK Inc.) -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb [On_Demand | Running])
[2006/10/18 14:50:04 | 00,016,128 | ---- | M] (TOSHIBA Corporation.) -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst [On_Demand | Running])
[2008/01/19 01:55:58 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2007/01/24 17:44:06 | 00,290,304 | ---- | M] (Texas Instruments) -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
[2008/01/19 03:33:24 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\reg.exe -- (Tosrfcom [On_Demand | Stopped])
[2006/10/23 19:32:20 | 00,009,216 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec [On_Demand | Stopped])
[2007/04/27 23:13:58 | 00,285,184 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32 [Boot | Running])
[2008/01/19 02:01:15 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2008/01/19 01:55:41 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2008/01/19 01:55:50 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2006/10/06 01:22:14 | 00,016,768 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ [Boot | Running])
[2006/11/02 05:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2006/11/02 05:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006/11/02 05:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006/11/02 05:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2008/01/19 01:53:40 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2006/11/02 04:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2008/01/19 01:53:21 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2008/01/19 01:53:21 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci [On_Demand | Running])
File not found -- C:\Windows\system32\drivers\usbstor.sys -- (USBSTOR [Disabled | Stopped])
[2006/11/02 04:55:20 | 00,132,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbvideo.sys -- (usbvideo [On_Demand | Running])
[2007/03/13 00:47:54 | 00,011,264 | ---- | M] (Chicony Electronics Co., Ltd.) -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR [On_Demand | Running])
[2006/11/02 04:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006/11/02 05:49:52 | 00,054,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VIAAGP.SYS -- (viaagp [On_Demand | Stopped])
[2006/11/02 04:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2006/11/02 05:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2008/01/19 03:42:18 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2008/01/19 03:43:03 | 00,294,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2006/11/02 05:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 04:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006/11/02 05:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008/01/19 03:43:27 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2006/11/02 04:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])
[2008/01/19 01:56:49 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.toshibadirect.com/dpdstart
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.toshibadirect.com/dpdstart
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1935660297-263429631-4058951146-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.toshibadirect.com/dpdstart
"StartPageCache"=

[HKEY_USERS\S-1-5-21-1935660297-263429631-4058951146-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1935660297-263429631-4058951146-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (HKLM) -- c:\Program Files\McAfee\VirusScan\scriptcl.dll (McAfee, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1935660297-263429631-4058951146-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00TCrdMain"=%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" (Chicony)
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
"HSON"=%ProgramFiles%\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
"HWSetup"=\HWSetup.exe hwSetUP File not found
"KeNotify"=C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
"MskAgentexe"=C:\Program Files\McAfee\MSK\MskAgent.exe (McAfee Inc.)
"NDSTray.exe"=NDSTray.exe File not found
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" /startup (UPEK Inc.)
"RtHDVCpl"=RtHDVCpl.exe (Realtek Semiconductor)
"Skytel"=Skytel.exe (Realtek Semiconductor Corp.)
"SmoothView"=%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
"SVPWUTIL"=C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL (TOSHIBA)
"TPwrMain"=%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"DisableCAD"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Send to OneNote -- C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: S&end to OneNote -- C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Research -- C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
GD: ":Range"=127.0.0.1 -- http in Local intranet |

[HKEY_USERS\S-1-5-21-1935660297-263429631-4058951146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
GD: ":Range"=127.0.0.1 -- http in Local intranet |

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0

========== (O17) DNS Name Servers ==========

{BCB26A79-8E12-45B9-B930-4A2E1F7DBF65} (Servers: | Description: Atheros AR5007EG Wireless Network Adapter)
{E73816C5-3170-45CE-955F-D82D9CC0ABD4} (Servers: | Description: Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0))

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
>[2007/05/21 14:49:13 | 00,143,360 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"GinaDLL"=vrlogon.dll
>[2006/12/03 19:52:36 | 00,631,808 | ---- | M] (UPEK Inc.) -- C:\Windows\System32\vrlogon.dll


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
psfus: "DllName" = C:\Windows\system32\psqlpwd.dll -- C:\Windows\System32\psqlpwd.dll (UPEK Inc.)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008/01/19 03:33:59 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008/01/19 03:36:42 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDM | ]
[2006/09/18 17:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

AutoRun []
[2007/07/20 13:16:58 | 00,634,880 | R--- | M] (Electronic Arts Inc.) -- D:\AutoRun.exe -- [ UDF ]

AutoRun.exe [MZ | ]
[2007/07/20 13:16:58 | 00,634,880 | R--- | M] (Electronic Arts Inc.) -- D:\AutoRun.exe -- [ UDF ]

AutoRunGUI.dll [MZ | ]
[2007/07/05 16:01:39 | 00,585,728 | R--- | M] (Electronic Arts Inc.) -- D:\AutoRunGUI.dll -- [ UDF ]

autorun.ico []
[2007/06/02 08:27:56 | 00,134,694 | R--- | M] () -- D:\autorun.ico -- [ UDF ]

autorun.inf [[autorun] | open=Autorun.exe | Icon=autorun.ico | Name=Tiger Woods PGA TOUR 08 | | [Special] | Disk=1 | ProductGuiID={2FEA102C-F535-4513-009B-57B165013C18} | | ]
[2007/07/20 13:27:07 | 00,000,153 | R--- | M] () -- D:\autorun.inf -- [ UDF ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5eb517b4-5226-11dd-b641-806e6f6e6963}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5eb517b4-5226-11dd-b641-806e6f6e6963}\Shell\AutoRun\command]
""=D:\Autorun.exe -- [2007/07/20 13:16:58 | 00,634,880 | R--- | M] (Electronic Arts Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2008/10/02 13:52:32 | 00,001,885 | ---- | C] () -- C:\Users\holly\Desktop\HijackThis.lnk
[2008/10/02 13:52:31 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/01 13:24:31 | 00,000,000 | ---D | C] -- C:\Users\holly\AppData\Roaming\WinBatch
[2008/09/29 20:15:06 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2008/09/29 20:15:05 | 00,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/09/29 20:15:05 | 00,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/29 20:15:02 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2008/09/29 20:14:51 | 00,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2008/09/29 20:14:51 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2008/09/29 20:14:51 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2008/09/29 20:14:51 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2008/09/29 20:14:51 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2008/09/29 20:14:50 | 00,754,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
[2008/09/29 20:14:50 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2008/09/29 20:14:50 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2008/09/29 20:14:50 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2008/09/29 20:14:50 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2008/09/29 20:14:49 | 11,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2008/09/29 20:14:49 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2008/09/29 20:14:49 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2008/09/29 20:14:49 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2008/09/29 20:14:49 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2008/09/29 20:14:49 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2008/09/29 20:14:48 | 06,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2008/09/29 20:14:48 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2008/09/29 20:14:48 | 01,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2008/09/29 20:14:48 | 01,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2008/09/29 20:14:48 | 00,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2008/09/29 20:14:48 | 00,439,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2008/09/29 20:14:48 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2008/09/29 20:14:48 | 00,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2008/09/29 20:14:48 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2008/09/29 20:14:48 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2008/09/28 12:37:00 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2008/09/28 12:36:59 | 03,600,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2008/09/28 12:36:59 | 03,549,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2008/09/28 12:36:59 | 00,891,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2008/09/28 12:36:59 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2008/09/28 12:36:58 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2008/09/28 12:36:56 | 00,625,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2008/09/28 12:36:56 | 00,565,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\emdmgmt.dll
[2008/09/28 12:36:56 | 00,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2008/09/28 12:36:56 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2008/09/28 12:36:56 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2008/09/28 12:36:56 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2008/09/28 12:36:52 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2008/09/28 12:36:52 | 00,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2008/09/28 12:36:52 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2008/09/28 12:36:52 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrrun.dll
[2008/09/28 12:36:52 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscript.exe
[2008/09/28 12:36:52 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2008/09/28 12:36:52 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2008/09/28 12:36:52 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshext.dll
[2008/09/27 15:30:37 | 00,000,000 | ---D | C] -- C:\PerfLogs
[2008/09/26 03:21:40 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2008/09/26 03:21:40 | 00,053,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2008/09/26 03:21:40 | 00,045,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2008/09/26 03:21:39 | 01,811,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2008/09/26 03:20:26 | 00,563,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2008/09/26 03:20:26 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2008/09/26 03:20:26 | 00,036,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2008/09/26 03:20:04 | 00,163,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2008/09/26 03:20:04 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2008/09/12 21:45:04 | 00,000,342 | ---- | C] () -- C:\Windows\tasks\McDefragTask.job
[2008/09/12 21:44:55 | 00,000,334 | ---- | C] () -- C:\Windows\tasks\McQcTask.job
[2008/09/09 16:43:32 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2008/09/09 16:43:31 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2008/09/09 15:56:40 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2008/09/06 16:00:42 | 00,000,000 | ---D | C] -- C:\Users\holly\AppData\Local\Microsoft Games

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2008/10/02 13:52:32 | 00,001,885 | ---- | M] () -- C:\Users\holly\Desktop\HijackThis.lnk
[2008/10/02 13:42:31 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2008/10/02 13:42:31 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2008/10/02 13:42:31 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2008/10/02 13:36:22 | 00,005,878 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2008/10/02 13:36:03 | 00,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2008/10/02 13:36:03 | 00,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2008/10/02 13:35:59 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2008/10/02 13:35:54 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2008/10/02 13:35:51 | 20,112,17920 | -HS- | M] () -- C:\hiberfil.sys
[2008/09/30 15:01:10 | 01,983,547 | -H-- | M] () -- C:\Users\holly\AppData\Local\IconCache.db
[2008/09/27 15:43:47 | 00,000,280 | -HS- | M] () -- C:\Users\Public\Documents\desktop.ini
[2008/09/27 15:43:47 | 00,000,174 | -HS- | M] () -- C:\Users\Public\Desktop\desktop.ini
[2008/09/27 15:43:46 | 00,000,174 | -HS- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2008/09/27 15:38:45 | 00,316,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2008/09/27 15:12:58 | 00,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2008/09/27 15:12:57 | 00,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2008/09/21 10:18:29 | 00,002,838 | ---- | M] () -- C:\Windows\machine.ver
[2008/09/12 22:28:20 | 00,000,342 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2008/09/12 22:28:20 | 00,000,334 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
< End of report >

and extras.txt

OTViewIt Extras logfile created on: 10/2/2008 1:55:11 PM - Run
OTViewIt by OldTimer - Version 1.0.9.2 Folder = C:\Users\holly\Downloads
Windows Vista Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 63.00% Memory free
3.99 Gb Paging File | 2.99 Gb Available in Paging File | 74.98% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.42 Gb Total Space | 184.03 Gb Free Space | 79.52% Space Free | Partition Type: NTFS
Drive D: | 2.04 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOLLY-PC
Current User Name: holly
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0
"VistaSp1"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2007/01/25 20:49:34 | 00,472,688 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
[2007/01/25 20:47:50 | 00,136,816 | ---- | M] () -- C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 16:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])
[2001/06/19 20:26:00 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/27 00:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003B5184-F3DF-AF76-CB17-D35B7BB46B81}"=CCC Help Japanese
"{008D69EB-70FF-46AB-9C75-924620DF191A}"=TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0E9C4531-58C4-4349-AD2F-A4D999E451EC}"=TOSHIBA Music
"{0F6932CF-E642-5A7A-8194-3F7443188287}"=CCC Help Turkish
"{10113A44-CBFF-4FF7-8A13-BD1EC4180C56}"=Protector Suite QL 5.6
"{103A43D9-9ED8-E78D-7BF1-E536DFE6FC9F}"=Catalyst Control Center Localization Greek
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}"=Utility Common Driver
"{12887AF2-AE16-34CC-E85C-637DF6911C8C}"=Catalyst Control Center Localization Turkish
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}"=TOSHIBA Assist
"{13614186-B0A0-AA21-F75A-2097F9167DB8}"=CCC Help Portuguese
"{177B615E-47B1-C1C4-6F3B-7D6FEB8D4564}"=CCC Help Thai
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{26210745-925C-8AE4-F3B9-5FA737A1F6F2}"=CCC Help Russian
"{2768CDA5-57DA-59D4-884F-A0F8A5B36D3E}"=CCC Help Finnish
"{28006915-2739-4EBE-B5E8-49B25D32EB33}"=Atheros Driver Installation Program
"{29DC966A-DA3E-3ED4-68E7-6D3D9A055B42}"=Catalyst Control Center Localization Korean
"{2E7A9DDC-E062-0074-08AB-DE7D1B431F75}"=Catalyst Control Center Localization Chinese Traditional
"{2FAE3800-CC47-C556-C57F-A91851BF7854}"=CCC Help French
"{2FEA102C-F535-4513-009B-57B165013C18}"=Tiger Woods PGA TOUR 08
"{3248F0A8-6813-11D6-A77B-00B0D0160000}"=Java™ SE Runtime Environment 6
"{33824DAC-3F98-0BB6-56D5-7DE1A3CCC068}"=Catalyst Control Center Localization German
"{3621A2DF-0870-FE7E-674F-1DBCB18C5D22}"=ccc-utility
"{37C866E4-AA67-4725-9E95-A39968DD7960}"=Camera Assistant Software for Toshiba
"{3F11CE8A-388B-0D3A-DF6F-061F23A13D26}"=CCC Help Korean
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}"=TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}"=ATI Catalyst Install Manager
"{41DD15BE-811D-7DEF-19A9-30AF18F75EFF}"=Catalyst Control Center Localization Thai
"{425A2BC2-AA64-4107-9C29-484245BBEA05}"=TOSHIBA Software Upgrades
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}"=TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}"=TOSHIBA Hardware Setup
"{52F368DE-06BD-E116-9233-D1DE207BDFE6}"=CCC Help Dutch
"{53BABC75-1DC1-479B-224B-1EB9E18A799B}"=CCC Help German
"{56797214-1A4C-052E-1ECE-B00308BF3362}"=CCC Help Chinese Standard
"{572D71E9-5102-74B3-5D22-DEDF911F7FE5}"=CCC Help Italian
"{5BA0C9F0-3B01-91A3-6922-4DCF943D9CBE}"=CCC Help English
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}"=TOSHIBA Disc Creator
"{6080CE3C-2CB3-2FA3-1CE2-3350B06664BC}"=CCC Help Swedish
"{611E35B8-7F46-DDBB-CC4F-FAAED6C054FF}"=Catalyst Control Center Localization Spanish
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}"=TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}"=TOSHIBA Flash Cards Support Utility
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}"=Activation Assistant for the 2007 Microsoft Office suites
"{678F1F2D-F214-08D4-67FB-AC04316C4940}"=ccc-core-static
"{6A0B868C-89BE-ACF1-8C0A-CC88878A9E46}"=Catalyst Control Center Localization Russian
"{6C4734CF-A10C-DFF4-5565-457F33849862}"=Catalyst Control Center Localization Swedish
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}"=TOSHIBA DVD PLAYER
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{6DECCD60-782D-7B14-22DE-FB8D6EA46433}"=CCC Help Polish
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}"=Age of Empires III
"{715044AC-B95E-4CD0-9B0C-CEDDB422F93B}"=CCC Help Czech
"{724A8BEC-B350-1C76-C580-959AEA487108}"=Catalyst Control Center Localization Japanese
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}"=TOSHIBA ConfigFree
"{7994AA46-4BA6-4349-1606-1DF4148CE05B}"=CCC Help Hungarian
"{7AFBAC39-F6A8-9F8D-6A6D-F134F7E34B6E}"=Catalyst Control Center Localization Danish
"{845D19A7-0BBF-12DF-87CF-F5D468930EA6}"=Catalyst Control Center Localization Czech
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}"=Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}"=Napster Burn Engine
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90BF970B-3335-CFD5-711C-9FE0310A97C0}"=CCC Help Greek
"{91120000-002F-0000-0000-0000000FF1CE}"=Microsoft Office Home and Student 2007
"{926593ED-3962-4630-7CE3-34FF1B4ACCF3}"=Catalyst Control Center Localization Finnish
"{9EB0D4D4-87A5-52F5-C59C-159F81BED0E6}"=Catalyst Control Center Graphics Previews Vista
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}"=ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}"=CD/DVD Drive Acoustic Silencer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{A91383E9-0311-DB40-6AF6-3F9E80F83E84}"=Catalyst Control Center Localization Portuguese
"{AC76BA86-7AD7-1033-7B44-A80000000002}"=Adobe Reader 8
"{B1211E68-4DA2-7942-BE75-14272A8C1EA9}"=Catalyst Control Center Localization Dutch
"{B1F8FA80-EFA5-EC12-AD36-F5266EF90B61}"=CCC Help Danish
"{B4369E44-8703-E769-A711-40EE5000AC2C}"=Catalyst Control Center Core Implementation
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}"=Microsoft XML Parser
"{B7DE7B5E-4A2B-B709-E133-EC74C81E654A}"=Catalyst Control Center Graphics Full New
"{B87A3B9F-7632-E053-2148-8EDD1A787B78}"=Catalyst Control Center Localization Chinese Standard
"{BBBCAE4B-B416-4182-A6F2-438180894A81}"=Napster
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}"=Toshiba Registration
"{C7EA6173-A2B8-D45E-A0EE-74F8D2C58D30}"=Catalyst Control Center Localization Hungarian
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}"=Bluetooth Stack for Windows by Toshiba
"{D1C3920F-1DC3-A2FA-BF5E-7497B5EF072E}"=Catalyst Control Center Localization Norwegian
"{D95AAA04-9BEF-54B3-CD70-348AC1155DAB}"=Catalyst Control Center Graphics Full Existing
"{D9C7C58C-AC51-EDBF-CF22-E4E1B93ED50D}"=Skins
"{DB780B85-B4B5-4864-A49C-9B706B169C93}"=TIPCI
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DDC4619D-1DC8-C2A7-4968-45586F237131}"=CCC Help Norwegian
"{E015B7D9-01AD-FE29-052A-489F4F29ED7F}"=Catalyst Control Center Graphics Light
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{E7511B20-2857-3F50-1B84-F0F32C519FE1}"=CCC Help Chinese Traditional
"{EB5BE9DE-6025-6227-0C25-AE5C852EC479}"=Catalyst Control Center Localization Polish
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}"=TOSHIBA SD Memory Utilities
"{EC28331A-FF2B-6D66-D8A0-32C706AEA120}"=CCC Help Spanish
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}"=Yahoo! Music Jukebox
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}"=TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}"=DVD MovieFactory for TOSHIBA
"{F2B27034-6059-0549-F01A-4BD9865521B1}"=Catalyst Control Center Localization French
"{FBE6B550-A93E-AA46-1DBB-421EC319E2DA}"=Catalyst Control Center Localization Italian
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}"=TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites"=Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player
"ATI Uninstaller"=ATI Uninstaller
"Desktop Dialer"=Desktop Dialer
"Google Desktop"=Google Desktop
"HijackThis"=HijackThis 2.0.2
"HOMESTUDENTR"=Microsoft Office Home and Student 2007
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}"=TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}"=TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}"=TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}"=TOSHIBA Flash Cards Support Utility
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}"=Age of Empires III
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}"=Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}"=TOSHIBA Value Added Package
"Internet Offers from Toshiba"=Internet Offers
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSC"=McAfee SecurityCenter
"oggcodecs"=oggcodecs 0.71.0946
"Picasa2"=Picasa 2
"TOSHIBA Game Console"=TOSHIBA Game Console
"TOSHIBA Media Center Game Console"=TOSHIBA Media Center Game Console
"TOSHIBA Software Modem"=TOSHIBA Software Modem
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"WT022084"=Bejeweled 2 Deluxe
"WT022085"=Blackhawk Striker 2
"WT022086"=Blasterball 3
"WT022087"=Diner Dash - Flo on the Go
"WT022089"=FATE
"WT022090"=Mah Jong Quest
"WT022091"=Penguins!
"WT022092"=Polar Bowler
"WT022093"=Polar Golfer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/4/2008 9:58:30 AM | Computer Name = holly-PC | Source = EventSystem | ID = 4621
Description =

Error - 9/5/2008 8:11:19 PM | Computer Name = holly-PC | Source = EventSystem | ID = 4621
Description =

Error - 9/5/2008 9:44:49 PM | Computer Name = holly-PC | Source = EventSystem | ID = 4621
Description =

Error - 9/6/2008 11:03:19 AM | Computer Name = holly-PC | Source = EventSystem | ID = 4621
Description =

Error - 9/6/2008 5:08:00 PM | Computer Name = holly-PC | Source = EventSystem | ID = 4621
Description =

Error - 9/7/2008 12:44:32 AM | Computer Name = holly-PC | Source = EventSystem | ID = 4621
Description =

Error - 9/7/2008 10:33:36 PM | Computer Name = holly-PC | Source = EventSystem | ID = 4621
Description =

Error - 9/9/2008 5:11:59 PM | Computer Name = holly-PC | Source = EventSystem | ID = 4621
Description =

Error - 9/10/2008 5:30:30 PM | Computer Name = holly-PC | Source = EventSystem | ID = 4621
Description =

Error - 9/11/2008 4:01:00 PM | Computer Name = holly-PC | Source = EventSystem | ID = 4621
Description =

[ System Events ]
Error - 9/26/2008 10:22:53 PM | Computer Name = holly-PC | Source = bowser | ID = 8003
Description =

Error - 9/27/2008 12:14:41 AM | Computer Name = holly-PC | Source = Service Control Manager | ID = 7016
Description =

Error - 9/27/2008 9:54:16 AM | Computer Name = holly-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
6, function 0. Please contact your system vendor for technical assistance.

Error - 9/27/2008 9:54:16 AM | Computer Name = holly-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
7, function 0. Please contact your system vendor for technical assistance.

Error - 9/27/2008 9:54:16 AM | Computer Name = holly-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
5, function 0. Please contact your system vendor for technical assistance.

Error - 9/27/2008 9:54:31 AM | Computer Name = holly-PC | Source = Microsoft-Windows-Kernel-WHEA | ID = 6
Description =

Error - 9/27/2008 12:13:18 PM | Computer Name = holly-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:10:54 PM on 9/27/2008 was unexpected.

Error - 9/27/2008 12:14:53 PM | Computer Name = holly-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/27/2008 2:37:49 PM | Computer Name = holly-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:35:51 PM on 9/27/2008 was unexpected.

Error - 9/27/2008 2:39:24 PM | Computer Name = holly-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:00 AM

Posted 02 October 2008 - 03:37 PM

Hello, dannny.
That log looks clean. Just want to get rid of some leftovers :thumbsup:

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :services
    blbdrive
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • OTMoveIt3's Log
  • ESET OnlineScan's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#15 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:00 AM

Posted 04 October 2008 - 07:56 PM

Hello, dannny.
Are you still here?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users