Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with virus...


  • This topic is locked This topic is locked
23 replies to this topic

#1 consilience

consilience

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 08 January 2009 - 04:50 PM

Here are my logs...

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 14 January 2009 - 03:52 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 consilience

consilience
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 15 January 2009 - 04:40 PM

this virus is doing the following:
blocking be from getting updates on any security program, stopping me from running most security programs (cant run malwarebyte anymore) cant run task manager (says it has been disabled by administrator - which is me and i am logged in as such) and has even blocked web sites like this one (having to use laptop for this) i was able to run deckard's system scanner and hijack this... logs attached.

Attached Files



#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 16 January 2009 - 01:06 AM

this virus is doing the following:
blocking be from getting updates on any security program, stopping me from running most security programs (cant run malwarebyte anymore) cant run task manager (says it has been disabled by administrator - which is me and i am logged in as such) and has even blocked web sites like this one (having to use laptop for this) i was able to run deckard's system scanner and hijack this... logs attached.



Post me that log please.. And DON'T reboot your computer yet..

Edited by fenzodahl512, 16 January 2009 - 01:07 AM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 consilience

consilience
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 18 January 2009 - 04:07 PM

cannot attch, file too big so here it is:

Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2009-01-18 10:04:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:51 AM, on 1/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\hid.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\Tray.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Administrator\Desktop\=\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_ADM~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
O2 - BHO: (no name) - {0E905067-4999-4713-87DE-1B022DAF9F03} - C:\WINDOWS\system32\tuvVnKDv.dll
O2 - BHO: HelloWorldBHO - {359A2ABB-6050-47F1-8642-EFF82F23A4F4} - C:\WINDOWS\system32\icq6s.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {e4a3233c-f13d-f428-9904-a762505e6d85} - {58d6e505-267a-4099-824f-d31fc3323a4e} - C:\WINDOWS\system32\lofuxj.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddcArQkL.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HP VoodooDNA Mouse] "C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\hid.exe"
O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\system32\3com_dmif.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [40553691] rundll32.exe "C:\WINDOWS\system32\gxaccrek.dll",b
O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\system32\3com_dmif.exe
O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\system32\3com_dmif.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\system32\3com_dmif.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Test1 - res://C:\WINDOWS\system32\icq6s.dll/MENUSEARCH.HTM
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: lofuxj.dll
O20 - Winlogon Notify: ddcArQkL - C:\WINDOWS\SYSTEM32\ddcArQkL.dll
O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file)
O22 - SharedTaskScheduler: Windows Installer Class - {020487CC-FC04-4B1E-863F-D9801796230B} - C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\wndutl32.dll (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 6918 bytes

-- Files created between 2008-12-18 and 2009-01-18 -----------------------------

2009-01-17 13:25:02 129024 --a------ C:\WINDOWS\system32\lofuxj.dll
2009-01-17 13:25:00 129024 --a------ C:\WINDOWS\system32\bbdmptiq.dll
2009-01-17 13:23:03 72704 --a------ C:\WINDOWS\system32\gxaccrek.dll
2009-01-17 13:22:00 86440 --ahs---- C:\WINDOWS\system32\vDKnVvut.ini2
2009-01-17 13:21:57 302592 --a------ C:\WINDOWS\system32\tuvVnKDv.dll
2009-01-17 13:16:55 36352 --a------ C:\WINDOWS\system32\xxyyaXrQ.dll
2009-01-17 13:16:55 46592 --a------ C:\WINDOWS\system32\hgGawUon.dll
2009-01-17 13:16:53 36352 --a------ C:\WINDOWS\system32\ddcArQkL.dll
2009-01-11 00:20:20 41472 -r-hs---- C:\WINDOWS\system32\3com_dmif.exe
2009-01-10 23:56:45 18 --ah----- C:\SYSREST
2009-01-09 01:49:37 122880 --a------ C:\WINDOWS\system32\icq6s.dll
2009-01-08 05:44:09 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Google
2009-01-08 05:42:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-01-08 05:42:52 0 d-------- C:\Program Files\Google
2009-01-08 01:33:26 233984 --a------ C:\WINDOWS\svw.exe
2009-01-08 01:29:24 144 --ahs---- C:\WINDOWS\system32\1079326270.dat
2009-01-08 01:29:19 235008 --a------ C:\WINDOWS\odb.exe
2009-01-08 01:29:18 54272 --a------ C:\Documents and Settings\HP_Administrator\Application Data\casino.exe
2009-01-08 01:29:11 568832 --a------ C:\WINDOWS\system32\a.exe


-- Find3M Report ---------------------------------------------------------------

2009-01-18 10:01:07 0 d-------- C:\Program Files\Flock
2009-01-15 12:58:19 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\AVG7
2009-01-11 00:20:20 27 --a------ C:\Documents and Settings\HP_Administrator\Application Data\config.cfg
2009-01-11 00:20:20 41218 --a------ C:\Documents and Settings\HP_Administrator\Application Data\~tmp.html
2009-01-03 00:10:00 0 d-------- C:\Program Files\Advanced Registry Optimizer
2008-12-09 01:03:09 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Real
2008-12-09 01:02:56 0 d-------- C:\Program Files\Common Files
2008-12-09 01:02:56 0 d-------- C:\Program Files\Common Files\xing shared
2008-12-09 01:02:52 0 d-------- C:\Program Files\Common Files\Real
2008-12-09 01:02:38 0 d-------- C:\Program Files\Real
2008-12-07 12:35:42 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Move Networks
2008-12-05 13:27:51 0 d-------- C:\Program Files\Java
2008-11-26 20:14:27 0 d-------- C:\Program Files\iTunes
2008-11-26 20:14:08 0 d-------- C:\Program Files\iPod
2008-11-26 20:12:59 0 d-------- C:\Program Files\QuickTime
2008-11-26 20:12:22 0 d-------- C:\Program Files\Common Files\Apple
2008-11-26 20:09:29 0 d-------- C:\Program Files\Safari
2008-11-26 15:10:04 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla
2008-11-24 22:40:54 0 d-------- C:\Program Files\HP Laser Gaming Mouse with VoodooDNA
2008-11-24 22:40:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-11-24 22:40:41 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\InstallShield
2008-11-03 17:08:53 66932 --ah----- C:\WINDOWS\system32\mlfcache.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0E905067-4999-4713-87DE-1B022DAF9F03}]
01/17/2009 01:21 PM 302592 --a------ C:\WINDOWS\system32\tuvVnKDv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{359A2ABB-6050-47F1-8642-EFF82F23A4F4}]
01/10/2009 03:10 PM 122880 --a------ C:\WINDOWS\system32\icq6s.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58d6e505-267a-4099-824f-d31fc3323a4e}]
01/17/2009 01:25 PM 129024 --a------ C:\WINDOWS\system32\lofuxj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
01/17/2009 01:16 PM 36352 --a------ C:\WINDOWS\system32\ddcArQkL.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
12/05/2008 01:27 PM 34816 --a------ C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
12/05/2008 01:27 PM 73728 --a------ C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [11/16/2008 11:44 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/09/2006 07:50 AM]
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [11/21/2006 04:08 PM]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/15/2006 03:34 PM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [05/08/2007 03:24 PM]
"ftutil2"="ftutil2.dll" [06/07/2004 06:05 AM C:\WINDOWS\system32\ftutil2.dll]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 02:01 PM]
"HP VoodooDNA Mouse"="C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\hid.exe" [08/01/2008 09:55 AM]
"UpdateWin"="C:\WINDOWS\system32\3com_dmif.exe" [01/11/2009 12:20 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/09/2008 01:02 AM]
"40553691"="C:\WINDOWS\system32\gxaccrek.dll" [01/17/2009 01:23 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateWin"="C:\WINDOWS\system32\3com_dmif.exe" [01/11/2009 12:20 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"UpdateWin"=C:\WINDOWS\system32\3com_dmif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"UpdateWin"=C:\WINDOWS\system32\3com_dmif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=1 (0x1)
"NoActiveDesktopChanges"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=1 (0x1)
"NoActiveDesktopChanges"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{020487CC-FC04-4B1E-863F-D9801796230B}"= C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\wndutl32.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\ddcArQkL.dll [01/17/2009 01:16 PM 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcArQkL]
ddcArQkL.dll 01/17/2009 01:16 PM 36352 C:\WINDOWS\system32\ddcArQkL.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=lofuxj.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\tuvVnKDv
"UpdateWin"= C:\WINDOWS\system32\3com_dmif.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\ WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=C:\WINDOWS\pss\Updates From HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Thoosje Sidebar.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Thoosje Sidebar.lnk
backup=C:\WINDOWS\pss\Thoosje Sidebar.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
ARPWRMSG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
"C:\Program Files\lg_fwupdate\fwupdate.exe" blrun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetscapeClient]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\netw]
C:\WINDOWS\svw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\odb]
C:\WINDOWS\odb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
"C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateWin]
C:\WINDOWS\system32\3com_dmif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherDPA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NSCService"=3 (0x3)
"navapsvc"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WinDefend"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"NVSvc"=2 (0x2)
"CCALib8"=2 (0x2)
"GameConsoleService"=3 (0x3)
"RichVideo"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"InCDsrv"=2 (0x2)
"Bonjour Service"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"getPlus® Helper"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"gusvc"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e3ebaf8-b058-11dc-9418-0018f3569741}]
AutoRun\command- rosftpm.exe
explore\Command- rosftpm.exe
open\Command- rosftpm.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f0b169c-16fc-11dd-94ef-0018f3569741}]
AutoRun\command- J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a9a5441-a3b5-11dc-93f2-0018f3569741}]
AutoRun\command- K:\rosftpm.exe
explore\Command- K:\rosftpm.exe
open\Command- K:\rosftpm.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2009-01-18 10:05:40 ------------

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 20 January 2009 - 06:33 AM

IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..

1. Ask Toolbar
2. Lavasoft Ad-Aware
3. Spybot - Search & Destroy
4. Viewpoint (all of them..)




The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Go HERE and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
For detailed instruction on how to back-up registry via ERUNT, please visit HERE




NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    
    :files
    C:\WINDOWS\system32\lofuxj.dll
    C:\WINDOWS\system32\bbdmptiq.dll
    C:\WINDOWS\system32\gxaccrek.dll
    C:\WINDOWS\system32\vDKnVvut.ini2
    C:\WINDOWS\system32\tuvVnKDv.dll
    C:\WINDOWS\system32\xxyyaXrQ.dll
    C:\WINDOWS\system32\hgGawUon.dll
    C:\WINDOWS\system32\ddcArQkL.dll
    C:\WINDOWS\svw.exe
    C:\WINDOWS\system32\1079326270.dat
    C:\WINDOWS\odb.exe
    C:\Documents and Settings\HP_Administrator\Application Data\casino.exe
    C:\WINDOWS\system32\a.exe
    C:\WINDOWS\system32\icq6s.dll
    C:\WINDOWS\system32\3com_dmif.exe
    C:\WINDOWS\system32\twext.exe
    
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E905067-4999-4713-87DE-1B022DAF9F03}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{359A2ABB-6050-47F1-8642-EFF82F23A4F4}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58d6e505-267a-4099-824f-d31fc3323a4e}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "40553691"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UpdateWin"=-
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
    "UpdateWin"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "UpdateWin"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableTaskMgr"=-
    "DisableRegistryTools"=-
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=-
    "DisableTaskMgr"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{020487CC-FC04-4B1E-863F-D9801796230B}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="C:\WINDOWS\system32\userinit.exe"
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcArQkL] 
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=""
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    "UpdateWin"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateWin]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e3ebaf8-b058-11dc-9418-0018f3569741}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a9a5441-a3b5-11dc-93f2-0018f3569741}]
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Download avz4.zip from HERE[list]

* Unzip it to a folder on your desktop
* Double click on AVZ.exe
* Click on the File tab and then click on System Restore
* Put a checkmark next to 10. Restore SafeBoot registry keys
* Click on Execute selected operations

Reboot your computer..



Run DSS again... Post these logs in your next reply..

1. OTMoveIt3
2. DSS log..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 consilience

consilience
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 20 January 2009 - 08:04 PM

i am not able to open any website that has anything to do with fixes. this virus blocks sites, task manager, even the sys restore is completely disabled. what to do?

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 21 January 2009 - 05:44 AM

Download all tools from other computer and transfer to the infected computer via cd/thumbdrive.. Then do the previous steps and post the logs here please :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 consilience

consilience
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 25 January 2009 - 02:51 PM

i was able to get a few logs though most things virus blocked...
sorry can't post as attachments, this site says files too big!?

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
DllUnregisterServer procedure not found in C:\WINDOWS\system32\lofuxj.dll
C:\WINDOWS\system32\lofuxj.dll NOT unregistered.
C:\WINDOWS\system32\lofuxj.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\bbdmptiq.dll
C:\WINDOWS\system32\bbdmptiq.dll NOT unregistered.
C:\WINDOWS\system32\bbdmptiq.dll moved successfully.
File/Folder C:\WINDOWS\system32\gxaccrek.dll not found.
C:\WINDOWS\system32\vDKnVvut.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\tuvVnKDv.dll
C:\WINDOWS\system32\tuvVnKDv.dll NOT unregistered.
C:\WINDOWS\system32\tuvVnKDv.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\xxyyaXrQ.dll
C:\WINDOWS\system32\xxyyaXrQ.dll NOT unregistered.
C:\WINDOWS\system32\xxyyaXrQ.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hgGawUon.dll
C:\WINDOWS\system32\hgGawUon.dll NOT unregistered.
C:\WINDOWS\system32\hgGawUon.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ddcArQkL.dll
C:\WINDOWS\system32\ddcArQkL.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ddcArQkL.dll scheduled to be moved on reboot.
C:\WINDOWS\svw.exe moved successfully.
File move failed. C:\WINDOWS\system32\1079326270.dat scheduled to be moved on reboot.
C:\WINDOWS\odb.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\casino.exe moved successfully.
C:\WINDOWS\system32\a.exe moved successfully.
C:\WINDOWS\system32\icq6s.dll unregistered successfully.
C:\WINDOWS\system32\icq6s.dll moved successfully.
File move failed. C:\WINDOWS\system32\3com_dmif.exe scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\twext.exe not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E905067-4999-4713-87DE-1B022DAF9F03}\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{359A2ABB-6050-47F1-8642-EFF82F23A4F4}\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58d6e505-267a-4099-824f-d31fc3323a4e}\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\40553691 deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\UpdateWin deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices\\UpdateWin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices\\UpdateWin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\\DisableTaskMgr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\\DisableRegistryTools deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\DisableRegistryTools deleted successfully.
Registry value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\DisableTaskMgr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{020487CC-FC04-4B1E-863F-D9801796230B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{020487CC-FC04-4B1E-863F-D9801796230B}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\ deleted successfully.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\\"Userinit"|"C:\WINDOWS\system32\userinit.exe" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcArQkL\\ deleted successfully.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\\"appinit_dlls"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\UpdateWin deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateWin\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e3ebaf8-b058-11dc-9418-0018f3569741}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a9a5441-a3b5-11dc-93f2-0018f3569741}\\ deleted successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01242009_195143

Files moved on Reboot...
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ddcArQkL.dll
C:\WINDOWS\system32\ddcArQkL.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ddcArQkL.dll scheduled to be moved on reboot.
C:\WINDOWS\system32\1079326270.dat moved successfully.
C:\WINDOWS\system32\3com_dmif.exe moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
___________________________________________________________
OTScanIt2 logfile created on: 1/24/2009 8:11:09 PM - Run 3
OTScanIt2 by OldTimer - Version 1.0.6.2	 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.94 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 76.22% Memory free
3.78 Gb Paging File | 3.48 Gb Available in Paging File | 91.91% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.04 Gb Total Space | 41.41 Gb Free Space | 18.48% Space Free | Partition Type: NTFS
Drive D: | 8.82 Gb Total Space | 0.63 Gb Free Space | 7.10% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 1.89 Gb Total Space | 1.88 Gb Free Space | 99.30% Space Free | Partition Type: FAT
 
Computer Name: KEVIN
Current User Name: HP_Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
 
[Processes - All]
alg.exe -> %SystemRoot%\system32\alg.exe -> [2008/04/13 16:12:12 | 00,044,544 | ---- | M | MD5 = 8C515081584A38AA007909CD02020B3D] (Microsoft Corporation)
arservice.exe -> %SystemRoot%\arservice.exe -> [2005/08/02 16:19:16 | 00,058,880 | ---- | M | MD5 = 9A0D9B2E263BEDE80FB79DDBAD240EC1] (Microsoft)
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> [2008/11/16 11:44:21 | 00,590,848 | ---- | M | MD5 = F1B42DE29AF84F24FB59989805B1B62D] (GRISOFT, s.r.o.)
combofix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [2009/01/24 13:33:20 | 03,048,418 | ---- | M | MD5 = 58BD22B2D2E422CF4D3539A1E7E00265] ()
csrss.exe -> %SystemRoot%\system32\csrss.exe -> [2008/04/13 16:12:15 | 00,006,144 | ---- | M | MD5 = 44F275C64738EA2056E3D9580C23B60F] (Microsoft Corporation)
ehtray.exe -> %SystemRoot%\ehome\ehtray.exe -> [2005/09/29 14:01:14 | 00,067,584 | ---- | M | MD5 = 7E48B4958C131E9643DDCD2E7CA3FE9F] (Microsoft Corporation)
explorer.exe -> %SystemRoot%\explorer.exe -> [2008/04/13 16:12:19 | 01,033,728 | ---- | M | MD5 = 12896823FB95BFB3DC9B46BCAEDC9923] (Microsoft Corporation)
gmer.exe -> %UserProfile%\Desktop\gmer.exe -> [2009/01/24 13:37:00 | 00,811,008 | ---- | M | MD5 = 76F416201E5008CFBE6E931F8070E548] ()
hid.exe -> %ProgramFiles%\HP Laser Gaming Mouse with VoodooDNA\hid.exe -> [2008/08/01 09:55:40 | 00,323,584 | ---- | M | MD5 = 823ADEF5BCCE313303E961DF54FF6AC3] ()
hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> [1998/05/07 01:04:38 | 00,052,736 | ---- | M | MD5 = 06A1ECB63DF139EC639E084D4AB3C9D7] (Hewlett-Packard Company)
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> [2007/05/08 15:24:20 | 00,054,840 | ---- | M | MD5 = 21293443961A4E2597453EE7A9347F22] (Hewlett-Packard)
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/11/20 13:20:44 | 00,536,872 | ---- | M | MD5 = 62937A89470AF8FF172F0980CA8AEFC9] (Apple Inc.)
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> [2005/02/16 16:15:20 | 00,081,920 | ---- | M | MD5 = D2AEADFD998706B4216315B2BD3FA79E] (InstallShield Software Corporation)
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2008/11/20 13:20:54 | 00,290,088 | ---- | M | MD5 = E6A4E341E4304B34AA280D3E73818C90] (Apple Inc.)
itype.exe -> %ProgramFiles%\Microsoft IntelliType Pro\itype.exe -> [2006/11/21 16:08:58 | 00,813,912 | ---- | M | MD5 = F2E2AAD0EE3E886161A907F473A10B20] (Microsoft Corporation)
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> [2006/11/09 14:07:30 | 00,049,263 | ---- | M | MD5 = 3AA5D60B77CE19B1F2521F532AB986E7] (Sun Microsystems, Inc.)
kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> [2005/02/02 08:44:24 | 00,061,440 | ---- | M | MD5 = C81BE1B951C36E97D3DA90DA745DA5F7] (Hewlett-Packard Company)
lsass.exe -> %SystemRoot%\system32\lsass.exe -> [2008/04/13 16:12:24 | 00,013,312 | ---- | M | MD5 = BF2466B3E18E970D8A976FB95FC1CA85] (Microsoft Corporation)
m3srchmn.exe -> %ProgramFiles%\MyWebSearch\bar\1.bin\M3SRCHMN.EXE -> [2009/01/23 22:50:22 | 00,024,688 | ---- | M | MD5 = 09261999FF455A59F245125173BA3D3B] (MyWebSearch.com)
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2009/01/24 13:35:18 | 02,737,800 | ---- | M | MD5 = A5B4FAC4D00C88B53A1303732B67A2CD] (Malwarebytes Corporation									)
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2009/01/24 13:35:18 | 02,737,800 | ---- | M | MD5 = A5B4FAC4D00C88B53A1303732B67A2CD] (Malwarebytes Corporation									)
mcrdsvc.exe -> %SystemRoot%\ehome\mcrdsvc.exe -> [2005/08/05 13:27:08 | 00,099,328 | ---- | M | MD5 = DF0A511F38F16016BF658FCA0090CB87] (Microsoft Corporation)
mwsoemon.exe -> %ProgramFiles%\MyWebSearch\bar\1.bin\MWSOEMON.EXE -> [2009/01/23 22:50:22 | 00,032,838 | ---- | M | MD5 = 9ABBE6F791C0B599A7128C9ACA27C094] (MyWebSearch.com)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/01/09 09:03:22 | 00,485,376 | ---- | M | MD5 = F33A8441F5C3EA4BEF4AD8A1571A5B3B] (OldTimer Tools)
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> [2008/12/09 01:02:39 | 00,185,872 | ---- | M | MD5 = C681F347514CC8671977FCBD2B7D001A] (RealNetworks, Inc.)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 16:12:33 | 00,033,280 | ---- | M | MD5 = 037B1E7798960E0420003D05BB577EE6] (Microsoft Corporation)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 16:12:33 | 00,033,280 | ---- | M | MD5 = 037B1E7798960E0420003D05BB577EE6] (Microsoft Corporation)
services.exe -> %SystemRoot%\system32\services.exe -> [2008/04/14 04:42:36 | 00,108,544 | ---- | M | MD5 = 0E776ED5F7CC9F94299E70461B7B8185] (Microsoft Corporation)
smss.exe -> %SystemRoot%\system32\smss.exe -> [2008/04/14 04:42:38 | 00,050,688 | ---- | M | MD5 = 5F816C1F539266D2D4C78694239DA0B5] (Microsoft Corporation)
spoolsv.exe -> %SystemRoot%\system32\spoolsv.exe -> [2008/04/13 16:12:36 | 00,057,856 | ---- | M | MD5 = D8E14A61ACC1D4A6CD0D38AEBAC7FA3B] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe  [C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\system32\rpcss.dll [DcomLaunch] -> [2008/04/13 16:12:04 | 00,399,360 | ---- | M | MD5 = 2589FE6015A316C0F5D5112B4DA7B509] (Microsoft Corporation)
-> %SystemRoot%\system32\termsrv.dll [TermService] -> [2008/04/13 16:12:07 | 00,295,424 | ---- | M | MD5 = FF3477C03BE7201C294C35F684B3479F] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe  [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\system32\rpcss.dll [RpcSs] -> [2008/04/13 16:12:04 | 00,399,360 | ---- | M | MD5 = 2589FE6015A316C0F5D5112B4DA7B509] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe  [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC] -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\system32\wiaservc.dll [stisvc] -> [2008/04/13 16:12:08 | 00,333,824 | ---- | M | MD5 = 8BAD69CBAC032D4BBACFCE0306174C30] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe  [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\system32\alrsvc.dll [Alerter] -> [2008/04/14 04:41:50 | 00,017,408 | ---- | M | MD5 = A9A3DAA780CA6C9671A19D52456705B4] (Microsoft Corporation)
-> %SystemRoot%\system32\lmhsvc.dll [LmHosts] -> [2008/04/14 04:41:58 | 00,013,824 | ---- | M | MD5 = A7DB739AE99A796D91580147E919CC59] (Microsoft Corporation)
-> %SystemRoot%\system32\regsvc.dll [RemoteRegistry] -> [2008/04/13 16:12:04 | 00,059,904 | ---- | M | MD5 = 5B19B557B0C188210A56A6B699D90B8F] (Microsoft Corporation)
-> %SystemRoot%\system32\ssdpsrv.dll [SSDPSRV] -> [2008/04/13 16:12:07 | 00,071,680 | ---- | M | MD5 = 0A5679B3714EDAB99E357057EE88FCA6] (Microsoft Corporation)
-> %SystemRoot%\system32\upnphost.dll [upnphost] -> [2008/04/13 16:12:08 | 00,185,856 | ---- | M | MD5 = 1EBAFEB9A3FBDC41B8D9C7F0F687AD91] (Microsoft Corporation)
-> %SystemRoot%\system32\webclnt.dll [WebClient] -> [2008/04/13 16:12:08 | 00,068,096 | ---- | M | MD5 = 77A354E28153AD2D5E120A5A8687BC06] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe  [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\system32\alrsvc.dll [Alerter] -> [2008/04/14 04:41:50 | 00,017,408 | ---- | M | MD5 = A9A3DAA780CA6C9671A19D52456705B4] (Microsoft Corporation)
-> %SystemRoot%\system32\lmhsvc.dll [LmHosts] -> [2008/04/14 04:41:58 | 00,013,824 | ---- | M | MD5 = A7DB739AE99A796D91580147E919CC59] (Microsoft Corporation)
-> %SystemRoot%\system32\regsvc.dll [RemoteRegistry] -> [2008/04/13 16:12:04 | 00,059,904 | ---- | M | MD5 = 5B19B557B0C188210A56A6B699D90B8F] (Microsoft Corporation)
-> %SystemRoot%\system32\ssdpsrv.dll [SSDPSRV] -> [2008/04/13 16:12:07 | 00,071,680 | ---- | M | MD5 = 0A5679B3714EDAB99E357057EE88FCA6] (Microsoft Corporation)
-> %SystemRoot%\system32\upnphost.dll [upnphost] -> [2008/04/13 16:12:08 | 00,185,856 | ---- | M | MD5 = 1EBAFEB9A3FBDC41B8D9C7F0F687AD91] (Microsoft Corporation)
-> %SystemRoot%\system32\webclnt.dll [WebClient] -> [2008/04/13 16:12:08 | 00,068,096 | ---- | M | MD5 = 77A354E28153AD2D5E120A5A8687BC06] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe  [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\system32\appmgmts.dll [AppMgmt] -> [2008/04/14 04:41:50 | 00,167,936 | ---- | M | MD5 = D8849F77C0B66226335A59D26CB4EDC6] (Microsoft Corporation)
-> %SystemRoot%\system32\audiosrv.dll [AudioSrv] -> [2008/04/13 16:11:50 | 00,042,496 | ---- | M | MD5 = DEF7A7882BEC100FE0B2CE2549188F9D] (Microsoft Corporation)
-> %SystemRoot%\system32\qmgr.dll [BITS] -> [2008/04/14 04:42:04 | 00,409,088 | ---- | M | MD5 = 574738F61FCA2935F5265DC4E5691314] (Microsoft Corporation)
-> %SystemRoot%\system32\browser.dll [Browser] -> [2008/04/13 16:11:50 | 00,077,824 | ---- | M | MD5 = A06CE3399D16DB864F55FAEB1F1927A9] (Microsoft Corporation)
-> %SystemRoot%\system32\cryptsvc.dll [CryptSvc] -> [2008/04/13 16:11:51 | 00,062,464 | ---- | M | MD5 = 3D4E199942E29207970E04315D02AD3B] (Microsoft Corporation)
-> %SystemRoot%\system32\dhcpcsvc.dll [Dhcp] -> [2008/04/14 04:41:52 | 00,126,976 | ---- | M | MD5 = 5E38D7684A49CACFB752B046357E0589] (Microsoft Corporation)
-> %SystemRoot%\system32\dmserver.dll [dmserver] -> [2008/04/13 16:11:52 | 00,023,552 | ---- | M | MD5 = 57EDEC2E5F59F0335E92F35184BC8631] (Microsoft Corp.)
-> %SystemRoot%\system32\ersvc.dll [ERSvc] -> [2008/04/13 16:11:53 | 00,023,040 | ---- | M | MD5 = BC93B4A066477954555966D77FEC9ECB] (Microsoft Corporation)
-> %SystemRoot%\system32\es.dll [EventSystem] -> [2008/07/07 12:26:58 | 00,253,952 | ---- | M | MD5 = D4991D98F2DB73C60D042F1AEF79EFAE] (Microsoft Corporation)
-> %SystemRoot%\system32\shsvcs.dll [FastUserSwitchingCompatibility] -> [2008/04/13 16:12:05 | 00,135,168 | ---- | M | MD5 = 1926899BF9FFE2602B63074971700412] (Microsoft Corporation)
-> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll [helpsvc] -> [2008/04/14 04:42:04 | 00,038,400 | ---- | M | MD5 = 4FCCA060DFE0C51A09DD5C3843888BCD] (Microsoft Corporation)
-> %SystemRoot%\system32\hidserv.dll [HidServ] -> [2008/04/13 16:11:54 | 00,021,504 | ---- | M | MD5 = DEB04DA35CC871B6D309B77E1443C796] (Microsoft Corporation)
-> %SystemRoot%\system32\kmsvc.dll [hkmsvc] -> [2008/04/14 04:41:58 | 00,061,440 | ---- | M | MD5 = 8878BD685E490239777BFE51320B88E9] (Microsoft Corporation)
-> %SystemRoot%\system32\srvsvc.dll [lanmanserver] -> [2008/04/14 04:42:08 | 00,096,768 | ---- | M | MD5 = F385F4B02C535BFFE1D70CAB80838123] (Microsoft Corporation)
-> %SystemRoot%\system32\wkssvc.dll [lanmanworkstation] -> [2008/04/14 04:42:10 | 00,132,096 | ---- | M | MD5 = 1B67B632786FEF1C1BBAEF46C2F3F2E6] (Microsoft Corporation)
-> %SystemRoot%\system32\msgsvc.dll [Messenger] -> [2008/04/14 04:42:00 | 00,033,792 | ---- | M | MD5 = 986B1FF5814366D71E0AC5755C88F2D3] (Microsoft Corporation)
-> %SystemRoot%\system32\mhn.dll [MHN] -> [2004/08/09 19:11:50 | 00,085,504 | ---- | M | MD5 = B7521F69C0A9B29D356157229376FB21] (Microsoft Corporation)
-> %SystemRoot%\system32\qagentrt.dll [napagent] -> [2008/04/14 04:42:04 | 00,291,328 | ---- | M | MD5 = 0102140028FAD045756796E1C685D695] (Microsoft Corporation)
-> %SystemRoot%\system32\netman.dll [Netman] -> [2008/04/13 16:12:01 | 00,198,144 | ---- | M | MD5 = 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE] (Microsoft Corporation)
-> %SystemRoot%\system32\mswsock.dll [Nla] -> [2008/06/20 09:46:57 | 00,245,248 | ---- | M | MD5 = 832E4DD8964AB7ACC880B2837CB1ED20] (Microsoft Corporation)
-> %SystemRoot%\system32\ntmssvc.dll [NtmsSvc] -> [2008/04/14 04:42:04 | 00,435,200 | ---- | M | MD5 = 156F64A3345BD23C600655FB4D10BC08] (Microsoft Corporation)
-> %SystemRoot%\system32\rasauto.dll [RasAuto] -> [2008/04/14 04:42:04 | 00,088,576 | ---- | M | MD5 = AD188BE7BDF94E8DF4CA0A55C00A5073] (Microsoft Corporation)
-> %SystemRoot%\system32\rasmans.dll [RasMan] -> [2008/04/13 16:12:03 | 00,186,368 | ---- | M | MD5 = 76A9A3CBEADD68CC57CDA5E1D7448235] (Microsoft Corporation)
-> %SystemRoot%\system32\mprdim.dll [RemoteAccess] -> [2008/04/14 04:41:58 | 00,053,248 | ---- | M | MD5 = 7E699FF5F59B5D9DE5390E3C34C67CF5] (Microsoft Corporation)
-> %SystemRoot%\system32\schedsvc.dll [Schedule] -> [2008/04/13 16:12:05 | 00,192,512 | ---- | M | MD5 = 0A9A7365A1CA4319AA7C1D6CD8E4EAFA] (Microsoft Corporation)
-> %SystemRoot%\system32\seclogon.dll [seclogon] -> [2008/04/13 16:12:05 | 00,018,944 | ---- | M | MD5 = CBE612E2BB6A10E3563336191EDA1250] (Microsoft Corporation)
-> %SystemRoot%\system32\sens.dll [SENS] -> [2008/04/13 16:12:05 | 00,039,424 | ---- | M | MD5 = 7FDD5D0684ECA8C1F68B4D99D124DCD0] (Microsoft Corporation)
-> %SystemRoot%\system32\ipnathlp.dll [SharedAccess] -> [2008/04/13 16:11:55 | 00,331,264 | ---- | M | MD5 = 83F41D0D89645D7235C051AB1D9523AC] (Microsoft Corporation)
-> %SystemRoot%\system32\shsvcs.dll [ShellHWDetection] -> [2008/04/13 16:12:05 | 00,135,168 | ---- | M | MD5 = 1926899BF9FFE2602B63074971700412] (Microsoft Corporation)
-> %SystemRoot%\system32\srsvc.dll [srservice] -> [2008/04/13 16:12:07 | 00,171,008 | ---- | M | MD5 = 3805DF0AC4296A34BA4BF93B346CC378] (Microsoft Corporation)
-> %SystemRoot%\system32\tapisrv.dll [TapiSrv] -> [2008/04/14 04:42:08 | 00,249,856 | ---- | M | MD5 = 3CB78C17BB664637787C9A1C98F79C38] (Microsoft Corporation)
-> %SystemRoot%\system32\shsvcs.dll [Themes] -> [2008/04/13 16:12:05 | 00,135,168 | ---- | M | MD5 = 1926899BF9FFE2602B63074971700412] (Microsoft Corporation)
-> %SystemRoot%\system32\trkwks.dll [TrkWks] -> [2008/04/13 16:12:07 | 00,090,112 | ---- | M | MD5 = 55BCA12F7F523D35CA3CB833C725F54E] (Microsoft Corporation)
-> %SystemRoot%\system32\w32time.dll [W32Time] -> [2008/04/13 16:12:08 | 00,175,104 | ---- | M | MD5 = 54AF4B1D5459500EF0937F6D33B1914F] (Microsoft Corporation)
-> %SystemRoot%\system32\wbem\wmisvc.dll [winmgmt] -> [2008/04/13 16:12:09 | 00,144,896 | ---- | M | MD5 = 2D0E4ED081963804CCC196A0929275B5] (Microsoft Corporation)
-> %SystemRoot%\system32\mspmsnsv.dll [WmdmPmSN] -> [2006/10/18 20:47:16 | 00,027,136 | ---- | M | MD5 = C51B4A5C05A5475708E3C81C7765B71D] (Microsoft Corporation)
-> %SystemRoot%\system32\advapi32.dll [Wmi] -> [2008/04/14 04:41:50 | 00,617,472 | ---- | M | MD5 = BAB489A5FE26F2D0C910CF7AF7E4CF92] (Microsoft Corporation)
-> %SystemRoot%\system32\wscsvc.dll [wscsvc] -> [2008/04/13 16:12:10 | 00,080,896 | ---- | M | MD5 = 7C278E6408D1DCE642230C0585A854D5] (Microsoft Corporation)
-> %SystemRoot%\system32\wuauserv.dll [wuauserv] -> [2008/04/13 16:12:11 | 00,006,656 | ---- | M | MD5 = 35321FB577CDC98CE3EB3A3EB9E4610A] (Microsoft Corporation)
-> %SystemRoot%\system32\wzcsvc.dll [WZCSVC] -> [2008/04/13 16:12:11 | 00,483,840 | ---- | M | MD5 = 81DC3F549F44B1C1FFF022DEC9ECF30B] (Microsoft Corporation)
-> %SystemRoot%\system32\xmlprov.dll [xmlprov] -> [2008/04/14 04:42:12 | 00,129,024 | ---- | M | MD5 = 295D21F14C335B53CB8154E5B1F892B9] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe  [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\system32\dnsrslvr.dll [Dnscache] -> [2008/04/13 16:11:52 | 00,045,568 | ---- | M | MD5 = 474B4DC3983173E4B4C9740B0DAC98A6] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe  [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K WUDFSERVICEGROUP] -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\system32\WudfSvc.dll [WudfSvc] -> [2006/09/28 17:56:14 | 00,055,808 | ---- | M | MD5 = 05231C04253C5BC30B26CBAAE680ED89] (Microsoft Corporation)
tray.exe -> %ProgramFiles%\HP Laser Gaming Mouse with VoodooDNA\Tray.exe -> [2008/07/31 15:35:04 | 00,303,104 | ---- | M | MD5 = 52B93A6E9B85A524E35C7C9086AC884F] ()
winlogon.exe -> %SystemRoot%\system32\winlogon.exe -> [2008/04/13 16:12:39 | 00,507,904 | ---- | M | MD5 = ED0EF0A136DEC83DF69F04118870003E] (Microsoft Corporation)
 
[Win32 Services - All]
(Alerter) Alerter [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(ALG) Application Layer Gateway Service [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\alg.exe -> [2008/04/13 16:12:12 | 00,044,544 | ---- | M | MD5 = 8C515081584A38AA007909CD02020B3D] (Microsoft Corporation)
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 14:28:16 | 00,132,424 | ---- | M | MD5 = A8AA9D47F971570A5162B862B80F87E8] (Apple Inc.)
(AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(ARSVC) ARSVC [Win32_Own | Auto | Running] -> %SystemRoot%\arservice.exe -> [2005/08/02 16:19:16 | 00,058,880 | ---- | M | MD5 = 9A0D9B2E263BEDE80FB79DDBAD240EC1] (Microsoft)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 00:47:22 | 00,033,800 | ---- | M | MD5 = 4EABF511B1AF176A971C3271E48FA3A8] (Microsoft Corporation)
(AudioSrv) Windows Audio [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> [2008/01/17 21:25:58 | 00,418,816 | ---- | M | MD5 = 3C7B93F947355E374A49564D0D017B7B] (GRISOFT, s.r.o.)
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> [2007/05/30 17:28:14 | 00,049,664 | ---- | M | MD5 = 30A14F65DB477DC00A64A5A24E96919C] (GRISOFT, s.r.o.)
(BITS) Background Intelligent Transfer Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(Bonjour Service) Bonjour Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/08/29 09:18:44 | 00,238,888 | ---- | M | MD5 = 9EFE4236F8670846B6E7C5B0EFF6E715] (Apple Inc.)
(Browser) Computer Browser [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(CCALib8) Canon Camera Access Library 8 [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> [2006/03/30 08:15:44 | 00,096,341 | ---- | M | MD5 = 20F89E232173985A455BC9A5F70D1166] (Canon Inc.)
(CiSvc) Indexing Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\cisvc.exe -> [2008/04/14 04:42:16 | 00,005,632 | ---- | M | MD5 = 1CFE720EB8D93A7158A4EBC3AB178BDE] (Microsoft Corporation)
(ClipSrv) ClipBook [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\clipsrv.exe -> [2008/04/14 04:42:16 | 00,033,280 | ---- | M | MD5 = 34CBE729F38138217F9C80212A2A0C82] (Microsoft Corporation)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 00:47:40 | 00,070,144 | ---- | M | MD5 = 234B1BC2796483E1F5C3F26649FB3388] (Microsoft Corporation)
(COMSysApp) COM+ System Application [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\dllhost.exe -> [2008/04/13 16:12:17 | 00,005,120 | ---- | M | MD5 = 0A9BA6AF531AFE7FA5E4FB973852D863] (Microsoft Corporation)
(CryptSvc) Cryptographic Services [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(Dhcp) DHCP Client [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> [2008/04/14 04:42:18 | 00,224,768 | ---- | M | MD5 = E46050330BD42F33609117F861E32D3C] (Microsoft Corp., Veritas Software)
(dmserver) Logical Disk Manager [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(Dnscache) DNS Client [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(Dot3svc) Wired AutoConfig [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(EapHost) Extensible Authentication Protocol Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(ERSvc) Error Reporting Service [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(Eventlog) Event Log [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\services.exe -> [2008/04/14 04:42:36 | 00,108,544 | ---- | M | MD5 = 0E776ED5F7CC9F94299E70461B7B8185] (Microsoft Corporation)
(EventSystem) COM+ Event System [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(FastUserSwitchingCompatibility) Fast User Switching Compatibility [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(getPlus(R) Helper) getPlus(R) Helper [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\NOS\bin\getPlus_HelperSvc.exe -> [2008/08/29 09:01:00 | 00,033,752 | ---- | M | MD5 = 78494AE0F93358179B97571B9E76997C] (NOS Microsystems Ltd.)
(gusvc) Google Updater Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/01/08 05:42:52 | 00,168,432 | ---- | M | MD5 = A2083CBD61C6C7C7E3E7E70608B27356] (Google)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(HidServ) HID Input Service [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(hkmsvc) Health Key and Certificate Management Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(HTTPFilter) HTTP SSL [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/03 23:41:10 | 00,069,632 | ---- | M | MD5 = 1CF03C69B49ACB70C722DF92755C0C8C] (Macrovision Corporation)
(ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\imapi.exe -> [2008/04/14 04:42:24 | 00,150,528 | ---- | M | MD5 = 30DEAF54A9755BB8546168CFE8A6B5E1] (Microsoft Corporation)
(InCDsrv) InCD Helper [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Nero\Nero 7\InCD\InCDsrv.exe -> [2007/05/15 15:55:46 | 01,550,896 | ---- | M | MD5 = C773D093D5C18765E71C7992AEE051A2] (Nero AG)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/11/20 13:20:44 | 00,536,872 | ---- | M | MD5 = 62937A89470AF8FF172F0980CA8AEFC9] (Apple Inc.)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/05 13:27:56 | 00,152,984 | ---- | M | MD5 = 32192B4EBE8720ED8D49A455C962CB91] (Sun Microsystems, Inc.)
(lanmanserver) Server [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(lanmanworkstation) Workstation [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2007/12/05 12:34:52 | 00,079,136 | ---- | M | MD5 = CCAD2AAE36E24346488B0F54A049DE78] (Hewlett-Packard Company)
(LmHosts) TCP/IP NetBIOS Helper [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(McrdSvc) Media Center Extender Service [Win32_Own | Auto | Running] -> %SystemRoot%\ehome\mcrdsvc.exe -> [2005/08/05 13:27:08 | 00,099,328 | ---- | M | MD5 = DF0A511F38F16016BF658FCA0090CB87] (Microsoft Corporation)
(Messenger) Messenger [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(MHN) MHN [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(Microsoft Office Groove Audit Service) Microsoft Office Groove Audit Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Microsoft Office\Office12\GrooveAuditService.exe -> [2007/08/24 06:59:20 | 00,068,464 | ---- | M | MD5 = 033B947AF4A997820E86FCB070B1F450] (Microsoft Corporation)
(mnmsrvc) NetMeeting Remote Desktop Sharing [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\mnmsrvc.exe -> [2008/04/14 04:42:26 | 00,032,768 | ---- | M | MD5 = D18F1F0C101D06A1C1ADF26EED16FCDD] (Microsoft Corporation)
(MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\msdtc.exe -> [2008/04/14 04:42:28 | 00,006,144 | ---- | M | MD5 = A137F1470499A205ABBB9AAFB3B6F2B1] (Microsoft Corporation)
(MSIServer) Windows Installer [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\msiexec.exe -> [2008/04/13 16:12:28 | 00,078,848 | ---- | M | MD5 = 5879D691E842574A20FE63817CB76DF9] (Microsoft Corporation)
(MyWebSearchService) My Web Search Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\MyWebSearch\bar\1.bin\MWSSVC.EXE -> [2009/01/23 22:50:22 | 00,028,762 | ---- | M | MD5 = 62E0F3340A1D73E9D991F843B9D50E34] (MyWebSearch.com)
(napagent) Network Access Protection Agent [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(NBService) NBService [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> [2007/04/13 21:09:56 | 00,792,112 | ---- | M | MD5 = 6D8FCDD5BB3B676EF58FA234073492C6] (Nero AG)
(NetDDE) Network DDE [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\netdde.exe -> [2008/04/14 04:42:30 | 00,111,104 | ---- | M | MD5 = B857BA82860D7FF85AE29B095645563B] (Microsoft Corporation)
(NetDDEdsdm) Network DDE DSDM [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\netdde.exe -> [2008/04/14 04:42:30 | 00,111,104 | ---- | M | MD5 = B857BA82860D7FF85AE29B095645563B] (Microsoft Corporation)
(Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\lsass.exe -> [2008/04/13 16:12:24 | 00,013,312 | ---- | M | MD5 = BF2466B3E18E970D8A976FB95FC1CA85] (Microsoft Corporation)
(Netman) Network Connections [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(Nla) Network Location Awareness (NLA) [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(NMIndexingService) NMIndexingService [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> [2007/05/08 19:47:22 | 00,271,920 | ---- | M | MD5 = E584D6668E6A3923FF32E026A5ED2A03] (Nero AG)
(NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\lsass.exe -> [2008/04/13 16:12:24 | 00,013,312 | ---- | M | MD5 = BF2466B3E18E970D8A976FB95FC1CA85] (Microsoft Corporation)
(NtmsSvc) Removable Storage [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\nvsvc32.exe -> [2006/05/09 07:50:00 | 00,131,139 | ---- | M | MD5 = B0903C021BFCD6055C053A569EF98AEF] (NVIDIA Corporation)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2007/08/24 03:19:12 | 00,443,776 | ---- | M | MD5 = E54AA592A65F317390EEE386A8821692] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 13:03:08 | 00,145,184 | ---- | M | MD5 = 5A432A042DAE460ABE7199B758E8606C] (Microsoft Corporation)
(PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\services.exe -> [2008/04/14 04:42:36 | 00,108,544 | ---- | M | MD5 = 0E776ED5F7CC9F94299E70461B7B8185] (Microsoft Corporation)
(PolicyAgent) IPSEC Services [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> [2008/04/13 16:12:24 | 00,013,312 | ---- | M | MD5 = BF2466B3E18E970D8A976FB95FC1CA85] (Microsoft Corporation)
(ProtectedStorage) Protected Storage [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> [2008/04/13 16:12:24 | 00,013,312 | ---- | M | MD5 = BF2466B3E18E970D8A976FB95FC1CA85] (Microsoft Corporation)
(RasAuto) Remote Access Auto Connection Manager [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(RasMan) Remote Access Connection Manager [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(RDSessMgr) Remote Desktop Help Session Manager [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\sessmgr.exe -> [2008/04/14 04:42:36 | 00,141,312 | ---- | M | MD5 = 3C37BF86641BDA977C3BF8A840F3B7FA] (Microsoft Corporation)
(RemoteAccess) Routing and Remote Access [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(RemoteRegistry) Remote Registry [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [2005/08/07 20:54:00 | 00,167,936 | ---- | M | MD5 = BD517C7FB119997EFFBE39D5E4B37B05] ()
(RpcLocator) Remote Procedure Call (RPC) Locator [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\locator.exe -> [2008/04/14 04:42:26 | 00,075,264 | ---- | M | MD5 = AAED593F84AFA419BBAE8572AF87CF6A] (Microsoft Corporation)
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(RSVP) QoS RSVP [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\rsvp.exe -> [2004/08/09 13:00:00 | 00,132,608 | ---- | M | MD5 = 471B3F9741D762ABE75E9DEEA4787E47] (Microsoft Corporation)
(SamSs) Security Accounts Manager [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> [2008/04/13 16:12:24 | 00,013,312 | ---- | M | MD5 = BF2466B3E18E970D8A976FB95FC1CA85] (Microsoft Corporation)
(SCardSvr) Smart Card [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\scardsvr.exe -> [2008/04/14 04:42:34 | 00,095,744 | ---- | M | MD5 = 86D007E7A654B9A71D1D7D856B104353] (Microsoft Corporation)
(Schedule) Task Scheduler [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(seclogon) Secondary Logon [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(SENS) System Event Notification [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(SharedAccess) Windows Firewall/Internet Connection Sharing (ICS) [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(ShellHWDetection) Shell Hardware Detection [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(Spooler) Print Spooler [Win32_Own | Auto | Running] -> %SystemRoot%\system32\spoolsv.exe -> [2008/04/13 16:12:36 | 00,057,856 | ---- | M | MD5 = D8E14A61ACC1D4A6CD0D38AEBAC7FA3B] (Microsoft Corporation)
(srservice) System Restore Service [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(SSDPSRV) SSDP Discovery Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(stisvc) Windows Image Acquisition (WIA) [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(SwPrv) MS Software Shadow Copy Provider [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\dllhost.exe -> [2008/04/13 16:12:17 | 00,005,120 | ---- | M | MD5 = 0A9BA6AF531AFE7FA5E4FB973852D863] (Microsoft Corporation)
(SysmonLog) Performance Logs and Alerts [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\smlogsvc.exe -> [2008/04/14 04:42:36 | 00,089,600 | ---- | M | MD5 = C7ABBC59B43274B1109DF6B24D617051] (Microsoft Corporation)
(TapiSrv) Telephony [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(TermService) Terminal Services [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(Themes) Themes [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(TlntSvr) Telnet [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\tlntsvr.exe -> [2008/04/14 04:42:40 | 00,073,216 | ---- | M | MD5 = DB7205804759FF62C34E3EFD8A4CC76A] (Microsoft Corporation)
(TrkWks) Distributed Link Tracking Client [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(upnphost) Universal Plug and Play Device Host [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(UPS) Uninterruptible Power Supply [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\ups.exe -> [2008/04/14 04:42:40 | 00,018,432 | ---- | M | MD5 = 05365FB38FCA1E98F7A566AAAF5D1815] (Microsoft Corporation)
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\vssvc.exe -> [2008/04/14 04:42:40 | 00,289,792 | ---- | M | MD5 = 7A9DB3A67C333BF0BD42E42B8596854B] (Microsoft Corporation)
(W32Time) Windows Time [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(WebClient) WebClient [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(winmgmt) Windows Management Instrumentation [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(WmdmPmSN) Portable Media Serial Number Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(Wmi) Windows Management Instrumentation Driver Extensions [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(WmiApSrv) WMI Performance Adapter [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\wbem\wmiapsrv.exe -> [2008/04/14 04:42:42 | 00,126,464 | ---- | M | MD5 = E0673F1106E62A68D2257E376079F821] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 19:05:24 | 00,913,408 | ---- | M | MD5 = F74E3D9A7FA9556C3BBB14D4E5E63D3B] (Microsoft Corporation)
(wscsvc) Security Center [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(wuauserv) Automatic Updates [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(WZCSVC) Wireless Zero Configuration [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(xmlprov) Network Provisioning Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
 
[Driver Services - All]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(ACPI) Microsoft ACPI Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\acpi.sys -> [2008/04/13 23:06:36 | 00,187,776 | ---- | M | MD5 = 8FD99680A539792A30E97944FDAECF17] (Microsoft Corporation)
(ACPIEC) ACPIEC [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\acpiec.sys -> [2004/08/09 13:00:00 | 00,011,648 | ---- | M | MD5 = 9859C0F6936E723E4892D7141B1327D5] (Microsoft Corporation)
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(aec) Microsoft Kernel Acoustic Echo Canceller [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\aec.sys -> [2008/04/13 21:09:24 | 00,142,592 | ---- | M | MD5 = 8BED39E3C35D6A489438B8141717A557] (Microsoft Corporation)
(AFD) AFD [Kernel | System | Running] -> %SystemRoot%\system32\drivers\afd.sys -> [2008/08/14 02:04:36 | 00,138,496 | ---- | M | MD5 = 7E775010EF291DA96AD17CA4B17137D7] (Microsoft Corporation)
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AmdK8.sys -> [2005/03/09 06:53:00 | 00,036,352 | ---- | M | MD5 = 59301936898AE62245A6F09C0ABA9475] (Advanced Micro Devices)
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(aracpi) aracpi [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aracpi.sys -> [2005/08/02 16:19:14 | 00,022,784 | ---- | M | MD5 = 00523019E3579C8F8A94457FE25F0F24] (Microsoft Corporation)
(arhidfltr) MS Ar HID Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\arhidfltr.sys -> [2005/08/02 16:19:14 | 00,019,200 | ---- | M | MD5 = 9FEDAA46EB1A572AC4D9EE6B5F123CF2] (Microsoft Corporation)
(arkbcfltr) Microsoft PS2 Keyboard Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\arkbcfltr.sys -> [2005/08/02 16:19:16 | 00,005,376 | ---- | M | MD5 = 82969576093CD983DD559F5A86F382B4] (Microsoft Corporation)
(armoucfltr) Microsoft PS2 Mouse Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\armoucfltr.sys -> [2005/08/02 16:19:16 | 00,004,992 | ---- | M | MD5 = 9B21791D8A78FAECE999FADBEBDA6C22] (Microsoft Corporation)
(Arp1394) 1394 ARP Client Protocol [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\arp1394.sys -> [2008/04/13 23:21:26 | 00,060,800 | ---- | M | MD5 = B5B8A80875C1DEDEDA8B02765642C32F] (Microsoft Corporation)
(ARPolicy) ARPolicy [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\arpolicy.sys -> [2005/08/02 16:19:14 | 00,010,112 | ---- | M | MD5 = 7A2DA7C7B0C524EF26A79F17A5C69FDE] (Microsoft Corporation)
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Aspi32) Aspi32 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\aspi32.sys -> [1999/09/10 04:06:00 | 00,025,244 | ---- | M | MD5 = B979979AB8027F7F53FB16EC4229B7DB] (Adaptec)
(AsyncMac) RAS Asynchronous Media Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\asyncmac.sys -> [2008/04/13 23:27:28 | 00,014,336 | ---- | M | MD5 = B153AFFAC761E7F5FCFA822B9C4E97BC] (Microsoft Corporation)
(atapi) Standard IDE/ESDI Hard Disk Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\atapi.sys -> [2004/08/03 22:59:44 | 00,095,360 | ---- | M | MD5 = CDFE4411A69C224BD1D11B2DA92DAC51] (Microsoft Corporation)
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(Atmarpc) ATM ARP Client Protocol [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\atmarpc.sys -> [2008/04/13 23:21:26 | 00,059,904 | ---- | M | MD5 = 9916C1225104BA14794209CFA8012159] (Microsoft Corporation)
(audstub) Audio Stub Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\audstub.sys -> [2001/08/16 21:59:44 | 00,003,072 | ---- | M | MD5 = D9F724AA26C010A217C97606B160ED68] (Microsoft Corporation)
(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7core.sys -> [2008/06/19 02:08:54 | 00,821,856 | ---- | M | MD5 = 400E920D2E3F42BF6F1F75DD1B069CE3] (GRISOFT, s.r.o.)
(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7rsw.sys -> [2008/06/19 02:08:57 | 00,004,224 | ---- | M | MD5 = 8A7E25876955E06142EF65B52C906CF1] (GRISOFT, s.r.o.)
(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7rsxp.sys -> [2008/06/19 02:08:58 | 00,027,776 | ---- | M | MD5 = 04D823D681F0D53191A172C3E667FC33] (GRISOFT, s.r.o.)
(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgclean.sys -> [2008/06/19 02:08:58 | 00,010,760 | ---- | M | MD5 = 603DC17A48C65C637623A9BB5A5E6008] (GRISOFT, s.r.o.)
(Beep) Beep [Kernel | System | Running] -> %SystemRoot%\system32\drivers\beep.sys -> [2004/08/09 13:00:00 | 00,004,224 | ---- | M | MD5 = DA1F27D85E0D1525F6621372E7B685E9] (Microsoft Corporation)
(cbidf2k) cbidf2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cbidf2k.sys -> [2004/08/09 13:00:00 | 00,013,952 | ---- | M | MD5 = 90A673FC8E12A79AFBED2576F6A7AAF9] (Microsoft Corporation)
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Cdaudio) Cdaudio [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\cdaudio.sys -> [2004/08/09 20:00:00 | 00,018,688 | ---- | M | MD5 = C1B486A7658353D33A10CC15211A873B] (Microsoft Corporation)
(Cdfs) Cdfs [File_System | Disabled | Running] -> %SystemRoot%\system32\drivers\cdfs.sys -> [2008/04/13 23:44:22 | 00,063,744 | ---- | M | MD5 = C885B02847F5D2FD45A24E219ED93B32] (Microsoft Corporation)
(Cdrom) CD-ROM Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cdrom.sys -> [2008/04/13 23:10:48 | 00,062,976 | ---- | M | MD5 = 1F4260CC5B42272D71F79E570A27A4FE] (Microsoft Corporation)
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(Disk) Disk Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\disk.sys -> [2008/04/13 23:10:48 | 00,036,352 | ---- | M | MD5 = 044452051F3E02E7963599FC8F4F3E25] (Microsoft Corporation)
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> [2008/04/13 23:14:50 | 00,799,744 | ---- | M | MD5 = D992FE1274BDE0F84AD826ACAE022A41] (Microsoft Corp., Veritas Software)
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> [2008/04/13 23:14:48 | 00,153,344 | ---- | M | MD5 = 7C824CF7BBDE77D95C08005717A95F6F] (Microsoft Corp., Veritas Software)
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> [2004/08/09 13:00:00 | 00,005,888 | ---- | M | MD5 = E9317282A63CA4D188C0DF5E09C6AC5F] (Microsoft Corp., Veritas Software.)
(DMusic) Microsoft Kernel DLS Syntheiszer [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\dmusic.sys -> [2008/04/13 23:15:02 | 00,052,864 | ---- | M | MD5 = 8A208DFCF89792A484E76C40E5F50B45] (Microsoft Corporation)
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(drmkaud) Microsoft Kernel DRM Audio Descrambler [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\drmkaud.sys -> [2008/04/13 23:15:14 | 00,002,944 | ---- | M | MD5 = 8F5FCFF8E8848AFAC920905FBD9D33C8] (Microsoft Corporation)
(Fastfat) Fastfat [File_System | Disabled | Running] -> %SystemRoot%\system32\drivers\fastfat.sys -> [2008/04/13 23:44:30 | 00,143,744 | ---- | M | MD5 = 38D332A6D56AF32635675F132548343E] (Microsoft Corporation)
(Fdc) Fdc [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\fdc.sys -> [2008/04/13 23:10:26 | 00,027,392 | ---- | M | MD5 = 92CDD60B6730B9F50F6A1A0C1F8CDC81] (Microsoft Corporation)
(Fips) Fips [Kernel | System | Running] -> %SystemRoot%\system32\drivers\fips.sys -> [2008/04/13 23:03:30 | 00,044,544 | ---- | M | MD5 = D45926117EB9FA946A6AF572FBE1CAA3] (Microsoft Corporation)
(Flpydisk) Flpydisk [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\flpydisk.sys -> [2008/04/13 23:10:26 | 00,020,480 | ---- | M | MD5 = 9D27E7B80BFCDF1CDD9B555862D5E7F0] (Microsoft Corporation)
(FltMgr) FltMgr [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\fltmgr.sys -> [2008/04/13 23:03:00 | 00,129,792 | ---- | M | MD5 = B2CF4B0786F8212CB92ED2B50C6DB6B0] (Microsoft Corporation)
(Ftdisk) Volume Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ftdisk.sys -> [2004/08/09 13:00:00 | 00,125,056 | ---- | M | MD5 = 6AC26732762483366C3969C9E4D2259D] (Microsoft Corporation)
(ftsata2) ftsata2 [Kernel | Boot | Stopped] ->  -> File not found
(GamingMsFltr) HP Laser Mouse with VoodooDNA [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\gamingms.sys -> [2008/05/12 18:06:18 | 00,010,112 | ---- | M | MD5 = B9A69CFAC89FD6CBF9EE55F0DBA80F57] (Primax Ltd)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2008/04/17 12:12:54 | 00,015,464 | ---- | M | MD5 = AB8A6A87D9D7255C3884D5B9541A6E80] (GEAR Software Inc.)
(Gpc) Generic Packet Classifier [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\msgpc.sys -> [2008/04/13 23:26:34 | 00,035,072 | ---- | M | MD5 = 0A02C63C8B144BD8C86B103DEE7C86A2] (Microsoft Corporation)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hdaudbus.sys -> [2008/04/13 21:06:06 | 00,144,384 | ---- | M | MD5 = 573C7D0A32852B48F3058CFD8026F511] (Windows (R) Server 2003 DDK provider)
(HidUsb) HID Class Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hidusb.sys -> [2008/04/13 23:15:28 | 00,010,368 | ---- | M | MD5 = CCF82C5EC8A7326C3066DE870C06DAF1] (Microsoft Corporation)
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(HSXHWBS2) HSXHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSXHWBS2.sys -> [2005/12/06 03:20:50 | 00,241,664 | ---- | M | MD5 = 1F5C64B0C6B2E2F48735A77AE714CCB8] (Conexant Systems, Inc.)
(HSX_DP) HSX_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSX_DP.sys -> [2005/12/06 03:20:40 | 00,936,448 | ---- | M | MD5 = A7F8C9228898A1E871D2AE7082F50AC3] (Conexant Systems, Inc.)
(HTTP) HTTP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\http.sys -> [2008/04/13 23:23:54 | 00,264,832 | ---- | M | MD5 = F6AACF5BCE2893E0C1754AFEB672E5C9] (Microsoft Corporation)
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(i8042prt) i8042 Keyboard and PS/2 Mouse Port Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\i8042prt.sys -> [2004/08/03 23:14:38 | 00,052,736 | ---- | M | MD5 = 5502B58EEF7486EE6F93F3F164DCB808] (Microsoft Corporation)
(Imapi) CD-Burning Filter Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\imapi.sys -> [2008/04/13 23:11:00 | 00,042,112 | ---- | M | MD5 = 083A052659F5310DD8B6A6CB05EDCF8E] (Microsoft Corporation)
(InCDfs) InCD File System [File_System | Disabled | Running] -> %SystemRoot%\system32\drivers\InCDfs.sys -> [2007/05/15 15:55:36 | 00,118,576 | ---- | M | MD5 = 7BFC3EDA22190C0FE8C2CA19E5379DA5] (Nero AG)
(InCDPass) InCDPass [Kernel | System | Running] -> %SystemRoot%\system32\drivers\InCDPass.sys -> [2007/05/15 15:55:36 | 00,037,040 | ---- | M | MD5 = FC4DBF18A4EB0D2FE3171471A3D0F9A8] (Nero AG)
(incdrm) InCD Reader [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\InCDRm.sys -> [2007/05/15 15:55:36 | 00,038,576 | ---- | M | MD5 = 31A5A3809249A326EB0EF58D563A9654] (Nero AG)
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> [2007/10/25 05:29:00 | 04,623,872 | ---- | M | MD5 = B76D32231F56BB3DF236BF25F49106AE] (Realtek Semiconductor Corp.)
(IntelIde) IntelIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\intelide.sys -> [2008/04/13 23:10:30 | 00,005,504 | ---- | M | MD5 = B5466A9250342A7AA0CD1FBA13420678] (Microsoft Corporation)
(intelppm) Intel Processor Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\intelppm.sys -> [2008/04/13 23:01:34 | 00,036,352 | ---- | M | MD5 = 8C953733D8F36EB2133F5BB58808B66B] (Microsoft Corporation)
(Ip6Fw) IPv6 Windows Firewall Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ip6fw.sys -> [2008/04/13 23:23:36 | 00,036,608 | ---- | M | MD5 = 3BB22519A194418D5FEC05D800A19AD0] (Microsoft Corporation)
(IpFilterDriver) IP Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ipfltdrv.sys -> [2004/08/09 13:00:00 | 00,032,896 | ---- | M | MD5 = 731F22BA402EE4B62748ADAF6363C182] (Microsoft Corporation)
(IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ipinip.sys -> [2008/04/13 23:27:08 | 00,020,864 | ---- | M | MD5 = B87AB476DCF76E72010632B5550955F5] (Microsoft Corporation)
(IpNat) IP Network Address Translator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ipnat.sys -> [2008/04/13 23:27:16 | 00,152,832 | ---- | M | MD5 = CC748EA12C6EFFDE940EE98098BF96BB] (Microsoft Corporation)
(IPSec) IPSEC driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ipsec.sys -> [2008/04/13 23:49:44 | 00,075,264 | ---- | M | MD5 = 23C74D75E36E7158768DD63D92789A91] (Microsoft Corporation)
(IRENUM) IR Enumerator Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\irenum.sys -> [2008/04/13 23:24:30 | 00,011,264 | ---- | M | MD5 = C93C9FF7B04D772627A3646D89F7BF89] (Microsoft Corporation)
(isapnp) PnP ISA/EISA Bus Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\isapnp.sys -> [2004/08/09 13:00:00 | 00,035,840 | ---- | M | MD5 = E504F706CCB699C2596E9A3DA1596E87] (Microsoft Corporation)
(Iviaspi) IVI ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\iviaspi.sys -> [2005/09/20 17:27:20 | 00,010,368 | ---- | M | MD5 = 4AC11B2250106774F694DF2DB4FFED61] (InterVideo, Inc.)
(Kbdclass) Keyboard Class Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\kbdclass.sys -> [2004/08/03 21:58:34 | 00,024,576 | ---- | M | MD5 = EBDEE8A2EE5393890A1ACEE971C4C246] (Microsoft Corporation)
(kbdhid) Keyboard HID Driver [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\kbdhid.sys -> [2004/08/03 21:58:36 | 00,014,848 | ---- | M | MD5 = E182FA8E49E8EE41B4ADC53093F3C7E6] (Microsoft Corporation)
(kmixer) Microsoft Kernel Wave Audio Mixer [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\kmixer.sys -> [2008/04/13 23:15:10 | 00,172,416 | ---- | M | MD5 = 692BCF44383D056AED41B045A323D378] (Microsoft Corporation)
(KSecDD) KSecDD [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ksecdd.sys -> [2008/04/13 23:01:44 | 00,092,288 | ---- | M | MD5 = 1705745D900DABF2D89F90EBADDC7517] (Microsoft Corporation)
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(MCSTRM) MCSTRM [Kernel | Auto | Stopped] ->  -> File not found
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> [2005/10/05 07:57:08 | 00,012,544 | ---- | M | MD5 = E246A32C445056996074A397DA56E815] (Conexant)
(MHNDRV) MHN driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mhndrv.sys -> [2004/08/09 18:45:04 | 00,011,008 | ---- | M | MD5 = 7F2F1D2815A6449D346FCCCBC569FBD6] (Microsoft Corporation)
(mnmdd) mnmdd [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mnmdd.sys -> [2004/08/09 13:00:00 | 00,004,224 | ---- | M | MD5 = 4AE068242760A1FB6E1A44BF4E16AFA6] (Microsoft Corporation)
(Modem) Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\modem.sys -> [2008/04/13 23:30:20 | 00,030,080 | ---- | M | MD5 = DFCBAD3CEC1C5F964962AE10E0BCC8E1] (Microsoft Corporation)
(Mouclass) Mouse Class Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mouclass.sys -> [2004/08/09 20:00:00 | 00,023,040 | ---- | M | MD5 = 34E1F0031153E491910E12551400192C] (Microsoft Corporation)
(mouhid) Mouse HID Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mouhid.sys -> [2001/08/17 13:48:00 | 00,012,160 | ---- | M | MD5 = B1C303E17FB9D46E87A98E4BA6769685] (Microsoft Corporation)
(MountMgr) Mount Point Manager [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\mountmgr.sys -> [2008/04/13 23:09:48 | 00,042,368 | ---- | M | MD5 = A80B9A0BAD1B73637DBCBBA7DF72D3FD] (Microsoft Corporation)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(MRxDAV) WebDav Client Redirector [File_System | On_Demand | Running] -> %SystemRoot%\system32\drivers\mrxdav.sys -> [2008/04/13 23:02:46 | 00,180,608 | ---- | M | MD5 = 11D42BB6206F33FBB3BA0288D3EF81BD] (Microsoft Corporation)
(MRxSmb) MRxSmb [File_System | System | Running] -> %SystemRoot%\system32\drivers\mrxsmb.sys -> [2008/10/24 03:21:09 | 00,455,296 | ---- | M | MD5 = 60AE98742484E7AB80C3C1450E708148] (Microsoft Corporation)
(Msfs) Msfs [File_System | System | Running] -> %SystemRoot%\system32\drivers\msfs.sys -> [2008/04/13 23:02:40 | 00,019,072 | ---- | M | MD5 = C941EA2454BA8350021D774DAF0F1027] (Microsoft Corporation)
(MSKSSRV) Microsoft Streaming Service Proxy [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mskssrv.sys -> [2004/08/03 22:58:42 | 00,007,552 | ---- | M | MD5 = AE431A8DD3C1D0D0610CDBAC16057AD0] (Microsoft Corporation)
(MSPCLOCK) Microsoft Streaming Clock Proxy [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mspclock.sys -> [2004/08/03 22:58:40 | 00,005,376 | ---- | M | MD5 = 13E75FEF9DFEB08EEDED9D0246E1F448] (Microsoft Corporation)
(MSPQM) Microsoft Streaming Quality Manager Proxy [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mspqm.sys -> [2004/08/03 22:58:42 | 00,004,992 | ---- | M | MD5 = 1988A33FF19242576C3D0EF9CE785DA7] (Microsoft Corporation)
(mssmbios) Microsoft System Management BIOS Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mssmbios.sys -> [2004/08/09 20:00:00 | 00,015,488 | ---- | M | MD5 = 469541F8BFD2B32659D5D463A6714BCE] (Microsoft Corporation)
(Mup) Mup [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\mup.sys -> [2008/04/13 23:47:06 | 00,105,344 | ---- | M | MD5 = 2F625D11385B1A94360BFC70AAEFDEE1] (Microsoft Corporation)
(NDIS) NDIS System Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ndis.sys -> [2008/04/13 23:50:38 | 00,182,656 | ---- | M | MD5 = 1DF7F42665C94B825322FAE71721130D] (Microsoft Corporation)
(NdisTapi) Remote Access NDIS TAPI Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ndistapi.sys -> [2008/04/13 23:27:28 | 00,010,112 | ---- | M | MD5 = 1AB3D00C991AB086E69DB84B6C0ED78F] (Microsoft Corporation)
(Ndisuio) NDIS Usermode I/O Protocol [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ndisuio.sys -> [2008/04/13 23:26:00 | 00,014,592 | ---- | M | MD5 = F927A4434C5028758A842943EF1A3849] (Microsoft Corporation)
(NdisWan) Remote Access NDIS WAN Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ndiswan.sys -> [2008/04/13 23:50:44 | 00,091,520 | ---- | M | MD5 = EDC1531A49C80614B2CFDA43CA8659AB] (Microsoft Corporation)
(NDProxy) NDIS Proxy [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ndproxy.sys -> [2008/04/13 23:27:30 | 00,040,576 | ---- | M | MD5 = 6215023940CFD3702B46ABC304E1D45A] (Microsoft Corporation)
(NetBIOS) NetBIOS Interface [File_System | System | Running] -> %SystemRoot%\system32\drivers\netbios.sys -> [2008/04/13 23:26:04 | 00,034,688 | ---- | M | MD5 = 5D81CF9A2F1A3A756B66CF684911CDF0] (Microsoft Corporation)
(NetBT) NetBios over Tcpip [Kernel | System | Running] -> %SystemRoot%\system32\drivers\netbt.sys -> [2008/04/13 23:51:02 | 00,162,816 | ---- | M | MD5 = 74B2B2F5BEA5E9A3DC021D685551BD3D] (Microsoft Corporation)
(NIC1394) 1394 Net Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nic1394.sys -> [2008/04/13 23:21:26 | 00,061,824 | ---- | M | MD5 = E9E47CFB2D461FA0FC75B7A74C6383EA] (Microsoft Corporation)
(Npfs) Npfs [File_System | System | Running] -> %SystemRoot%\system32\drivers\npfs.sys -> [2008/04/13 23:02:40 | 00,030,848 | ---- | M | MD5 = 3182D64AE053D6FB034F44B6DEF8034A] (Microsoft Corporation)
(Ntfs) Ntfs [File_System | Disabled | Running] -> %SystemRoot%\system32\drivers\ntfs.sys -> [2008/04/13 23:45:54 | 00,574,976 | ---- | M | MD5 = 78A08DD6A8D65E697C18E1DB01C5CDCA] (Microsoft Corporation)
(Null) Null [Kernel | System | Running] -> %SystemRoot%\system32\drivers\null.sys -> [2004/08/09 13:00:00 | 00,002,944 | ---- | M | MD5 = 73C1E1F395918BC2C6DD67AF7591A3AD] (Microsoft Corporation)
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2006/05/09 07:50:00 | 03,535,680 | ---- | M | MD5 = 642A87877F83313EB5302749CD479024] (NVIDIA Corporation)
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NVENETFD.sys -> [2006/03/03 07:31:02 | 00,034,176 | ---- | M | MD5 = 22EEDB34C4D7613A25B10C347C6C4C21] (NVIDIA Corporation)
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvnetbus.sys -> [2006/03/03 07:31:04 | 00,013,056 | ---- | M | MD5 = 5E3F6AD5CAD0F12D3CCCD06FD964087A] (NVIDIA Corporation)
(NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nwlnkflt.sys -> [2004/08/09 13:00:00 | 00,012,416 | ---- | M | MD5 = B305F3FAD35083837EF46A0BBCE2FC57] (Microsoft Corporation)
(NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nwlnkfwd.sys -> [2004/08/09 13:00:00 | 00,032,512 | ---- | M | MD5 = C99B3415198D1AAB7227F2C88FD664B9] (Microsoft Corporation)
(ohci1394) OHCI Compliant IEEE 1394 Host Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ohci1394.sys -> [2008/04/13 23:16:20 | 00,061,696 | ---- | M | MD5 = CA33832DF41AFB202EE7AEB05145922F] (Microsoft Corporation)
(PalmUSBD) PalmUSBD [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\PalmUSBD.sys -> [2007/06/15 13:31:26 | 00,016,694 | ---- | M | MD5 = 240C0D4049A833B16B63B636ACF01672] (PalmSource, Inc.)
(Parport) Parallel port driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\parport.sys -> [2008/04/13 23:10:12 | 00,080,128 | ---- | M | MD5 = 5575FAF8F97CE5E713D108C2A58D7C7C] (Microsoft Corporation)
(PartMgr) Partition Manager [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\partmgr.sys -> [2008/04/13 23:10:50 | 00,019,712 | ---- | M | MD5 = BEB3BA25197665D82EC7065B724171C6] (Microsoft Corporation)
(ParVdm) ParVdm [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\parvdm.sys -> [2004/08/09 13:00:00 | 00,006,784 | ---- | M | MD5 = 70E98B3FD8E963A6A46A2E6247E0BEA1] (Microsoft Corporation)
(PCI) PCI Bus Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pci.sys -> [2004/08/09 13:00:00 | 00,068,224 | ---- | M | MD5 = 8086D9979234B603AD5BC2F5D890B234] (Microsoft Corporation)
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PCIIde) PCIIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pciide.sys -> [2001/08/17 13:51:52 | 00,003,328 | ---- | M | MD5 = CCF5F451BB1A5A2A522A76E670000FF0] (Microsoft Corporation)
(Pcmcia) Pcmcia [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\pcmcia.sys -> [2008/04/13 23:06:44 | 00,120,192 | ---- | M | MD5 = 9E89EF60E9EE05E3F2EEF2DA7397F1C1] (Microsoft Corporation)
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(PptpMiniport) WAN Miniport (PPTP) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\raspptp.sys -> [2008/04/13 23:49:50 | 00,048,384 | ---- | M | MD5 = EFEEC01B1D3CF84F16DDD24D9D9D8F99] (Microsoft Corporation)
(Processor) Processor Driver [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\processr.sys -> [2008/04/13 23:01:32 | 00,035,840 | ---- | M | MD5 = A32BEBAF723557681BFC6BD93E98BD26] (Microsoft Corporation)
(Ps2) Ps2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\PS2.sys -> [2005/12/12 09:27:00 | 00,019,072 | ---- | M | MD5 = 390C204CED3785609AB24E9C52054A84] (Hewlett-Packard Company)
(PSched) QoS Packet Scheduler [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\psched.sys -> [2008/04/13 23:26:40 | 00,069,120 | ---- | M | MD5 = 09298EC810B07E5D582CB3A3F9255424] (Microsoft Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/09 13:00:00 | 00,017,792 | ---- | M | MD5 = 80D317BD1C3DBC5D4FE7B1678C60CADD] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Stopped] ->  -> File not found
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(RasAcd) Remote Access Auto Connection Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\rasacd.sys -> [2004/08/09 13:00:00 | 00,008,832 | ---- | M | MD5 = FE0D99D6F31E4FAD8159F690D68DED9C] (Microsoft Corporation)
(Rasl2tp) WAN Miniport (L2TP) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rasl2tp.sys -> [2008/04/13 23:49:44 | 00,051,328 | ---- | M | MD5 = 11B4A627BC9614B885C4969BFA5FF8A6] (Microsoft Corporation)
(RasPppoe) Remote Access PPPOE Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\raspppoe.sys -> [2008/04/13 23:27:34 | 00,041,472 | ---- | M | MD5 = 5BC962F2654137C9909C3D4603587DEE] (Microsoft Corporation)
(Raspti) Direct Parallel [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\raspti.sys -> [2004/08/09 13:00:00 | 00,016,512 | ---- | M | MD5 = FDBB1D60066FCFBB7452FD8F9829B242] (Microsoft Corporation)
(Rdbss) Rdbss [File_System | System | Running] -> %SystemRoot%\system32\drivers\rdbss.sys -> [2008/04/13 23:58:40 | 00,175,744 | ---- | M | MD5 = 7AD224AD1A1437FE28D89CF22B17780A] (Microsoft Corporation)
(RDPCDD) RDPCDD [Kernel | System | Running] -> %SystemRoot%\system32\drivers\rdpcdd.sys -> [2004/08/09 13:00:00 | 00,004,224 | ---- | M | MD5 = 4912D5B403614CE99C28420F75353332] (Microsoft Corporation)
(rdpdr) Terminal Server Device Redirector Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rdpdr.sys -> [2004/08/03 14:01:16 | 00,196,864 | ---- | M | MD5 = A2CAE2C60BC37E0751EF9DDA7CEAF4AD] (Microsoft Corporation)
(RDPWD) RDPWD [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\rdpwd.sys -> [2008/04/14 04:43:24 | 00,139,656 | ---- | M | MD5 = 6728E45B66F93C08F11DE2E316FC70DD] (Microsoft Corporation)
(redbook) Digital CD Audio Playback Filter Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\redbook.sys -> [2008/04/13 23:10:28 | 00,057,600 | ---- | M | MD5 = F828DD7E1419B6653894A8F97A0094C5] (Microsoft Corporation)
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RTL8139.sys -> [2004/08/03 06:31:34 | 00,020,992 | ---- | M | MD5 = D507C1400284176573224903819FFDA3] (Realtek Semiconductor Corporation)
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] ->  -> File not found
(SASKUTIL) SASKUTIL [Kernel | System | Stopped] ->  -> File not found
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 02:25:53 | 00,020,480 | ---- | M | MD5 = 90A3935D05B494A5A39D37E71F09A677] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(Serial) Serial [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\serial.sys -> [2008/04/13 23:45:46 | 00,064,512 | ---- | M | MD5 = CCA207A8896D4C6A0C9CE29A4AE411A7] (Microsoft Corporation)
(Sfloppy) Sfloppy [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\sfloppy.sys -> [2008/04/13 23:10:50 | 00,011,392 | ---- | M | MD5 = 8E6B8C671615D126FDC553D1E2DE5562] (Microsoft Corporation)
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(splitter) Microsoft Kernel Audio Splitter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\splitter.sys -> [2008/04/13 23:15:08 | 00,006,272 | ---- | M | MD5 = AB8B92451ECB048A4D1DE7C3FFCB4A9F] (Microsoft Corporation)
(sr) System Restore Filter Driver [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\sr.sys -> [2008/04/13 23:06:54 | 00,073,472 | ---- | M | MD5 = 76BB022C2FB6902FD5BDD4F78FC13A5D] (Microsoft Corporation)
(Srv) Srv [File_System | On_Demand | Running] -> %SystemRoot%\system32\drivers\srv.sys -> [2008/12/11 02:57:09 | 00,333,952 | ---- | M | MD5 = 3BB03F2BA89D2BE417206C373D2AF17C] (Microsoft Corporation)
(swenum) Software Bus Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\swenum.sys -> [2004/08/09 20:00:00 | 00,004,352 | ---- | M | MD5 = 03C1BAE4766E2450219D20B993D6E046] (Microsoft Corporation)
(swmidi) Microsoft Kernel GS Wavetable Synthesizer [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\swmidi.sys -> [2008/04/13 23:15:10 | 00,056,576 | ---- | M | MD5 = 8CE882BCC6CF8A62F2B2323D95CB3D01] (Microsoft Corporation)
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(sysaudio) Microsoft Kernel System Audio Device [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sysaudio.sys -> [2008/04/13 23:45:56 | 00,060,800 | ---- | M | MD5 = 8B83F3ED0F1688B4958F77CD6D2BF290] (Microsoft Corporation)
(Tcpip) TCP/IP Protocol Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\tcpip.sys -> [2008/06/20 03:51:12 | 00,361,600 | ---- | M | MD5 = 9425B72F40257B45D45D24773273DAD0] (Microsoft Corporation)
(TDPIPE) TDPIPE [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\tdpipe.sys -> [2008/04/14 04:43:22 | 00,012,040 | ---- | M | MD5 = 6471A66807F5E104E4885F5B67349397] (Microsoft Corporation)
(TDTCP) TDTCP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\tdtcp.sys -> [2008/04/14 04:43:22 | 00,021,896 | ---- | M | MD5 = C56B6D0402371CF3700EB322EF3AAF61] (Microsoft Corporation)
(TermDD) Terminal Device Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\termdd.sys -> [2004/08/03 16:01:08 | 00,040,840 | ---- | M | MD5 = A540A99C281D933F3D69D55E48727F47] (Microsoft Corporation)
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(TucbDriverV32) TucbDriverV32 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\TucbDriverV32.sys -> [2008/06/04 09:24:40 | 00,508,544 | ---- | M | MD5 = CE859455CC47AD2FD8A817FBECE4634C] ()
(Udfs) Udfs [File_System | Disabled | Stopped] -> %SystemRoot%\system32\drivers\udfs.sys -> [2008/04/13 23:02:38 | 00,066,048 | ---- | M | MD5 = 5787B80C2E3C5E2F56C2A233D91FA2C9] (Microsoft Corporation)
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(Update) Microcode Update Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\update.sys -> [2008/04/13 23:09:48 | 00,384,768 | ---- | M | MD5 = 402DDC88356B1BAC0EE3DD1580C76A31] (Microsoft Corporation)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaapl.sys -> [2008/10/01 12:01:28 | 00,032,000 | ---- | M | MD5 = C1CA131F4E3ED63D6BC89A35FFAD4CDA] (Apple, Inc.)
(usbccgp) Microsoft USB Generic Parent Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbccgp.sys -> [2008/04/13 23:15:40 | 00,032,128 | ---- | M | MD5 = 173F317CE0DB8E21322E71B7E60A27E8] (Microsoft Corporation)
(usbehci) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbehci.sys -> [2008/04/13 23:15:36 | 00,030,208 | ---- | M | MD5 = 65DCF09D0E37D4C6B11B5B0B76D470A7] (Microsoft Corporation)
(usbhub) USB2 Enabled Hub [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbhub.sys -> [2004/08/09 13:00:00 | 00,057,600 | ---- | M | MD5 = C72F40947F92CEA56A8FB532EDF025F1] (Microsoft Corporation)
(usbohci) Microsoft USB Open Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbohci.sys -> [2004/08/03 23:08:38 | 00,017,024 | ---- | M | MD5 = BDFE799A8531BAD8A5A985821FE78760] (Microsoft Corporation)
(usbprint) Microsoft USB PRINTER Class [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbprint.sys -> [2008/04/13 23:17:38 | 00,025,856 | ---- | M | MD5 = A717C8721046828520C9EDF31288FC00] (Microsoft Corporation)
(usbscan) USB Scanner Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbscan.sys -> [2008/04/13 23:15:36 | 00,015,104 | ---- | M | MD5 = A0B8CF9DEB1184FBDD20784A58FA75D4] (Microsoft Corporation)
(usbstor) USB Mass Storage Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbstor.sys -> [2008/04/13 23:15:40 | 00,026,368 | ---- | M | MD5 = A32426D9B14A089EAA1D922E0C5801A9] (Microsoft Corporation)
(usbuhci) Microsoft USB Universal Host Controller Miniport Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbuhci.sys -> [2004/08/09 13:00:00 | 00,020,480 | ---- | M | MD5 = F8FD1400092E23C8F2F31406EF06167B] (Microsoft Corporation)
(VgaSave) VGA Display Controller. [Kernel | System | Running] -> %SystemRoot%\system32\drivers\vga.sys -> [2008/04/13 23:14:42 | 00,020,992 | ---- | M | MD5 = 0D3A8FAFCEACD8B7625CD549757A7DF1] (Microsoft Corporation)
(ViaIde) ViaIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\viaide.sys -> [2008/04/13 23:10:32 | 00,005,376 | ---- | M | MD5 = 3B3EFCDA263B8AC14FDF9CBDD0791B2E] (Microsoft Corporation)
(VolSnap) VolSnap [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\volsnap.sys -> [2008/04/13 23:11:02 | 00,052,352 | ---- | M | MD5 = 4C8FCB5CC53AAB716D810740FE59D025] (Microsoft Corporation)
(Wanarp) Remote Access IP ARP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wanarp.sys -> [2008/04/13 23:27:22 | 00,034,560 | ---- | M | MD5 = E20B95BAEDB550F32DD489265C1DA1F6] (Microsoft Corporation)
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(wdmaud) Microsoft WINMM WDM Audio Compatibility Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wdmaud.sys -> [2008/04/13 23:47:20 | 00,083,072 | ---- | M | MD5 = 6768ACF64B18196494413695F0C3A00F] (Microsoft Corporation)
(winachsx) winachsx [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSX_CNXT.sys -> [2005/12/06 03:20:42 | 00,670,208 | ---- | M | MD5 = 11EC1AFCEB5C917CE73D3C301FF4291E] (Conexant Systems, Inc.)
(WpdUsb) WpdUsb [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wpdusb.sys -> [2006/10/18 19:00:00 | 00,038,528 | ---- | M | MD5 = CF4DEF1BF66F06964DC0D91844239104] (Microsoft Corporation)
(WudfPf) Windows Driver Foundation - User-mode Driver Framework Platform Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\WudfPf.sys -> [2006/09/28 17:55:50 | 00,077,568 | ---- | M | MD5 = F15FEAFFFBB3644CCC80C5DA584E6311] (Microsoft Corporation)
(WudfRd) Windows Driver Foundation - User-mode Driver Framework Reflector [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\WudfRd.sys -> [2006/09/28 18:00:34 | 00,082,944 | ---- | M | MD5 = 28B524262BCE6DE1F7EF9F510BA3985B] (Microsoft Corporation)
 
[Registry - All]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"First Home Page" -> http://go.microsoft.com/fwlink/?LinkId=54843 -> 
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\"Page_Transitions" ->  -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://yahoo.com/ -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://home.microsoft.com/access/autosearch.asp?p=%s -> 
HKEY_CURRENT_USER\: URLSearchHooks\\"{00A6FAF6-072E-44cf-8957-5838F569A31D}" [HKLM] -> %ProgramFiles%\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL [] -> [2009/01/23 22:50:30 | 00,061,440 | ---- | M | MD5 = C11F5F1DCA9AE19CF31485527CCAD607] (MyWebSearch.com)
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop -> 
HKEY_USERS\.DEFAULT\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_USERS\.DEFAULT\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{00A6FAF6-072E-44cf-8957-5838F569A31D}" [HKLM] -> %ProgramFiles%\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL [] -> [2009/01/23 22:50:30 | 00,061,440 | ---- | M | MD5 = C11F5F1DCA9AE19CF31485527CCAD607] (MyWebSearch.com)
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop -> 
HKEY_USERS\S-1-5-18\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_USERS\S-1-5-18\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{00A6FAF6-072E-44cf-8957-5838F569A31D}" [HKLM] -> %ProgramFiles%\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL [] -> [2009/01/23 22:50:30 | 00,061,440 | ---- | M | MD5 = C11F5F1DCA9AE19CF31485527CCAD607] (MyWebSearch.com)
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\] > -> -> 
HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\: Main\\"First Home Page" -> http://go.microsoft.com/fwlink/?LinkId=54843 -> 
HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\: Main\\"Local Page" -> C:\windows\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\: Main\\"Page_Transitions" ->  -> 
HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\: Main\\"Start Page" -> http://yahoo.com/ -> 
HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\: SearchURL\\"" -> http://home.microsoft.com/access/autosearch.asp?p=%s -> 
HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\: URLSearchHooks\\"{00A6FAF6-072E-44cf-8957-5838F569A31D}" [HKLM] -> %ProgramFiles%\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL [] -> [2009/01/23 22:50:30 | 00,061,440 | ---- | M | MD5 = C11F5F1DCA9AE19CF31485527CCAD607] (MyWebSearch.com)
HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\: "ProxyOverride" -> *.local -> 
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\wv77ayta.default\prefs.js -> 
browser.startup.homepage -> "http://www.myspace.com/" ->
browser.startup.homepage_override.mstone -> "rv:1.9.0.3" ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.3 ->
extensions.enabledItems -> nasanightlaunch@example.com:0.6.20080809 ->
< HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
127.0.0.1	   localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{00A6FAF1-072E-44cf-8957-5838F569A31D} [HKLM] -> %ProgramFiles%\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL [MyWebSearch Search Assistant BHO] -> [2009/01/23 22:50:30 | 00,061,440 | ---- | M | MD5 = C11F5F1DCA9AE19CF31485527CCAD607] (MyWebSearch.com)
{07B18EA1-A523-4961-B6BB-170DE4475CCA} [HKLM] -> %ProgramFiles%\MyWebSearch\bar\1.bin\MWSBAR.DLL [mwsBar BHO] -> [2009/01/23 22:50:22 | 00,417,887 | ---- | M | MD5 = 77D104449413C15CE80962B308276CDC] (MyWebSearch.com)
{0f3cbbd8-465d-4e05-b343-714faff656b3} [HKLM] -> %SystemRoot%\system32\qbfaea.dll [Reg Error: Value  does not exist or could not be read.] -> [2009/01/23 22:12:12 | 00,129,024 | ---- | M | MD5 = 2625EB2784A5F292DFE883284B9039EC] ()
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> [2005/05/31 00:04:00 | 00,853,672 | ---- | M | MD5 = 250D787A5712D7768DDC133B3E477759] (Safer Networking Limited)
{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} [HKLM] -> %SystemRoot%\system32\ddcArQkL.dll [Reg Error: Value  does not exist or could not be read.] -> [2009/01/17 13:16:53 | 00,036,352 | ---- | M | Unable to obtain MD5] ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008/12/05 13:27:57 | 00,320,920 | ---- | M | MD5 = 35E6FB6E6003BD54A5D69C9C1C762192] (Sun Microsystems, Inc.)
{AA31F92A-B573-4819-8DF2-FFF853AB7E56} [HKLM] -> %SystemRoot%\system32\tuvVnKDv.dll [Reg Error: Value  does not exist or could not be read.] -> File not found
{AAAE832A-5FFF-4661-9C8F-369692D1DCB9} [HKLM] -> %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [hpWebHelper Class] -> [2007/01/10 07:15:25 | 00,208,896 | ---- | M | MD5 = BEBDF2293F53049569285B9B2FA7EC68] (Hewlett-Packard)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [Google Toolbar Notifier BHO] -> [2009/01/08 05:42:54 | 00,657,904 | ---- | M | MD5 = 2C7C2CE12A0A07A36EDCBAAE469DC867] (Google Inc.)
{d2e37dba-818d-4bc6-98b1-6f29a22d4c11} [HKLM] -> %SystemRoot%\system32\bvpupcvr.dll [Reg Error: Value  does not exist or could not be read.] -> [2009/01/22 07:22:13 | 00,075,776 | ---- | M | MD5 = E6137BCF67415806CCAE7777004FF4EC] ()
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008/12/05 13:27:56 | 00,034,816 | ---- | M | MD5 = 5D57FD3DF32DC69CEC3D1D54B4C43162] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2008/12/05 13:27:57 | 00,073,728 | ---- | M | MD5 = F68EDAFE003F2B3523C0742CD3B8D673] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{07B18EA9-A523-4961-B6BB-170DE4475CCA}" [HKLM] -> %ProgramFiles%\MyWebSearch\bar\1.bin\MWSBAR.DLL [My Web Search] -> [2009/01/23 22:50:22 | 00,417,887 | ---- | M | MD5 = 77D104449413C15CE80962B308276CDC] (MyWebSearch.com)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" [HKLM] -> %SystemRoot%\system32\browseui.dll [&Address] -> [2008/04/13 16:11:50 | 01,025,024 | ---- | M | MD5 = E392E172687BE172F8600C5F41AB03D9] (Microsoft Corporation)
WebBrowser\\"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" [HKLM] -> %SystemRoot%\system32\browseui.dll [&Address] -> [2008/04/13 16:11:50 | 01,025,024 | ---- | M | MD5 = E392E172687BE172F8600C5F41AB03D9] (Microsoft Corporation)
WebBrowser\\"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" [HKLM] -> %SystemRoot%\system32\shell32.dll [&Links] -> [2008/04/13 16:12:05 | 08,461,312 | ---- | M | MD5 = 0CF50B1F45DAB08430C1DBB79FE2CA5B] (Microsoft Corporation)
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\] > -> HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" [HKLM] -> %SystemRoot%\system32\browseui.dll [&Address] -> [2008/04/13 16:11:50 | 01,025,024 | ---- | M | MD5 = E392E172687BE172F8600C5F41AB03D9] (Microsoft Corporation)
WebBrowser\\"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" [HKLM] -> %SystemRoot%\system32\browseui.dll [&Address] -> [2008/04/13 16:11:50 | 01,025,024 | ---- | M | MD5 = E392E172687BE172F8600C5F41AB03D9] (Microsoft Corporation)
WebBrowser\\"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" [HKLM] -> %SystemRoot%\system32\shell32.dll [&Links] -> [2008/04/13 16:12:05 | 08,461,312 | ---- | M | MD5 = 0CF50B1F45DAB08430C1DBB79FE2CA5B] (Microsoft Corporation)
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"40553691" -> %SystemRoot%\system32\aklljmej.dll [rundll32.exe "C:\WINDOWS\system32\aklljmej.dll",b] -> [2009/01/23 22:10:00 | 00,072,704 | ---- | M | MD5 = 1F48DFD48CA0A50CE0F7CE32CA927364] ()
"AVG7_CC" -> \PROGRA~1\Grisoft\AVG7\avgcc.exe [C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP] -> [2008/11/16 11:44:21 | 00,590,848 | ---- | M | MD5 = F1B42DE29AF84F24FB59989805B1B62D] ()
"ehTray" -> %SystemRoot%\ehome\ehtray.exe [C:\WINDOWS\ehome\ehtray.exe] -> [2005/09/29 14:01:14 | 00,067,584 | ---- | M | MD5 = 7E48B4958C131E9643DDCD2E7CA3FE9F] (Microsoft Corporation)
"ftutil2" -> %SystemRoot%\system32\ftutil2.dll [rundll32.exe ftutil2.dll,SetWriteCacheMode] -> [2004/06/07 06:05:38 | 00,106,496 | ---- | M | MD5 = B8ED44B59233B1872AE4CC246C6BBFE2] (Promise Technology, Inc.)
"HP Software Update" -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe] -> [2007/05/08 15:24:20 | 00,054,840 | ---- | M | MD5 = 21293443961A4E2597453EE7A9347F22] (Hewlett-Packard)
"HP VoodooDNA Mouse" -> %ProgramFiles%\HP Laser Gaming Mouse with VoodooDNA\hid.exe ["C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\hid.exe"] -> [2008/08/01 09:55:40 | 00,323,584 | ---- | M | MD5 = 823ADEF5BCCE313303E961DF54FF6AC3] ()
"HPBootOp" -> %ProgramFiles%\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe ["C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run] -> [2006/02/15 15:34:58 | 00,249,856 | ---- | M | MD5 = A789B145F17FA5C2326907F4872FE173] (Hewlett-Packard Company)
"itype" -> %ProgramFiles%\Microsoft IntelliType Pro\itype.exe ["c:\Program Files\Microsoft IntelliType Pro\itype.exe"] -> [2006/11/21 16:08:58 | 00,813,912 | ---- | M | MD5 = F2E2AAD0EE3E886161A907F473A10B20] (Microsoft Corporation)
"My Web Search Bar Search Scope Monitor" -> %ProgramFiles%\MyWebSearch\bar\1.bin\M3SRCHMN.EXE ["C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w] -> [2009/01/23 22:50:22 | 00,024,688 | ---- | M | MD5 = 09261999FF455A59F245125173BA3D3B] (MyWebSearch.com)
"MyWebSearch Email Plugin" -> %ProgramFiles%\MyWebSearch\bar\1.bin\MWSOEMON.EXE [C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe] -> [2009/01/23 22:50:22 | 00,032,838 | ---- | M | MD5 = 9ABBE6F791C0B599A7128C9ACA27C094] (MyWebSearch.com)
"MyWebSearch Plugin" -> %ProgramFiles%\MyWebSearch\bar\1.bin\M3PLUGIN.DLL [rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF] -> [2009/01/23 22:50:22 | 00,053,352 | ---- | M | MD5 = E3EE9FF743473CB7E94ED1AACBE49D63] (MyWebSearch.com)
"NvCplDaemon" -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2006/05/09 07:50:00 | 07,311,360 | ---- | M | MD5 = 6BDD333A105978CF4C560CA86FF5E39D] (NVIDIA Corporation)
"TkBellExe" -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> [2008/12/09 01:02:39 | 00,185,872 | ---- | M | MD5 = C681F347514CC8671977FCBD2B7D001A] (RealNetworks, Inc.)
"UpdateWin" -> %SystemRoot%\system32\3com_dmif.exe [C:\WINDOWS\system32\3com_dmif.exe] -> File not found
< RunServices [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices -> 
"UpdateWin" -> %SystemRoot%\system32\3com_dmif.exe [C:\WINDOWS\system32\3com_dmif.exe] -> File not found
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"MyWebSearch Email Plugin" -> %ProgramFiles%\MyWebSearch\bar\1.bin\MWSOEMON.EXE [C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe] -> [2009/01/23 22:50:22 | 00,032,838 | ---- | M | MD5 = 9ABBE6F791C0B599A7128C9ACA27C094] (MyWebSearch.com)
"UpdateWin" -> %SystemRoot%\system32\3com_dmif.exe [C:\WINDOWS\system32\3com_dmif.exe] -> File not found
< RunServices [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices -> 
"UpdateWin" -> %SystemRoot%\system32\3com_dmif.exe [C:\WINDOWS\system32\3com_dmif.exe] -> File not found
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AVG7_Run" -> %ProgramFiles%\Grisoft\AVG7\avgw.exe [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE] -> [2008/06/19 02:08:50 | 00,219,136 | ---- | M | MD5 = B331EF4C7437F5093D703340678469EB] (GRISOFT, s.r.o.)
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AVG7_Run" -> %ProgramFiles%\Grisoft\AVG7\avgw.exe [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE] -> [2008/06/19 02:08:50 | 00,219,136 | ---- | M | MD5 = B331EF4C7437F5093D703340678469EB] (GRISOFT, s.r.o.)
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AVG7_Run" -> %ProgramFiles%\Grisoft\AVG7\avgw.exe [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE] -> [2008/06/19 02:08:50 | 00,219,136 | ---- | M | MD5 = B331EF4C7437F5093D703340678469EB] (GRISOFT, s.r.o.)
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AVG7_Run" -> %ProgramFiles%\Grisoft\AVG7\avgw.exe [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE] -> [2008/06/19 02:08:50 | 00,219,136 | ---- | M | MD5 = B331EF4C7437F5093D703340678469EB] (GRISOFT, s.r.o.)
< Run [HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\] > -> HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"MyWebSearch Email Plugin" -> %ProgramFiles%\MyWebSearch\bar\1.bin\MWSOEMON.EXE [C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe] -> [2009/01/23 22:50:22 | 00,032,838 | ---- | M | MD5 = 9ABBE6F791C0B599A7128C9ACA27C094] (MyWebSearch.com)
"UpdateWin" -> %SystemRoot%\system32\3com_dmif.exe [C:\WINDOWS\system32\3com_dmif.exe] -> File not found
< RunServices [HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\] > -> HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices -> 
"UpdateWin" -> %SystemRoot%\system32\3com_dmif.exe [C:\WINDOWS\system32\3com_dmif.exe] -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
%SystemDrive%\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk -> %SystemDrive%\hp\bin\cloaker.exe -> [1999/11/06 16:11:14 | 00,027,136 | ---- | M | MD5 = 6380625DD0480ED60960A149A087C848] (Hewlett-Packard Co.)
%SystemDrive%\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk -> %SystemDrive%\hp\bin\cloaker.exe -> [1999/11/06 16:11:14 | 00,027,136 | ---- | M | MD5 = 6380625DD0480ED60960A149A087C848] (Hewlett-Packard Co.)
< HP_Administrator Startup Folder > -> C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007] > -> HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [255] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoSetActiveDesktop" ->  [1] -> File not found
\\"NoActiveDesktopChanges" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"InstallVisualStyle" -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
\\"InstallTheme" -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [36] -> File not found
\\"NoDriveAutoRun" ->  [FF FF FF FF  [binary data]] -> File not found
\\"NoSetActiveDesktop" ->  [1] -> File not found
\\"NoActiveDesktopChanges" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007] > -> HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [36] -> File not found
\\"NoDriveAutoRun" ->  [FF FF FF FF  [binary data]] -> File not found
\\"NoSetActiveDesktop" ->  [1] -> File not found
\\"NoActiveDesktopChanges" ->  [1] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007] > -> HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to AMV Converter... -> %ProgramFiles%\MP3 Player Utilities 4.10\AMVConverter\grab.html [C:\Program Files\MP3 Player Utilities 4.10\AMVConverter\grab.html] -> [2006/02/16 10:37:38 | 00,000,890 | ---- | M | MD5 = 7EBF2639E1173A8C6E84A29235162FAB] ()
Add to Media Manager... -> %ProgramFiles%\MP3 Player Utilities 4.10\MediaManager\grab.html [C:\Program Files\MP3 Player Utilities 4.10\MediaManager\grab.html] -> [2006/02/15 09:30:44 | 00,000,890 | ---- | M | MD5 = 071912A38DA560751A5A9AECB01F55DF] ()
E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~4\Office10\EXCEL.EXE [res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to AMV Converter... -> %ProgramFiles%\MP3 Player Utilities 4.10\AMVConverter\grab.html [C:\Program Files\MP3 Player Utilities 4.10\AMVConverter\grab.html] -> [2006/02/16 10:37:38 | 00,000,890 | ---- | M | MD5 = 7EBF2639E1173A8C6E84A29235162FAB] ()
Add to Media Manager... -> %ProgramFiles%\MP3 Player Utilities 4.10\MediaManager\grab.html [C:\Program Files\MP3 Player Utilities 4.10\MediaManager\grab.html] -> [2006/02/15 09:30:44 | 00,000,890 | ---- | M | MD5 = 071912A38DA560751A5A9AECB01F55DF] ()
E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~4\Office10\EXCEL.EXE [res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M | MD5 = 5C044EF0F7D2DD81A45348106AD58152] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M | MD5 = 5C044EF0F7D2DD81A45348106AD58152] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Expression\Office12\REFIEBAR.DLL [Button: Research] -> [2006/10/26 19:12:22 | 00,040,424 | ---- | M | MD5 = 7FC19DA1DC70C78D2FBD7A1D10942051] (Microsoft Corporation)
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Button: Internet Connection Help] -> [2007/01/10 07:13:57 | 00,000,706 | ---- | M | MD5 = 7CB21E1F67A80EAC34B2C10F88F1ED7E] ()
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Menu: Internet Connection Help] -> [2007/01/10 07:13:57 | 00,000,706 | ---- | M | MD5 = 7CB21E1F67A80EAC34B2C10F88F1ED7E] ()
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 23:23:34 | 00,558,080 | ---- | M | MD5 = AAC1D4EE39DF138C5D30AC5883E3B59F] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M | MD5 = 3E930C641079443D4DE036167A69CAA2] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M | MD5 = 3E930C641079443D4DE036167A69CAA2] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value  does not exist or could not be read.] -> File not found
CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] ->  [Internet Connection Help] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M | MD5 = 3E930C641079443D4DE036167A69CAA2] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value  does not exist or could not be read.] -> File not found
CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] ->  [Internet Connection Help] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M | MD5 = 3E930C641079443D4DE036167A69CAA2] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value  does not exist or could not be read.] -> File not found
CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] ->  [Internet Connection Help] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M | MD5 = 3E930C641079443D4DE036167A69CAA2] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\] > -> HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value  does not exist or could not be read.] -> File not found
CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] ->  [Internet Connection Help] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M | MD5 = 3E930C641079443D4DE036167A69CAA2] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2922 domain(s) found. -> 
2922 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\] > -> HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2922 domain(s) found. -> 
2922 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\] > -> HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] -> 
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} [HKLM] -> http://support.f-secure.com/ols/fscax.cab [F-Secure Online Scanner 3.3] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{4935BABA-934B-4E7D-A577-4FF99F77B684} ->	(1394 Net Adapter) -> 
{892900FC-9814-4488-99C0-81491C1EE93D} ->	(HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter) -> 
{957A07B1-CC08-4921-8454-F07AC294FF2A} ->	(NVIDIA nForce Networking Controller) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> [2008/04/13 16:12:19 | 01,033,728 | ---- | M | MD5 = 12896823FB95BFB3DC9B46BCAEDC9923] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> [2008/04/14 04:42:40 | 00,026,112 | ---- | M | MD5 = A93AEE1928A9D7CE3E16D24EC7380F89] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> [2008/04/14 04:42:26 | 00,514,560 | ---- | M | MD5 = 2081A5B5E4ABA206A0A8A1A97DF0FB23] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> [2008/04/13 16:12:05 | 08,461,312 | ---- | M | MD5 = 0CF50B1F45DAB08430C1DBB79FE2CA5B] (Microsoft Corporation)
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> [2008/04/14 04:42:42 | 00,300,544 | ---- | M | MD5 = C504A9FE17F997F8B1F8561D0A68DE52] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
crypt32chain -> %SystemRoot%\system32\crypt32.dll -> [2008/04/13 16:11:51 | 00,599,040 | ---- | M | MD5 = BDAAF79DD63F194434D31A74B9BB8B77] (Microsoft Corporation)
cryptnet -> %SystemRoot%\system32\cryptnet.dll -> [2008/04/13 16:11:51 | 00,064,512 | ---- | M | MD5 = C14350FC0D47D806699C4F907FC6785B] (Microsoft Corporation)
cscdll -> %SystemRoot%\system32\cscdll.dll -> [2008/04/13 16:11:51 | 00,101,888 | ---- | M | MD5 = 515A7FAE2070C2B0242B2353443E2F11] (Microsoft Corporation)
ddcArQkL -> %SystemRoot%\system32\ddcArQkL.dll -> [2009/01/17 13:16:53 | 00,036,352 | ---- | M | Unable to obtain MD5] ()
dimsntfy -> %SystemRoot%\system32\dimsntfy.dll -> [2008/04/14 04:41:54 | 00,019,456 | ---- | M | MD5 = E2092F0A1D7ABC243F9C2362483D150D] (Microsoft Corporation)
ScCertProp -> %SystemRoot%\system32\wlnotify.dll -> [2008/04/13 16:12:09 | 00,092,672 | ---- | M | MD5 = 2CC34E8BB667EEF78899546E12649196] (Microsoft Corporation)
Schedule -> %SystemRoot%\system32\wlnotify.dll -> [2008/04/13 16:12:09 | 00,092,672 | ---- | M | MD5 = 2CC34E8BB667EEF78899546E12649196] (Microsoft Corporation)
sclgntfy -> %SystemRoot%\system32\sclgntfy.dll -> [2008/04/14 04:42:06 | 00,020,480 | ---- | M | MD5 = 63FF9068E5BDA0BC9ECD38FBBB216E24] (Microsoft Corporation)
SensLogn -> %SystemRoot%\system32\wlnotify.dll -> [2008/04/13 16:12:09 | 00,092,672 | ---- | M | MD5 = 2CC34E8BB667EEF78899546E12649196] (Microsoft Corporation)
termsrv -> %SystemRoot%\system32\wlnotify.dll -> [2008/04/13 16:12:09 | 00,092,672 | ---- | M | MD5 = 2CC34E8BB667EEF78899546E12649196] (Microsoft Corporation)
WgaLogon -> %SystemRoot%\system32\WgaLogon.dll -> [2007/02/15 17:00:26 | 00,236,928 | ---- | M | MD5 = 627B55FAD15C6B03B44198AFBEEBAB1A] (Microsoft Corporation)
wlballoon -> %SystemRoot%\system32\wlnotify.dll -> [2008/04/13 16:12:09 | 00,092,672 | ---- | M | MD5 = 2CC34E8BB667EEF78899546E12649196] (Microsoft Corporation)
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{fbeb8a05-beee-4442-804e-409d6c4515e9}" [HKLM] -> %SystemRoot%\system32\shell32.dll [CDBurn] -> [2008/04/13 16:12:05 | 08,461,312 | ---- | M | MD5 = 0CF50B1F45DAB08430C1DBB79FE2CA5B] (Microsoft Corporation)
"{7849596a-48ea-486e-8937-a2a3009f31a9}" [HKLM] -> %SystemRoot%\system32\shell32.dll [PostBootReminder] -> [2008/04/13 16:12:05 | 08,461,312 | ---- | M | MD5 = 0CF50B1F45DAB08430C1DBB79FE2CA5B] (Microsoft Corporation)
"{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKLM] -> %SystemRoot%\system32\stobject.dll [SysTray] -> [2008/04/13 16:12:07 | 00,121,856 | ---- | M | MD5 = 50512FC9B7878E3C2C147BC17326A7DB] (Microsoft Corporation)
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> %SystemRoot%\system32\webcheck.dll [WebCheck] -> [2008/10/16 12:38:39 | 00,233,472 | ---- | M | MD5 = D0A015B71925EA131FA60D15648B9806] (Microsoft Corporation)
"{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKLM] -> %SystemRoot%\system32\WPDShServiceObj.dll [WPDShServiceObj] -> [2006/10/18 20:47:22 | 00,133,632 | ---- | M | MD5 = 045E228F71C31901084B64BE59093499] (Microsoft Corporation)
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> 
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}" [HKLM] -> %SystemRoot%\system32\browseui.dll [Browseui preloader] -> [2008/04/13 16:11:50 | 01,025,024 | ---- | M | MD5 = E392E172687BE172F8600C5F41AB03D9] (Microsoft Corporation)
"{8C7461EF-2B13-11d2-BE35-3078302C2030}" [HKLM] -> %SystemRoot%\system32\browseui.dll [Component Categories cache daemon] -> [2008/04/13 16:11:50 | 01,025,024 | ---- | M | MD5 = E392E172687BE172F8600C5F41AB03D9] (Microsoft Corporation)
"IPC Configuration Utility" [HKLM] -> Reg Error: Key does not exist or could not be opened. [IPC Configuration Utility] -> File not found
< IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ -> 
Your Image File Name Here without a path -> %SystemRoot%\system32\ntsd.exe [Debugger] -> [2004/08/09 20:00:00 | 00,031,744 | ---- | M | MD5 = 43C797488AED00AE5170B0531F8FC6E9] (Microsoft Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}" [HKLM] -> %SystemRoot%\system32\ddcArQkL.dll [] -> [2009/01/17 13:16:53 | 00,036,352 | ---- | M | Unable to obtain MD5] ()
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> %SystemRoot%\system32\shell32.dll [] -> [2008/04/13 16:12:05 | 08,461,312 | ---- | M | MD5 = 0CF50B1F45DAB08430C1DBB79FE2CA5B] (Microsoft Corporation)
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2007/08/24 07:01:22 | 02,212,224 | ---- | M | MD5 = 32C4927E013C018A13D8DFBDA4148812] (Microsoft Corporation)
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
msapsspc.dll -> %SystemRoot%\system32\msapsspc.dll -> [2008/04/14 04:42:00 | 00,086,016 | ---- | M | MD5 = F24B12786D60A17008319E3F2AEE7799] (Microsoft Corporation)
 schannel.dll -> %SystemRoot%\system32\schannel.dll -> [2008/04/14 04:42:06 | 00,144,384 | ---- | M | MD5 = C61E8ECFFDBF05FF71D079BBD35396B3] (Microsoft Corporation)
 digest.dll -> %SystemRoot%\system32\digest.dll -> [2008/04/14 04:41:54 | 00,068,608 | ---- | M | MD5 = 3D76DD0CBC536E0F8C45D23ED230BEB2] (Microsoft Corporation)
 msnsspc.dll -> %SystemRoot%\system32\msnsspc.dll -> [2008/04/14 04:42:02 | 00,290,816 | ---- | M | MD5 = A4388DF80E52695AE92EE5F3F61F1619] (Microsoft Corporation)
*MultiFile Done* -> -> 
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> [2008/04/14 04:42:02 | 00,132,608 | ---- | M | MD5 = 0F152F4E57FDF9E8E8BDFEA583A4926B] (Microsoft Corporation)
C:\WINDOWS\system32\tuvVnKDv ->  -> File not found
*MultiFile Done* -> -> 
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> [2008/04/13 16:11:56 | 00,299,520 | ---- | M | MD5 = B17DEFD576AE373E7A1A2C75665E4549] (Microsoft Corporation)
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> [2008/04/14 04:42:02 | 00,132,608 | ---- | M | MD5 = 0F152F4E57FDF9E8E8BDFEA583A4926B] (Microsoft Corporation)
schannel -> %SystemRoot%\system32\schannel.dll -> [2008/04/14 04:42:06 | 00,144,384 | ---- | M | MD5 = C61E8ECFFDBF05FF71D079BBD35396B3] (Microsoft Corporation)
wdigest -> %SystemRoot%\system32\wdigest.dll -> [2008/04/13 16:12:08 | 00,049,152 | ---- | M | MD5 = CEFCC6A64983EB8119F3A07A0C1EDE30] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 23:23:34 | 00,558,080 | ---- | M | MD5 = AAC1D4EE39DF138C5D30AC5883E3B59F] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 04:42:36 | 00,141,312 | ---- | M | MD5 = 3C37BF86641BDA977C3BF8A840F3B7FA] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 23:23:34 | 00,558,080 | ---- | M | MD5 = AAC1D4EE39DF138C5D30AC5883E3B59F] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 04:42:36 | 00,141,312 | ---- | M | MD5 = 3C37BF86641BDA977C3BF8A840F3B7FA] (Microsoft Corporation)
"C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\60325cahp25cas.exe" -> C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\60325cahp25cas.exe [C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\60325cahp25cas.exe:*:Enabled:Enabled] -> File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/08/29 09:18:44 | 00,238,888 | ---- | M | MD5 = 9EFE4236F8670846B6E7C5B0EFF6E715] (Apple Inc.)
"C:\Program Files\FlashGet\flashget.exe" -> C:\Program Files\FlashGet\flashget.exe [C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget] -> File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" -> C:\Program Files\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> [2008/01/17 21:25:58 | 00,418,816 | ---- | M | MD5 = 3C7B93F947355E374A49564D0D017B7B] (GRISOFT, s.r.o.)
"C:\Program Files\Grisoft\AVG7\avgcc.exe" -> C:\Program Files\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> [2008/11/16 11:44:21 | 00,590,848 | ---- | M | MD5 = F1B42DE29AF84F24FB59989805B1B62D] (GRISOFT, s.r.o.)
"C:\Program Files\Grisoft\AVG7\avginet.exe" -> C:\Program Files\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> [2008/11/16 11:44:21 | 00,514,560 | ---- | M | MD5 = CA998D11ECD3E3DCFA66329F79243D72] (GRISOFT, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/11/20 13:20:48 | 14,294,824 | ---- | M | MD5 = CAC07ED814F984150C7DA7F292E815AB] (Apple Inc.)
"C:\Program Files\Valve\Steam\SteamApps\kevinsandiego\age of chivalry\hl2.exe" -> C:\Program Files\Valve\Steam\SteamApps\kevinsandiego\age of chivalry\hl2.exe [C:\Program Files\Valve\Steam\SteamApps\kevinsandiego\age of chivalry\hl2.exe:*:Enabled:hl2] -> [2008/10/17 22:43:40 | 00,098,304 | ---- | M | MD5 = DA4A333F57963304FBD65B7170DF10B3] ()
"C:\Program Files\Valve\Steam\SteamApps\kevinsandiego\half-life 2 deathmatch\hl2.exe" -> C:\Program Files\Valve\Steam\SteamApps\kevinsandiego\half-life 2 deathmatch\hl2.exe [C:\Program Files\Valve\Steam\SteamApps\kevinsandiego\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2] -> [2008/12/04 01:24:04 | 00,106,496 | ---- | M | MD5 = 7C271BBD974C760F516F1C9F9B61E0F2] ()
"C:\Program Files\Valve\Steam\SteamApps\kevinsandiego\synergy\hl2.exe" -> C:\Program Files\Valve\Steam\SteamApps\kevinsandiego\synergy\hl2.exe [C:\Program Files\Valve\Steam\SteamApps\kevinsandiego\synergy\hl2.exe:*:Enabled:hl2] -> [2008/10/17 22:48:19 | 00,098,304 | ---- | M | MD5 = DA4A333F57963304FBD65B7170DF10B3] ()
"C:\WINDOWS\system32\dpvsetup.exe" -> C:\WINDOWS\system32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> [2008/04/14 04:42:20 | 00,083,456 | ---- | M | MD5 = EA36B806E30D927F70E24EAF545CCC17] (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" -> C:\WINDOWS\system32\rundll32.exe [C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App] -> [2008/04/13 16:12:33 | 00,033,280 | ---- | M | MD5 = 037B1E7798960E0420003D05BB577EE6] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 23:10:48 | 00,062,976 | ---- | M | MD5 = 1F4260CC5B42272D71F79E570A27A4FE] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2007/01/10 07:07:21 | 00,000,100 | ---- | M | MD5 = E7EB038D6FFE32C75E0509E5212358E1] ()
C:\autorun.inf [] -> %SystemDrive%\autorun.inf [ NTFS ] -> [2008/07/07 16:46:09 | 00,000,000 | RHSD | M]
D:\AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [2001/07/27 08:07:38 | 00,000,000 | -HS- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
D:\autorun.inf [] -> D:\autorun.inf [ FAT32 ] -> [2008/01/13 18:01:50 | 00,000,000 | RHSD | M]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{0f0b169c-16fc-11dd-94ef-0018f3569741}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f0b169c-16fc-11dd-94ef-0018f3569741}\Shell
\{0f0b169c-16fc-11dd-94ef-0018f3569741}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f0b169c-16fc-11dd-94ef-0018f3569741}\Shell\AutoRun
\{0f0b169c-16fc-11dd-94ef-0018f3569741}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f0b169c-16fc-11dd-94ef-0018f3569741}\Shell\AutoRun\command
\{0f0b169c-16fc-11dd-94ef-0018f3569741}\Shell\AutoRun\command\\"" -> J:\LaunchU3.exe [J:\LaunchU3.exe -a] -> File not found
 
 
[Files/Folders - Created Within 30 Days]
BASE -> %UserProfile%\Desktop\BASE -> [2009/01/24 20:00:35 | 00,000,000 | ---D | C]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [2009/01/24 19:51:43 | 00,000,000 | ---D | C]
gmer.exe -> %UserProfile%\Desktop\gmer.exe -> [2009/01/24 19:40:55 | 00,811,008 | ---- | C | MD5 = 76F416201E5008CFBE6E931F8070E548] ()
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [2009/01/24 19:40:54 | 03,048,418 | ---- | C | MD5 = 58BD22B2D2E422CF4D3539A1E7E00265] ()
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/01/24 19:40:54 | 00,781,851 | ---- | C | MD5 = 237969915F26D87AAC7B6E5003C69068] ()
avz.exe -> %UserProfile%\Desktop\avz.exe -> [2009/01/24 19:40:54 | 00,733,696 | ---- | C | MD5 = DAC7D894EC8C7E5746AE3B8941DE7906] (Лаборатория Касперского, 2007)
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/01/24 19:40:54 | 00,485,376 | ---- | C | MD5 = F33A8441F5C3EA4BEF4AD8A1571A5B3B] (OldTimer Tools)
OTMoveIt3.exe -> %UserProfile%\Desktop\OTMoveIt3.exe -> [2009/01/24 19:40:54 | 00,348,160 | ---- | C | MD5 = 6A0DB8F156B2B60E150895994ADA11FC] (OldTimer Tools)
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2009/01/24 19:40:53 | 02,737,800 | ---- | C | MD5 = A5B4FAC4D00C88B53A1303732B67A2CD] (Malwarebytes Corporation									)
f3PSSavr.scr -> %SystemRoot%\System32\f3PSSavr.scr -> [2009/01/23 22:50:24 | 00,028,672 | ---- | C | MD5 = 4CD346697529EFC743A608B2F5D0CC94] (FunWebProducts.com)
FunWebProducts -> %ProgramFiles%\FunWebProducts -> [2009/01/23 22:50:24 | 00,000,000 | ---D | C]
MyWebSearch -> %ProgramFiles%\MyWebSearch -> [2009/01/23 22:50:22 | 00,000,000 | ---D | C]
qbfaea.dll -> %SystemRoot%\System32\qbfaea.dll -> [2009/01/23 22:12:12 | 00,129,024 | ---- | C | MD5 = 2625EB2784A5F292DFE883284B9039EC] ()
asqtwtah.dll -> %SystemRoot%\System32\asqtwtah.dll -> [2009/01/23 22:12:11 | 00,129,024 | ---- | C | MD5 = 2625EB2784A5F292DFE883284B9039EC] ()
jemjllka.ini -> %SystemRoot%\System32\jemjllka.ini -> [2009/01/23 22:10:02 | 01,434,951 | -HS- | C | MD5 = 5E17AAC77EC8637DFC4D27365DFE3916] ()
aklljmej.dll -> %SystemRoot%\System32\aklljmej.dll -> [2009/01/23 22:09:58 | 00,072,704 | ---- | C | MD5 = 1F48DFD48CA0A50CE0F7CE32CA927364] ()
lwuofd.dll -> %SystemRoot%\System32\lwuofd.dll -> [2009/01/22 07:28:14 | 00,129,024 | ---- | C | MD5 = 38F27FD770AA23D2C89B7A7791E22607] ()
bjcwdfyj.dll -> %SystemRoot%\System32\bjcwdfyj.dll -> [2009/01/22 07:28:11 | 00,129,024 | ---- | C | MD5 = 38F27FD770AA23D2C89B7A7791E22607] ()
efienhja.ini -> %SystemRoot%\System32\efienhja.ini -> [2009/01/22 07:25:13 | 01,436,184 | -HS- | C | MD5 = 9CE6B6FCB57B34FAA32E9BD0D3F5826B] ()
ajhneife.dll -> %SystemRoot%\System32\ajhneife.dll -> [2009/01/22 07:25:11 | 00,072,704 | ---- | C | MD5 = AA52EB379B6E4435AE937A74259FB36A] ()
bvpupcvr.dll -> %SystemRoot%\System32\bvpupcvr.dll -> [2009/01/22 07:22:11 | 00,075,776 | ---- | C | MD5 = E6137BCF67415806CCAE7777004FF4EC] ()
NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [2009/01/20 15:43:28 | 00,000,622 | ---- | C | MD5 = CDA72A23468BDBAE83519134865C3785] ()
ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2009/01/20 15:43:28 | 00,000,603 | ---- | C | MD5 = 75E1B7B44B8166D9FF20822DB37AED87] ()
ERUNT -> %ProgramFiles%\ERUNT -> [2009/01/20 15:43:27 | 00,000,000 | ---D | C]
erunt-setup.exe -> %UserProfile%\Desktop\erunt-setup.exe -> [2009/01/20 15:42:15 | 00,791,393 | ---- | C | MD5 = 933169EEE58B90EB0900CD3B0AF02FD8] (Lars Hederer												)
fixes.docx -> %UserProfile%\Desktop\fixes.docx -> [2009/01/20 15:30:23 | 00,083,654 | ---- | C | MD5 = 77AA0CB58E75051BF7ACB1C99F2CEF1B] ()
gctfvv.dll -> %SystemRoot%\System32\gctfvv.dll -> [2009/01/19 12:33:31 | 00,129,024 | ---- | C | MD5 = 1270C1CDEECA4F79DA9D528A18A6A4E4] ()
tbxaxmbw.dll -> %SystemRoot%\System32\tbxaxmbw.dll -> [2009/01/19 12:33:29 | 00,129,024 | ---- | C | MD5 = 1270C1CDEECA4F79DA9D528A18A6A4E4] ()
uregvsyy.ini -> %SystemRoot%\System32\uregvsyy.ini -> [2009/01/19 12:30:30 | 01,436,184 | -HS- | C | MD5 = 9CE6B6FCB57B34FAA32E9BD0D3F5826B] ()
eajjwc.dll -> %SystemRoot%\System32\eajjwc.dll -> [2009/01/18 13:27:32 | 00,129,024 | ---- | C | MD5 = 5115EA4942F9EAF63FFF92C4B5BFAD70] ()
mklloqbi.dll -> %SystemRoot%\System32\mklloqbi.dll -> [2009/01/18 13:27:29 | 00,129,024 | ---- | C | MD5 = 5115EA4942F9EAF63FFF92C4B5BFAD70] ()
fjmpqsfy.ini -> %SystemRoot%\System32\fjmpqsfy.ini -> [2009/01/18 13:24:30 | 01,403,911 | -HS- | C | MD5 = 6B7F0C2D123F95147F0171C25F7C9EE2] ()
PIF -> %SystemRoot%\PIF -> [2009/01/18 10:21:31 | 00,000,000 | -H-D | C]
kerccaxg.ini -> %SystemRoot%\System32\kerccaxg.ini -> [2009/01/17 13:23:06 | 01,403,911 | -HS- | C | MD5 = 6B7F0C2D123F95147F0171C25F7C9EE2] ()
vDKnVvut.ini -> %SystemRoot%\System32\vDKnVvut.ini -> [2009/01/17 13:22:00 | 00,030,133 | -HS- | C | MD5 = 9FEB6BD9F141D855013EBD14D1AA4BEA] ()
mkglzdno.job -> %SystemRoot%\tasks\mkglzdno.job -> [2009/01/17 13:16:56 | 00,000,338 | ---- | C | MD5 = 2E5A69814741BEA8ED097BDCF5A1856F] ()
ddcArQkL.dll -> %SystemRoot%\System32\ddcArQkL.dll -> [2009/01/17 13:16:53 | 00,036,352 | ---- | C | Unable to obtain MD5] ()
ctmasetp.dll -> %SystemRoot%\System32\dllcache\ctmasetp.dll -> [2009/01/11 01:05:56 | 00,249,856 | ---- | C | MD5 = 4CEC096242A008DF9A07E2B0708C86E1] (Comtrol® Corporation)
compbatt.sys -> %SystemRoot%\System32\dllcache\compbatt.sys -> [2009/01/11 01:05:46 | 00,010,240 | ---- | C | MD5 = 6E4C9F21F0FAE8940661144F41B13203] (Microsoft Corporation)
cmbatt.sys -> %SystemRoot%\System32\dllcache\cmbatt.sys -> [2009/01/11 01:05:42 | 00,013,952 | ---- | C | MD5 = 0F6C187D38D98F8DF904589A5F94D411] (Microsoft Corporation)
changer.sys -> %SystemRoot%\System32\dllcache\changer.sys -> [2009/01/11 01:05:35 | 00,008,192 | ---- | C | MD5 = 2A5815CA6FFF24B688C01F828B96819C] (Microsoft Corporation)
ccdecode.sys -> %SystemRoot%\System32\dllcache\ccdecode.sys -> [2009/01/11 01:05:31 | 00,017,024 | ---- | C | MD5 = 0BE5AEF125BE881C4F854C554F2B025C] (Microsoft Corporation)
camext30.dll -> %SystemRoot%\System32\dllcache\camext30.dll -> [2009/01/11 01:05:26 | 00,121,856 | ---- | C | MD5 = 51BAF885D8BE3AD9693E04FF53B3A1F4] (Microsoft Corporation)
bdaplgin.ax -> %SystemRoot%\System32\dllcache\bdaplgin.ax -> [2009/01/11 01:05:00 | 00,018,432 | ---- | C | MD5 = 215D2C75E58774A0FAD6FC345FA84643] (Microsoft Corporation)
bdasup.sys -> %SystemRoot%\System32\dllcache\bdasup.sys -> [2009/01/11 01:05:00 | 00,011,776 | ---- | C | MD5 = 56B7F78228CC41FFA1F5BDF3AF799D19] (Microsoft Corporation)
battc.sys -> %SystemRoot%\System32\dllcache\battc.sys -> [2009/01/11 01:04:57 | 00,014,208 | ---- | C | MD5 = 0D93976F7801B7FCD8135CC77257BBD0] (Microsoft Corporation)
avcstrm.sys -> %SystemRoot%\System32\dllcache\avcstrm.sys -> [2009/01/11 01:04:53 | 00,013,696 | ---- | C | MD5 = E625773D7B950842D582F713656859C0] (Microsoft Corporation)
avc.sys -> %SystemRoot%\System32\dllcache\avc.sys -> [2009/01/11 01:04:52 | 00,038,912 | ---- | C | MD5 = F8E6956A614F15A0860474C5E2A7DE6B] (Microsoft Corporation)
61883.sys -> %SystemRoot%\System32\dllcache\61883.sys -> [2009/01/11 01:04:26 | 00,048,128 | ---- | C | MD5 = 914A9709FC3BF419AD2F85547F2A4832] (Microsoft Corporation)
4mmdat.sys -> %SystemRoot%\System32\dllcache\4mmdat.sys -> [2009/01/11 01:04:26 | 00,012,288 | ---- | C | MD5 = 7E14BAD6CBC8EE6857902E33128E6DF2] (Microsoft Corporation)
config.cfg -> %AppData%\config.cfg -> [2009/01/11 00:20:20 | 00,000,027 | ---- | C | MD5 = 70B66FFE5F1498AC5F3D26058DC73CAC] ()
~tmp.html -> %AppData%\~tmp.html -> [2009/01/11 00:20:19 | 00,041,218 | ---- | C | MD5 = 80342563904C5C68D2B6CC556E2A3CF6] ()
SYSREST -> %SystemDrive%\SYSREST -> [2009/01/10 23:56:45 | 00,000,018 | -H-- | C | MD5 = 6E1BE1A042C371F36C258D3C18730BCB] ()
Google -> %AppData%\Google -> [2009/01/08 05:44:09 | 00,000,000 | ---D | C]
Google -> %UserProfile%\Local Settings\Application Data\Google -> [2009/01/08 05:43:51 | 00,000,000 | ---D | C]
Google Updater -> %AllUsersProfile%\Application Data\Google Updater -> [2009/01/08 05:42:53 | 00,000,000 | ---D | C]
Google -> %ProgramFiles%\Google -> [2009/01/08 05:42:52 | 00,000,000 | ---D | C]
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/01/08 05:27:08 | 00,000,178 | -HS- | C | MD5 = CBDA6984D2ECC537AEF07205AE001013] ()
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2008/12/30 03:17:10 | 02,110,804 | -H-- | C | MD5 = 75213AA5FFF2E9DD74A314CE35B8F26A] ()
 
[Files/Folders - Modified Within 30 Days]
mkglzdno.job -> %SystemRoot%\tasks\mkglzdno.job -> [2009/01/24 20:00:00 | 00,000,338 | ---- | M | MD5 = 2E5A69814741BEA8ED097BDCF5A1856F] ()
hpsysdrv.DAT -> %SystemRoot%\System\hpsysdrv.DAT -> [2009/01/24 19:58:30 | 00,000,186 | ---- | M | MD5 = BD0743584EF079DBB9FB8144D51D7F82] ()
nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [2009/01/24 19:58:06 | 00,043,531 | ---- | M | MD5 = E868CAAA68EB92C70D07B66E0F938269] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/01/24 19:58:01 | 00,001,158 | ---- | M | MD5 = 6B3A16CE0A89D0964CFC1DD9604C4C3A] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/01/24 19:57:20 | 00,000,006 | -H-- | M | MD5 = F1A6CD5ADAAB953A6764EA364E17BFB8] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/01/24 19:57:18 | 00,002,048 | --S- | M | MD5 = 6A2CB42966136854F4464516FBB4AE72] ()
ntuser.dat -> %UserProfile%\ntuser.dat -> [2009/01/24 19:56:23 | 09,699,328 | ---- | M | Unable to obtain MD5] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/01/24 19:56:23 | 00,000,178 | -HS- | M | MD5 = CBDA6984D2ECC537AEF07205AE001013] ()
vDKnVvut.ini -> %SystemRoot%\System32\vDKnVvut.ini -> [2009/01/24 19:51:36 | 00,030,133 | -HS- | M | MD5 = 9FEB6BD9F141D855013EBD14D1AA4BEA] ()
avz.exe -> %UserProfile%\Desktop\avz.exe -> [2009/01/24 13:41:10 | 00,733,696 | ---- | M | MD5 = DAC7D894EC8C7E5746AE3B8941DE7906] (Лаборатория Касперского, 2007)
OTMoveIt3.exe -> %UserProfile%\Desktop\OTMoveIt3.exe -> [2009/01/24 13:38:14 | 00,348,160 | ---- | M | MD5 = 6A0DB8F156B2B60E150895994ADA11FC] (OldTimer Tools)
gmer.exe -> %UserProfile%\Desktop\gmer.exe -> [2009/01/24 13:37:00 | 00,811,008 | ---- | M | MD5 = 76F416201E5008CFBE6E931F8070E548] ()
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/01/24 13:36:14 | 00,781,851 | ---- | M | MD5 = 237969915F26D87AAC7B6E5003C69068] ()
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2009/01/24 13:35:18 | 02,737,800 | ---- | M | MD5 = A5B4FAC4D00C88B53A1303732B67A2CD] (Malwarebytes Corporation									)
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [2009/01/24 13:33:20 | 03,048,418 | ---- | M | MD5 = 58BD22B2D2E422CF4D3539A1E7E00265] ()
ACD Wallpaper.bmp -> %SystemRoot%\ACD Wallpaper.bmp -> [2009/01/24 08:25:07 | 00,045,598 | ---- | M | MD5 = 6D9FD3D7DB1F6CCF36BDC02318DE36EB] ()
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/01/23 23:01:26 | 00,004,232 | ---- | M | MD5 = EF2EF49229A3C9A5B916DA88B98EACE9] ()
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/01/23 23:00:39 | 00,005,221 | ---- | M | MD5 = 925996909F20174E91BC76803029FDD8] ()
f3PSSavr.scr -> %SystemRoot%\System32\f3PSSavr.scr -> [2009/01/23 22:50:22 | 00,028,672 | ---- | M | MD5 = 4CD346697529EFC743A608B2F5D0CC94] (FunWebProducts.com)
qbfaea.dll -> %SystemRoot%\System32\qbfaea.dll -> [2009/01/23 22:12:12 | 00,129,024 | ---- | M | MD5 = 2625EB2784A5F292DFE883284B9039EC] ()
asqtwtah.dll -> %SystemRoot%\System32\asqtwtah.dll -> [2009/01/23 22:12:12 | 00,129,024 | ---- | M | MD5 = 2625EB2784A5F292DFE883284B9039EC] ()
jemjllka.ini -> %SystemRoot%\System32\jemjllka.ini -> [2009/01/23 22:10:05 | 01,434,951 | -HS- | M | MD5 = 5E17AAC77EC8637DFC4D27365DFE3916] ()
aklljmej.dll -> %SystemRoot%\System32\aklljmej.dll -> [2009/01/23 22:10:00 | 00,072,704 | ---- | M | MD5 = 1F48DFD48CA0A50CE0F7CE32CA927364] ()
lwuofd.dll -> %SystemRoot%\System32\lwuofd.dll -> [2009/01/22 07:28:14 | 00,129,024 | ---- | M | MD5 = 38F27FD770AA23D2C89B7A7791E22607] ()
bjcwdfyj.dll -> %SystemRoot%\System32\bjcwdfyj.dll -> [2009/01/22 07:28:14 | 00,129,024 | ---- | M | MD5 = 38F27FD770AA23D2C89B7A7791E22607] ()
efienhja.ini -> %SystemRoot%\System32\efienhja.ini -> [2009/01/22 07:25:24 | 01,436,184 | -HS- | M | MD5 = 9CE6B6FCB57B34FAA32E9BD0D3F5826B] ()
ajhneife.dll -> %SystemRoot%\System32\ajhneife.dll -> [2009/01/22 07:25:13 | 00,072,704 | ---- | M | MD5 = AA52EB379B6E4435AE937A74259FB36A] ()
bvpupcvr.dll -> %SystemRoot%\System32\bvpupcvr.dll -> [2009/01/22 07:22:13 | 00,075,776 | ---- | M | MD5 = E6137BCF67415806CCAE7777004FF4EC] ()
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2009/01/21 20:08:01 | 00,000,284 | ---- | M | MD5 = 4EE490F6EBBBE9517EF6A6D86F02A6CE] ()
uregvsyy.ini -> %SystemRoot%\System32\uregvsyy.ini -> [2009/01/21 15:25:36 | 01,436,184 | -HS- | M | MD5 = 9CE6B6FCB57B34FAA32E9BD0D3F5826B] ()
NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [2009/01/20 15:43:28 | 00,000,622 | ---- | M | MD5 = CDA72A23468BDBAE83519134865C3785] ()
ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2009/01/20 15:43:28 | 00,000,603 | ---- | M | MD5 = 75E1B7B44B8166D9FF20822DB37AED87] ()
erunt-setup.exe -> %UserProfile%\Desktop\erunt-setup.exe -> [2009/01/20 15:42:15 | 00,791,393 | ---- | M | MD5 = 933169EEE58B90EB0900CD3B0AF02FD8] (Lars Hederer												)
fixes.docx -> %UserProfile%\Desktop\fixes.docx -> [2009/01/20 15:07:42 | 00,083,654 | ---- | M | MD5 = 77AA0CB58E75051BF7ACB1C99F2CEF1B] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/01/20 02:03:15 | 00,167,936 | ---- | M | MD5 = 6BB281AAA444166F9DF77B1D0BC27874] ()
tbxaxmbw.dll -> %SystemRoot%\System32\tbxaxmbw.dll -> [2009/01/19 12:33:30 | 00,129,024 | ---- | M | MD5 = 1270C1CDEECA4F79DA9D528A18A6A4E4] ()
gctfvv.dll -> %SystemRoot%\System32\gctfvv.dll -> [2009/01/19 12:33:30 | 00,129,024 | ---- | M | MD5 = 1270C1CDEECA4F79DA9D528A18A6A4E4] ()
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/01/19 01:11:00 | 00,085,040 | ---- | M | MD5 = 2A1E522D41C628C44133528F7121B329] ()
mklloqbi.dll -> %SystemRoot%\System32\mklloqbi.dll -> [2009/01/18 13:27:32 | 00,129,024 | ---- | M | MD5 = 5115EA4942F9EAF63FFF92C4B5BFAD70] ()
eajjwc.dll -> %SystemRoot%\System32\eajjwc.dll -> [2009/01/18 13:27:32 | 00,129,024 | ---- | M | MD5 = 5115EA4942F9EAF63FFF92C4B5BFAD70] ()
fjmpqsfy.ini -> %SystemRoot%\System32\fjmpqsfy.ini -> [2009/01/18 13:24:37 | 01,403,911 | -HS- | M | MD5 = 6B7F0C2D123F95147F0171C25F7C9EE2] ()
kerccaxg.ini -> %SystemRoot%\System32\kerccaxg.ini -> [2009/01/18 13:23:42 | 01,403,911 | -HS- | M | MD5 = 6B7F0C2D123F95147F0171C25F7C9EE2] ()
ddcArQkL.dll -> %SystemRoot%\System32\ddcArQkL.dll -> [2009/01/17 13:16:53 | 00,036,352 | ---- | M | Unable to obtain MD5] ()
win.ini -> %SystemRoot%\win.ini -> [2009/01/15 13:16:45 | 00,000,526 | ---- | M | MD5 = 5E353A78087A4002F02782D03455BAC7] ()
system.ini -> %SystemRoot%\system.ini -> [2009/01/15 13:16:45 | 00,000,227 | ---- | M | MD5 = F4D021E764F6FA554606F4A735A3151B] ()
boot.ini -> %SystemDrive%\boot.ini -> [2009/01/15 13:16:45 | 00,000,208 | RHS- | M | MD5 = 7D10C4963852297CCBBC61CAF30C4165] ()
~tmp.html -> %AppData%\~tmp.html -> [2009/01/11 00:20:20 | 00,041,218 | ---- | M | MD5 = 80342563904C5C68D2B6CC556E2A3CF6] ()
config.cfg -> %AppData%\config.cfg -> [2009/01/11 00:20:20 | 00,000,027 | ---- | M | MD5 = 70B66FFE5F1498AC5F3D26058DC73CAC] ()
SYSREST -> %SystemDrive%\SYSREST -> [2009/01/10 23:56:45 | 00,000,018 | -H-- | M | MD5 = 6E1BE1A042C371F36C258D3C18730BCB] ()
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2009/01/09 17:35:28 | 20,853,704 | ---- | M | MD5 = CD65A16E22B9036C631339C74E85AE87] (Microsoft Corporation)
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/01/09 09:03:22 | 00,485,376 | ---- | M | MD5 = F33A8441F5C3EA4BEF4AD8A1571A5B3B] (OldTimer Tools)
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2009/01/08 06:36:44 | 02,110,804 | -H-- | M | MD5 = 75213AA5FFF2E9DD74A314CE35B8F26A] ()
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2009/01/08 05:28:31 | 00,000,069 | ---- | M | MD5 = 4CE91CEDF6EC0F5FDFF2B6E2DB4E520A] ()
wklntsk1.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wklntsk1.dat -> [2007/05/10 22:35:10 | 00,166,221 | ---- | M | MD5 = FCF5900E146B641F008B5A302DD308A4] ()
wkcalcat.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wkcalcat.dat -> [2007/05/10 22:35:05 | 00,016,384 | ---- | M | MD5 = DE2630981245E15BB1698432E204E8DD] ()
opa12.dat -> %AllUsersProfile%\Application Data\Microsoft\Office\Data\opa12.dat -> [2007/03/19 15:31:20 | 00,008,206 | ---- | M | MD5 = 0E7E24ED21BD5DA96B0D882D5A043AD4] ()
data.dat -> %AllUsersProfile%\Application Data\Microsoft\Office\Data\data.dat -> [2007/03/12 08:37:12 | 00,004,214 | ---- | M | MD5 = 55B5A36927F3ACE0B0FE80B514FF0056] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
[CatchMe Rootkit Scan by GMER]
Rootkit scan error - could not find scan log
Rootkit scan error - could not find scan log
 
< End of report >
______________________________________________________________
Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2009-01-24 20:04:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:04:26 PM, on 1/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\hid.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\Tray.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\HP_Administrator\Desktop\=\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_ADM~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: {3b656ffa-f417-343b-50e4-d5648dbbc3f0} - {0f3cbbd8-465d-4e05-b343-714faff656b3} - C:\WINDOWS\system32\qbfaea.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddcArQkL.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {AA31F92A-B573-4819-8DF2-FFF853AB7E56} - C:\WINDOWS\system32\tuvVnKDv.dll (file missing)
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: {8ee8} - {d2e37dba-818d-4bc6-98b1-6f29a22d4c11} - C:\WINDOWS\system32\bvpupcvr.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HP VoodooDNA Mouse] "C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\hid.exe"
O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\system32\3com_dmif.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [40553691] rundll32.exe "C:\WINDOWS\system32\aklljmej.dll",b
O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\system32\3com_dmif.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\system32\3com_dmif.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\system32\3com_dmif.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: ddcArQkL - C:\WINDOWS\SYSTEM32\ddcArQkL.dll
O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe

--
End of file - 7557 bytes

-- Files created between 2008-12-24 and 2009-01-24 -----------------------------

2009-01-23 22:50:24 28672 --a------ C:\WINDOWS\system32\f3PSSavr.scr <Not Verified; FunWebProducts.com; Popular Screensavers>
2009-01-23 22:50:24 0 d-------- C:\Program Files\FunWebProducts
2009-01-23 22:50:22 0 d-------- C:\Program Files\MyWebSearch
2009-01-23 22:12:12 129024 --a------ C:\WINDOWS\system32\qbfaea.dll
2009-01-23 22:12:11 129024 --a------ C:\WINDOWS\system32\asqtwtah.dll
2009-01-23 22:09:58 72704 --a------ C:\WINDOWS\system32\aklljmej.dll
2009-01-22 07:28:14 129024 --a------ C:\WINDOWS\system32\lwuofd.dll
2009-01-22 07:28:11 129024 --a------ C:\WINDOWS\system32\bjcwdfyj.dll
2009-01-22 07:25:11 72704 --a------ C:\WINDOWS\system32\ajhneife.dll
2009-01-22 07:22:11 75776 --a------ C:\WINDOWS\system32\bvpupcvr.dll
2009-01-19 12:33:31 129024 --a------ C:\WINDOWS\system32\gctfvv.dll
2009-01-19 12:33:29 129024 --a------ C:\WINDOWS\system32\tbxaxmbw.dll
2009-01-18 13:27:32 129024 --a------ C:\WINDOWS\system32\eajjwc.dll
2009-01-18 13:27:29 129024 --a------ C:\WINDOWS\system32\mklloqbi.dll
2009-01-18 10:21:31 0 d--h----- C:\WINDOWS\PIF
2009-01-17 13:16:53 36352 --a------ C:\WINDOWS\system32\ddcArQkL.dll
2009-01-10 23:56:45 18 --ah----- C:\SYSREST
2009-01-08 05:44:09 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Google
2009-01-08 05:42:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-01-08 05:42:52 0 d-------- C:\Program Files\Google


-- Find3M Report ---------------------------------------------------------------

2009-01-24 12:05:50 0 d-------- C:\Program Files\Flock
2009-01-18 10:21:19 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\AVG7
2009-01-11 00:20:20 27 --a------ C:\Documents and Settings\HP_Administrator\Application Data\config.cfg
2009-01-11 00:20:20 41218 --a------ C:\Documents and Settings\HP_Administrator\Application Data\~tmp.html
2009-01-03 00:10:00 0 d-------- C:\Program Files\Advanced Registry Optimizer
2008-12-09 01:03:09 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Real
2008-12-09 01:02:56 0 d-------- C:\Program Files\Common Files
2008-12-09 01:02:56 0 d-------- C:\Program Files\Common Files\xing shared
2008-12-09 01:02:52 0 d-------- C:\Program Files\Common Files\Real
2008-12-09 01:02:38 0 d-------- C:\Program Files\Real
2008-12-07 12:35:42 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Move Networks
2008-12-05 13:27:51 0 d-------- C:\Program Files\Java
2008-11-26 20:14:27 0 d-------- C:\Program Files\iTunes
2008-11-26 20:14:08 0 d-------- C:\Program Files\iPod
2008-11-26 20:12:59 0 d-------- C:\Program Files\QuickTime
2008-11-26 20:12:22 0 d-------- C:\Program Files\Common Files\Apple
2008-11-26 20:09:29 0 d-------- C:\Program Files\Safari
2008-11-26 15:10:04 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla
2008-11-24 22:40:54 0 d-------- C:\Program Files\HP Laser Gaming Mouse with VoodooDNA
2008-11-24 22:40:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-11-24 22:40:41 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\InstallShield
2008-11-03 17:08:53 66932 --ah----- C:\WINDOWS\system32\mlfcache.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0f3cbbd8-465d-4e05-b343-714faff656b3}]
01/23/2009 10:12 PM 129024 --a------ C:\WINDOWS\system32\qbfaea.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
01/17/2009 01:16 PM 36352 --a------ C:\WINDOWS\system32\ddcArQkL.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA31F92A-B573-4819-8DF2-FFF853AB7E56}]
C:\WINDOWS\system32\tuvVnKDv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d2e37dba-818d-4bc6-98b1-6f29a22d4c11}]
01/22/2009 07:22 AM 75776 --a------ C:\WINDOWS\system32\bvpupcvr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
12/05/2008 01:27 PM 34816 --a------ C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
12/05/2008 01:27 PM 73728 --a------ C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [11/16/2008 11:44 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/09/2006 07:50 AM]
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [11/21/2006 04:08 PM]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/15/2006 03:34 PM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [05/08/2007 03:24 PM]
"ftutil2"="ftutil2.dll" [06/07/2004 06:05 AM C:\WINDOWS\system32\ftutil2.dll]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 02:01 PM]
"HP VoodooDNA Mouse"="C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\hid.exe" [08/01/2008 09:55 AM]
"UpdateWin"="C:\WINDOWS\system32\3com_dmif.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/09/2008 01:02 AM]
"MyWebSearch Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL" [01/23/2009 10:50 PM]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" [01/23/2009 10:50 PM]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [01/23/2009 10:50 PM]
"40553691"="C:\WINDOWS\system32\aklljmej.dll" [01/23/2009 10:10 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [01/23/2009 10:50 PM]
"UpdateWin"="C:\WINDOWS\system32\3com_dmif.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"UpdateWin"=C:\WINDOWS\system32\3com_dmif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"UpdateWin"=C:\WINDOWS\system32\3com_dmif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=1 (0x1)
"NoActiveDesktopChanges"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=1 (0x1)
"NoActiveDesktopChanges"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\ddcArQkL.dll [01/17/2009 01:16 PM 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcArQkL]
ddcArQkL.dll 01/17/2009 01:16 PM 36352 C:\WINDOWS\system32\ddcArQkL.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\tuvVnKDv
"UpdateWin"= C:\WINDOWS\system32\3com_dmif.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\ WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=C:\WINDOWS\pss\Updates From HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Thoosje Sidebar.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Thoosje Sidebar.lnk
backup=C:\WINDOWS\pss\Thoosje Sidebar.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
ARPWRMSG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
"C:\Program Files\lg_fwupdate\fwupdate.exe" blrun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetscapeClient]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\netw]
C:\WINDOWS\svw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\odb]
C:\WINDOWS\odb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
"C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherDPA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NSCService"=3 (0x3)
"navapsvc"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WinDefend"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"NVSvc"=2 (0x2)
"CCALib8"=2 (0x2)
"GameConsoleService"=3 (0x3)
"RichVideo"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"InCDsrv"=2 (0x2)
"Bonjour Service"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"getPlus® Helper"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"gusvc"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f0b169c-16fc-11dd-94ef-0018f3569741}]
AutoRun\command- J:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2009-01-24 20:05:07 ------------

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 25 January 2009 - 03:42 PM

Hello.. First of all, I didn't ask you to run OTScanIT2... Who asked you to run that?.. Have you run the AVZ step as per asked?.. I still can see your SafeBootKey is faulty...


Since you already have OTScanIt2, lets do this...


Open the OTScanIt folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).

Copy/Paste the information in the codebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - All]
YY -> m3srchmn.exe -> %ProgramFiles%\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
YY -> mwsoemon.exe -> %ProgramFiles%\MyWebSearch\bar\1.bin\MWSOEMON.EXE
[Win32 Services - All]
YY -> (MyWebSearchService) My Web Search Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\MyWebSearch\bar\1.bin\MWSSVC.EXE
[Registry - All]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> 
YY -> HKEY_CURRENT_USER\: URLSearchHooks\\"{00A6FAF6-072E-44cf-8957-5838F569A31D}" [HKLM] -> %ProgramFiles%\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL []
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> 
YY -> HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{00A6FAF6-072E-44cf-8957-5838F569A31D}" [HKLM] -> %ProgramFiles%\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL []
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> 
YY -> HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{00A6FAF6-072E-44cf-8957-5838F569A31D}" [HKLM] -> %ProgramFiles%\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL []
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\] > -> 
YY -> HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\: URLSearchHooks\\"{00A6FAF6-072E-44cf-8957-5838F569A31D}" [HKLM] -> %ProgramFiles%\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL []
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {00A6FAF1-072E-44cf-8957-5838F569A31D} [HKLM] -> %ProgramFiles%\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL [MyWebSearch Search Assistant BHO]
YY -> {07B18EA1-A523-4961-B6BB-170DE4475CCA} [HKLM] -> %ProgramFiles%\MyWebSearch\bar\1.bin\MWSBAR.DLL [mwsBar BHO]
YY -> {0f3cbbd8-465d-4e05-b343-714faff656b3} [HKLM] -> %SystemRoot%\system32\qbfaea.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} [HKLM] -> %SystemRoot%\system32\ddcArQkL.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {AA31F92A-B573-4819-8DF2-FFF853AB7E56} [HKLM] -> %SystemRoot%\system32\tuvVnKDv.dll [Reg Error: Value  does not exist or could not be read.]
YY -> {d2e37dba-818d-4bc6-98b1-6f29a22d4c11} [HKLM] -> %SystemRoot%\system32\bvpupcvr.dll [Reg Error: Value  does not exist or could not be read.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YY -> "{07B18EA9-A523-4961-B6BB-170DE4475CCA}" [HKLM] -> %ProgramFiles%\MyWebSearch\bar\1.bin\MWSBAR.DLL [My Web Search]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "40553691" -> %SystemRoot%\system32\aklljmej.dll [rundll32.exe "C:\WINDOWS\system32\aklljmej.dll",b]
YY -> "My Web Search Bar Search Scope Monitor" -> %ProgramFiles%\MyWebSearch\bar\1.bin\M3SRCHMN.EXE ["C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w]
YY -> "MyWebSearch Email Plugin" -> %ProgramFiles%\MyWebSearch\bar\1.bin\MWSOEMON.EXE [C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe]
YY -> "MyWebSearch Plugin" -> %ProgramFiles%\MyWebSearch\bar\1.bin\M3PLUGIN.DLL [rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF]
YN -> "UpdateWin" -> %SystemRoot%\system32\3com_dmif.exe [C:\WINDOWS\system32\3com_dmif.exe]
< RunServices [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
YN -> "UpdateWin" -> %SystemRoot%\system32\3com_dmif.exe [C:\WINDOWS\system32\3com_dmif.exe]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "MyWebSearch Email Plugin" -> %ProgramFiles%\MyWebSearch\bar\1.bin\MWSOEMON.EXE [C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe]
YN -> "UpdateWin" -> %SystemRoot%\system32\3com_dmif.exe [C:\WINDOWS\system32\3com_dmif.exe]
< RunServices [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
YN -> "UpdateWin" -> %SystemRoot%\system32\3com_dmif.exe [C:\WINDOWS\system32\3com_dmif.exe]
< Run [HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\] > -> HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "MyWebSearch Email Plugin" -> %ProgramFiles%\MyWebSearch\bar\1.bin\MWSOEMON.EXE [C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe]
YN -> "UpdateWin" -> %SystemRoot%\system32\3com_dmif.exe [C:\WINDOWS\system32\3com_dmif.exe]
< RunServices [HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\] > -> HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
YN -> "UpdateWin" -> %SystemRoot%\system32\3com_dmif.exe [C:\WINDOWS\system32\3com_dmif.exe]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}" [HKLM] -> %SystemRoot%\system32\ddcArQkL.dll []
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\tuvVnKDv -> 
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\60325cahp25cas.exe" -> C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\60325cahp25cas.exe [C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\60325cahp25cas.exe:*:Enabled:Enabled]
[Files/Folders - Created Within 30 Days]
NY -> f3PSSavr.scr -> %SystemRoot%\System32\f3PSSavr.scr
NY -> FunWebProducts -> %ProgramFiles%\FunWebProducts
NY -> MyWebSearch -> %ProgramFiles%\MyWebSearch
NY -> qbfaea.dll -> %SystemRoot%\System32\qbfaea.dll
NY -> asqtwtah.dll -> %SystemRoot%\System32\asqtwtah.dll
NY -> jemjllka.ini -> %SystemRoot%\System32\jemjllka.ini
NY -> aklljmej.dll -> %SystemRoot%\System32\aklljmej.dll
NY -> lwuofd.dll -> %SystemRoot%\System32\lwuofd.dll
NY -> bjcwdfyj.dll -> %SystemRoot%\System32\bjcwdfyj.dll
NY -> efienhja.ini -> %SystemRoot%\System32\efienhja.ini
NY -> ajhneife.dll -> %SystemRoot%\System32\ajhneife.dll
NY -> bvpupcvr.dll -> %SystemRoot%\System32\bvpupcvr.dll
NY -> gctfvv.dll -> %SystemRoot%\System32\gctfvv.dll
NY -> tbxaxmbw.dll -> %SystemRoot%\System32\tbxaxmbw.dll
NY -> uregvsyy.ini -> %SystemRoot%\System32\uregvsyy.ini
NY -> eajjwc.dll -> %SystemRoot%\System32\eajjwc.dll
NY -> mklloqbi.dll -> %SystemRoot%\System32\mklloqbi.dll
NY -> fjmpqsfy.ini -> %SystemRoot%\System32\fjmpqsfy.ini
NY -> kerccaxg.ini -> %SystemRoot%\System32\kerccaxg.ini
NY -> vDKnVvut.ini -> %SystemRoot%\System32\vDKnVvut.ini
NY -> mkglzdno.job -> %SystemRoot%\tasks\mkglzdno.job
NY -> ddcArQkL.dll -> %SystemRoot%\System32\ddcArQkL.dll
[Files/Folders - Modified Within 30 Days]
NY -> mkglzdno.job -> %SystemRoot%\tasks\mkglzdno.job
NY -> vDKnVvut.ini -> %SystemRoot%\System32\vDKnVvut.ini
NY -> f3PSSavr.scr -> %SystemRoot%\System32\f3PSSavr.scr
NY -> qbfaea.dll -> %SystemRoot%\System32\qbfaea.dll
NY -> asqtwtah.dll -> %SystemRoot%\System32\asqtwtah.dll
NY -> jemjllka.ini -> %SystemRoot%\System32\jemjllka.ini
NY -> aklljmej.dll -> %SystemRoot%\System32\aklljmej.dll
NY -> lwuofd.dll -> %SystemRoot%\System32\lwuofd.dll
NY -> bjcwdfyj.dll -> %SystemRoot%\System32\bjcwdfyj.dll
NY -> efienhja.ini -> %SystemRoot%\System32\efienhja.ini
NY -> ajhneife.dll -> %SystemRoot%\System32\ajhneife.dll
NY -> bvpupcvr.dll -> %SystemRoot%\System32\bvpupcvr.dll
NY -> uregvsyy.ini -> %SystemRoot%\System32\uregvsyy.ini
NY -> DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
NY -> tbxaxmbw.dll -> %SystemRoot%\System32\tbxaxmbw.dll
NY -> gctfvv.dll -> %SystemRoot%\System32\gctfvv.dll
NY -> mklloqbi.dll -> %SystemRoot%\System32\mklloqbi.dll
NY -> eajjwc.dll -> %SystemRoot%\System32\eajjwc.dll
NY -> fjmpqsfy.ini -> %SystemRoot%\System32\fjmpqsfy.ini
NY -> kerccaxg.ini -> %SystemRoot%\System32\kerccaxg.ini
NY -> ddcArQkL.dll -> %SystemRoot%\System32\ddcArQkL.dll
[Purity]
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that information back here. I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.



Then run DSS again and post the log here in your next reply...

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 consilience

consilience
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 30 January 2009 - 11:02 AM

the avz program opened but numbers appeared instead of letters. noticed it had russian auther.

OTScanIt2 logfile created on: 1/29/2009 9:46:11 PM - Run 4
OTScanIt2 by OldTimer - Version 1.0.6.2	 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.94 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 76.89% Memory free
3.78 Gb Paging File | 3.50 Gb Available in Paging File | 92.41% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.04 Gb Total Space | 41.27 Gb Free Space | 18.42% Space Free | Partition Type: NTFS
Drive D: | 8.82 Gb Total Space | 0.63 Gb Free Space | 7.10% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KEVIN
Current User Name: HP_Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
 
[Processes - All]
alg.exe -> %SystemRoot%\system32\alg.exe -> [2008/04/13 16:12:12 | 00,044,544 | ---- | M | MD5 = 8C515081584A38AA007909CD02020B3D] (Microsoft Corporation)
arservice.exe -> %SystemRoot%\arservice.exe -> [2005/08/02 16:19:16 | 00,058,880 | ---- | M | MD5 = 9A0D9B2E263BEDE80FB79DDBAD240EC1] (Microsoft)
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> [2008/11/16 11:44:21 | 00,590,848 | ---- | M | MD5 = F1B42DE29AF84F24FB59989805B1B62D] (GRISOFT, s.r.o.)
csrss.exe -> %SystemRoot%\system32\csrss.exe -> [2008/04/13 16:12:15 | 00,006,144 | ---- | M | MD5 = 44F275C64738EA2056E3D9580C23B60F] (Microsoft Corporation)
ehtray.exe -> %SystemRoot%\ehome\ehtray.exe -> [2005/09/29 14:01:14 | 00,067,584 | ---- | M | MD5 = 7E48B4958C131E9643DDCD2E7CA3FE9F] (Microsoft Corporation)
explorer.exe -> %SystemRoot%\explorer.exe -> [2008/04/13 16:12:19 | 01,033,728 | ---- | M | MD5 = 12896823FB95BFB3DC9B46BCAEDC9923] (Microsoft Corporation)
hid.exe -> %ProgramFiles%\HP Laser Gaming Mouse with VoodooDNA\hid.exe -> [2008/08/01 09:55:40 | 00,323,584 | ---- | M | MD5 = 823ADEF5BCCE313303E961DF54FF6AC3] ()
hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> [1998/05/07 01:04:38 | 00,052,736 | ---- | M | MD5 = 06A1ECB63DF139EC639E084D4AB3C9D7] (Hewlett-Packard Company)
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> [2007/05/08 15:24:20 | 00,054,840 | ---- | M | MD5 = 21293443961A4E2597453EE7A9347F22] (Hewlett-Packard)
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/11/20 13:20:44 | 00,536,872 | ---- | M | MD5 = 62937A89470AF8FF172F0980CA8AEFC9] (Apple Inc.)
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> [2005/02/16 16:15:20 | 00,081,920 | ---- | M | MD5 = D2AEADFD998706B4216315B2BD3FA79E] (InstallShield Software Corporation)
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2008/11/20 13:20:54 | 00,290,088 | ---- | M | MD5 = E6A4E341E4304B34AA280D3E73818C90] (Apple Inc.)
itype.exe -> %ProgramFiles%\Microsoft IntelliType Pro\itype.exe -> [2006/11/21 16:08:58 | 00,813,912 | ---- | M | MD5 = F2E2AAD0EE3E886161A907F473A10B20] (Microsoft Corporation)
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> [2006/11/09 14:07:30 | 00,049,263 | ---- | M | MD5 = 3AA5D60B77CE19B1F2521F532AB986E7] (Sun Microsystems, Inc.)
kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> [2005/02/02 08:44:24 | 00,061,440 | ---- | M | MD5 = C81BE1B951C36E97D3DA90DA745DA5F7] (Hewlett-Packard Company)
lsass.exe -> %SystemRoot%\system32\lsass.exe -> [2008/04/13 16:12:24 | 00,013,312 | ---- | M | MD5 = BF2466B3E18E970D8A976FB95FC1CA85] (Microsoft Corporation)
mcrdsvc.exe -> %SystemRoot%\ehome\mcrdsvc.exe -> [2005/08/05 13:27:08 | 00,099,328 | ---- | M | MD5 = DF0A511F38F16016BF658FCA0090CB87] (Microsoft Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/01/09 09:03:22 | 00,485,376 | ---- | M | MD5 = F33A8441F5C3EA4BEF4AD8A1571A5B3B] (OldTimer Tools)
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> [2008/12/09 01:02:39 | 00,185,872 | ---- | M | MD5 = C681F347514CC8671977FCBD2B7D001A] (RealNetworks, Inc.)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 16:12:33 | 00,033,280 | ---- | M | MD5 = 037B1E7798960E0420003D05BB577EE6] (Microsoft Corporation)
services.exe -> %SystemRoot%\system32\services.exe -> [2008/04/14 04:42:36 | 00,108,544 | ---- | M | MD5 = 0E776ED5F7CC9F94299E70461B7B8185] (Microsoft Corporation)
smss.exe -> %SystemRoot%\system32\smss.exe -> [2008/04/14 04:42:38 | 00,050,688 | ---- | M | MD5 = 5F816C1F539266D2D4C78694239DA0B5] (Microsoft Corporation)
spoolsv.exe -> %SystemRoot%\system32\spoolsv.exe -> [2008/04/13 16:12:36 | 00,057,856 | ---- | M | MD5 = D8E14A61ACC1D4A6CD0D38AEBAC7FA3B] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe  [C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\system32\rpcss.dll [DcomLaunch] -> [2008/04/13 16:12:04 | 00,399,360 | ---- | M | MD5 = 2589FE6015A316C0F5D5112B4DA7B509] (Microsoft Corporation)
-> %SystemRoot%\system32\termsrv.dll [TermService] -> [2008/04/13 16:12:07 | 00,295,424 | ---- | M | MD5 = FF3477C03BE7201C294C35F684B3479F] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe  [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\system32\rpcss.dll [RpcSs] -> [2008/04/13 16:12:04 | 00,399,360 | ---- | M | MD5 = 2589FE6015A316C0F5D5112B4DA7B509] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe  [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC] -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\system32\wiaservc.dll [stisvc] -> [2008/04/13 16:12:08 | 00,333,824 | ---- | M | MD5 = 8BAD69CBAC032D4BBACFCE0306174C30] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe  [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\system32\alrsvc.dll [Alerter] -> [2008/04/14 04:41:50 | 00,017,408 | ---- | M | MD5 = A9A3DAA780CA6C9671A19D52456705B4] (Microsoft Corporation)
-> %SystemRoot%\system32\lmhsvc.dll [LmHosts] -> [2008/04/14 04:41:58 | 00,013,824 | ---- | M | MD5 = A7DB739AE99A796D91580147E919CC59] (Microsoft Corporation)
-> %SystemRoot%\system32\regsvc.dll [RemoteRegistry] -> [2008/04/13 16:12:04 | 00,059,904 | ---- | M | MD5 = 5B19B557B0C188210A56A6B699D90B8F] (Microsoft Corporation)
-> %SystemRoot%\system32\ssdpsrv.dll [SSDPSRV] -> [2008/04/13 16:12:07 | 00,071,680 | ---- | M | MD5 = 0A5679B3714EDAB99E357057EE88FCA6] (Microsoft Corporation)
-> %SystemRoot%\system32\upnphost.dll [upnphost] -> [2008/04/13 16:12:08 | 00,185,856 | ---- | M | MD5 = 1EBAFEB9A3FBDC41B8D9C7F0F687AD91] (Microsoft Corporation)
-> %SystemRoot%\system32\webclnt.dll [WebClient] -> [2008/04/13 16:12:08 | 00,068,096 | ---- | M | MD5 = 77A354E28153AD2D5E120A5A8687BC06] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe  [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\system32\alrsvc.dll [Alerter] -> [2008/04/14 04:41:50 | 00,017,408 | ---- | M | MD5 = A9A3DAA780CA6C9671A19D52456705B4] (Microsoft Corporation)
-> %SystemRoot%\system32\lmhsvc.dll [LmHosts] -> [2008/04/14 04:41:58 | 00,013,824 | ---- | M | MD5 = A7DB739AE99A796D91580147E919CC59] (Microsoft Corporation)
-> %SystemRoot%\system32\regsvc.dll [RemoteRegistry] -> [2008/04/13 16:12:04 | 00,059,904 | ---- | M | MD5 = 5B19B557B0C188210A56A6B699D90B8F] (Microsoft Corporation)
-> %SystemRoot%\system32\ssdpsrv.dll [SSDPSRV] -> [2008/04/13 16:12:07 | 00,071,680 | ---- | M | MD5 = 0A5679B3714EDAB99E357057EE88FCA6] (Microsoft Corporation)
-> %SystemRoot%\system32\upnphost.dll [upnphost] -> [2008/04/13 16:12:08 | 00,185,856 | ---- | M | MD5 = 1EBAFEB9A3FBDC41B8D9C7F0F687AD91] (Microsoft Corporation)
-> %SystemRoot%\system32\webclnt.dll [WebClient] -> [2008/04/13 16:12:08 | 00,068,096 | ---- | M | MD5 = 77A354E28153AD2D5E120A5A8687BC06] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe  [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\system32\appmgmts.dll [AppMgmt] -> [2008/04/14 04:41:50 | 00,167,936 | ---- | M | MD5 = D8849F77C0B66226335A59D26CB4EDC6] (Microsoft Corporation)
-> %SystemRoot%\system32\audiosrv.dll [AudioSrv] -> [2008/04/13 16:11:50 | 00,042,496 | ---- | M | MD5 = DEF7A7882BEC100FE0B2CE2549188F9D] (Microsoft Corporation)
-> %SystemRoot%\system32\qmgr.dll [BITS] -> [2008/04/14 04:42:04 | 00,409,088 | ---- | M | MD5 = 574738F61FCA2935F5265DC4E5691314] (Microsoft Corporation)
-> %SystemRoot%\system32\browser.dll [Browser] -> [2008/04/13 16:11:50 | 00,077,824 | ---- | M | MD5 = A06CE3399D16DB864F55FAEB1F1927A9] (Microsoft Corporation)
-> %SystemRoot%\system32\cryptsvc.dll [CryptSvc] -> [2008/04/13 16:11:51 | 00,062,464 | ---- | M | MD5 = 3D4E199942E29207970E04315D02AD3B] (Microsoft Corporation)
-> %SystemRoot%\system32\dhcpcsvc.dll [Dhcp] -> [2008/04/14 04:41:52 | 00,126,976 | ---- | M | MD5 = 5E38D7684A49CACFB752B046357E0589] (Microsoft Corporation)
-> %SystemRoot%\system32\dmserver.dll [dmserver] -> [2008/04/13 16:11:52 | 00,023,552 | ---- | M | MD5 = 57EDEC2E5F59F0335E92F35184BC8631] (Microsoft Corp.)
-> %SystemRoot%\system32\ersvc.dll [ERSvc] -> [2008/04/13 16:11:53 | 00,023,040 | ---- | M | MD5 = BC93B4A066477954555966D77FEC9ECB] (Microsoft Corporation)
-> %SystemRoot%\system32\es.dll [EventSystem] -> [2008/07/07 12:26:58 | 00,253,952 | ---- | M | MD5 = D4991D98F2DB73C60D042F1AEF79EFAE] (Microsoft Corporation)
-> %SystemRoot%\system32\shsvcs.dll [FastUserSwitchingCompatibility] -> [2008/04/13 16:12:05 | 00,135,168 | ---- | M | MD5 = 1926899BF9FFE2602B63074971700412] (Microsoft Corporation)
-> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll [helpsvc] -> [2008/04/14 04:42:04 | 00,038,400 | ---- | M | MD5 = 4FCCA060DFE0C51A09DD5C3843888BCD] (Microsoft Corporation)
-> %SystemRoot%\system32\hidserv.dll [HidServ] -> [2008/04/13 16:11:54 | 00,021,504 | ---- | M | MD5 = DEB04DA35CC871B6D309B77E1443C796] (Microsoft Corporation)
-> %SystemRoot%\system32\kmsvc.dll [hkmsvc] -> [2008/04/14 04:41:58 | 00,061,440 | ---- | M | MD5 = 8878BD685E490239777BFE51320B88E9] (Microsoft Corporation)
-> %SystemRoot%\system32\srvsvc.dll [lanmanserver] -> [2008/04/14 04:42:08 | 00,096,768 | ---- | M | MD5 = F385F4B02C535BFFE1D70CAB80838123] (Microsoft Corporation)
-> %SystemRoot%\system32\wkssvc.dll [lanmanworkstation] -> [2008/04/14 04:42:10 | 00,132,096 | ---- | M | MD5 = 1B67B632786FEF1C1BBAEF46C2F3F2E6] (Microsoft Corporation)
-> %SystemRoot%\system32\msgsvc.dll [Messenger] -> [2008/04/14 04:42:00 | 00,033,792 | ---- | M | MD5 = 986B1FF5814366D71E0AC5755C88F2D3] (Microsoft Corporation)
-> %SystemRoot%\system32\mhn.dll [MHN] -> [2004/08/09 19:11:50 | 00,085,504 | ---- | M | MD5 = B7521F69C0A9B29D356157229376FB21] (Microsoft Corporation)
-> %SystemRoot%\system32\qagentrt.dll [napagent] -> [2008/04/14 04:42:04 | 00,291,328 | ---- | M | MD5 = 0102140028FAD045756796E1C685D695] (Microsoft Corporation)
-> %SystemRoot%\system32\netman.dll [Netman] -> [2008/04/13 16:12:01 | 00,198,144 | ---- | M | MD5 = 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE] (Microsoft Corporation)
-> %SystemRoot%\system32\mswsock.dll [Nla] -> [2008/06/20 09:46:57 | 00,245,248 | ---- | M | MD5 = 832E4DD8964AB7ACC880B2837CB1ED20] (Microsoft Corporation)
-> %SystemRoot%\system32\ntmssvc.dll [NtmsSvc] -> [2008/04/14 04:42:04 | 00,435,200 | ---- | M | MD5 = 156F64A3345BD23C600655FB4D10BC08] (Microsoft Corporation)
-> %SystemRoot%\system32\rasauto.dll [RasAuto] -> [2008/04/14 04:42:04 | 00,088,576 | ---- | M | MD5 = AD188BE7BDF94E8DF4CA0A55C00A5073] (Microsoft Corporation)
-> %SystemRoot%\system32\rasmans.dll [RasMan] -> [2008/04/13 16:12:03 | 00,186,368 | ---- | M | MD5 = 76A9A3CBEADD68CC57CDA5E1D7448235] (Microsoft Corporation)
-> %SystemRoot%\system32\mprdim.dll [RemoteAccess] -> [2008/04/14 04:41:58 | 00,053,248 | ---- | M | MD5 = 7E699FF5F59B5D9DE5390E3C34C67CF5] (Microsoft Corporation)
-> %SystemRoot%\system32\schedsvc.dll [Schedule] -> [2008/04/13 16:12:05 | 00,192,512 | ---- | M | MD5 = 0A9A7365A1CA4319AA7C1D6CD8E4EAFA] (Microsoft Corporation)
-> %SystemRoot%\system32\seclogon.dll [seclogon] -> [2008/04/13 16:12:05 | 00,018,944 | ---- | M | MD5 = CBE612E2BB6A10E3563336191EDA1250] (Microsoft Corporation)
-> %SystemRoot%\system32\sens.dll [SENS] -> [2008/04/13 16:12:05 | 00,039,424 | ---- | M | MD5 = 7FDD5D0684ECA8C1F68B4D99D124DCD0] (Microsoft Corporation)
-> %SystemRoot%\system32\ipnathlp.dll [SharedAccess] -> [2008/04/13 16:11:55 | 00,331,264 | ---- | M | MD5 = 83F41D0D89645D7235C051AB1D9523AC] (Microsoft Corporation)
-> %SystemRoot%\system32\shsvcs.dll [ShellHWDetection] -> [2008/04/13 16:12:05 | 00,135,168 | ---- | M | MD5 = 1926899BF9FFE2602B63074971700412] (Microsoft Corporation)
-> %SystemRoot%\system32\srsvc.dll [srservice] -> [2008/04/13 16:12:07 | 00,171,008 | ---- | M | MD5 = 3805DF0AC4296A34BA4BF93B346CC378] (Microsoft Corporation)
-> %SystemRoot%\system32\tapisrv.dll [TapiSrv] -> [2008/04/14 04:42:08 | 00,249,856 | ---- | M | MD5 = 3CB78C17BB664637787C9A1C98F79C38] (Microsoft Corporation)
-> %SystemRoot%\system32\shsvcs.dll [Themes] -> [2008/04/13 16:12:05 | 00,135,168 | ---- | M | MD5 = 1926899BF9FFE2602B63074971700412] (Microsoft Corporation)
-> %SystemRoot%\system32\trkwks.dll [TrkWks] -> [2008/04/13 16:12:07 | 00,090,112 | ---- | M | MD5 = 55BCA12F7F523D35CA3CB833C725F54E] (Microsoft Corporation)
-> %SystemRoot%\system32\w32time.dll [W32Time] -> [2008/04/13 16:12:08 | 00,175,104 | ---- | M | MD5 = 54AF4B1D5459500EF0937F6D33B1914F] (Microsoft Corporation)
-> %SystemRoot%\system32\wbem\wmisvc.dll [winmgmt] -> [2008/04/13 16:12:09 | 00,144,896 | ---- | M | MD5 = 2D0E4ED081963804CCC196A0929275B5] (Microsoft Corporation)
-> %SystemRoot%\system32\mspmsnsv.dll [WmdmPmSN] -> [2006/10/18 20:47:16 | 00,027,136 | ---- | M | MD5 = C51B4A5C05A5475708E3C81C7765B71D] (Microsoft Corporation)
-> %SystemRoot%\system32\advapi32.dll [Wmi] -> [2008/04/14 04:41:50 | 00,617,472 | ---- | M | MD5 = BAB489A5FE26F2D0C910CF7AF7E4CF92] (Microsoft Corporation)
-> %SystemRoot%\system32\wscsvc.dll [wscsvc] -> [2008/04/13 16:12:10 | 00,080,896 | ---- | M | MD5 = 7C278E6408D1DCE642230C0585A854D5] (Microsoft Corporation)
-> %SystemRoot%\system32\wuauserv.dll [wuauserv] -> [2008/04/13 16:12:11 | 00,006,656 | ---- | M | MD5 = 35321FB577CDC98CE3EB3A3EB9E4610A] (Microsoft Corporation)
-> %SystemRoot%\system32\wzcsvc.dll [WZCSVC] -> [2008/04/13 16:12:11 | 00,483,840 | ---- | M | MD5 = 81DC3F549F44B1C1FFF022DEC9ECF30B] (Microsoft Corporation)
-> %SystemRoot%\system32\xmlprov.dll [xmlprov] -> [2008/04/14 04:42:12 | 00,129,024 | ---- | M | MD5 = 295D21F14C335B53CB8154E5B1F892B9] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe  [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\system32\dnsrslvr.dll [Dnscache] -> [2008/04/13 16:11:52 | 00,045,568 | ---- | M | MD5 = 474B4DC3983173E4B4C9740B0DAC98A6] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe  [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K WUDFSERVICEGROUP] -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\system32\WudfSvc.dll [WudfSvc] -> [2006/09/28 17:56:14 | 00,055,808 | ---- | M | MD5 = 05231C04253C5BC30B26CBAAE680ED89] (Microsoft Corporation)
tray.exe -> %ProgramFiles%\HP Laser Gaming Mouse with VoodooDNA\Tray.exe -> [2008/07/31 15:35:04 | 00,303,104 | ---- | M | MD5 = 52B93A6E9B85A524E35C7C9086AC884F] ()
winlogon.exe -> %SystemRoot%\system32\winlogon.exe -> [2008/04/13 16:12:39 | 00,507,904 | ---- | M | MD5 = ED0EF0A136DEC83DF69F04118870003E] (Microsoft Corporation)
 
[Win32 Services - All]
(Alerter) Alerter [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(ALG) Application Layer Gateway Service [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\alg.exe -> [2008/04/13 16:12:12 | 00,044,544 | ---- | M | MD5 = 8C515081584A38AA007909CD02020B3D] (Microsoft Corporation)
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 14:28:16 | 00,132,424 | ---- | M | MD5 = A8AA9D47F971570A5162B862B80F87E8] (Apple Inc.)
(AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(ARSVC) ARSVC [Win32_Own | Auto | Running] -> %SystemRoot%\arservice.exe -> [2005/08/02 16:19:16 | 00,058,880 | ---- | M | MD5 = 9A0D9B2E263BEDE80FB79DDBAD240EC1] (Microsoft)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 00:47:22 | 00,033,800 | ---- | M | MD5 = 4EABF511B1AF176A971C3271E48FA3A8] (Microsoft Corporation)
(AudioSrv) Windows Audio [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> [2008/01/17 21:25:58 | 00,418,816 | ---- | M | MD5 = 3C7B93F947355E374A49564D0D017B7B] (GRISOFT, s.r.o.)
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> [2007/05/30 17:28:14 | 00,049,664 | ---- | M | MD5 = 30A14F65DB477DC00A64A5A24E96919C] (GRISOFT, s.r.o.)
(BITS) Background Intelligent Transfer Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(Bonjour Service) Bonjour Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/08/29 09:18:44 | 00,238,888 | ---- | M | MD5 = 9EFE4236F8670846B6E7C5B0EFF6E715] (Apple Inc.)
(Browser) Computer Browser [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(CCALib8) Canon Camera Access Library 8 [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> [2006/03/30 08:15:44 | 00,096,341 | ---- | M | MD5 = 20F89E232173985A455BC9A5F70D1166] (Canon Inc.)
(CiSvc) Indexing Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\cisvc.exe -> [2008/04/14 04:42:16 | 00,005,632 | ---- | M | MD5 = 1CFE720EB8D93A7158A4EBC3AB178BDE] (Microsoft Corporation)
(ClipSrv) ClipBook [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\clipsrv.exe -> [2008/04/14 04:42:16 | 00,033,280 | ---- | M | MD5 = 34CBE729F38138217F9C80212A2A0C82] (Microsoft Corporation)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 00:47:40 | 00,070,144 | ---- | M | MD5 = 234B1BC2796483E1F5C3F26649FB3388] (Microsoft Corporation)
(COMSysApp) COM+ System Application [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\dllhost.exe -> [2008/04/13 16:12:17 | 00,005,120 | ---- | M | MD5 = 0A9BA6AF531AFE7FA5E4FB973852D863] (Microsoft Corporation)
(CryptSvc) Cryptographic Services [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(Dhcp) DHCP Client [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> [2008/04/14 04:42:18 | 00,224,768 | ---- | M | MD5 = E46050330BD42F33609117F861E32D3C] (Microsoft Corp., Veritas Software)
(dmserver) Logical Disk Manager [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(Dnscache) DNS Client [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(Dot3svc) Wired AutoConfig [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(EapHost) Extensible Authentication Protocol Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(ERSvc) Error Reporting Service [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(Eventlog) Event Log [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\services.exe -> [2008/04/14 04:42:36 | 00,108,544 | ---- | M | MD5 = 0E776ED5F7CC9F94299E70461B7B8185] (Microsoft Corporation)
(EventSystem) COM+ Event System [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(FastUserSwitchingCompatibility) Fast User Switching Compatibility [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(getPlus(R) Helper) getPlus(R) Helper [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\NOS\bin\getPlus_HelperSvc.exe -> [2008/08/29 09:01:00 | 00,033,752 | ---- | M | MD5 = 78494AE0F93358179B97571B9E76997C] (NOS Microsystems Ltd.)
(gusvc) Google Updater Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/01/08 05:42:52 | 00,168,432 | ---- | M | MD5 = A2083CBD61C6C7C7E3E7E70608B27356] (Google)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(HidServ) HID Input Service [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(hkmsvc) Health Key and Certificate Management Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(HTTPFilter) HTTP SSL [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/03 23:41:10 | 00,069,632 | ---- | M | MD5 = 1CF03C69B49ACB70C722DF92755C0C8C] (Macrovision Corporation)
(ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\imapi.exe -> [2008/04/14 04:42:24 | 00,150,528 | ---- | M | MD5 = 30DEAF54A9755BB8546168CFE8A6B5E1] (Microsoft Corporation)
(InCDsrv) InCD Helper [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Nero\Nero 7\InCD\InCDsrv.exe -> [2007/05/15 15:55:46 | 01,550,896 | ---- | M | MD5 = C773D093D5C18765E71C7992AEE051A2] (Nero AG)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/11/20 13:20:44 | 00,536,872 | ---- | M | MD5 = 62937A89470AF8FF172F0980CA8AEFC9] (Apple Inc.)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/05 13:27:56 | 00,152,984 | ---- | M | MD5 = 32192B4EBE8720ED8D49A455C962CB91] (Sun Microsystems, Inc.)
(lanmanserver) Server [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(lanmanworkstation) Workstation [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2007/12/05 12:34:52 | 00,079,136 | ---- | M | MD5 = CCAD2AAE36E24346488B0F54A049DE78] (Hewlett-Packard Company)
(LmHosts) TCP/IP NetBIOS Helper [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(McrdSvc) Media Center Extender Service [Win32_Own | Auto | Running] -> %SystemRoot%\ehome\mcrdsvc.exe -> [2005/08/05 13:27:08 | 00,099,328 | ---- | M | MD5 = DF0A511F38F16016BF658FCA0090CB87] (Microsoft Corporation)
(Messenger) Messenger [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(MHN) MHN [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(Microsoft Office Groove Audit Service) Microsoft Office Groove Audit Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Microsoft Office\Office12\GrooveAuditService.exe -> [2007/08/24 06:59:20 | 00,068,464 | ---- | M | MD5 = 033B947AF4A997820E86FCB070B1F450] (Microsoft Corporation)
(mnmsrvc) NetMeeting Remote Desktop Sharing [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\mnmsrvc.exe -> [2008/04/14 04:42:26 | 00,032,768 | ---- | M | MD5 = D18F1F0C101D06A1C1ADF26EED16FCDD] (Microsoft Corporation)
(MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\msdtc.exe -> [2008/04/14 04:42:28 | 00,006,144 | ---- | M | MD5 = A137F1470499A205ABBB9AAFB3B6F2B1] (Microsoft Corporation)
(MSIServer) Windows Installer [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\msiexec.exe -> [2008/04/13 16:12:28 | 00,078,848 | ---- | M | MD5 = 5879D691E842574A20FE63817CB76DF9] (Microsoft Corporation)
(napagent) Network Access Protection Agent [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(NBService) NBService [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> [2007/04/13 21:09:56 | 00,792,112 | ---- | M | MD5 = 6D8FCDD5BB3B676EF58FA234073492C6] (Nero AG)
(NetDDE) Network DDE [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\netdde.exe -> [2008/04/14 04:42:30 | 00,111,104 | ---- | M | MD5 = B857BA82860D7FF85AE29B095645563B] (Microsoft Corporation)
(NetDDEdsdm) Network DDE DSDM [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\netdde.exe -> [2008/04/14 04:42:30 | 00,111,104 | ---- | M | MD5 = B857BA82860D7FF85AE29B095645563B] (Microsoft Corporation)
(Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\lsass.exe -> [2008/04/13 16:12:24 | 00,013,312 | ---- | M | MD5 = BF2466B3E18E970D8A976FB95FC1CA85] (Microsoft Corporation)
(Netman) Network Connections [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(Nla) Network Location Awareness (NLA) [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(NMIndexingService) NMIndexingService [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> [2007/05/08 19:47:22 | 00,271,920 | ---- | M | MD5 = E584D6668E6A3923FF32E026A5ED2A03] (Nero AG)
(NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\lsass.exe -> [2008/04/13 16:12:24 | 00,013,312 | ---- | M | MD5 = BF2466B3E18E970D8A976FB95FC1CA85] (Microsoft Corporation)
(NtmsSvc) Removable Storage [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\nvsvc32.exe -> [2006/05/09 07:50:00 | 00,131,139 | ---- | M | MD5 = B0903C021BFCD6055C053A569EF98AEF] (NVIDIA Corporation)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2007/08/24 03:19:12 | 00,443,776 | ---- | M | MD5 = E54AA592A65F317390EEE386A8821692] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 13:03:08 | 00,145,184 | ---- | M | MD5 = 5A432A042DAE460ABE7199B758E8606C] (Microsoft Corporation)
(PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\services.exe -> [2008/04/14 04:42:36 | 00,108,544 | ---- | M | MD5 = 0E776ED5F7CC9F94299E70461B7B8185] (Microsoft Corporation)
(PolicyAgent) IPSEC Services [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> [2008/04/13 16:12:24 | 00,013,312 | ---- | M | MD5 = BF2466B3E18E970D8A976FB95FC1CA85] (Microsoft Corporation)
(ProtectedStorage) Protected Storage [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> [2008/04/13 16:12:24 | 00,013,312 | ---- | M | MD5 = BF2466B3E18E970D8A976FB95FC1CA85] (Microsoft Corporation)
(RasAuto) Remote Access Auto Connection Manager [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(RasMan) Remote Access Connection Manager [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(RDSessMgr) Remote Desktop Help Session Manager [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\sessmgr.exe -> [2008/04/14 04:42:36 | 00,141,312 | ---- | M | MD5 = 3C37BF86641BDA977C3BF8A840F3B7FA] (Microsoft Corporation)
(RemoteAccess) Routing and Remote Access [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(RemoteRegistry) Remote Registry [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\CyberLink\Shared Files\RichVideo.exe -> [2005/08/07 20:54:00 | 00,167,936 | ---- | M | MD5 = BD517C7FB119997EFFBE39D5E4B37B05] ()
(RpcLocator) Remote Procedure Call (RPC) Locator [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\locator.exe -> [2008/04/14 04:42:26 | 00,075,264 | ---- | M | MD5 = AAED593F84AFA419BBAE8572AF87CF6A] (Microsoft Corporation)
(RpcSs) Remote Procedure Call (RPC) [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(RSVP) QoS RSVP [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\rsvp.exe -> [2004/08/09 13:00:00 | 00,132,608 | ---- | M | MD5 = 471B3F9741D762ABE75E9DEEA4787E47] (Microsoft Corporation)
(SamSs) Security Accounts Manager [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> [2008/04/13 16:12:24 | 00,013,312 | ---- | M | MD5 = BF2466B3E18E970D8A976FB95FC1CA85] (Microsoft Corporation)
(SCardSvr) Smart Card [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\scardsvr.exe -> [2008/04/14 04:42:34 | 00,095,744 | ---- | M | MD5 = 86D007E7A654B9A71D1D7D856B104353] (Microsoft Corporation)
(Schedule) Task Scheduler [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(seclogon) Secondary Logon [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(SENS) System Event Notification [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(SharedAccess) Windows Firewall/Internet Connection Sharing (ICS) [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(ShellHWDetection) Shell Hardware Detection [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(Spooler) Print Spooler [Win32_Own | Auto | Running] -> %SystemRoot%\system32\spoolsv.exe -> [2008/04/13 16:12:36 | 00,057,856 | ---- | M | MD5 = D8E14A61ACC1D4A6CD0D38AEBAC7FA3B] (Microsoft Corporation)
(srservice) System Restore Service [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(SSDPSRV) SSDP Discovery Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(stisvc) Windows Image Acquisition (WIA) [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(SwPrv) MS Software Shadow Copy Provider [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\dllhost.exe -> [2008/04/13 16:12:17 | 00,005,120 | ---- | M | MD5 = 0A9BA6AF531AFE7FA5E4FB973852D863] (Microsoft Corporation)
(SysmonLog) Performance Logs and Alerts [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\smlogsvc.exe -> [2008/04/14 04:42:36 | 00,089,600 | ---- | M | MD5 = C7ABBC59B43274B1109DF6B24D617051] (Microsoft Corporation)
(TapiSrv) Telephony [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(TermService) Terminal Services [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(Themes) Themes [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(TlntSvr) Telnet [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\tlntsvr.exe -> [2008/04/14 04:42:40 | 00,073,216 | ---- | M | MD5 = DB7205804759FF62C34E3EFD8A4CC76A] (Microsoft Corporation)
(TrkWks) Distributed Link Tracking Client [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(upnphost) Universal Plug and Play Device Host [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(UPS) Uninterruptible Power Supply [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\ups.exe -> [2008/04/14 04:42:40 | 00,018,432 | ---- | M | MD5 = 05365FB38FCA1E98F7A566AAAF5D1815] (Microsoft Corporation)
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\vssvc.exe -> [2008/04/14 04:42:40 | 00,289,792 | ---- | M | MD5 = 7A9DB3A67C333BF0BD42E42B8596854B] (Microsoft Corporation)
(W32Time) Windows Time [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(WebClient) WebClient [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(winmgmt) Windows Management Instrumentation [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(WmdmPmSN) Portable Media Serial Number Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(Wmi) Windows Management Instrumentation Driver Extensions [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(WmiApSrv) WMI Performance Adapter [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\wbem\wmiapsrv.exe -> [2008/04/14 04:42:42 | 00,126,464 | ---- | M | MD5 = E0673F1106E62A68D2257E376079F821] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 19:05:24 | 00,913,408 | ---- | M | MD5 = F74E3D9A7FA9556C3BBB14D4E5E63D3B] (Microsoft Corporation)
(wscsvc) Security Center [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(wuauserv) Automatic Updates [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(WZCSVC) Wireless Zero Configuration [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
(xmlprov) Network Provisioning Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> [2008/04/13 16:12:36 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
 
[Driver Services - All]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(ACPI) Microsoft ACPI Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\acpi.sys -> [2008/04/13 23:06:36 | 00,187,776 | ---- | M | MD5 = 8FD99680A539792A30E97944FDAECF17] (Microsoft Corporation)
(ACPIEC) ACPIEC [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\acpiec.sys -> [2004/08/09 13:00:00 | 00,011,648 | ---- | M | MD5 = 9859C0F6936E723E4892D7141B1327D5] (Microsoft Corporation)
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(aec) Microsoft Kernel Acoustic Echo Canceller [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\aec.sys -> [2008/04/13 21:09:24 | 00,142,592 | ---- | M | MD5 = 8BED39E3C35D6A489438B8141717A557] (Microsoft Corporation)
(AFD) AFD [Kernel | System | Running] -> %SystemRoot%\system32\drivers\afd.sys -> [2008/08/14 02:04:36 | 00,138,496 | ---- | M | MD5 = 7E775010EF291DA96AD17CA4B17137D7] (Microsoft Corporation)
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AmdK8.sys -> [2005/03/09 06:53:00 | 00,036,352 | ---- | M | MD5 = 59301936898AE62245A6F09C0ABA9475] (Advanced Micro Devices)
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(aracpi) aracpi [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aracpi.sys -> [2005/08/02 16:19:14 | 00,022,784 | ---- | M | MD5 = 00523019E3579C8F8A94457FE25F0F24] (Microsoft Corporation)
(arhidfltr) MS Ar HID Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\arhidfltr.sys -> [2005/08/02 16:19:14 | 00,019,200 | ---- | M | MD5 = 9FEDAA46EB1A572AC4D9EE6B5F123CF2] (Microsoft Corporation)
(arkbcfltr) Microsoft PS2 Keyboard Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\arkbcfltr.sys -> [2005/08/02 16:19:16 | 00,005,376 | ---- | M | MD5 = 82969576093CD983DD559F5A86F382B4] (Microsoft Corporation)
(armoucfltr) Microsoft PS2 Mouse Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\armoucfltr.sys -> [2005/08/02 16:19:16 | 00,004,992 | ---- | M | MD5 = 9B21791D8A78FAECE999FADBEBDA6C22] (Microsoft Corporation)
(Arp1394) 1394 ARP Client Protocol [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\arp1394.sys -> [2008/04/13 23:21:26 | 00,060,800 | ---- | M | MD5 = B5B8A80875C1DEDEDA8B02765642C32F] (Microsoft Corporation)
(ARPolicy) ARPolicy [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\arpolicy.sys -> [2005/08/02 16:19:14 | 00,010,112 | ---- | M | MD5 = 7A2DA7C7B0C524EF26A79F17A5C69FDE] (Microsoft Corporation)
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Aspi32) Aspi32 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\aspi32.sys -> [1999/09/10 04:06:00 | 00,025,244 | ---- | M | MD5 = B979979AB8027F7F53FB16EC4229B7DB] (Adaptec)
(AsyncMac) RAS Asynchronous Media Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\asyncmac.sys -> [2008/04/13 23:27:28 | 00,014,336 | ---- | M | MD5 = B153AFFAC761E7F5FCFA822B9C4E97BC] (Microsoft Corporation)
(atapi) Standard IDE/ESDI Hard Disk Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\atapi.sys -> [2004/08/03 22:59:44 | 00,095,360 | ---- | M | MD5 = CDFE4411A69C224BD1D11B2DA92DAC51] (Microsoft Corporation)
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(Atmarpc) ATM ARP Client Protocol [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\atmarpc.sys -> [2008/04/13 23:21:26 | 00,059,904 | ---- | M | MD5 = 9916C1225104BA14794209CFA8012159] (Microsoft Corporation)
(audstub) Audio Stub Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\audstub.sys -> [2001/08/16 21:59:44 | 00,003,072 | ---- | M | MD5 = D9F724AA26C010A217C97606B160ED68] (Microsoft Corporation)
(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7core.sys -> [2008/06/19 02:08:54 | 00,821,856 | ---- | M | MD5 = 400E920D2E3F42BF6F1F75DD1B069CE3] (GRISOFT, s.r.o.)
(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7rsw.sys -> [2008/06/19 02:08:57 | 00,004,224 | ---- | M | MD5 = 8A7E25876955E06142EF65B52C906CF1] (GRISOFT, s.r.o.)
(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7rsxp.sys -> [2008/06/19 02:08:58 | 00,027,776 | ---- | M | MD5 = 04D823D681F0D53191A172C3E667FC33] (GRISOFT, s.r.o.)
(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgclean.sys -> [2008/06/19 02:08:58 | 00,010,760 | ---- | M | MD5 = 603DC17A48C65C637623A9BB5A5E6008] (GRISOFT, s.r.o.)
(Beep) Beep [Kernel | System | Running] -> %SystemRoot%\system32\drivers\beep.sys -> [2004/08/09 13:00:00 | 00,004,224 | ---- | M | MD5 = DA1F27D85E0D1525F6621372E7B685E9] (Microsoft Corporation)
(cbidf2k) cbidf2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cbidf2k.sys -> [2004/08/09 13:00:00 | 00,013,952 | ---- | M | MD5 = 90A673FC8E12A79AFBED2576F6A7AAF9] (Microsoft Corporation)
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Cdaudio) Cdaudio [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\cdaudio.sys -> [2004/08/09 20:00:00 | 00,018,688 | ---- | M | MD5 = C1B486A7658353D33A10CC15211A873B] (Microsoft Corporation)
(Cdfs) Cdfs [File_System | Disabled | Running] -> %SystemRoot%\system32\drivers\cdfs.sys -> [2008/04/13 23:44:22 | 00,063,744 | ---- | M | MD5 = C885B02847F5D2FD45A24E219ED93B32] (Microsoft Corporation)
(Cdrom) CD-ROM Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cdrom.sys -> [2008/04/13 23:10:48 | 00,062,976 | ---- | M | MD5 = 1F4260CC5B42272D71F79E570A27A4FE] (Microsoft Corporation)
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(Disk) Disk Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\disk.sys -> [2008/04/13 23:10:48 | 00,036,352 | ---- | M | MD5 = 044452051F3E02E7963599FC8F4F3E25] (Microsoft Corporation)
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> [2008/04/13 23:14:50 | 00,799,744 | ---- | M | MD5 = D992FE1274BDE0F84AD826ACAE022A41] (Microsoft Corp., Veritas Software)
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> [2008/04/13 23:14:48 | 00,153,344 | ---- | M | MD5 = 7C824CF7BBDE77D95C08005717A95F6F] (Microsoft Corp., Veritas Software)
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> [2004/08/09 13:00:00 | 00,005,888 | ---- | M | MD5 = E9317282A63CA4D188C0DF5E09C6AC5F] (Microsoft Corp., Veritas Software.)
(DMusic) Microsoft Kernel DLS Syntheiszer [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\dmusic.sys -> [2008/04/13 23:15:02 | 00,052,864 | ---- | M | MD5 = 8A208DFCF89792A484E76C40E5F50B45] (Microsoft Corporation)
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(drmkaud) Microsoft Kernel DRM Audio Descrambler [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\drmkaud.sys -> [2008/04/13 23:15:14 | 00,002,944 | ---- | M | MD5 = 8F5FCFF8E8848AFAC920905FBD9D33C8] (Microsoft Corporation)
(Fastfat) Fastfat [File_System | Disabled | Running] -> %SystemRoot%\system32\drivers\fastfat.sys -> [2008/04/13 23:44:30 | 00,143,744 | ---- | M | MD5 = 38D332A6D56AF32635675F132548343E] (Microsoft Corporation)
(Fdc) Fdc [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\fdc.sys -> [2008/04/13 23:10:26 | 00,027,392 | ---- | M | MD5 = 92CDD60B6730B9F50F6A1A0C1F8CDC81] (Microsoft Corporation)
(Fips) Fips [Kernel | System | Running] -> %SystemRoot%\system32\drivers\fips.sys -> [2008/04/13 23:03:30 | 00,044,544 | ---- | M | MD5 = D45926117EB9FA946A6AF572FBE1CAA3] (Microsoft Corporation)
(Flpydisk) Flpydisk [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\flpydisk.sys -> [2008/04/13 23:10:26 | 00,020,480 | ---- | M | MD5 = 9D27E7B80BFCDF1CDD9B555862D5E7F0] (Microsoft Corporation)
(FltMgr) FltMgr [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\fltmgr.sys -> [2008/04/13 23:03:00 | 00,129,792 | ---- | M | MD5 = B2CF4B0786F8212CB92ED2B50C6DB6B0] (Microsoft Corporation)
(Ftdisk) Volume Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ftdisk.sys -> [2004/08/09 13:00:00 | 00,125,056 | ---- | M | MD5 = 6AC26732762483366C3969C9E4D2259D] (Microsoft Corporation)
(ftsata2) ftsata2 [Kernel | Boot | Stopped] ->  -> File not found
(GamingMsFltr) HP Laser Mouse with VoodooDNA [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\gamingms.sys -> [2008/05/12 18:06:18 | 00,010,112 | ---- | M | MD5 = B9A69CFAC89FD6CBF9EE55F0DBA80F57] (Primax Ltd)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2008/04/17 12:12:54 | 00,015,464 | ---- | M | MD5 = AB8A6A87D9D7255C3884D5B9541A6E80] (GEAR Software Inc.)
(Gpc) Generic Packet Classifier [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\msgpc.sys -> [2008/04/13 23:26:34 | 00,035,072 | ---- | M | MD5 = 0A02C63C8B144BD8C86B103DEE7C86A2] (Microsoft Corporation)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hdaudbus.sys -> [2008/04/13 21:06:06 | 00,144,384 | ---- | M | MD5 = 573C7D0A32852B48F3058CFD8026F511] (Windows (R) Server 2003 DDK provider)
(HidUsb) HID Class Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hidusb.sys -> [2008/04/13 23:15:28 | 00,010,368 | ---- | M | MD5 = CCF82C5EC8A7326C3066DE870C06DAF1] (Microsoft Corporation)
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(HSXHWBS2) HSXHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSXHWBS2.sys -> [2005/12/06 03:20:50 | 00,241,664 | ---- | M | MD5 = 1F5C64B0C6B2E2F48735A77AE714CCB8] (Conexant Systems, Inc.)
(HSX_DP) HSX_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSX_DP.sys -> [2005/12/06 03:20:40 | 00,936,448 | ---- | M | MD5 = A7F8C9228898A1E871D2AE7082F50AC3] (Conexant Systems, Inc.)
(HTTP) HTTP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\http.sys -> [2008/04/13 23:23:54 | 00,264,832 | ---- | M | MD5 = F6AACF5BCE2893E0C1754AFEB672E5C9] (Microsoft Corporation)
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(i8042prt) i8042 Keyboard and PS/2 Mouse Port Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\i8042prt.sys -> [2004/08/03 23:14:38 | 00,052,736 | ---- | M | MD5 = 5502B58EEF7486EE6F93F3F164DCB808] (Microsoft Corporation)
(Imapi) CD-Burning Filter Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\imapi.sys -> [2008/04/13 23:11:00 | 00,042,112 | ---- | M | MD5 = 083A052659F5310DD8B6A6CB05EDCF8E] (Microsoft Corporation)
(InCDfs) InCD File System [File_System | Disabled | Running] -> %SystemRoot%\system32\drivers\InCDfs.sys -> [2007/05/15 15:55:36 | 00,118,576 | ---- | M | MD5 = 7BFC3EDA22190C0FE8C2CA19E5379DA5] (Nero AG)
(InCDPass) InCDPass [Kernel | System | Running] -> %SystemRoot%\system32\drivers\InCDPass.sys -> [2007/05/15 15:55:36 | 00,037,040 | ---- | M | MD5 = FC4DBF18A4EB0D2FE3171471A3D0F9A8] (Nero AG)
(incdrm) InCD Reader [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\InCDRm.sys -> [2007/05/15 15:55:36 | 00,038,576 | ---- | M | MD5 = 31A5A3809249A326EB0EF58D563A9654] (Nero AG)
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> [2007/10/25 05:29:00 | 04,623,872 | ---- | M | MD5 = B76D32231F56BB3DF236BF25F49106AE] (Realtek Semiconductor Corp.)
(IntelIde) IntelIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\intelide.sys -> [2008/04/13 23:10:30 | 00,005,504 | ---- | M | MD5 = B5466A9250342A7AA0CD1FBA13420678] (Microsoft Corporation)
(intelppm) Intel Processor Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\intelppm.sys -> [2008/04/13 23:01:34 | 00,036,352 | ---- | M | MD5 = 8C953733D8F36EB2133F5BB58808B66B] (Microsoft Corporation)
(Ip6Fw) IPv6 Windows Firewall Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ip6fw.sys -> [2008/04/13 23:23:36 | 00,036,608 | ---- | M | MD5 = 3BB22519A194418D5FEC05D800A19AD0] (Microsoft Corporation)
(IpFilterDriver) IP Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ipfltdrv.sys -> [2004/08/09 13:00:00 | 00,032,896 | ---- | M | MD5 = 731F22BA402EE4B62748ADAF6363C182] (Microsoft Corporation)
(IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ipinip.sys -> [2008/04/13 23:27:08 | 00,020,864 | ---- | M | MD5 = B87AB476DCF76E72010632B5550955F5] (Microsoft Corporation)
(IpNat) IP Network Address Translator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ipnat.sys -> [2008/04/13 23:27:16 | 00,152,832 | ---- | M | MD5 = CC748EA12C6EFFDE940EE98098BF96BB] (Microsoft Corporation)
(IPSec) IPSEC driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ipsec.sys -> [2008/04/13 23:49:44 | 00,075,264 | ---- | M | MD5 = 23C74D75E36E7158768DD63D92789A91] (Microsoft Corporation)
(IRENUM) IR Enumerator Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\irenum.sys -> [2008/04/13 23:24:30 | 00,011,264 | ---- | M | MD5 = C93C9FF7B04D772627A3646D89F7BF89] (Microsoft Corporation)
(isapnp) PnP ISA/EISA Bus Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\isapnp.sys -> [2004/08/09 13:00:00 | 00,035,840 | ---- | M | MD5 = E504F706CCB699C2596E9A3DA1596E87] (Microsoft Corporation)
(Iviaspi) IVI ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\iviaspi.sys -> [2005/09/20 17:27:20 | 00,010,368 | ---- | M | MD5 = 4AC11B2250106774F694DF2DB4FFED61] (InterVideo, Inc.)
(Kbdclass) Keyboard Class Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\kbdclass.sys -> [2004/08/03 21:58:34 | 00,024,576 | ---- | M | MD5 = EBDEE8A2EE5393890A1ACEE971C4C246] (Microsoft Corporation)
(kbdhid) Keyboard HID Driver [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\kbdhid.sys -> [2004/08/03 21:58:36 | 00,014,848 | ---- | M | MD5 = E182FA8E49E8EE41B4ADC53093F3C7E6] (Microsoft Corporation)
(kmixer) Microsoft Kernel Wave Audio Mixer [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\kmixer.sys -> [2008/04/13 23:15:10 | 00,172,416 | ---- | M | MD5 = 692BCF44383D056AED41B045A323D378] (Microsoft Corporation)
(KSecDD) KSecDD [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ksecdd.sys -> [2008/04/13 23:01:44 | 00,092,288 | ---- | M | MD5 = 1705745D900DABF2D89F90EBADDC7517] (Microsoft Corporation)
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(MCSTRM) MCSTRM [Kernel | Auto | Stopped] ->  -> File not found
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> [2005/10/05 07:57:08 | 00,012,544 | ---- | M | MD5 = E246A32C445056996074A397DA56E815] (Conexant)
(MHNDRV) MHN driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mhndrv.sys -> [2004/08/09 18:45:04 | 00,011,008 | ---- | M | MD5 = 7F2F1D2815A6449D346FCCCBC569FBD6] (Microsoft Corporation)
(mnmdd) mnmdd [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mnmdd.sys -> [2004/08/09 13:00:00 | 00,004,224 | ---- | M | MD5 = 4AE068242760A1FB6E1A44BF4E16AFA6] (Microsoft Corporation)
(Modem) Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\modem.sys -> [2008/04/13 23:30:20 | 00,030,080 | ---- | M | MD5 = DFCBAD3CEC1C5F964962AE10E0BCC8E1] (Microsoft Corporation)
(Mouclass) Mouse Class Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mouclass.sys -> [2004/08/09 20:00:00 | 00,023,040 | ---- | M | MD5 = 34E1F0031153E491910E12551400192C] (Microsoft Corporation)
(mouhid) Mouse HID Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mouhid.sys -> [2001/08/17 13:48:00 | 00,012,160 | ---- | M | MD5 = B1C303E17FB9D46E87A98E4BA6769685] (Microsoft Corporation)
(MountMgr) Mount Point Manager [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\mountmgr.sys -> [2008/04/13 23:09:48 | 00,042,368 | ---- | M | MD5 = A80B9A0BAD1B73637DBCBBA7DF72D3FD] (Microsoft Corporation)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(MRxDAV) WebDav Client Redirector [File_System | On_Demand | Running] -> %SystemRoot%\system32\drivers\mrxdav.sys -> [2008/04/13 23:02:46 | 00,180,608 | ---- | M | MD5 = 11D42BB6206F33FBB3BA0288D3EF81BD] (Microsoft Corporation)
(MRxSmb) MRxSmb [File_System | System | Running] -> %SystemRoot%\system32\drivers\mrxsmb.sys -> [2008/10/24 03:21:09 | 00,455,296 | ---- | M | MD5 = 60AE98742484E7AB80C3C1450E708148] (Microsoft Corporation)
(Msfs) Msfs [File_System | System | Running] -> %SystemRoot%\system32\drivers\msfs.sys -> [2008/04/13 23:02:40 | 00,019,072 | ---- | M | MD5 = C941EA2454BA8350021D774DAF0F1027] (Microsoft Corporation)
(MSKSSRV) Microsoft Streaming Service Proxy [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mskssrv.sys -> [2004/08/03 22:58:42 | 00,007,552 | ---- | M | MD5 = AE431A8DD3C1D0D0610CDBAC16057AD0] (Microsoft Corporation)
(MSPCLOCK) Microsoft Streaming Clock Proxy [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mspclock.sys -> [2004/08/03 22:58:40 | 00,005,376 | ---- | M | MD5 = 13E75FEF9DFEB08EEDED9D0246E1F448] (Microsoft Corporation)
(MSPQM) Microsoft Streaming Quality Manager Proxy [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mspqm.sys -> [2004/08/03 22:58:42 | 00,004,992 | ---- | M | MD5 = 1988A33FF19242576C3D0EF9CE785DA7] (Microsoft Corporation)
(mssmbios) Microsoft System Management BIOS Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mssmbios.sys -> [2004/08/09 20:00:00 | 00,015,488 | ---- | M | MD5 = 469541F8BFD2B32659D5D463A6714BCE] (Microsoft Corporation)
(Mup) Mup [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\mup.sys -> [2008/04/13 23:47:06 | 00,105,344 | ---- | M | MD5 = 2F625D11385B1A94360BFC70AAEFDEE1] (Microsoft Corporation)
(NDIS) NDIS System Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ndis.sys -> [2008/04/13 23:50:38 | 00,182,656 | ---- | M | MD5 = 1DF7F42665C94B825322FAE71721130D] (Microsoft Corporation)
(NdisTapi) Remote Access NDIS TAPI Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ndistapi.sys -> [2008/04/13 23:27:28 | 00,010,112 | ---- | M | MD5 = 1AB3D00C991AB086E69DB84B6C0ED78F] (Microsoft Corporation)
(Ndisuio) NDIS Usermode I/O Protocol [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ndisuio.sys -> [2008/04/13 23:26:00 | 00,014,592 | ---- | M | MD5 = F927A4434C5028758A842943EF1A3849] (Microsoft Corporation)
(NdisWan) Remote Access NDIS WAN Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ndiswan.sys -> [2008/04/13 23:50:44 | 00,091,520 | ---- | M | MD5 = EDC1531A49C80614B2CFDA43CA8659AB] (Microsoft Corporation)
(NDProxy) NDIS Proxy [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ndproxy.sys -> [2008/04/13 23:27:30 | 00,040,576 | ---- | M | MD5 = 6215023940CFD3702B46ABC304E1D45A] (Microsoft Corporation)
(NetBIOS) NetBIOS Interface [File_System | System | Running] -> %SystemRoot%\system32\drivers\netbios.sys -> [2008/04/13 23:26:04 | 00,034,688 | ---- | M | MD5 = 5D81CF9A2F1A3A756B66CF684911CDF0] (Microsoft Corporation)
(NetBT) NetBios over Tcpip [Kernel | System | Running] -> %SystemRoot%\system32\drivers\netbt.sys -> [2008/04/13 23:51:02 | 00,162,816 | ---- | M | MD5 = 74B2B2F5BEA5E9A3DC021D685551BD3D] (Microsoft Corporation)
(NIC1394) 1394 Net Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nic1394.sys -> [2008/04/13 23:21:26 | 00,061,824 | ---- | M | MD5 = E9E47CFB2D461FA0FC75B7A74C6383EA] (Microsoft Corporation)
(Npfs) Npfs [File_System | System | Running] -> %SystemRoot%\system32\drivers\npfs.sys -> [2008/04/13 23:02:40 | 00,030,848 | ---- | M | MD5 = 3182D64AE053D6FB034F44B6DEF8034A] (Microsoft Corporation)
(Ntfs) Ntfs [File_System | Disabled | Running] -> %SystemRoot%\system32\drivers\ntfs.sys -> [2008/04/13 23:45:54 | 00,574,976 | ---- | M | MD5 = 78A08DD6A8D65E697C18E1DB01C5CDCA] (Microsoft Corporation)
(Null) Null [Kernel | System | Running] -> %SystemRoot%\system32\drivers\null.sys -> [2004/08/09 13:00:00 | 00,002,944 | ---- | M | MD5 = 73C1E1F395918BC2C6DD67AF7591A3AD] (Microsoft Corporation)
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2006/05/09 07:50:00 | 03,535,680 | ---- | M | MD5 = 642A87877F83313EB5302749CD479024] (NVIDIA Corporation)
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NVENETFD.sys -> [2006/03/03 07:31:02 | 00,034,176 | ---- | M | MD5 = 22EEDB34C4D7613A25B10C347C6C4C21] (NVIDIA Corporation)
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvnetbus.sys -> [2006/03/03 07:31:04 | 00,013,056 | ---- | M | MD5 = 5E3F6AD5CAD0F12D3CCCD06FD964087A] (NVIDIA Corporation)
(NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nwlnkflt.sys -> [2004/08/09 13:00:00 | 00,012,416 | ---- | M | MD5 = B305F3FAD35083837EF46A0BBCE2FC57] (Microsoft Corporation)
(NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nwlnkfwd.sys -> [2004/08/09 13:00:00 | 00,032,512 | ---- | M | MD5 = C99B3415198D1AAB7227F2C88FD664B9] (Microsoft Corporation)
(ohci1394) OHCI Compliant IEEE 1394 Host Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ohci1394.sys -> [2008/04/13 23:16:20 | 00,061,696 | ---- | M | MD5 = CA33832DF41AFB202EE7AEB05145922F] (Microsoft Corporation)
(PalmUSBD) PalmUSBD [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\PalmUSBD.sys -> [2007/06/15 13:31:26 | 00,016,694 | ---- | M | MD5 = 240C0D4049A833B16B63B636ACF01672] (PalmSource, Inc.)
(Parport) Parallel port driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\parport.sys -> [2008/04/13 23:10:12 | 00,080,128 | ---- | M | MD5 = 5575FAF8F97CE5E713D108C2A58D7C7C] (Microsoft Corporation)
(PartMgr) Partition Manager [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\partmgr.sys -> [2008/04/13 23:10:50 | 00,019,712 | ---- | M | MD5 = BEB3BA25197665D82EC7065B724171C6] (Microsoft Corporation)
(ParVdm) ParVdm [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\parvdm.sys -> [2004/08/09 13:00:00 | 00,006,784 | ---- | M | MD5 = 70E98B3FD8E963A6A46A2E6247E0BEA1] (Microsoft Corporation)
(PCI) PCI Bus Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pci.sys -> [2004/08/09 13:00:00 | 00,068,224 | ---- | M | MD5 = 8086D9979234B603AD5BC2F5D890B234] (Microsoft Corporation)
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PCIIde) PCIIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pciide.sys -> [2001/08/17 13:51:52 | 00,003,328 | ---- | M | MD5 = CCF5F451BB1A5A2A522A76E670000FF0] (Microsoft Corporation)
(Pcmcia) Pcmcia [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\pcmcia.sys -> [2008/04/13 23:06:44 | 00,120,192 | ---- | M | MD5 = 9E89EF60E9EE05E3F2EEF2DA7397F1C1] (Microsoft Corporation)
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(PptpMiniport) WAN Miniport (PPTP) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\raspptp.sys -> [2008/04/13 23:49:50 | 00,048,384 | ---- | M | MD5 = EFEEC01B1D3CF84F16DDD24D9D9D8F99] (Microsoft Corporation)
(Processor) Processor Driver [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\processr.sys -> [2008/04/13 23:01:32 | 00,035,840 | ---- | M | MD5 = A32BEBAF723557681BFC6BD93E98BD26] (Microsoft Corporation)
(Ps2) Ps2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\PS2.sys -> [2005/12/12 09:27:00 | 00,019,072 | ---- | M | MD5 = 390C204CED3785609AB24E9C52054A84] (Hewlett-Packard Company)
(PSched) QoS Packet Scheduler [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\psched.sys -> [2008/04/13 23:26:40 | 00,069,120 | ---- | M | MD5 = 09298EC810B07E5D582CB3A3F9255424] (Microsoft Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/09 13:00:00 | 00,017,792 | ---- | M | MD5 = 80D317BD1C3DBC5D4FE7B1678C60CADD] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Stopped] ->  -> File not found
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(RasAcd) Remote Access Auto Connection Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\rasacd.sys -> [2004/08/09 13:00:00 | 00,008,832 | ---- | M | MD5 = FE0D99D6F31E4FAD8159F690D68DED9C] (Microsoft Corporation)
(Rasl2tp) WAN Miniport (L2TP) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rasl2tp.sys -> [2008/04/13 23:49:44 | 00,051,328 | ---- | M | MD5 = 11B4A627BC9614B885C4969BFA5FF8A6] (Microsoft Corporation)
(RasPppoe) Remote Access PPPOE Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\raspppoe.sys -> [2008/04/13 23:27:34 | 00,041,472 | ---- | M | MD5 = 5BC962F2654137C9909C3D4603587DEE] (Microsoft Corporation)
(Raspti) Direct Parallel [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\raspti.sys -> [2004/08/09 13:00:00 | 00,016,512 | ---- | M | MD5 = FDBB1D60066FCFBB7452FD8F9829B242] (Microsoft Corporation)
(Rdbss) Rdbss [File_System | System | Running] -> %SystemRoot%\system32\drivers\rdbss.sys -> [2008/04/13 23:58:40 | 00,175,744 | ---- | M | MD5 = 7AD224AD1A1437FE28D89CF22B17780A] (Microsoft Corporation)
(RDPCDD) RDPCDD [Kernel | System | Running] -> %SystemRoot%\system32\drivers\rdpcdd.sys -> [2004/08/09 13:00:00 | 00,004,224 | ---- | M | MD5 = 4912D5B403614CE99C28420F75353332] (Microsoft Corporation)
(rdpdr) Terminal Server Device Redirector Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rdpdr.sys -> [2004/08/03 14:01:16 | 00,196,864 | ---- | M | MD5 = A2CAE2C60BC37E0751EF9DDA7CEAF4AD] (Microsoft Corporation)
(RDPWD) RDPWD [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\rdpwd.sys -> [2008/04/14 04:43:24 | 00,139,656 | ---- | M | MD5 = 6728E45B66F93C08F11DE2E316FC70DD] (Microsoft Corporation)
(redbook) Digital CD Audio Playback Filter Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\redbook.sys -> [2008/04/13 23:10:28 | 00,057,600 | ---- | M | MD5 = F828DD7E1419B6653894A8F97A0094C5] (Microsoft Corporation)
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RTL8139.sys -> [2004/08/03 06:31:34 | 00,020,992 | ---- | M | MD5 = D507C1400284176573224903819FFDA3] (Realtek Semiconductor Corporation)
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] ->  -> File not found
(SASKUTIL) SASKUTIL [Kernel | System | Stopped] ->  -> File not found
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 02:25:53 | 00,020,480 | ---- | M | MD5 = 90A3935D05B494A5A39D37E71F09A677] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(Serial) Serial [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\serial.sys -> [2008/04/13 23:45:46 | 00,064,512 | ---- | M | MD5 = CCA207A8896D4C6A0C9CE29A4AE411A7] (Microsoft Corporation)
(Sfloppy) Sfloppy [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\sfloppy.sys -> [2008/04/13 23:10:50 | 00,011,392 | ---- | M | MD5 = 8E6B8C671615D126FDC553D1E2DE5562] (Microsoft Corporation)
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(splitter) Microsoft Kernel Audio Splitter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\splitter.sys -> [2008/04/13 23:15:08 | 00,006,272 | ---- | M | MD5 = AB8B92451ECB048A4D1DE7C3FFCB4A9F] (Microsoft Corporation)
(sr) System Restore Filter Driver [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\sr.sys -> [2008/04/13 23:06:54 | 00,073,472 | ---- | M | MD5 = 76BB022C2FB6902FD5BDD4F78FC13A5D] (Microsoft Corporation)
(Srv) Srv [File_System | On_Demand | Running] -> %SystemRoot%\system32\drivers\srv.sys -> [2008/12/11 02:57:09 | 00,333,952 | ---- | M | MD5 = 3BB03F2BA89D2BE417206C373D2AF17C] (Microsoft Corporation)
(swenum) Software Bus Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\swenum.sys -> [2004/08/09 20:00:00 | 00,004,352 | ---- | M | MD5 = 03C1BAE4766E2450219D20B993D6E046] (Microsoft Corporation)
(swmidi) Microsoft Kernel GS Wavetable Synthesizer [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\swmidi.sys -> [2008/04/13 23:15:10 | 00,056,576 | ---- | M | MD5 = 8CE882BCC6CF8A62F2B2323D95CB3D01] (Microsoft Corporation)
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(sysaudio) Microsoft Kernel System Audio Device [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sysaudio.sys -> [2008/04/13 23:45:56 | 00,060,800 | ---- | M | MD5 = 8B83F3ED0F1688B4958F77CD6D2BF290] (Microsoft Corporation)
(Tcpip) TCP/IP Protocol Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\tcpip.sys -> [2008/06/20 03:51:12 | 00,361,600 | ---- | M | MD5 = 9425B72F40257B45D45D24773273DAD0] (Microsoft Corporation)
(TDPIPE) TDPIPE [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\tdpipe.sys -> [2008/04/14 04:43:22 | 00,012,040 | ---- | M | MD5 = 6471A66807F5E104E4885F5B67349397] (Microsoft Corporation)
(TDTCP) TDTCP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\tdtcp.sys -> [2008/04/14 04:43:22 | 00,021,896 | ---- | M | MD5 = C56B6D0402371CF3700EB322EF3AAF61] (Microsoft Corporation)
(TermDD) Terminal Device Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\termdd.sys -> [2004/08/03 16:01:08 | 00,040,840 | ---- | M | MD5 = A540A99C281D933F3D69D55E48727F47] (Microsoft Corporation)
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(TucbDriverV32) TucbDriverV32 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\TucbDriverV32.sys -> [2008/06/04 09:24:40 | 00,508,544 | ---- | M | MD5 = CE859455CC47AD2FD8A817FBECE4634C] ()
(Udfs) Udfs [File_System | Disabled | Stopped] -> %SystemRoot%\system32\drivers\udfs.sys -> [2008/04/13 23:02:38 | 00,066,048 | ---- | M | MD5 = 5787B80C2E3C5E2F56C2A233D91FA2C9] (Microsoft Corporation)
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(Update) Microcode Update Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\update.sys -> [2008/04/13 23:09:48 | 00,384,768 | ---- | M | MD5 = 402DDC88356B1BAC0EE3DD1580C76A31] (Microsoft Corporation)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaapl.sys -> [2008/10/01 12:01:28 | 00,032,000 | ---- | M | MD5 = C1CA131F4E3ED63D6BC89A35FFAD4CDA] (Apple, Inc.)
(usbccgp) Microsoft USB Generic Parent Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbccgp.sys -> [2008/04/13 23:15:40 | 00,032,128 | ---- | M | MD5 = 173F317CE0DB8E21322E71B7E60A27E8] (Microsoft Corporation)
(usbehci) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbehci.sys -> [2008/04/13 23:15:36 | 00,030,208 | ---- | M | MD5 = 65DCF09D0E37D4C6B11B5B0B76D470A7] (Microsoft Corporation)
(usbhub) USB2 Enabled Hub [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbhub.sys -> [2004/08/09 13:00:00 | 00,057,600 | ---- | M | MD5 = C72F40947F92CEA56A8FB532EDF025F1] (Microsoft Corporation)
(usbohci) Microsoft USB Open Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbohci.sys -> [2004/08/03 23:08:38 | 00,017,024 | ---- | M | MD5 = BDFE799A8531BAD8A5A985821FE78760] (Microsoft Corporation)
(usbprint) Microsoft USB PRINTER Class [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbprint.sys -> [2008/04/13 23:17:38 | 00,025,856 | ---- | M | MD5 = A717C8721046828520C9EDF31288FC00] (Microsoft Corporation)
(usbscan) USB Scanner Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbscan.sys -> [2008/04/13 23:15:36 | 00,015,104 | ---- | M | MD5 = A0B8CF9DEB1184FBDD20784A58FA75D4] (Microsoft Corporation)
(usbstor) USB Mass Storage Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbstor.sys -> [2008/04/13 23:15:40 | 00,026,368 | ---- | M | MD5 = A32426D9B14A089EAA1D922E0C5801A9] (Microsoft Corporation)
(usbuhci) Microsoft USB Universal Host Controller Miniport Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbuhci.sys -> [2004/08/09 13:00:00 | 00,020,480 | ---- | M | MD5 = F8FD1400092E23C8F2F31406EF06167B] (Microsoft Corporation)
(VgaSave) VGA Display Controller. [Kernel | System | Running] -> %SystemRoot%\system32\drivers\vga.sys -> [2008/04/13 23:14:42 | 00,020,992 | ---- | M | MD5 = 0D3A8FAFCEACD8B7625CD549757A7DF1] (Microsoft Corporation)
(ViaIde) ViaIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\viaide.sys -> [2008/04/13 23:10:32 | 00,005,376 | ---- | M | MD5 = 3B3EFCDA263B8AC14FDF9CBDD0791B2E] (Microsoft Corporation)
(VolSnap) VolSnap [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\volsnap.sys -> [2008/04/13 23:11:02 | 00,052,352 | ---- | M | MD5 = 4C8FCB5CC53AAB716D810740FE59D025] (Microsoft Corporation)
(Wanarp) Remote Access IP ARP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wanarp.sys -> [2008/04/13 23:27:22 | 00,034,560 | ---- | M | MD5 = E20B95BAEDB550F32DD489265C1DA1F6] (Microsoft Corporation)
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(wdmaud) Microsoft WINMM WDM Audio Compatibility Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wdmaud.sys -> [2008/04/13 23:47:20 | 00,083,072 | ---- | M | MD5 = 6768ACF64B18196494413695F0C3A00F] (Microsoft Corporation)
(winachsx) winachsx [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSX_CNXT.sys -> [2005/12/06 03:20:42 | 00,670,208 | ---- | M | MD5 = 11EC1AFCEB5C917CE73D3C301FF4291E] (Conexant Systems, Inc.)
(WpdUsb) WpdUsb [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wpdusb.sys -> [2006/10/18 19:00:00 | 00,038,528 | ---- | M | MD5 = CF4DEF1BF66F06964DC0D91844239104] (Microsoft Corporation)
(WudfPf) Windows Driver Foundation - User-mode Driver Framework Platform Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\WudfPf.sys -> [2006/09/28 17:55:50 | 00,077,568 | ---- | M | MD5 = F15FEAFFFBB3644CCC80C5DA584E6311] (Microsoft Corporation)
(WudfRd) Windows Driver Foundation - User-mode Driver Framework Reflector [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\WudfRd.sys -> [2006/09/28 18:00:34 | 00,082,944 | ---- | M | MD5 = 28B524262BCE6DE1F7EF9F510BA3985B] (Microsoft Corporation)
 
[Registry - All]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"First Home Page" -> http://go.microsoft.com/fwlink/?LinkId=54843 -> 
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\"Page_Transitions" ->  -> 
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://yahoo.com/ -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> http://home.microsoft.com/access/autosearch.asp?p=%s -> 
HKEY_CURRENT_USER\: URLSearchHooks\\"{00A6FAF6-072E-44cf-8957-5838F569A31D}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop -> 
HKEY_USERS\.DEFAULT\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_USERS\.DEFAULT\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{00A6FAF6-072E-44cf-8957-5838F569A31D}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop -> 
HKEY_USERS\S-1-5-18\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_USERS\S-1-5-18\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{00A6FAF6-072E-44cf-8957-5838F569A31D}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\] > -> -> 
HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\: Main\\"First Home Page" -> http://go.microsoft.com/fwlink/?LinkId=54843 -> 
HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\: Main\\"Local Page" -> C:\windows\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\: Main\\"Page_Transitions" ->  -> 
HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\: Main\\"Start Page" -> http://yahoo.com/ -> 
HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\: SearchURL\\"" -> http://home.microsoft.com/access/autosearch.asp?p=%s -> 
HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\: URLSearchHooks\\"{00A6FAF6-072E-44cf-8957-5838F569A31D}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\: "ProxyOverride" -> *.local -> 
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\wv77ayta.default\prefs.js -> 
browser.startup.homepage -> "http://www.myspace.com/" ->
browser.startup.homepage_override.mstone -> "rv:1.9.0.3" ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.3 ->
extensions.enabledItems -> nasanightlaunch@example.com:0.6.20080809 ->
< HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
127.0.0.1	   localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{5335AA2E-0DD4-4BD1-8B45-36EAB2D88229} [HKLM] -> %SystemRoot%\system32\rqRLcDSk.dll [Reg Error: Value  does not exist or could not be read.] -> [2009/01/24 21:02:54 | 00,315,904 | ---- | M | MD5 = 93DE022FF66E8BADFF66FB6E76DFD818] ()
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> [2005/05/31 00:04:00 | 00,853,672 | ---- | M | MD5 = 250D787A5712D7768DDC133B3E477759] (Safer Networking Limited)
{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} [HKLM] -> %SystemRoot%\system32\ddcArQkL.dll [Reg Error: Value  does not exist or could not be read.] -> [2009/01/17 13:16:53 | 00,036,352 | ---- | M | Unable to obtain MD5] ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008/12/05 13:27:57 | 00,320,920 | ---- | M | MD5 = 35E6FB6E6003BD54A5D69C9C1C762192] (Sun Microsystems, Inc.)
{AAAE832A-5FFF-4661-9C8F-369692D1DCB9} [HKLM] -> %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [hpWebHelper Class] -> [2007/01/10 07:15:25 | 00,208,896 | ---- | M | MD5 = BEBDF2293F53049569285B9B2FA7EC68] (Hewlett-Packard)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [Google Toolbar Notifier BHO] -> [2009/01/08 05:42:54 | 00,657,904 | ---- | M | MD5 = 2C7C2CE12A0A07A36EDCBAAE469DC867] (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008/12/05 13:27:56 | 00,034,816 | ---- | M | MD5 = 5D57FD3DF32DC69CEC3D1D54B4C43162] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2008/12/05 13:27:57 | 00,073,728 | ---- | M | MD5 = F68EDAFE003F2B3523C0742CD3B8D673] (Sun Microsystems, Inc.)
{ef34a6f0-7100-4f49-9a51-92059379a18b} [HKLM] -> %SystemRoot%\system32\nnckvbxc.dll [Reg Error: Value  does not exist or could not be read.] -> [2009/01/29 17:09:40 | 00,075,776 | ---- | M | MD5 = A56AF3E14E7E2F574DDA5404D6E95A5E] ()
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" [HKLM] -> %SystemRoot%\system32\browseui.dll [&Address] -> [2008/04/13 16:11:50 | 01,025,024 | ---- | M | MD5 = E392E172687BE172F8600C5F41AB03D9] (Microsoft Corporation)
WebBrowser\\"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" [HKLM] -> %SystemRoot%\system32\browseui.dll [&Address] -> [2008/04/13 16:11:50 | 01,025,024 | ---- | M | MD5 = E392E172687BE172F8600C5F41AB03D9] (Microsoft Corporation)
WebBrowser\\"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" [HKLM] -> %SystemRoot%\system32\shell32.dll [&Links] -> [2008/04/13 16:12:05 | 08,461,312 | ---- | M | MD5 = 0CF50B1F45DAB08430C1DBB79FE2CA5B] (Microsoft Corporation)
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\] > -> HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" [HKLM] -> %SystemRoot%\system32\browseui.dll [&Address] -> [2008/04/13 16:11:50 | 01,025,024 | ---- | M | MD5 = E392E172687BE172F8600C5F41AB03D9] (Microsoft Corporation)
WebBrowser\\"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" [HKLM] -> %SystemRoot%\system32\browseui.dll [&Address] -> [2008/04/13 16:11:50 | 01,025,024 | ---- | M | MD5 = E392E172687BE172F8600C5F41AB03D9] (Microsoft Corporation)
WebBrowser\\"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" [HKLM] -> %SystemRoot%\system32\shell32.dll [&Links] -> [2008/04/13 16:12:05 | 08,461,312 | ---- | M | MD5 = 0CF50B1F45DAB08430C1DBB79FE2CA5B] (Microsoft Corporation)
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"40553691" -> %SystemRoot%\system32\jldjnumq.dll [rundll32.exe "C:\WINDOWS\system32\jldjnumq.dll",b] -> [2009/01/29 17:15:15 | 00,072,704 | ---- | M | MD5 = 345D5797590D5D3D335EAD22BD846FB2] ()
"AVG7_CC" -> \PROGRA~1\Grisoft\AVG7\avgcc.exe [C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP] -> [2008/11/16 11:44:21 | 00,590,848 | ---- | M | MD5 = F1B42DE29AF84F24FB59989805B1B62D] ()
"ehTray" -> %SystemRoot%\ehome\ehtray.exe [C:\WINDOWS\ehome\ehtray.exe] -> [2005/09/29 14:01:14 | 00,067,584 | ---- | M | MD5 = 7E48B4958C131E9643DDCD2E7CA3FE9F] (Microsoft Corporation)
"ftutil2" -> %SystemRoot%\system32\ftutil2.dll [rundll32.exe ftutil2.dll,SetWriteCacheMode] -> [2004/06/07 06:05:38 | 00,106,496 | ---- | M | MD5 = B8ED44B59233B1872AE4CC246C6BBFE2] (Promise Technology, Inc.)
"HP Software Update" -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe] -> [2007/05/08 15:24:20 | 00,054,840 | ---- | M | MD5 = 21293443961A4E2597453EE7A9347F22] (Hewlett-Packard)
"HP VoodooDNA Mouse" -> %ProgramFiles%\HP Laser Gaming Mouse with VoodooDNA\hid.exe ["C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\hid.exe"] -> [2008/08/01 09:55:40 | 00,323,584 | ---- | M | MD5 = 823ADEF5BCCE313303E961DF54FF6AC3] ()
"HPBootOp" -> %ProgramFiles%\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe ["C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run] -> [2006/02/15 15:34:58 | 00,249,856 | ---- | M | MD5 = A789B145F17FA5C2326907F4872FE173] (Hewlett-Packard Company)
"itype" -> %ProgramFiles%\Microsoft IntelliType Pro\itype.exe ["c:\Program Files\Microsoft IntelliType Pro\itype.exe"] -> [2006/11/21 16:08:58 | 00,813,912 | ---- | M | MD5 = F2E2AAD0EE3E886161A907F473A10B20] (Microsoft Corporation)
"NvCplDaemon" -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2006/05/09 07:50:00 | 07,311,360 | ---- | M | MD5 = 6BDD333A105978CF4C560CA86FF5E39D] (NVIDIA Corporation)
"TkBellExe" -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> [2008/12/09 01:02:39 | 00,185,872 | ---- | M | MD5 = C681F347514CC8671977FCBD2B7D001A] (RealNetworks, Inc.)
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AVG7_Run" -> %ProgramFiles%\Grisoft\AVG7\avgw.exe [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE] -> [2008/06/19 02:08:50 | 00,219,136 | ---- | M | MD5 = B331EF4C7437F5093D703340678469EB] (GRISOFT, s.r.o.)
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AVG7_Run" -> %ProgramFiles%\Grisoft\AVG7\avgw.exe [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE] -> [2008/06/19 02:08:50 | 00,219,136 | ---- | M | MD5 = B331EF4C7437F5093D703340678469EB] (GRISOFT, s.r.o.)
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AVG7_Run" -> %ProgramFiles%\Grisoft\AVG7\avgw.exe [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE] -> [2008/06/19 02:08:50 | 00,219,136 | ---- | M | MD5 = B331EF4C7437F5093D703340678469EB] (GRISOFT, s.r.o.)
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AVG7_Run" -> %ProgramFiles%\Grisoft\AVG7\avgw.exe [C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE] -> [2008/06/19 02:08:50 | 00,219,136 | ---- | M | MD5 = B331EF4C7437F5093D703340678469EB] (GRISOFT, s.r.o.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
%SystemDrive%\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk -> %SystemDrive%\hp\bin\cloaker.exe -> [1999/11/06 16:11:14 | 00,027,136 | ---- | M | MD5 = 6380625DD0480ED60960A149A087C848] (Hewlett-Packard Co.)
%SystemDrive%\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk -> %SystemDrive%\hp\bin\cloaker.exe -> [1999/11/06 16:11:14 | 00,027,136 | ---- | M | MD5 = 6380625DD0480ED60960A149A087C848] (Hewlett-Packard Co.)
< HP_Administrator Startup Folder > -> C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007] > -> HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [255] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoSetActiveDesktop" ->  [1] -> File not found
\\"NoActiveDesktopChanges" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"InstallVisualStyle" -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
\\"InstallTheme" -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [36] -> File not found
\\"NoDriveAutoRun" ->  [FF FF FF FF  [binary data]] -> File not found
\\"NoSetActiveDesktop" ->  [1] -> File not found
\\"NoActiveDesktopChanges" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007] > -> HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [36] -> File not found
\\"NoDriveAutoRun" ->  [FF FF FF FF  [binary data]] -> File not found
\\"NoSetActiveDesktop" ->  [1] -> File not found
\\"NoActiveDesktopChanges" ->  [1] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007] > -> HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to AMV Converter... -> %ProgramFiles%\MP3 Player Utilities 4.10\AMVConverter\grab.html [C:\Program Files\MP3 Player Utilities 4.10\AMVConverter\grab.html] -> [2006/02/16 10:37:38 | 00,000,890 | ---- | M | MD5 = 7EBF2639E1173A8C6E84A29235162FAB] ()
Add to Media Manager... -> %ProgramFiles%\MP3 Player Utilities 4.10\MediaManager\grab.html [C:\Program Files\MP3 Player Utilities 4.10\MediaManager\grab.html] -> [2006/02/15 09:30:44 | 00,000,890 | ---- | M | MD5 = 071912A38DA560751A5A9AECB01F55DF] ()
E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~4\Office10\EXCEL.EXE [res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to AMV Converter... -> %ProgramFiles%\MP3 Player Utilities 4.10\AMVConverter\grab.html [C:\Program Files\MP3 Player Utilities 4.10\AMVConverter\grab.html] -> [2006/02/16 10:37:38 | 00,000,890 | ---- | M | MD5 = 7EBF2639E1173A8C6E84A29235162FAB] ()
Add to Media Manager... -> %ProgramFiles%\MP3 Player Utilities 4.10\MediaManager\grab.html [C:\Program Files\MP3 Player Utilities 4.10\MediaManager\grab.html] -> [2006/02/15 09:30:44 | 00,000,890 | ---- | M | MD5 = 071912A38DA560751A5A9AECB01F55DF] ()
E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~4\Office10\EXCEL.EXE [res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M | MD5 = 5C044EF0F7D2DD81A45348106AD58152] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M | MD5 = 5C044EF0F7D2DD81A45348106AD58152] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Expression\Office12\REFIEBAR.DLL [Button: Research] -> [2006/10/26 19:12:22 | 00,040,424 | ---- | M | MD5 = 7FC19DA1DC70C78D2FBD7A1D10942051] (Microsoft Corporation)
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Button: Internet Connection Help] -> [2007/01/10 07:13:57 | 00,000,706 | ---- | M | MD5 = 7CB21E1F67A80EAC34B2C10F88F1ED7E] ()
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Menu: Internet Connection Help] -> [2007/01/10 07:13:57 | 00,000,706 | ---- | M | MD5 = 7CB21E1F67A80EAC34B2C10F88F1ED7E] ()
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 23:23:34 | 00,558,080 | ---- | M | MD5 = AAC1D4EE39DF138C5D30AC5883E3B59F] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M | MD5 = 3E930C641079443D4DE036167A69CAA2] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M | MD5 = 3E930C641079443D4DE036167A69CAA2] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value  does not exist or could not be read.] -> File not found
CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] ->  [Internet Connection Help] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M | MD5 = 3E930C641079443D4DE036167A69CAA2] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value  does not exist or could not be read.] -> File not found
CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] ->  [Internet Connection Help] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M | MD5 = 3E930C641079443D4DE036167A69CAA2] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value  does not exist or could not be read.] -> File not found
CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] ->  [Internet Connection Help] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M | MD5 = 3E930C641079443D4DE036167A69CAA2] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\] > -> HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value  does not exist or could not be read.] -> File not found
CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] ->  [Internet Connection Help] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M | MD5 = 3E930C641079443D4DE036167A69CAA2] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2922 domain(s) found. -> 
2922 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\] > -> HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2922 domain(s) found. -> 
2922 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\] > -> HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-3500444619-1280475043-3256969837-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] -> 
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} [HKLM] -> http://support.f-secure.com/ols/fscax.cab [F-Secure Online Scanner 3.3] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{4935BABA-934B-4E7D-A577-4FF99F77B684} ->	(1394 Net Adapter) -> 
{892900FC-9814-4488-99C0-81491C1EE93D} ->	(HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter) -> 
{957A07B1-CC08-4921-8454-F07AC294FF2A} ->	(NVIDIA nForce Networking Controller) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> [2008/04/13 16:12:19 | 01,033,728 | ---- | M | MD5 = 12896823FB95BFB3DC9B46BCAEDC9923] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> [2008/04/14 04:42:40 | 00,026,112 | ---- | M | MD5 = A93AEE1928A9D7CE3E16D24EC7380F89] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> [2008/04/14 04:42:26 | 00,514,560 | ---- | M | MD5 = 2081A5B5E4ABA206A0A8A1A97DF0FB23] (Microsoft Corporation)
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> [2008/04/13 16:12:05 | 08,461,312 | ---- | M | MD5 = 0CF50B1F45DAB08430C1DBB79FE2CA5B] (Microsoft Corporation)
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> [2008/04/14 04:42:42 | 00,300,544 | ---- | M | MD5 = C504A9FE17F997F8B1F8561D0A68DE52] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
crypt32chain -> %SystemRoot%\system32\crypt32.dll -> [2008/04/13 16:11:51 | 00,599,040 | ---- | M | MD5 = BDAAF79DD63F194434D31A74B9BB8B77] (Microsoft Corporation)
cryptnet -> %SystemRoot%\system32\cryptnet.dll -> [2008/04/13 16:11:51 | 00,064,512 | ---- | M | MD5 = C14350FC0D47D806699C4F907FC6785B] (Microsoft Corporation)
cscdll -> %SystemRoot%\system32\cscdll.dll -> [2008/04/13 16:11:51 | 00,101,888 | ---- | M | MD5 = 515A7FAE2070C2B0242B2353443E2F11] (Microsoft Corporation)
ddcArQkL -> %SystemRoot%\system32\ddcArQkL.dll -> [2009/01/17 13:16:53 | 00,036,352 | ---- | M | Unable to obtain MD5] ()
dimsntfy -> %SystemRoot%\system32\dimsntfy.dll -> [2008/04/14 04:41:54 | 00,019,456 | ---- | M | MD5 = E2092F0A1D7ABC243F9C2362483D150D] (Microsoft Corporation)
ScCertProp -> %SystemRoot%\system32\wlnotify.dll -> [2008/04/13 16:12:09 | 00,092,672 | ---- | M | MD5 = 2CC34E8BB667EEF78899546E12649196] (Microsoft Corporation)
Schedule -> %SystemRoot%\system32\wlnotify.dll -> [2008/04/13 16:12:09 | 00,092,672 | ---- | M | MD5 = 2CC34E8BB667EEF78899546E12649196] (Microsoft Corporation)
sclgntfy -> %SystemRoot%\system32\sclgntfy.dll -> [2008/04/14 04:42:06 | 00,020,480 | ---- | M | MD5 = 63FF9068E5BDA0BC9ECD38FBBB216E24] (Microsoft Corporation)
SensLogn -> %SystemRoot%\system32\wlnotify.dll -> [2008/04/13 16:12:09 | 00,092,672 | ---- | M | MD5 = 2CC34E8BB667EEF78899546E12649196] (Microsoft Corporation)
termsrv -> %SystemRoot%\system32\wlnotify.dll -> [2008/04/13 16:12:09 | 00,092,672 | ---- | M | MD5 = 2CC34E8BB667EEF78899546E12649196] (Microsoft Corporation)
WgaLogon -> %SystemRoot%\system32\WgaLogon.dll -> [2007/02/15 17:00:26 | 00,236,928 | ---- | M | MD5 = 627B55FAD15C6B03B44198AFBEEBAB1A] (Microsoft Corporation)
wlballoon -> %SystemRoot%\system32\wlnotify.dll -> [2008/04/13 16:12:09 | 00,092,672 | ---- | M | MD5 = 2CC34E8BB667EEF78899546E12649196] (Microsoft Corporation)
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
"{fbeb8a05-beee-4442-804e-409d6c4515e9}" [HKLM] -> %SystemRoot%\system32\shell32.dll [CDBurn] -> [2008/04/13 16:12:05 | 08,461,312 | ---- | M | MD5 = 0CF50B1F45DAB08430C1DBB79FE2CA5B] (Microsoft Corporation)
"{7849596a-48ea-486e-8937-a2a3009f31a9}" [HKLM] -> %SystemRoot%\system32\shell32.dll [PostBootReminder] -> [2008/04/13 16:12:05 | 08,461,312 | ---- | M | MD5 = 0CF50B1F45DAB08430C1DBB79FE2CA5B] (Microsoft Corporation)
"{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKLM] -> %SystemRoot%\system32\stobject.dll [SysTray] -> [2008/04/13 16:12:07 | 00,121,856 | ---- | M | MD5 = 50512FC9B7878E3C2C147BC17326A7DB] (Microsoft Corporation)
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> %SystemRoot%\system32\webcheck.dll [WebCheck] -> [2008/10/16 12:38:39 | 00,233,472 | ---- | M | MD5 = D0A015B71925EA131FA60D15648B9806] (Microsoft Corporation)
"{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKLM] -> %SystemRoot%\system32\WPDShServiceObj.dll [WPDShServiceObj] -> [2006/10/18 20:47:22 | 00,133,632 | ---- | M | MD5 = 045E228F71C31901084B64BE59093499] (Microsoft Corporation)
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> 
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}" [HKLM] -> %SystemRoot%\system32\browseui.dll [Browseui preloader] -> [2008/04/13 16:11:50 | 01,025,024 | ---- | M | MD5 = E392E172687BE172F8600C5F41AB03D9] (Microsoft Corporation)
"{8C7461EF-2B13-11d2-BE35-3078302C2030}" [HKLM] -> %SystemRoot%\system32\browseui.dll [Component Categories cache daemon] -> [2008/04/13 16:11:50 | 01,025,024 | ---- | M | MD5 = E392E172687BE172F8600C5F41AB03D9] (Microsoft Corporation)
"IPC Configuration Utility" [HKLM] -> Reg Error: Key does not exist or could not be opened. [IPC Configuration Utility] -> File not found
< IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ -> 
Your Image File Name Here without a path -> %SystemRoot%\system32\ntsd.exe [Debugger] -> [2004/08/09 20:00:00 | 00,031,744 | ---- | M | MD5 = 43C797488AED00AE5170B0531F8FC6E9] (Microsoft Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}" [HKLM] -> %SystemRoot%\system32\ddcArQkL.dll [] -> [2009/01/17 13:16:53 | 00,036,352 | ---- | M | Unable to obtain MD5] ()
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> %SystemRoot%\system32\shell32.dll [] -> [2008/04/13 16:12:05 | 08,461,312 | ---- | M | MD5 = 0CF50B1F45DAB08430C1DBB79FE2CA5B] (Microsoft Corporation)
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2007/08/24 07:01:22 | 02,212,224 | ---- | M | MD5 = 32C4927E013C018A13D8DFBDA4148812] (Microsoft Corporation)
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
msapsspc.dll -> %SystemRoot%\system32\msapsspc.dll -> [2008/04/14 04:42:00 | 00,086,016 | ---- | M | MD5 = F24B12786D60A17008319E3F2AEE7799] (Microsoft Corporation)
 schannel.dll -> %SystemRoot%\system32\schannel.dll -> [2008/04/14 04:42:06 | 00,144,384 | ---- | M | MD5 = C61E8ECFFDBF05FF71D079BBD35396B3] (Microsoft Corporation)
 digest.dll -> %SystemRoot%\system32\digest.dll -> [2008/04/14 04:41:54 | 00,068,608 | ---- | M | MD5 = 3D76DD0CBC536E0F8C45D23ED230BEB2] (Microsoft Corporation)
 msnsspc.dll -> %SystemRoot%\system32\msnsspc.dll -> [2008/04/14 04:42:02 | 00,290,816 | ---- | M | MD5 = A4388DF80E52695AE92EE5F3F61F1619] (Microsoft Corporation)
*MultiFile Done* -> -> 
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> [2008/04/14 04:42:02 | 00,132,608 | ---- | M | MD5 = 0F152F4E57FDF9E8E8BDFEA583A4926B] (Microsoft Corporation)
C:\WINDOWS\system32\rqRLcDSk -> %SystemRoot%\system32\rqRLcDSk.dll -> [2009/01/24 21:02:54 | 00,315,904 | ---- | M | MD5 = 93DE022FF66E8BADFF66FB6E76DFD818] ()
*MultiFile Done* -> -> 
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> [2008/04/13 16:11:56 | 00,299,520 | ---- | M | MD5 = B17DEFD576AE373E7A1A2C75665E4549] (Microsoft Corporation)
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> [2008/04/14 04:42:02 | 00,132,608 | ---- | M | MD5 = 0F152F4E57FDF9E8E8BDFEA583A4926B] (Microsoft Corporation)
schannel -> %SystemRoot%\system32\schannel.dll -> [2008/04/14 04:42:06 | 00,144,384 | ---- | M | MD5 = C61E8ECFFDBF05FF71D079BBD35396B3] (Microsoft Corporation)
wdigest -> %SystemRoot%\system32\wdigest.dll -> [2008/04/13 16:12:08 | 00,049,152 | ---- | M | MD5 = CEFCC6A64983EB8119F3A07A0C1EDE30] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 23:23:34 | 00,558,080 | ---- | M | MD5 = AAC1D4EE39DF138C5D30AC5883E3B59F] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 04:42:36 | 00,141,312 | ---- | M | MD5 = 3C37BF86641BDA977C3BF8A840F3B7FA] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 23:23:34 | 00,558,080 | ---- | M | MD5 = AAC1D4EE39DF138C5D30AC5883E3B59F] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 04:42:36 | 00,141,312 | ---- | M | MD5 = 3C37BF86641BDA977C3BF8A840F3B7FA] (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/08/29 09:18:44 | 00,238,888 | ---- | M | MD5 = 9EFE4236F8670846B6E7C5B0EFF6E715] (Apple Inc.)
"C:\Program Files\FlashGet\flashget.exe" -> C:\Program Files\FlashGet\flashget.exe [C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget] -> File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" -> C:\Program Files\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> [2008/01/17 21:25:58 | 00,418,816 | ---- | M | MD5 = 3C7B93F947355E374A49564D0D017B7B] (GRISOFT, s.r.o.)
"C:\Program Files\Grisoft\AVG7\avgcc.exe" -> C:\Program Files\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> [2008/11/16 11:44:21 | 00,590,848 | ---- | M | MD5 = F1B42DE29AF84F24FB59989805B1B62D] (GRISOFT, s.r.o.)
"C:\Program Files\Grisoft\AVG7\avginet.exe" -> C:\Program Files\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> [2008/11/16 11:44:21 | 00,514,560 | ---- | M | MD5 = CA998D11ECD3E3DCFA66329F79243D72] (GRISOFT, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/11/20 13:20:48 | 14,294,824 | ---- | M | MD5 = CAC07ED814F984150C7DA7F292E815AB] (Apple Inc.)
"C:\Program Files\Valve\Steam\SteamApps\kevinsandiego\age of chivalry\hl2.exe" -> C:\Program Files\Valve\Steam\SteamApps\kevinsandiego\age of chivalry\hl2.exe [C:\Program Files\Valve\Steam\SteamApps\kevinsandiego\age of chivalry\hl2.exe:*:Enabled:hl2] -> [2008/10/17 22:43:40 | 00,098,304 | ---- | M | MD5 = DA4A333F57963304FBD65B7170DF10B3] ()
"C:\Program Files\Valve\Steam\SteamApps\kevinsandiego\half-life 2 deathmatch\hl2.exe" -> C:\Program Files\Valve\Steam\SteamApps\kevinsandiego\half-life 2 deathmatch\hl2.exe [C:\Program Files\Valve\Steam\SteamApps\kevinsandiego\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2] -> [2008/12/04 01:24:04 | 00,106,496 | ---- | M | MD5 = 7C271BBD974C760F516F1C9F9B61E0F2] ()
"C:\Program Files\Valve\Steam\SteamApps\kevinsandiego\synergy\hl2.exe" -> C:\Program Files\Valve\Steam\SteamApps\kevinsandiego\synergy\hl2.exe [C:\Program Files\Valve\Steam\SteamApps\kevinsandiego\synergy\hl2.exe:*:Enabled:hl2] -> [2008/10/17 22:48:19 | 00,098,304 | ---- | M | MD5 = DA4A333F57963304FBD65B7170DF10B3] ()
"C:\WINDOWS\system32\dpvsetup.exe" -> C:\WINDOWS\system32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> [2008/04/14 04:42:20 | 00,083,456 | ---- | M | MD5 = EA36B806E30D927F70E24EAF545CCC17] (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" -> C:\WINDOWS\system32\rundll32.exe [C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App] -> [2008/04/13 16:12:33 | 00,033,280 | ---- | M | MD5 = 037B1E7798960E0420003D05BB577EE6] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 23:10:48 | 00,062,976 | ---- | M | MD5 = 1F4260CC5B42272D71F79E570A27A4FE] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2007/01/10 07:07:21 | 00,000,100 | ---- | M | MD5 = E7EB038D6FFE32C75E0509E5212358E1] ()
C:\autorun.inf [] -> %SystemDrive%\autorun.inf [ NTFS ] -> [2008/07/07 16:46:09 | 00,000,000 | RHSD | M]
D:\AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [2001/07/27 08:07:38 | 00,000,000 | -HS- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
D:\autorun.inf [] -> D:\autorun.inf [ FAT32 ] -> [2008/01/13 18:01:50 | 00,000,000 | RHSD | M]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{0f0b169c-16fc-11dd-94ef-0018f3569741}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f0b169c-16fc-11dd-94ef-0018f3569741}\Shell
\{0f0b169c-16fc-11dd-94ef-0018f3569741}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f0b169c-16fc-11dd-94ef-0018f3569741}\Shell\AutoRun
\{0f0b169c-16fc-11dd-94ef-0018f3569741}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f0b169c-16fc-11dd-94ef-0018f3569741}\Shell\AutoRun\command
\{0f0b169c-16fc-11dd-94ef-0018f3569741}\Shell\AutoRun\command\\"" -> J:\LaunchU3.exe [J:\LaunchU3.exe -a] -> File not found
 
 
[Files/Folders - Created Within 30 Days]
_OTScanIt -> %SystemDrive%\_OTScanIt -> [2009/01/29 21:32:02 | 00,000,000 | ---D | C]
Hello.docx -> %UserProfile%\Desktop\Hello.docx -> [2009/01/29 21:30:07 | 00,030,229 | ---- | C | MD5 = F90BB43E87ACBEC0B3F67B7F25772B19] ()
drweb-cureit.exe -> %UserProfile%\Desktop\drweb-cureit.exe -> [2009/01/29 21:29:54 | 12,284,912 | ---- | C | MD5 = BF913FDCA0AD42CEC3E496711D893D13] (Doctor Web, Ltd.)
qmunjdlj.ini -> %SystemRoot%\System32\qmunjdlj.ini -> [2009/01/29 17:15:15 | 01,530,604 | -HS- | C | MD5 = EEE09AA73F13BDAEF23C995303642FAE] ()
jldjnumq.dll -> %SystemRoot%\System32\jldjnumq.dll -> [2009/01/29 17:15:14 | 00,072,704 | ---- | C | MD5 = 345D5797590D5D3D335EAD22BD846FB2] ()
yceatp.dll -> %SystemRoot%\System32\yceatp.dll -> [2009/01/29 17:12:16 | 00,129,024 | ---- | C | MD5 = FE8F93129C5F2B37792A0FD056D2C573] ()
ickcjtfu.dll -> %SystemRoot%\System32\ickcjtfu.dll -> [2009/01/29 17:12:14 | 00,129,024 | ---- | C | MD5 = FE8F93129C5F2B37792A0FD056D2C573] ()
nnckvbxc.dll -> %SystemRoot%\System32\nnckvbxc.dll -> [2009/01/29 17:09:41 | 00,075,776 | ---- | C | MD5 = A56AF3E14E7E2F574DDA5404D6E95A5E] ()
lsaofr.dll -> %SystemRoot%\System32\lsaofr.dll -> [2009/01/28 16:42:31 | 00,129,024 | ---- | C | MD5 = 1DAB17FC5A22544A01FB1F90B6781E4C] ()
xlkecboe.dll -> %SystemRoot%\System32\xlkecboe.dll -> [2009/01/28 16:42:28 | 00,129,024 | ---- | C | MD5 = 1DAB17FC5A22544A01FB1F90B6781E4C] ()
erworoou.ini -> %SystemRoot%\System32\erworoou.ini -> [2009/01/28 16:39:30 | 01,530,604 | -HS- | C | MD5 = EEE09AA73F13BDAEF23C995303642FAE] ()
jedprsrl.dll -> %SystemRoot%\System32\jedprsrl.dll -> [2009/01/28 16:37:01 | 00,075,776 | ---- | C | MD5 = A56AF3E14E7E2F574DDA5404D6E95A5E] ()
dpjzlx.dll -> %SystemRoot%\System32\dpjzlx.dll -> [2009/01/26 00:15:06 | 00,129,024 | ---- | C | MD5 = 0B4FA0428A55FB4C02F0CEFC5DF7BEBA] ()
duvpehty.dll -> %SystemRoot%\System32\duvpehty.dll -> [2009/01/26 00:15:04 | 00,129,024 | ---- | C | MD5 = 0B4FA0428A55FB4C02F0CEFC5DF7BEBA] ()
nfiybmde.ini -> %SystemRoot%\System32\nfiybmde.ini -> [2009/01/26 00:12:05 | 01,530,158 | -HS- | C | MD5 = 2E59B7524050FF0248F639DD67793114] ()
songs.docx -> %UserProfile%\Desktop\songs.docx -> [2009/01/24 21:58:53 | 00,021,278 | ---- | C | MD5 = 56A1645FA3B0325908214A048C6AEF88] ()
umadpv.dll -> %SystemRoot%\System32\umadpv.dll -> [2009/01/24 21:05:59 | 00,129,024 | ---- | C | MD5 = 424E23717A35891D97FF887C611F42AE] ()
vvhvmpen.dll -> %SystemRoot%\System32\vvhvmpen.dll -> [2009/01/24 21:05:56 | 00,129,024 | ---- | C | MD5 = 424E23717A35891D97FF887C611F42AE] ()
vugmkkao.ini -> %SystemRoot%\System32\vugmkkao.ini -> [2009/01/24 21:03:37 | 01,434,951 | -HS- | C | MD5 = 5E17AAC77EC8637DFC4D27365DFE3916] ()
kSDcLRqr.ini -> %SystemRoot%\System32\kSDcLRqr.ini -> [2009/01/24 21:02:54 | 00,031,231 | -HS- | C | MD5 = BD9DD37B53C3BFA186E023537ACE1282] ()
kSDcLRqr.ini2 -> %SystemRoot%\System32\kSDcLRqr.ini2 -> [2009/01/24 21:02:54 | 00,031,129 | -HS- | C | MD5 = 6F662CB1D871D93C7D69B4C6F0F00E01] ()
rqRLcDSk.dll -> %SystemRoot%\System32\rqRLcDSk.dll -> [2009/01/24 21:02:52 | 00,315,904 | ---- | C | MD5 = 93DE022FF66E8BADFF66FB6E76DFD818] ()
BASE -> %UserProfile%\Desktop\BASE -> [2009/01/24 20:00:35 | 00,000,000 | ---D | C]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [2009/01/24 19:51:43 | 00,000,000 | ---D | C]
gmer.exe -> %UserProfile%\Desktop\gmer.exe -> [2009/01/24 19:40:55 | 00,811,008 | ---- | C | MD5 = 76F416201E5008CFBE6E931F8070E548] ()
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [2009/01/24 19:40:54 | 03,048,418 | ---- | C | MD5 = 58BD22B2D2E422CF4D3539A1E7E00265] ()
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/01/24 19:40:54 | 00,781,851 | ---- | C | MD5 = 237969915F26D87AAC7B6E5003C69068] ()
avz.exe -> %UserProfile%\Desktop\avz.exe -> [2009/01/24 19:40:54 | 00,733,696 | ---- | C | MD5 = DAC7D894EC8C7E5746AE3B8941DE7906] (Лаборатория Касперского, 2007)
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/01/24 19:40:54 | 00,485,376 | ---- | C | MD5 = F33A8441F5C3EA4BEF4AD8A1571A5B3B] (OldTimer Tools)
OTMoveIt3.exe -> %UserProfile%\Desktop\OTMoveIt3.exe -> [2009/01/24 19:40:54 | 00,348,160 | ---- | C | MD5 = 6A0DB8F156B2B60E150895994ADA11FC] (OldTimer Tools)
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2009/01/24 19:40:53 | 02,737,800 | ---- | C | MD5 = A5B4FAC4D00C88B53A1303732B67A2CD] (Malwarebytes Corporation									)
NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [2009/01/20 15:43:28 | 00,000,622 | ---- | C | MD5 = CDA72A23468BDBAE83519134865C3785] ()
ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2009/01/20 15:43:28 | 00,000,603 | ---- | C | MD5 = 75E1B7B44B8166D9FF20822DB37AED87] ()
ERUNT -> %ProgramFiles%\ERUNT -> [2009/01/20 15:43:27 | 00,000,000 | ---D | C]
erunt-setup.exe -> %UserProfile%\Desktop\erunt-setup.exe -> [2009/01/20 15:42:15 | 00,791,393 | ---- | C | MD5 = 933169EEE58B90EB0900CD3B0AF02FD8] (Lars Hederer												)
fixes.docx -> %UserProfile%\Desktop\fixes.docx -> [2009/01/20 15:30:23 | 00,083,654 | ---- | C | MD5 = 77AA0CB58E75051BF7ACB1C99F2CEF1B] ()
PIF -> %SystemRoot%\PIF -> [2009/01/18 10:21:31 | 00,000,000 | -H-D | C]
ddcArQkL.dll -> %SystemRoot%\System32\ddcArQkL.dll -> [2009/01/17 13:16:53 | 00,036,352 | ---- | C | Unable to obtain MD5] ()
ctmasetp.dll -> %SystemRoot%\System32\dllcache\ctmasetp.dll -> [2009/01/11 01:05:56 | 00,249,856 | ---- | C | MD5 = 4CEC096242A008DF9A07E2B0708C86E1] (Comtrol® Corporation)
compbatt.sys -> %SystemRoot%\System32\dllcache\compbatt.sys -> [2009/01/11 01:05:46 | 00,010,240 | ---- | C | MD5 = 6E4C9F21F0FAE8940661144F41B13203] (Microsoft Corporation)
cmbatt.sys -> %SystemRoot%\System32\dllcache\cmbatt.sys -> [2009/01/11 01:05:42 | 00,013,952 | ---- | C | MD5 = 0F6C187D38D98F8DF904589A5F94D411] (Microsoft Corporation)
changer.sys -> %SystemRoot%\System32\dllcache\changer.sys -> [2009/01/11 01:05:35 | 00,008,192 | ---- | C | MD5 = 2A5815CA6FFF24B688C01F828B96819C] (Microsoft Corporation)
ccdecode.sys -> %SystemRoot%\System32\dllcache\ccdecode.sys -> [2009/01/11 01:05:31 | 00,017,024 | ---- | C | MD5 = 0BE5AEF125BE881C4F854C554F2B025C] (Microsoft Corporation)
camext30.dll -> %SystemRoot%\System32\dllcache\camext30.dll -> [2009/01/11 01:05:26 | 00,121,856 | ---- | C | MD5 = 51BAF885D8BE3AD9693E04FF53B3A1F4] (Microsoft Corporation)
bdaplgin.ax -> %SystemRoot%\System32\dllcache\bdaplgin.ax -> [2009/01/11 01:05:00 | 00,018,432 | ---- | C | MD5 = 215D2C75E58774A0FAD6FC345FA84643] (Microsoft Corporation)
bdasup.sys -> %SystemRoot%\System32\dllcache\bdasup.sys -> [2009/01/11 01:05:00 | 00,011,776 | ---- | C | MD5 = 56B7F78228CC41FFA1F5BDF3AF799D19] (Microsoft Corporation)
battc.sys -> %SystemRoot%\System32\dllcache\battc.sys -> [2009/01/11 01:04:57 | 00,014,208 | ---- | C | MD5 = 0D93976F7801B7FCD8135CC77257BBD0] (Microsoft Corporation)
avcstrm.sys -> %SystemRoot%\System32\dllcache\avcstrm.sys -> [2009/01/11 01:04:53 | 00,013,696 | ---- | C | MD5 = E625773D7B950842D582F713656859C0] (Microsoft Corporation)
avc.sys -> %SystemRoot%\System32\dllcache\avc.sys -> [2009/01/11 01:04:52 | 00,038,912 | ---- | C | MD5 = F8E6956A614F15A0860474C5E2A7DE6B] (Microsoft Corporation)
61883.sys -> %SystemRoot%\System32\dllcache\61883.sys -> [2009/01/11 01:04:26 | 00,048,128 | ---- | C | MD5 = 914A9709FC3BF419AD2F85547F2A4832] (Microsoft Corporation)
4mmdat.sys -> %SystemRoot%\System32\dllcache\4mmdat.sys -> [2009/01/11 01:04:26 | 00,012,288 | ---- | C | MD5 = 7E14BAD6CBC8EE6857902E33128E6DF2] (Microsoft Corporation)
config.cfg -> %AppData%\config.cfg -> [2009/01/11 00:20:20 | 00,000,027 | ---- | C | MD5 = 70B66FFE5F1498AC5F3D26058DC73CAC] ()
~tmp.html -> %AppData%\~tmp.html -> [2009/01/11 00:20:19 | 00,041,218 | ---- | C | MD5 = 80342563904C5C68D2B6CC556E2A3CF6] ()
SYSREST -> %SystemDrive%\SYSREST -> [2009/01/10 23:56:45 | 00,000,018 | -H-- | C | MD5 = 6E1BE1A042C371F36C258D3C18730BCB] ()
Google -> %AppData%\Google -> [2009/01/08 05:44:09 | 00,000,000 | ---D | C]
Google -> %UserProfile%\Local Settings\Application Data\Google -> [2009/01/08 05:43:51 | 00,000,000 | ---D | C]
Google Updater -> %AllUsersProfile%\Application Data\Google Updater -> [2009/01/08 05:42:53 | 00,000,000 | ---D | C]
Google -> %ProgramFiles%\Google -> [2009/01/08 05:42:52 | 00,000,000 | ---D | C]
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/01/08 05:27:08 | 00,000,178 | -HS- | C | MD5 = CBDA6984D2ECC537AEF07205AE001013] ()
 
[Files/Folders - Modified Within 30 Days]
2 C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp -> 
kSDcLRqr.ini -> %SystemRoot%\System32\kSDcLRqr.ini -> [2009/01/29 21:46:51 | 00,031,231 | -HS- | M | MD5 = BD9DD37B53C3BFA186E023537ACE1282] ()
hpsysdrv.DAT -> %SystemRoot%\System\hpsysdrv.DAT -> [2009/01/29 21:45:02 | 00,000,186 | ---- | M | MD5 = 787B30C027BB63BFFFF5E1E1891F9113] ()
nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [2009/01/29 21:44:35 | 00,043,531 | ---- | M | MD5 = E868CAAA68EB92C70D07B66E0F938269] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/01/29 21:44:32 | 00,001,158 | ---- | M | MD5 = 718D04B2CA31277109A39CF7DDA07488] ()
kSDcLRqr.ini2 -> %SystemRoot%\System32\kSDcLRqr.ini2 -> [2009/01/29 21:44:01 | 00,031,129 | -HS- | M | MD5 = 6F662CB1D871D93C7D69B4C6F0F00E01] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/01/29 21:43:57 | 00,000,006 | -H-- | M | MD5 = F1A6CD5ADAAB953A6764EA364E17BFB8] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/01/29 21:43:47 | 00,002,048 | --S- | M | MD5 = 6A2CB42966136854F4464516FBB4AE72] ()
Perflib_Perfdata_140.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_140.dat -> [2009/01/29 21:41:40 | 00,016,384 | ---- | M | MD5 = CE338FE6899778AACFC28414F2D9498B] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/01/29 21:40:36 | 00,000,178 | -HS- | M | MD5 = CBDA6984D2ECC537AEF07205AE001013] ()
ntuser.dat -> %UserProfile%\ntuser.dat -> [2009/01/29 21:40:35 | 09,699,328 | ---- | M | Unable to obtain MD5] ()
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/01/29 20:48:35 | 00,085,040 | ---- | M | MD5 = 1407E2A3FC0BC0B04DA156EBF169DB95] ()
qmunjdlj.ini -> %SystemRoot%\System32\qmunjdlj.ini -> [2009/01/29 17:15:18 | 01,530,604 | -HS- | M | MD5 = EEE09AA73F13BDAEF23C995303642FAE] ()
jldjnumq.dll -> %SystemRoot%\System32\jldjnumq.dll -> [2009/01/29 17:15:15 | 00,072,704 | ---- | M | MD5 = 345D5797590D5D3D335EAD22BD846FB2] ()
yceatp.dll -> %SystemRoot%\System32\yceatp.dll -> [2009/01/29 17:12:16 | 00,129,024 | ---- | M | MD5 = FE8F93129C5F2B37792A0FD056D2C573] ()
ickcjtfu.dll -> %SystemRoot%\System32\ickcjtfu.dll -> [2009/01/29 17:12:16 | 00,129,024 | ---- | M | MD5 = FE8F93129C5F2B37792A0FD056D2C573] ()
erworoou.ini -> %SystemRoot%\System32\erworoou.ini -> [2009/01/29 17:09:40 | 01,530,604 | -HS- | M | MD5 = EEE09AA73F13BDAEF23C995303642FAE] ()
nnckvbxc.dll -> %SystemRoot%\System32\nnckvbxc.dll -> [2009/01/29 17:09:40 | 00,075,776 | ---- | M | MD5 = A56AF3E14E7E2F574DDA5404D6E95A5E] ()
Hello.docx -> %UserProfile%\Desktop\Hello.docx -> [2009/01/28 19:19:24 | 00,030,229 | ---- | M | MD5 = F90BB43E87ACBEC0B3F67B7F25772B19] ()
drweb-cureit.exe -> %UserProfile%\Desktop\drweb-cureit.exe -> [2009/01/28 19:15:24 | 12,284,912 | ---- | M | MD5 = BF913FDCA0AD42CEC3E496711D893D13] (Doctor Web, Ltd.)
xlkecboe.dll -> %SystemRoot%\System32\xlkecboe.dll -> [2009/01/28 16:42:31 | 00,129,024 | ---- | M | MD5 = 1DAB17FC5A22544A01FB1F90B6781E4C] ()
lsaofr.dll -> %SystemRoot%\System32\lsaofr.dll -> [2009/01/28 16:42:31 | 00,129,024 | ---- | M | MD5 = 1DAB17FC5A22544A01FB1F90B6781E4C] ()
nfiybmde.ini -> %SystemRoot%\System32\nfiybmde.ini -> [2009/01/28 16:37:10 | 01,530,158 | -HS- | M | MD5 = 2E59B7524050FF0248F639DD67793114] ()
jedprsrl.dll -> %SystemRoot%\System32\jedprsrl.dll -> [2009/01/28 16:37:03 | 00,075,776 | ---- | M | MD5 = A56AF3E14E7E2F574DDA5404D6E95A5E] ()
duvpehty.dll -> %SystemRoot%\System32\duvpehty.dll -> [2009/01/26 00:15:06 | 00,129,024 | ---- | M | MD5 = 0B4FA0428A55FB4C02F0CEFC5DF7BEBA] ()
dpjzlx.dll -> %SystemRoot%\System32\dpjzlx.dll -> [2009/01/26 00:15:06 | 00,129,024 | ---- | M | MD5 = 0B4FA0428A55FB4C02F0CEFC5DF7BEBA] ()
ACD Wallpaper.bmp -> %SystemRoot%\ACD Wallpaper.bmp -> [2009/01/25 01:41:13 | 03,932,214 | ---- | M | MD5 = 796FFBEFDEF845AEF851D3547099A017] ()
songs.docx -> %UserProfile%\Desktop\songs.docx -> [2009/01/25 00:44:34 | 00,021,278 | ---- | M | MD5 = 56A1645FA3B0325908214A048C6AEF88] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2009/01/24 22:02:19 | 00,306,008 | ---- | M | MD5 = C4034EE86CFB1AE12F44569FE5D8BBEC] ()
vvhvmpen.dll -> %SystemRoot%\System32\vvhvmpen.dll -> [2009/01/24 21:05:59 | 00,129,024 | ---- | M | MD5 = 424E23717A35891D97FF887C611F42AE] ()
umadpv.dll -> %SystemRoot%\System32\umadpv.dll -> [2009/01/24 21:05:59 | 00,129,024 | ---- | M | MD5 = 424E23717A35891D97FF887C611F42AE] ()
vugmkkao.ini -> %SystemRoot%\System32\vugmkkao.ini -> [2009/01/24 21:03:41 | 01,434,951 | -HS- | M | MD5 = 5E17AAC77EC8637DFC4D27365DFE3916] ()
rqRLcDSk.dll -> %SystemRoot%\System32\rqRLcDSk.dll -> [2009/01/24 21:02:54 | 00,315,904 | ---- | M | MD5 = 93DE022FF66E8BADFF66FB6E76DFD818] ()
avz.exe -> %UserProfile%\Desktop\avz.exe -> [2009/01/24 13:41:10 | 00,733,696 | ---- | M | MD5 = DAC7D894EC8C7E5746AE3B8941DE7906] (Лаборатория Касперского, 2007)
OTMoveIt3.exe -> %UserProfile%\Desktop\OTMoveIt3.exe -> [2009/01/24 13:38:14 | 00,348,160 | ---- | M | MD5 = 6A0DB8F156B2B60E150895994ADA11FC] (OldTimer Tools)
gmer.exe -> %UserProfile%\Desktop\gmer.exe -> [2009/01/24 13:37:00 | 00,811,008 | ---- | M | MD5 = 76F416201E5008CFBE6E931F8070E548] ()
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/01/24 13:36:14 | 00,781,851 | ---- | M | MD5 = 237969915F26D87AAC7B6E5003C69068] ()
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2009/01/24 13:35:18 | 02,737,800 | ---- | M | MD5 = A5B4FAC4D00C88B53A1303732B67A2CD] (Malwarebytes Corporation									)
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [2009/01/24 13:33:20 | 03,048,418 | ---- | M | MD5 = 58BD22B2D2E422CF4D3539A1E7E00265] ()
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/01/23 23:01:26 | 00,004,232 | ---- | M | MD5 = EF2EF49229A3C9A5B916DA88B98EACE9] ()
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/01/23 23:00:39 | 00,005,221 | ---- | M | MD5 = 925996909F20174E91BC76803029FDD8] ()
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2009/01/21 20:08:01 | 00,000,284 | ---- | M | MD5 = 4EE490F6EBBBE9517EF6A6D86F02A6CE] ()
NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [2009/01/20 15:43:28 | 00,000,622 | ---- | M | MD5 = CDA72A23468BDBAE83519134865C3785] ()
ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2009/01/20 15:43:28 | 00,000,603 | ---- | M | MD5 = 75E1B7B44B8166D9FF20822DB37AED87] ()
erunt-setup.exe -> %UserProfile%\Desktop\erunt-setup.exe -> [2009/01/20 15:42:15 | 00,791,393 | ---- | M | MD5 = 933169EEE58B90EB0900CD3B0AF02FD8] (Lars Hederer												)
fixes.docx -> %UserProfile%\Desktop\fixes.docx -> [2009/01/20 15:07:42 | 00,083,654 | ---- | M | MD5 = 77AA0CB58E75051BF7ACB1C99F2CEF1B] ()
ddcArQkL.dll -> %SystemRoot%\System32\ddcArQkL.dll -> [2009/01/17 13:16:53 | 00,036,352 | ---- | M | Unable to obtain MD5] ()
win.ini -> %SystemRoot%\win.ini -> [2009/01/15 13:16:45 | 00,000,526 | ---- | M | MD5 = 5E353A78087A4002F02782D03455BAC7] ()
system.ini -> %SystemRoot%\system.ini -> [2009/01/15 13:16:45 | 00,000,227 | ---- | M | MD5 = F4D021E764F6FA554606F4A735A3151B] ()
boot.ini -> %SystemDrive%\boot.ini -> [2009/01/15 13:16:45 | 00,000,208 | RHS- | M | MD5 = 7D10C4963852297CCBBC61CAF30C4165] ()
~tmp.html -> %AppData%\~tmp.html -> [2009/01/11 00:20:20 | 00,041,218 | ---- | M | MD5 = 80342563904C5C68D2B6CC556E2A3CF6] ()
config.cfg -> %AppData%\config.cfg -> [2009/01/11 00:20:20 | 00,000,027 | ---- | M | MD5 = 70B66FFE5F1498AC5F3D26058DC73CAC] ()
SYSREST -> %SystemDrive%\SYSREST -> [2009/01/10 23:56:45 | 00,000,018 | -H-- | M | MD5 = 6E1BE1A042C371F36C258D3C18730BCB] ()
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2009/01/09 17:35:28 | 20,853,704 | ---- | M | MD5 = CD65A16E22B9036C631339C74E85AE87] (Microsoft Corporation)
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/01/09 09:03:22 | 00,485,376 | ---- | M | MD5 = F33A8441F5C3EA4BEF4AD8A1571A5B3B] (OldTimer Tools)
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2009/01/08 06:36:44 | 02,110,804 | -H-- | M | MD5 = 75213AA5FFF2E9DD74A314CE35B8F26A] ()
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [2009/01/08 05:28:31 | 00,000,069 | ---- | M | MD5 = 4CE91CEDF6EC0F5FDFF2B6E2DB4E520A] ()
wklntsk1.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wklntsk1.dat -> [2007/05/10 22:35:10 | 00,166,221 | ---- | M | MD5 = FCF5900E146B641F008B5A302DD308A4] ()
wkcalcat.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wkcalcat.dat -> [2007/05/10 22:35:05 | 00,016,384 | ---- | M | MD5 = DE2630981245E15BB1698432E204E8DD] ()
opa12.dat -> %AllUsersProfile%\Application Data\Microsoft\Office\Data\opa12.dat -> [2007/03/19 15:31:20 | 00,008,206 | ---- | M | MD5 = 0E7E24ED21BD5DA96B0D882D5A043AD4] ()
data.dat -> %AllUsersProfile%\Application Data\Microsoft\Office\Data\data.dat -> [2007/03/12 08:37:12 | 00,004,214 | ---- | M | MD5 = 55B5A36927F3ACE0B0FE80B514FF0056] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
[CatchMe Rootkit Scan by GMER]
Rootkit scan error - could not find scan log
Rootkit scan error - could not find scan log
 
< End of report >

____________________________________________________________________

Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2009-01-30 08:02:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:09 AM, on 1/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\hid.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\Tray.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Flock\flock.exe
C:\Documents and Settings\HP_Administrator\Desktop\=\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_ADM~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HP VoodooDNA Mouse] "C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\hid.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 5536 bytes

-- Files created between 2008-12-30 and 2009-01-30 -----------------------------

2009-01-30 01:16:04 0 drahs---- C:\cmdcons
2009-01-30 01:14:54 68096 --a------ C:\WINDOWS\zip.exe
2009-01-30 01:14:54 49152 --a------ C:\WINDOWS\VFIND.exe
2009-01-30 01:14:54 212480 --a------ C:\WINDOWS\SWXCACLS.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2009-01-30 01:14:54 136704 --a------ C:\WINDOWS\SWSC.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2009-01-30 01:14:54 161792 --a------ C:\WINDOWS\SWREG.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2009-01-30 01:14:54 98816 --a------ C:\WINDOWS\sed.exe
2009-01-30 01:14:54 80412 --a------ C:\WINDOWS\grep.exe
2009-01-30 01:14:54 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2009-01-29 21:32:02 0 d-------- C:\_OTScanIt
2009-01-18 10:21:31 0 d--h----- C:\WINDOWS\PIF
2009-01-10 23:56:45 18 --ah----- C:\SYSREST
2009-01-08 05:44:09 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Google
2009-01-08 05:42:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-01-08 05:42:52 0 d-------- C:\Program Files\Google


-- Find3M Report ---------------------------------------------------------------

2009-01-30 07:51:54 0 d-------- C:\Program Files\Flock
2009-01-30 01:34:12 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-30 01:20:30 0 d-------- C:\Program Files\Common Files
2009-01-18 10:21:19 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\AVG7
2009-01-03 00:10:00 0 d-------- C:\Program Files\Advanced Registry Optimizer
2008-12-09 01:03:09 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Real
2008-12-09 01:02:56 0 d-------- C:\Program Files\Common Files\xing shared
2008-12-09 01:02:52 0 d-------- C:\Program Files\Common Files\Real
2008-12-09 01:02:38 0 d-------- C:\Program Files\Real
2008-12-07 12:35:42 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Move Networks
2008-12-05 13:27:51 0 d-------- C:\Program Files\Java
2008-11-03 17:08:53 66932 --ah----- C:\WINDOWS\system32\mlfcache.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
12/05/2008 01:27 PM 34816 --a------ C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
12/05/2008 01:27 PM 73728 --a------ C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [11/16/2008 11:44 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/09/2006 07:50 AM]
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [11/21/2006 04:08 PM]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/15/2006 03:34 PM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [05/08/2007 03:24 PM]
"ftutil2"="ftutil2.dll" [06/07/2004 06:05 AM C:\WINDOWS\system32\ftutil2.dll]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 02:01 PM]
"HP VoodooDNA Mouse"="C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\hid.exe" [08/01/2008 09:55 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/09/2008 01:02 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\ WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=C:\WINDOWS\pss\Updates From HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Thoosje Sidebar.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Thoosje Sidebar.lnk
backup=C:\WINDOWS\pss\Thoosje Sidebar.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
ARPWRMSG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
"C:\Program Files\lg_fwupdate\fwupdate.exe" blrun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
"C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NSCService"=3 (0x3)
"navapsvc"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WinDefend"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"NVSvc"=2 (0x2)
"CCALib8"=2 (0x2)
"GameConsoleService"=3 (0x3)
"RichVideo"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"InCDsrv"=2 (0x2)
"Bonjour Service"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"getPlus® Helper"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"gusvc"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f0b169c-16fc-11dd-94ef-0018f3569741}]
AutoRun\command- J:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2009-01-30 08:02:29 ------------

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 01 February 2009 - 02:17 AM

Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).

Copy/Paste the information in the codebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - All]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}" [HKLM] -> %SystemRoot%\system32\ddcArQkL.dll []
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\rqRLcDSk -> %SystemRoot%\system32\rqRLcDSk.dll
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
[Files/Folders - Created Within 30 Days]
NY -> qmunjdlj.ini -> %SystemRoot%\System32\qmunjdlj.ini
NY -> jldjnumq.dll -> %SystemRoot%\System32\jldjnumq.dll
NY -> yceatp.dll -> %SystemRoot%\System32\yceatp.dll
NY -> ickcjtfu.dll -> %SystemRoot%\System32\ickcjtfu.dll
NY -> nnckvbxc.dll -> %SystemRoot%\System32\nnckvbxc.dll
NY -> lsaofr.dll -> %SystemRoot%\System32\lsaofr.dll
NY -> xlkecboe.dll -> %SystemRoot%\System32\xlkecboe.dll
NY -> erworoou.ini -> %SystemRoot%\System32\erworoou.ini
NY -> jedprsrl.dll -> %SystemRoot%\System32\jedprsrl.dll
NY -> dpjzlx.dll -> %SystemRoot%\System32\dpjzlx.dll
NY -> duvpehty.dll -> %SystemRoot%\System32\duvpehty.dll
NY -> nfiybmde.ini -> %SystemRoot%\System32\nfiybmde.ini
NY -> umadpv.dll -> %SystemRoot%\System32\umadpv.dll
NY -> vvhvmpen.dll -> %SystemRoot%\System32\vvhvmpen.dll
NY -> vugmkkao.ini -> %SystemRoot%\System32\vugmkkao.ini
NY -> kSDcLRqr.ini -> %SystemRoot%\System32\kSDcLRqr.ini
NY -> kSDcLRqr.ini2 -> %SystemRoot%\System32\kSDcLRqr.ini2
NY -> rqRLcDSk.dll -> %SystemRoot%\System32\rqRLcDSk.dll
NY -> ddcArQkL.dll -> %SystemRoot%\System32\ddcArQkL.dll
[Files/Folders - Modified Within 30 Days]
NY -> kSDcLRqr.ini2 -> %SystemRoot%\System32\kSDcLRqr.ini2
NY -> qmunjdlj.ini -> %SystemRoot%\System32\qmunjdlj.ini
NY -> jldjnumq.dll -> %SystemRoot%\System32\jldjnumq.dll
NY -> yceatp.dll -> %SystemRoot%\System32\yceatp.dll
NY -> ickcjtfu.dll -> %SystemRoot%\System32\ickcjtfu.dll
NY -> erworoou.ini -> %SystemRoot%\System32\erworoou.ini
NY -> nnckvbxc.dll -> %SystemRoot%\System32\nnckvbxc.dll
NY -> xlkecboe.dll -> %SystemRoot%\System32\xlkecboe.dll
NY -> lsaofr.dll -> %SystemRoot%\System32\lsaofr.dll
NY -> nfiybmde.ini -> %SystemRoot%\System32\nfiybmde.ini
NY -> jedprsrl.dll -> %SystemRoot%\System32\jedprsrl.dll
NY -> duvpehty.dll -> %SystemRoot%\System32\duvpehty.dll
NY -> dpjzlx.dll -> %SystemRoot%\System32\dpjzlx.dll
NY -> vvhvmpen.dll -> %SystemRoot%\System32\vvhvmpen.dll
NY -> umadpv.dll -> %SystemRoot%\System32\umadpv.dll
NY -> vugmkkao.ini -> %SystemRoot%\System32\vugmkkao.ini
NY -> rqRLcDSk.dll -> %SystemRoot%\System32\rqRLcDSk.dll
NY -> qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat
NY -> qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> ddcArQkL.dll -> %SystemRoot%\System32\ddcArQkL.dll
[Purity]
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that information back here. I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 consilience

consilience
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 01 February 2009 - 06:08 PM

here is latest log after your paste fix.

Attached Files



#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 02 February 2009 - 01:59 AM

Hi.. could you try below? Make sure you save DSS in your Desktop

Please go to Start >> Run >> and copy/paste below into the box >> Press Enter

"%userprofile%\desktop\dss.exe" /config


At DSS configuration box, press Check All button and then press Scan!

UNTICK the Temp Cleanup option.

After that please post the main.txt and extra.txt here

Edited by fenzodahl512, 02 February 2009 - 02:01 AM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 consilience

consilience
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 02 February 2009 - 08:40 PM

Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2009-02-02 17:37:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
69: 2009-02-03 01:37:38 UTC - RP144 - Deckard's System Scanner Restore Point
68: 2009-02-01 23:58:55 UTC - RP143 - Installed AVG 7.5
67: 2009-02-01 23:58:28 UTC - RP142 - Removed AVG 7.5
66: 2009-02-01 20:39:17 UTC - RP141 - System Checkpoint
65: 2009-01-30 09:15:09 UTC - RP140 - ComboFix created restore point


-- First Restore Point --
1: 2009-01-17 21:22:10 UTC - RP76 - System Checkpoint




-- HijackThis (run as HP_Administrator.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:37:44 PM, on 2/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\hid.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\Tray.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Flock\flock.exe
C:\Program Files\MTV Networks\URGE\UrgeMS.exe
C:\Documents and Settings\HP_Administrator\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_ADM~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HP VoodooDNA Mouse] "C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\hid.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 5171 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>

S1 SASKUTIL - c:\program files\superantispyware\saskutil.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys (file missing)
S3 TucbDriverV32 - c:\windows\system32\drivers\tucbdriverv32.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
S4 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S4 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\svchost.exe (pid 1116)
2008-08-29 08:53:50 147456 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Inc.; Bonjour>

C:\WINDOWS\explorer.exe (pid 1788)
2005-07-22 08:21:46 32768 --a------ C:\Program Files\MP3 Player Utilities 4.10\AMVConverter\AmvTransform.dll <Not Verified; ; AmvTransform Module>
2005-08-09 17:47:00 102400 --a------ C:\Program Files\Palm\PqiIcon.dll <Not Verified; Palm, Inc.; Palm Quick Install>
2004-06-09 13:27:34 139264 --a------ C:\Program Files\Palm\UserData.dll <Not Verified; PalmSource, Inc; HotSync® Manager, Palm OS Desktop>


-- Scheduled Tasks -------------------------------------------------------------

2009-01-21 20:08:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2009-01-02 and 2009-02-02 -----------------------------

2009-02-01 15:58:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2009-02-01 15:50:05 0 dr-h----- C:\Documents and Settings\HP_Administrator\Recent
2009-01-30 01:16:04 0 drahs---- C:\cmdcons
2009-01-30 01:14:54 68096 --a------ C:\WINDOWS\zip.exe
2009-01-30 01:14:54 49152 --a------ C:\WINDOWS\VFIND.exe
2009-01-30 01:14:54 212480 --a------ C:\WINDOWS\SWXCACLS.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2009-01-30 01:14:54 136704 --a------ C:\WINDOWS\SWSC.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2009-01-30 01:14:54 161792 --a------ C:\WINDOWS\SWREG.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2009-01-30 01:14:54 98816 --a------ C:\WINDOWS\sed.exe
2009-01-30 01:14:54 80412 --a------ C:\WINDOWS\grep.exe
2009-01-30 01:14:54 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2009-01-29 21:32:02 0 d-------- C:\_OTScanIt
2009-01-18 10:21:31 0 d--h----- C:\WINDOWS\PIF
2009-01-10 23:56:45 18 --ah----- C:\SYSREST
2009-01-08 05:44:09 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Google
2009-01-08 05:42:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-01-08 05:42:52 0 d-------- C:\Program Files\Google


-- Find3M Report ---------------------------------------------------------------

2009-02-02 17:26:07 0 d-------- C:\Program Files\Flock
2009-01-30 01:34:12 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-30 01:20:30 0 d-------- C:\Program Files\Common Files
2009-01-03 00:10:00 0 d-------- C:\Program Files\Advanced Registry Optimizer
2008-12-09 01:03:09 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Real
2008-12-09 01:02:56 0 d-------- C:\Program Files\Common Files\xing shared
2008-12-09 01:02:52 0 d-------- C:\Program Files\Common Files\Real
2008-12-09 01:02:38 0 d-------- C:\Program Files\Real
2008-12-07 12:35:42 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Move Networks
2008-12-05 13:27:51 0 d-------- C:\Program Files\Java
2008-11-03 17:08:53 66932 --ah----- C:\WINDOWS\system32\mlfcache.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
12/05/2008 01:27 PM 34816 --a------ C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
12/05/2008 01:27 PM 73728 --a------ C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/09/2006 07:50 AM]
"itype"="c:\Program Files\Microsoft IntelliType Pro\itype.exe" [11/21/2006 04:08 PM]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/15/2006 03:34 PM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [05/08/2007 03:24 PM]
"ftutil2"="ftutil2.dll" [06/07/2004 06:05 AM C:\WINDOWS\system32\ftutil2.dll]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 02:01 PM]
"HP VoodooDNA Mouse"="C:\Program Files\HP Laser Gaming Mouse with VoodooDNA\hid.exe" [08/01/2008 09:55 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/09/2008 01:02 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\ WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=C:\WINDOWS\pss\Updates From HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Thoosje Sidebar.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Thoosje Sidebar.lnk
backup=C:\WINDOWS\pss\Thoosje Sidebar.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
ARPWRMSG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
"C:\Program Files\lg_fwupdate\fwupdate.exe" blrun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
"C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NSCService"=3 (0x3)
"navapsvc"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WinDefend"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"NVSvc"=2 (0x2)
"CCALib8"=2 (0x2)
"GameConsoleService"=3 (0x3)
"RichVideo"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"InCDsrv"=2 (0x2)
"Bonjour Service"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"getPlus® Helper"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"gusvc"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f0b169c-16fc-11dd-94ef-0018f3569741}]
AutoRun\command- J:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2009-02-02 17:38:52 ------------


____________________________________________________________________

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4600+
Percentage of Memory in Use: 26%
Physical Memory (total/avail): 1982.48 MiB / 1451.46 MiB
Pagefile Memory (total/avail): 3875.73 MiB / 3562.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1885.78 MiB

C: is Fixed (NTFS) - 224.04 GiB total, 40.88 GiB free.
D: is Fixed (FAT32) - 8.82 GiB total, 0.63 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3250824AS - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 224.04 GiB - C:
\PARTITION1 - Unknown - 8.84 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KEVIN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Administrator
LOGONSERVER=\\KEVIN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\Program Files\Common Files\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
USERDOMAIN=KEVIN
USERNAME=HP_Administrator
USERPROFILE=C:\Documents and Settings\HP_Administrator
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

HP_Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\HP Games\Airstrike 2 Gulf Thunder\Uninstall.exe"
--> "C:\Program Files\HP Games\Alien Shooter\Uninstall.exe"
--> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Bistro Stars\Uninstall.exe"
--> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 2 Remix\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
--> "C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
--> "C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
--> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
--> "C:\Program Files\HP Games\Family Feud\Uninstall.exe"
--> "C:\Program Files\HP Games\FATE\Uninstall.exe"
--> "C:\Program Files\HP Games\Garden Dreams\Uninstall.exe"
--> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
--> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\LEGO Builder Bots\Uninstall.exe"
--> "C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Mystery Case Files\Uninstall.exe"
--> "C:\Program Files\HP Games\Penguins!\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
--> "C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
--> "C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
--> "C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Snowy Space Trip\Uninstall.exe"
--> "C:\Program Files\HP Games\Super Granny\Uninstall.exe"
--> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
--> "C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\NuNInst.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
ACDSee 7.0 --> MsiExec.exe /I{ECE0113B-23D0-4DD8-89E6-D2F026CABF03}
Acrobat.com --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com --> MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Advanced Registry Optimizer --> "C:\Program Files\Advanced Registry Optimizer\unins000.exe"
Amazon MP3 Downloader 1.0.3 --> C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
Apple Mobile Device Support --> MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update --> MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVI Movie Player --> C:\Program Files\AVI Movie Player\uninstall.exe
AVIConverter 3.0 --> C:\Program Files\AVIConverter\uninst.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour --> MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon i950 --> C:\WINDOWS\system32\CNMCP4d.exe "-PRINTERNAMECanon i950" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i950 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i950 Installer\Inst2\cnmi0409.dll"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf
Documents To Go --> MsiExec.exe /X{EB807EB6-5179-48B7-98D4-7B4934A57A81}
DVD Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe"
Flock (2.0.2) --> C:\Program Files\Flock\uninstall\helper.exe
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Earth --> MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Half-Life® 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Boot Optimizer --> MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP DVD Play 2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Laser Gaming Mouse with VoodooDNA --> C:\Program Files\InstallShield Installation Information\{9A372D11-5C46-4A78-B9D9-510968EF4D2D}\setup.exe -runfromtemp -l0x0009 -removeonly
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP Web Helper --> regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
iTunes --> MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java™ 6 Update 11 --> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LG ODD Auto Firmware Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe"
LightScribe System Software 1.10.27.1 --> MsiExec.exe /X{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Away Mode -->
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Easy Assist --> MsiExec.exe /I{08B713D1-CA53-4272-A254-40A81C76565D}
Microsoft Expression Web --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WEBDESIGNER /dll ESETUP.DLL
Microsoft Expression Web --> MsiExec.exe /X{90120000-0026-0000-0000-0000000FF1CE}
Microsoft Expression Web MUI (English) --> MsiExec.exe /X{90120000-0026-0409-0000-0000000FF1CE}
Microsoft Expression Web Service Pack 1 (SP1) --> msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {9037FDA8-8383-4B6F-859D-D49C3C625225}
Microsoft Expression Web Service Pack 1 (SP1) --> msiexec /package {90120000-0026-0409-0000-0000000FF1CE} /uninstall {DA3B8FC6-8B1D-447A-A5EE-B226DCC10662}
Microsoft FrontPage 2000 --> MsiExec.exe /I{00120409-78E1-11D2-B60F-006097C998E7}
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MobileMe Control Panel --> MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\HP_Administrator\Application Data\Move Networks\ie_bin\Uninst.exe
MP3 Player Utilities 4.10 --> MsiExec.exe /I{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}
Mr and Mrs Smith --> C:\WINDOWS\ss3unstl.exe "Mr and Mrs Smith"
muvee autoProducer 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB4740B3-2530-452D-A825-F7AB246CA7DF}\setup.exe" -l0x9
muvee autoProducer unPlugged 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}\setup.exe" -l0x9
My HP Games --> "C:\Program Files\HP Games\Uninstall.exe"
Nero 7 Essentials --> MsiExec.exe /X{A2104078-AAA5-449E-95DD-55C9443A1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Night City 3D Screen Saver --> MsiExec.exe /X{F310B27F-A3C6-4641-955C-7C2D96CACFEA}
NVIDIA Drivers --> C:\WINDOWS\system32\nvunrm.exe UninstallGUI
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
Palm --> MsiExec.exe /X{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}
PC-Doctor 5 for Windows --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Pdf995 --> c:\pdf995\setup.exe uninstall
Portfolio Browser --> MsiExec.exe /X{00D3BDAF-C064-4821-89C5-89105F6C738E}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime --> MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Real Alternative 1.60 Lite --> "C:\Program Files\Real Alternative\unins000.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Safari --> MsiExec.exe /I{582D2A53-F426-4C5E-A2E6-43C1AB36B907}
Sansa Media Converter --> "C:\Program Files\InstallShield Installation Information\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}\setup.exe" --u:{FC053571-8507-44E4-8B6D-AACEAB8CA57C}
SecurDisc Viewer --> MsiExec.exe /X{ABD1DC2F-0D20-4C44-BEB9-3EEFA0EA1033}
Security Update for 2007 Microsoft Office System (KB951550) --> msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944) --> msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326) --> msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828) --> msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office system 2007 (KB956828) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Surround MP4 Tool 3.0.5 --> C:\Program Files\MP4Tool\uninst.exe
The Logo Creator v5 --> C:\WINDOWS\unvise32.exe C:\Program Files\The Logo Creator v5\uninstal.log
Thoosje Quick Xp Optimizer Installer V2 --> MsiExec.exe /I{D21B65C4-F7ED-4805-8781-BB835AC85D14}
Thoosje Vista Sidebar --> C:\Program Files\Thoosje Vista Sidebar\Uninstall.exe
Tomb Raider Cradle of Life --> C:\WINDOWS\ss3unstl.exe "Tomb Raider Cradle of Life"
TomTom HOME --> C:\Program Files\InstallShield Installation Information\{3C9EEFEF-1F71-4213-AC41-4BF5FE0FED95}\setup.exe -runfromtemp -l0x0009 -removeonly -removeonly
Update for Microsoft Office Outlook 2007 (KB952142) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959141) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CC6191C2-B0CE-473C-AD77-61EA3497D796}
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
Updates from HP (remove only) --> C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
URGE --> MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
Videora iPod Converter 3.07 --> C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type59 / Error
Event Submitted/Written: 01/29/2009 05:12:18 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rundll32.exe, version 5.1.2600.5512, faulting module yceatp.dll, version 0.0.0.0, fault address 0x000156b6.
Processing media-specific event for [rundll32.exe!ws!]

Event Record #/Type55 / Error
Event Submitted/Written: 01/28/2009 04:42:33 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rundll32.exe, version 5.1.2600.5512, faulting module lsaofr.dll, version 0.0.0.0, fault address 0x000156b6.
Processing media-specific event for [rundll32.exe!ws!]

Event Record #/Type45 / Error
Event Submitted/Written: 01/26/2009 00:15:09 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rundll32.exe, version 5.1.2600.5512, faulting module dpjzlx.dll, version 0.0.0.0, fault address 0x000156b6.
Processing media-specific event for [rundll32.exe!ws!]

Event Record #/Type29 / Error
Event Submitted/Written: 01/24/2009 09:06:00 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rundll32.exe, version 5.1.2600.5512, faulting module umadpv.dll, version 0.0.0.0, fault address 0x000156b6.
Processing media-specific event for [rundll32.exe!ws!]

Event Record #/Type28 / Error
Event Submitted/Written: 01/24/2009 08:10:50 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application OTScanIt2.exe, version 1.0.6.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type147492 / Error
Event Submitted/Written: 02/02/2009 05:09:42 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
ftsata2
SASKUTIL

Event Record #/Type147491 / Error
Event Submitted/Written: 02/02/2009 05:09:42 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The MCSTRM service failed to start due to the following error:
%%2

Event Record #/Type147470 / Error
Event Submitted/Written: 02/01/2009 04:01:32 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
ftsata2
SASKUTIL

Event Record #/Type147469 / Error
Event Submitted/Written: 02/01/2009 04:01:31 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The MCSTRM service failed to start due to the following error:
%%2

Event Record #/Type147461 / Error
Event Submitted/Written: 02/01/2009 03:57:38 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service Avg7UpdSvc with arguments ""
in order to run the server:
{F82EDB94-BE85-42BE-9B70-EA5005AB5BAA}



-- End of Deckard's System Scanner: finished at 2009-02-02 17:38:52 ------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users