Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The dreaded HelpAssistant bug


  • This topic is locked This topic is locked
29 replies to this topic

#1 Flyinfool

Flyinfool

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 04 March 2010 - 05:18 PM

I am running XP Pro SP2.
The HelpAssistant user account keeps reappearing and copying the contents of the Administrator (which is huge).
I can disable the HelpAssistant user account, take it out the administrator group, delete it, empty the trash, but it come back after a couple of reboots.
I also get many lockups while running Firefox (Firefox updates are enabled).
I did have a trogen (I do not remember which one) that was bringing up what looked like a secure eBay page asking for inappropriate personal info (I gave it nothing). Between Ad-Aware and AVG they claim to have removed it completely, I no longer get that screen.

I am running AVG Free 9.0 updated daily and AD-Aware updated weekly. Neither of these are finding any issues. I have windows update enabled.

I have read a number of threads on here with instructions for cleaning it off but they all have the disclaimer of not to try this unless specifically instructed to do so.

Help please.

Edited by Orange Blossom, 04 March 2010 - 10:06 PM.
Move to AII from XP forum. ~ OB


BC AdBot (Login to Remove)

 


#2 Flyinfool

Flyinfool
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 05 March 2010 - 12:29 PM

I have been going thru the "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help".

I made it to step 7 to download and run DDS.scr from the desktop, I got the warning screen and clicked <Run> and it opens up in Notepad where I see the compiled code. I can not get it to run.

I then went to step 8 to create a GMER log. I downloaded it to the desktop and ran it per the instructions, Set the options as instructed, and after it was running for about a minute the computer froze, I let it sit for an hour but there was no further action, mouse and keyboard were totally unresponsive there was no HD access happening anymore, so the only option was to cycle power and try to reboot.

Now when I reboot it boots to a solid blue screen with a unresponsive mouse pointer in the center.
I can boot to safe mode but only without network connection.
I have tried to use the safe mode to boot to "last good configuration" to no avail.
I have tried a system restore to 2 days ago. but it still only boots to the blue screen.



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:27 AM

Posted 05 March 2010 - 12:40 PM

hello, this is becoming the newest headache. I will post this link for another to pick up this topic as it needs specific attention.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,219 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:27 AM

Posted 05 March 2010 - 02:33 PM

Hi, Flyinfool smile.gif

Welcome.

Lets give this a try. You will need a flash drive to move information from the sick computer to a working computer, so we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE).

Here is what you need to do.

Two programs to download

First

Download ISOBurner. Click Here for ISOBurner Instructions. Install the program, and follow the next set of steps.

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 276.7MB in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Boot the Non working computer using the boot CD you just created.
  • In order to do so, the computer must be set to boot from the CD first
    Note : For information click here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Registry to All
    • Under the Custom Scan box paste this in

      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      userinit.exe
      explorer.exe
      ntoskrnl.exe
      /md5stop
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      %systemroot%\System32\config\*.sav
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:27 AM

Posted 05 March 2010 - 02:50 PM

Add reply moving to Virus, Trojan, Spyware, and Malware Removal Logs
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Flyinfool

Flyinfool
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 05 March 2010 - 06:31 PM

OK
I had to use the problem computer to create the cd. It is the only one with a burner.
I installed ISO burner and created the cd in Safe Mode.

I had the verify option of ISO Burner turned on and it passed.

It took 4 cds before I got one to pass the verify.

I will over the weekend try to recreate the CD on a known clean computer at a friends house and see if that helps.

I booted from the CD and got the following error messages.

Warning window
CommonAppdata-7z.exe
Commonappdata-7z.exe is not a valid WIN32 application.

I clicked the only option of "OK"

Then I got an error window
XPERUNONCEEX
Error whole executing: ||XPEINIT -f -m "Starting WB Themes" %System drive%\Programs\WBload\wbloadex.exe -auto

I clicked the only option of OK

It finished booting up to the REATOGO-X-PE desktop but there is no OTLPE icon.
I did find the otlpe.exe in the X:\programs\OTLPE directory and ran it from there by using the Start.cmd.


Here is the contents of the OTL.txt that was created.

OTL logfile created on: 3/5/2010 5:01:13 PM - Run
OTLPE by OldTimer - Version 3.1.30.3 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 62.80 Gb Free Space | 56.18% Space Free | Partition Type: NTFS
Drive D: | 1.92 Gb Total Space | 0.54 Gb Free Space | 28.03% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (CLTNetCnService)
SRV - [2010/02/25 13:36:00 | 001,229,232 | ---- | M] (Lavasoft) [On_Demand] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/02/24 11:34:49 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/30 14:43:48 | 000,135,664 | ---- | M] (Google Inc.) [Auto] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/10/11 05:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/18 11:30:31 | 000,182,768 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/07/21 10:42:04 | 000,602,112 | ---- | M] (ATI Technologies Inc.) [Auto] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2009/07/21 10:40:00 | 000,593,920 | ---- | M] () [Auto] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2009/05/19 17:58:23 | 000,079,360 | ---- | M] (Autodesk) [On_Demand] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/06/13 11:36:38 | 000,188,416 | ---- | M] (Yosemite Technologies, Inc.) [Auto] -- C:\Program Files\Yosemite\Yosemite Backup\v8.50-sp2\win\x86\ytwinsdr.exe -- (YTBackup)
SRV - [2007/11/05 09:05:43 | 001,252,232 | ---- | M] () [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005/10/14 17:32:00 | 000,143,427 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2005/05/14 00:20:28 | 000,327,680 | ---- | M] (Apple Computer, Inc.) [Disabled] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)
SRV - [2004/11/26 02:45:46 | 000,065,536 | ---- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE -- (Pml Driver HPZ12)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/12/04 12:10:55 | 000,295,424 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\termsrv32.dll -- (TermService)
SRV - [2002/12/17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -- (MSSQL$INVENTORCONTENT)
SRV - [2002/12/17 18:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -- (SQLAgent$INVENTORCONTENT)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Disabled] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2001/05/01 18:06:22 | 000,053,248 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service)
SRV - [1998/05/26 16:15:26 | 000,045,568 | ---- | M] (IBM Corporation) [On_Demand] -- C:\WINDOWS\Cwbrxd.exe -- (Cwbrxd)


========== Driver Services (All) ==========

DRV - File not found [Kernel | Disabled] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled] -- -- (symc810)
DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [Kernel | Disabled] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2010/03/05 14:57:27 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/02/24 11:35:52 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/02/24 11:35:43 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/24 11:35:37 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/02/04 10:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2009/12/31 11:14:12 | 000,352,640 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/12/04 09:41:55 | 000,453,760 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2009/07/21 11:30:48 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/06/22 06:34:52 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2008/08/14 04:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 05:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2007/12/18 04:51:35 | 000,179,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2007/12/15 15:10:26 | 000,044,288 | ---- | M] (Roxio) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/04/23 05:32:54 | 000,364,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2007/02/09 06:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2006/09/28 19:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 18:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2006/08/21 04:14:58 | 000,128,896 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2006/06/14 04:00:45 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2006/06/14 03:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2006/06/14 03:47:45 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2006/05/18 16:49:02 | 000,061,067 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/05/18 16:48:50 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2006/05/05 04:47:57 | 000,174,592 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2006/03/16 19:33:10 | 000,262,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2006/02/14 19:22:26 | 000,142,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2005/11/10 09:46:00 | 000,243,328 | R--- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/10/14 17:32:00 | 003,518,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/06/09 23:09:46 | 000,139,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2005/05/20 19:05:11 | 000,099,936 | ---- | M] (Your Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Mach2.sys -- (Mach2)
DRV - [2004/09/29 17:28:37 | 000,134,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2004/08/04 03:01:07 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2004/08/04 03:01:07 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2004/08/04 03:01:07 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2004/08/04 02:08:42 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2004/08/04 02:08:38 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2004/08/04 02:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/04 02:07:46 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2004/08/04 02:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\agp440.sys -- (agp440)
DRV - [2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2004/08/04 01:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2004/08/04 01:15:52 | 000,064,896 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2004/08/04 01:15:20 | 000,107,904 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup)
DRV - [2004/08/04 01:14:37 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2004/08/04 01:14:36 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2004/08/04 01:14:31 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2004/08/04 01:14:28 | 000,182,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2004/08/04 01:14:28 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2004/08/04 01:14:26 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2004/08/04 01:14:22 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2004/08/04 01:14:16 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2004/08/04 01:14:10 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2004/08/04 01:10:08 | 000,061,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2004/08/04 01:08:46 | 000,026,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR)
DRV - [2004/08/04 01:08:37 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2004/08/04 01:08:05 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem)
DRV - [2004/08/04 01:07:57 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2004/08/04 01:07:47 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2004/08/04 01:07:46 | 000,119,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2004/08/04 01:07:38 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2004/08/04 01:07:38 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2004/08/04 01:07:17 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2004/08/04 01:07:16 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2004/08/04 01:07:06 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2004/08/04 01:06:25 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2004/08/04 01:05:07 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2004/08/04 01:05:03 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2004/08/04 01:04:57 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2004/08/04 01:04:45 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2004/08/04 01:04:19 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2004/08/04 01:04:12 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2004/08/04 01:03:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2004/08/04 01:03:12 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2004/08/04 01:01:15 | 000,196,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2004/08/04 01:00:46 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2004/08/04 01:00:43 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
DRV - [2004/08/04 01:00:41 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
DRV - [2004/08/04 01:00:31 | 000,066,176 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
DRV - [2004/08/04 01:00:16 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2004/08/04 01:00:15 | 000,041,856 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2004/08/04 01:00:06 | 000,029,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2004/08/04 00:59:57 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bridge.sys -- (BridgeMP)
DRV - [2004/08/04 00:59:57 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bridge.sys -- (Bridge)
DRV - [2004/08/04 00:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2004/08/04 00:59:54 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2004/08/04 00:59:52 | 000,049,536 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2004/08/04 00:59:37 | 000,057,472 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2004/08/04 00:59:27 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2004/08/04 00:59:27 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2004/08/04 00:59:19 | 000,036,096 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2004/08/04 00:59:17 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2004/08/04 00:59:07 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2004/08/04 00:59:06 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2004/08/04 00:58:45 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2004/08/04 00:58:41 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2004/08/04 00:58:41 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2004/08/04 00:58:40 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2004/08/04 00:58:38 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2004/08/04 00:58:32 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2004/08/04 00:58:32 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2004/08/04 00:58:30 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2004/08/04 00:58:30 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2004/08/04 00:58:29 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2004/08/04 00:58:29 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2004/08/02 20:03:00 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2004/02/26 11:50:38 | 000,611,820 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/02/23 22:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2004/01/12 10:20:00 | 000,009,600 | ---- | M] (Cygnal Integrated Products) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CygF32x.sys -- (CYGF32X)
DRV - [2003/07/16 21:22:10 | 000,147,328 | ---- | M] (3Com Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EL2K_XP.sys -- (EL2000)
DRV - [2003/06/25 01:18:48 | 000,213,120 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp)
DRV - [2003/06/25 01:18:48 | 000,146,560 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2003/06/25 01:18:48 | 000,024,698 | ---- | M] (Roxio) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2003/06/25 01:18:46 | 000,259,328 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2003/06/25 01:18:46 | 000,118,409 | ---- | M] (Roxio) [Kernel | System] -- C:\WINDOWS\system32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2003/06/25 01:18:46 | 000,022,745 | ---- | M] (Roxio) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2003/06/25 01:18:46 | 000,021,993 | ---- | M] (Roxio) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2003/06/02 14:42:14 | 000,578,304 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2003/03/13 05:34:48 | 000,100,224 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2002/09/19 21:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2002/08/29 07:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2002/08/29 07:00:00 | 000,038,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2002/08/29 07:00:00 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips)
DRV - [2002/08/29 07:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2002/08/29 07:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2002/08/29 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2002/08/29 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2002/08/29 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/08/29 07:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2002/08/29 07:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2002/08/29 07:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2002/08/29 07:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2002/08/29 07:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2002/08/29 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2002/08/29 07:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2002/08/29 07:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2002/08/29 07:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2002/08/29 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2002/08/29 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2002/08/29 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep)
DRV - [2002/08/29 07:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\null.sys -- (Null)
DRV - [2002/08/29 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2001/09/03 22:22:52 | 000,019,534 | ---- | M] (3Com Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\TCAITDI.SYS -- (TCAITDI)
DRV - [2001/08/17 15:02:20 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2001/08/17 15:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 14:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2001/08/17 14:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 14:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2001/08/17 14:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/17 12:13:08 | 000,027,165 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS)
DRV - [2001/08/17 08:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2000/06/06 05:08:04 | 000,021,233 | ---- | M] (3Com Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\TCAICCHG.SYS -- (tcaicchg)
DRV - [1998/05/26 16:15:26 | 000,211,772 | ---- | M] (IBM Corporation) [File_System | Auto] -- C:\WINDOWS\System32\Drivers\CwbRdr.sys -- (CwbRdr)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Administrator_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\HelpAssistant_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\HelpAssistant_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/


FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/01 09:18:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/02/22 13:06:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/02/24 11:35:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/23 11:16:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/22 12:48:12 | 000,000,000 | ---D | M]

[2010/03/04 16:32:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/22 12:48:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/05/30 09:39:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/07/30 08:11:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/29 09:00:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/02 08:27:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/29 10:39:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/01 09:19:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/01/05 14:57:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/30 08:05:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/12 14:37:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/09/04 08:01:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/30 08:36:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/01/15 22:09:51 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/01/15 22:09:52 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/10/11 05:17:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2007/04/24 11:36:16 | 001,452,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010/01/15 22:09:53 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/05/10 23:52:34 | 000,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2007/10/10 11:13:14 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2007/10/10 11:13:14 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2007/10/10 11:13:14 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2007/10/10 11:13:15 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2007/10/10 11:13:15 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2007/10/10 11:13:15 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2007/10/10 11:13:15 | 000,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2007/05/16 08:22:00 | 000,151,300 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
[2010/01/15 19:13:03 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/15 19:13:03 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/02/24 12:13:14 | 000,001,345 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2010/01/15 19:13:03 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/01/15 19:13:03 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/15 19:13:03 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/01/15 19:13:03 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

O1 HOSTS File: ([2003/12/10 14:29:53 | 000,000,757 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.10.101 RII600
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\HelpAssistant_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\HelpAssistant_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\HelpAssistant_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\HelpAssistant_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\HelpAssistant_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Client Access API Daemon] C:\Program Files\IBM\Client Access\cwbappcd.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Check Version] C:\Program Files\IBM\Client Access\cwbckver.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Help Update] C:\Program Files\IBM\Client Access\cwbinhlp.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\CwbSvStr.Exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Taskbar] C:\Program Files\IBM\Client Access\cwbuitsk.exe (IBM Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RoxioAudioCentral] C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe (Roxio, Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxioEngineUtility] C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe (Roxio)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TCASUTIEXE] C:\WINDOWS\System32\TCAUDIAG.EXE (3Com Corporation)
O4 - HKU\Administrator_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\HelpAssistant_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\HelpAssistant_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...ector/swdir.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} http://rd1.surfernetwork.com/surferplugin.ocx (SurferNETWORK Plugin)
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1232569180250 (MUWebControl Class)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Program Files\Autodesk\MDT6\AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...7959.4275925926 (Reg Error: Key error.)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file://C:\Program Files\Autodesk\MDT6\InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file://C:\Program Files\Autodesk\MDT6\InstFred.ocx (InstaFred)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll (ActiveDataInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab (ActiveDataObj Class)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Program Files\Autodesk\MDT6\AcPreview.ocx (AcPreview Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\PROGRA~1\IBM\CLIENT~1\cwbbs.exe) - C:\Program Files\IBM\Client Access\cwbbs.exe (IBM Corporation)
O20 - HKLM Winlogon: UserInit - (C:\PROGRA~1\IBM\CLIENT~1\cwbntred.exe) - C:\Program Files\IBM\Client Access\cwbntred.exe (IBM Corporation)
O20 - HKLM Winlogon: UserInit - (C:\PROGRA~1\IBM\CLIENT~1\cwbprovd.exe) - C:\Program Files\IBM\Client Access\CWBPROVD.exe (IBM Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\shell32.dll File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msoclip1/01/clip_image002.gif
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/29 11:46:40 | 000,000,018 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/12/04 11:12:58 | 000,000,151 | ---- | M] () - D:\AUTORUN.FCB -- [ FAT ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\##Eng-server#ServerCD\Shell - "" = AutoRun
O33 - MountPoints2\##Eng-server#ServerCD\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##Eng-server#ServerCD\Shell\AutoRun\command - "" = V:\setup.exe -- File not found
O33 - MountPoints2\##Eng-server#ServerCD\Shell\install\command - "" = V:\setup.exe -- File not found
O33 - MountPoints2\{c8fd66fe-44be-11de-90d9-0080c84dc352}\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/05 16:43:46 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft
[2010/03/05 16:43:42 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu
[2010/03/05 16:40:50 | 000,000,000 | -H-D | C] -- B:\Documents and Settings\Default User\SendTo
[2010/03/05 16:40:47 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft
[2010/03/05 16:40:46 | 000,000,000 | RH-D | C] -- B:\Documents and Settings\Default User\Recent
[2010/03/05 16:40:46 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures
[2010/03/05 16:40:46 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music
[2010/03/05 16:40:46 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents
[2010/03/05 16:40:46 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites
[2010/03/05 16:40:46 | 000,000,000 | -H-D | C] -- B:\Documents and Settings\Default User\NetHood
[2010/03/05 16:40:46 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop
[2010/03/05 16:40:46 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data
[2010/03/05 16:39:02 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies
[2010/03/05 16:39:02 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings
[2010/03/05 14:57:26 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/03/05 14:57:15 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies
[2010/03/05 13:04:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies
[2010/03/05 12:08:23 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/05 12:08:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Trusteer
[2010/03/05 12:08:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2010/03/05 12:08:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data
[2010/03/03 11:08:54 | 018,734,784 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Administrator\Desktop\WDM_A406.exe
[2010/02/26 10:31:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/02/26 10:25:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/02/26 10:22:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/02/26 10:05:06 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msctf.dll
[2010/02/26 09:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG9
[2010/02/25 13:36:42 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/02/25 13:20:24 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/02/24 12:13:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
[2010/02/24 11:36:14 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/02/24 11:35:53 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/24 11:35:52 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/24 11:35:43 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/24 11:35:37 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/24 11:35:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/02/23 10:57:32 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/02/22 15:47:43 | 000,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx(2).dll
[2010/02/22 15:47:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg(2)
[2010/02/22 15:25:48 | 000,000,000 | ---D | C] -- C:\69ac741a38a83856a703
[2010/02/22 13:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/02/22 13:58:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/02/22 10:50:37 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/02/22 10:43:36 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2010/02/22 10:33:34 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2010/02/22 10:32:54 | 000,181,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/02/22 10:10:04 | 000,000,000 | ---D | C] -- C:\03545fc0963ea8d61aa8e9dc
[2010/02/22 08:51:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Trusteer
[2010/02/22 08:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\Trusteer
[2010/02/19 17:29:13 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/02/12 15:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Maptech
[2009/08/28 08:09:00 | 000,192,512 | R--- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/05 17:25:18 | 000,266,240 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/03/05 17:25:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/05 17:25:08 | 010,223,616 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/03/05 17:25:08 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/03/05 17:14:34 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/05 14:57:27 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/03/05 09:50:54 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/05 09:43:16 | 056,719,170 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/05 09:42:42 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2010/03/05 09:12:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/03/05 00:01:28 | 000,002,272 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AVG Scan 3-4.csv
[2010/03/04 23:57:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/04 14:57:02 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/03 17:02:51 | 000,266,240 | ---- | M] () -- C:\Documents and Settings\LocalService\ntuser.dat
[2010/03/03 11:40:40 | 018,734,784 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Administrator\Desktop\WDM_A406.exe
[2010/03/02 15:59:25 | 000,001,045 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/01 10:13:51 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/26 13:44:41 | 000,641,900 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/26 13:44:41 | 000,110,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/26 10:31:23 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Launch Internet Explorer Browser.lnk
[2010/02/26 10:08:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/25 13:36:38 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/02/25 13:36:34 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/02/25 01:00:00 | 000,449,162 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\P14-PA5F62C.dxf
[2010/02/25 01:00:00 | 000,074,248 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\P14-PA5F62C.pdf
[2010/02/24 11:39:25 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/24 11:35:53 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/24 11:35:52 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/24 11:35:43 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/24 11:35:37 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/24 11:35:37 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/24 11:35:28 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/02/24 11:35:28 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/23 10:56:31 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/02/23 10:56:31 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/02/23 10:53:55 | 000,760,276 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/22 16:44:04 | 000,119,528 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/22 16:40:55 | 000,429,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/22 16:14:22 | 056,090,215 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg(2)\incavi.avm
[2010/02/22 16:14:16 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg(2)\miniavi.avg
[2010/02/22 16:14:16 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg(2)\microavi.avg
[2010/02/22 16:11:34 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx(2).dll
[2010/02/22 15:47:34 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg(2)\avi7.avg
[2010/02/12 15:45:49 | 000,000,907 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\test mkr.GPX
[2010/02/09 13:21:05 | 000,000,310 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Nat (2).lnk
[2010/02/04 10:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/05 09:42:41 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2010/03/05 00:01:28 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AVG Scan 3-4.csv
[2010/03/03 17:02:52 | 010,223,616 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/03/03 17:02:51 | 000,266,240 | ---- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat
[2010/03/01 18:08:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/02/26 15:07:12 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/02/26 10:31:23 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Launch Internet Explorer Browser.lnk
[2010/02/25 13:24:04 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/25 01:00:00 | 000,449,162 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\P14-PA5F62C.dxf
[2010/02/25 01:00:00 | 000,074,248 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\P14-PA5F62C.pdf
[2010/02/24 11:35:37 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/24 11:35:28 | 056,719,170 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/24 11:35:28 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/02/24 11:35:28 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/24 11:35:28 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/22 15:47:34 | 056,090,215 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg(2)\incavi.avm
[2010/02/22 15:47:34 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg(2)\avi7.avg
[2010/02/22 15:47:34 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg(2)\miniavi.avg
[2010/02/22 15:47:34 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg(2)\microavi.avg
[2010/02/12 15:45:49 | 000,000,907 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\test mkr.GPX
[2010/02/09 13:21:05 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Nat (2).lnk
[2009/08/24 16:02:00 | 000,014,843 | ---- | C] () -- C:\WINDOWS\System32\mingwm10.DLL
[2009/03/20 15:41:06 | 000,002,337 | ---- | C] () -- C:\WINDOWS\Contour.INI
[2008/07/31 10:12:01 | 000,000,000 | R--- | C] () -- C:\WINDOWS\SA2006.ini
[2008/04/18 16:02:45 | 000,011,566 | ---- | C] () -- C:\Program Files\SolidWorksswxJRNL.BAK
[2006/11/08 08:59:08 | 000,000,135 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2006/11/08 08:59:07 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/11/08 08:58:56 | 000,000,680 | ---- | C] () -- C:\WINDOWS\hpw2800k.ini
[2006/11/07 16:35:30 | 000,009,820 | ---- | C] () -- C:\WINDOWS\hpbj2800.ini
[2006/11/07 16:35:16 | 000,001,543 | ---- | C] () -- C:\WINDOWS\mariner.ini
[2006/09/14 15:57:56 | 000,000,322 | ---- | C] () -- C:\WINDOWS\PCB123.INI
[2006/05/26 08:29:14 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/05/24 18:04:14 | 000,000,133 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2006/04/03 07:26:36 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/03/29 11:46:49 | 000,000,067 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/02/10 13:07:02 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/11/29 17:52:55 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/11/29 17:52:49 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/11/04 10:08:59 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\F81A85F85D.dll
[2005/10/19 12:25:24 | 000,000,026 | ---- | C] () -- C:\WINDOWS\DfrgUIEx.INI
[2005/10/14 17:32:00 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/10/11 15:38:30 | 000,000,028 | ---- | C] () -- C:\WINDOWS\VOLOV EReg.ini
[2005/07/13 16:33:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/07/13 16:33:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/07/13 16:33:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/07/13 16:33:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/07/13 16:33:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/07/13 16:33:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/06/06 15:48:08 | 000,000,031 | ---- | C] () -- C:\WINDOWS\VisualMill5_0.INI
[2005/02/07 12:11:08 | 000,001,029 | ---- | C] () -- C:\WINDOWS\DESIGNJT.INI
[2004/11/28 20:54:24 | 000,872,507 | ---- | C] () -- C:\WINDOWS\System32\MESA.DLL
[2004/11/12 12:19:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2004/08/05 15:52:18 | 000,639,052 | ---- | C] () -- C:\WINDOWS\System32\BBPDFPortMon.dll
[2004/08/05 15:52:07 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2004/08/05 12:12:52 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2004/08/05 12:12:12 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2004/08/05 12:09:06 | 000,147,506 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2004/08/05 12:09:05 | 000,050,364 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2004/08/02 20:03:00 | 000,102,441 | ---- | C] () -- C:\WINDOWS\System32\getvpd.dll
[2004/08/02 20:03:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\pmemw.dll
[2004/05/10 09:56:31 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/02/12 12:20:00 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/12/10 14:25:28 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2003/12/10 14:25:28 | 000,147,968 | ---- | C] () -- C:\WINDOWS\System32\ldape.dll
[2003/12/10 14:25:28 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\cwbunpla.dll
[2003/12/10 14:25:28 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\CWBSOEXT.dll
[2003/12/10 14:25:27 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\cwbcospi.dll
[2003/12/10 14:25:26 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll
[2003/12/05 11:31:00 | 000,000,132 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2003/12/05 11:01:41 | 000,002,192 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/12/04 13:08:26 | 000,025,853 | R--- | C] () -- C:\WINDOWS\System32\sk98nt4.ini
[2003/12/04 13:08:26 | 000,025,853 | R--- | C] () -- C:\WINDOWS\System32\InstInfo.ini
[2003/12/04 13:03:13 | 000,003,249 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2003/12/04 13:03:11 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2003/09/11 12:14:19 | 000,027,884 | ---- | C] () -- C:\WINDOWS\System32\WIN2PDFM.DLL
[2003/07/15 10:43:38 | 000,577,635 | ---- | C] () -- C:\WINDOWS\System32\InstallPrinter.dll
[2003/06/27 08:50:27 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\WIN2PDFS.DLL
[2003/02/26 11:59:18 | 003,907,655 | ---- | C] () -- C:\WINDOWS\System32\Bbgspdf.dll
[2003/01/30 06:04:00 | 000,618,496 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
[2000/09/18 17:50:28 | 000,202,752 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

========== LOP Check ==========

[2010/03/05 12:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Trusteer
[2009/08/28 08:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2009/05/19 17:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2010/02/26 09:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG9
[2005/09/01 08:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DeLorme
[2009/01/26 09:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gates Corporation
[2004/01/09 09:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2003/12/09 16:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2004/08/05 12:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\pdf995
[2006/12/29 15:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Quark
[2010/02/22 08:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Trusteer
[2010/03/01 10:13:51 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: AGP440.SYS >
[2004/08/27 07:57:51 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/27 07:57:51 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2004/08/04 02:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/04 02:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004/08/04 02:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/27 07:57:51 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/27 07:57:51 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2002/08/29 07:00:00 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=A82B28BFC2E4455FE43022A498C0EF0A -- C:\WINDOWS\$NtUninstallKB820291$\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NTOSKRNL.EXE >
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:ntoskrnl.exe
[2004/08/27 07:57:51 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:ntoskrnl.exe
[2004/08/27 07:57:51 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:ntoskrnl.exe
[2008/04/13 14:27:53 | 002,188,928 | ---- | M] (Microsoft Corporation) MD5=0C89243C7C3EE199B96FCC16990E0679 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[2009/08/04 08:58:28 | 002,136,064 | ---- | M] (Microsoft Corporation) MD5=11CDD81560E766101F0032EB05872C1B -- C:\WINDOWS\system32\ntoskrnl.exe
[2007/02/28 04:08:48 | 002,136,064 | ---- | M] (Microsoft Corporation) MD5=1220FAF071DEA8653EE21DE7DCDA8BFD -- C:\WINDOWS\$NtUninstallKB956841$\ntoskrnl.exe
[2002/08/29 07:00:00 | 001,891,840 | ---- | M] (Microsoft Corporation) MD5=25A90EB7D1EEE12AB198DC9421BFA353 -- C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe
[2005/03/01 20:04:22 | 002,179,456 | ---- | M] (Microsoft Corporation) MD5=28187802B7C368C0D3AEF7D4C382AABB -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[2008/08/14 16:11:10 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=31914172342BFF330063F343AC6958FE -- C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[2005/03/01 19:57:44 | 002,135,552 | ---- | M] (Microsoft Corporation) MD5=48B3E89AF7074CEE0314A3E0C7FAFFDB -- C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
[2007/02/28 04:55:14 | 002,182,144 | ---- | M] (Microsoft Corporation) MD5=5A5C8DB4AA962C714C8371FBDF189FC9 -- C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[2004/08/04 01:18:30 | 002,148,352 | ---- | M] (Microsoft Corporation) MD5=626309040459C3915997EF98EC1C8D40 -- C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
[2009/02/06 05:32:03 | 002,186,112 | ---- | M] (Microsoft Corporation) MD5=6A936E9D7BADAF3CAAEED1E1966EC1B0 -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[2009/02/06 05:32:03 | 002,186,112 | ---- | M] (Microsoft Corporation) MD5=6A936E9D7BADAF3CAAEED1E1966EC1B0 -- C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[2009/02/06 06:08:19 | 002,189,056 | ---- | M] (Microsoft Corporation) MD5=7A95B10A73737EBF24139AAA63F5212B -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[2009/02/06 06:08:19 | 002,189,056 | ---- | M] (Microsoft Corporation) MD5=7A95B10A73737EBF24139AAA63F5212B -- C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[2006/12/19 09:15:09 | 002,136,064 | ---- | M] (Microsoft Corporation) MD5=8318ED54797F3E513FD5817A1D4BBD18 -- C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
[2009/08/04 21:44:46 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=8415D9C7C050E7022AED8ABF281BE4A6 -- C:\WINDOWS\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
[2009/08/04 21:44:46 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=8415D9C7C050E7022AED8ABF281BE4A6 -- C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP3GDR\ntoskrnl.exe
[2009/08/04 07:51:17 | 002,185,984 | ---- | M] (Microsoft Corporation) MD5=8DF112C341425F29DB4566B8D2A96A7F -- C:\WINDOWS\$hf_mig$\KB971486\SP2QFE\ntoskrnl.exe
[2009/08/04 07:51:17 | 002,185,984 | ---- | M] (Microsoft Corporation) MD5=8DF112C341425F29DB4566B8D2A96A7F -- C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP2QFE\ntoskrnl.exe
[2004/08/04 01:19:59 | 002,180,992 | ---- | M] (Microsoft Corporation) MD5=CE218BC7088681FAA06633E218596CA7 -- C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
[2008/08/14 04:57:20 | 002,185,984 | ---- | M] (Microsoft Corporation) MD5=CE69DBD54221F2D40E49FF6DB77C6507 -- C:\WINDOWS\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[2006/12/19 11:51:12 | 002,182,016 | ---- | M] (Microsoft Corporation) MD5=CEF243F6DEFD20BE4ADDE26C7ECACB54 -- C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[2009/08/04 09:00:46 | 002,180,352 | ---- | M] (Microsoft Corporation) MD5=D6B537A639D623ED85B73AF3E3BE4B94 -- C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
[2009/08/04 09:00:46 | 002,180,352 | ---- | M] (Microsoft Corporation) MD5=D6B537A639D623ED85B73AF3E3BE4B94 -- C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP2GDR\ntoskrnl.exe
[2009/08/04 09:00:46 | 002,180,352 | ---- | M] (Microsoft Corporation) MD5=D6B537A639D623ED85B73AF3E3BE4B94 -- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
[2008/08/14 04:58:27 | 002,136,064 | ---- | M] (Microsoft Corporation) MD5=DD31AB4B91C2605601A3C108AF57A0C9 -- C:\WINDOWS\$NtUninstallKB971486$\ntoskrnl.exe
[2006/02/20 23:01:46 | 002,180,992 | ---- | M] (Microsoft Corporation) MD5=DF4D09B676964646FA166A78C816B4C3 -- C:\WINDOWS\$hf_mig$\KB914882\SP2QFE\ntoskrnl.exe
[2008/08/14 05:11:02 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=EEAF32F8E15A24F62BECB1BD403BB5C5 -- C:\WINDOWS\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[2009/02/07 20:35:26 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=EFE8EACE83EAAD5849A7A548FB75B584 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[2009/02/07 20:35:26 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=EFE8EACE83EAAD5849A7A548FB75B584 -- C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[2009/02/06 12:24:35 | 002,180,480 | ---- | M] (Microsoft Corporation) MD5=FACEBB0CA3154F77009CDFEE78A00BBB -- C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[2009/08/04 08:56:10 | 002,189,312 | ---- | M] (Microsoft Corporation) MD5=FDE779EA1A564EBFE16F4E0F82B61BAD -- C:\WINDOWS\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[2009/08/04 08:56:10 | 002,189,312 | ---- | M] (Microsoft Corporation) MD5=FDE779EA1A564EBFE16F4E0F82B61BAD -- C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\SP3QFE\ntoskrnl.exe

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe

< %SYSTEMDRIVE%\*.* >
[2010/03/05 17:13:10 | 000,008,660 | ---- | M] () -- C:\aaw7boot.log
[2004/05/20 16:39:19 | 000,047,010 | ---- | M] () -- C:\acadminidump.dmp
[2006/03/29 11:46:40 | 000,000,018 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/06/01 09:31:11 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2003/12/04 12:15:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/08/24 08:46:58 | 000,000,127 | ---- | M] () -- C:\CountCyclesWMVDecLog.txt
[2005/06/03 09:07:17 | 000,306,176 | ---- | M] () -- C:\Housing Bottom.ipt
[2005/06/03 09:09:27 | 000,040,789 | ---- | M] () -- C:\Housing Bottom.sat
[2005/06/03 09:11:05 | 000,007,197 | ---- | M] () -- C:\HwTSLibSat.msg
[2003/12/04 12:15:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/10/16 12:17:50 | 000,000,210 | ---- | M] () -- C:\lic_log.txt
[2003/12/04 12:15:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/27 08:02:38 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/01/21 16:35:52 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/03/05 17:13:12 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2004/08/05 11:08:21 | 000,000,088 | ---- | M] () -- C:\pciv7bug.log
[2004/12/27 14:36:34 | 000,061,440 | ---- | M] () -- C:\u2121.xls
[2004/12/27 14:39:06 | 000,061,440 | ---- | M] () -- C:\u2122.xls
[2004/12/27 14:38:52 | 000,061,440 | ---- | M] () -- C:\u2123.xls
[2004/12/27 14:37:43 | 000,061,440 | ---- | M] () -- C:\u2124.xls
[2004/12/27 14:39:34 | 000,061,440 | ---- | M] () -- C:\u2125.xls
[2010/03/05 09:43:35 | 000,380,150 | ---- | M] () -- C:\winzip.log
[2004/07/06 11:35:44 | 000,000,024 | ---- | M] () -- C:\wpm32.exb
[2 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2003/12/04 19:50:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003/12/04 19:50:15 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/12/04 19:50:15 | 000,421,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >


#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,219 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:27 AM

Posted 05 March 2010 - 08:44 PM

I thought you were not able to boot.
  • Boot to the OTLPE CD
  • Please double-click OTLPE.exe to run it as you did before.
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    QUOTE
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\Windows\\system32\\userinit.exe,"

  • Return to OTLPE, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder in the form of Date_Time.log. Open that report and post its contents in a reply.

Boot the computer in Normal or Safe Mode with Networking.

Download Profiles by noahdfear and save it to your desktop.
Double-click profiles.exe and post the resulting log into your reply.

Please download MBR.EXE by GMER. Save the file in the C:\windows\system32\ folder.
  • Copy the entire contents of the Quote Box below to Notepad.
  • Leave an empty line at the end of the script
  • Name the file as Query.bat
  • Change the Save as Type to All Files
  • and Save it on the desktop
  • Once saved, double click on the Query.bat file and post the resulting report.

QUOTE
@echo off
cd\
cd windows
cd system32
mbr.exe -t
start mbr.log

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 Flyinfool

Flyinfool
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 08 March 2010 - 10:30 AM

As I stated in post #2 I can only boot to safe mode without network.

Man this puter is fighting me.
I was able to boot to safe mode with networking, I could not before.
I had to make a new CD on a known good computer last night.

Here is the OTLPE log

========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\\Windows\\system32\\userinit.exe," /E : value set successfully!

OTLPE by OldTimer - Version 3.1.30.3 log created on 03082010_090525


Here is the profiles log.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-790525478-838170752-725345543-1000
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\HelpAssistant.ENGINEERING-1.000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-790525478-838170752-725345543-1005
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\HelpAssistant

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-790525478-838170752-725345543-500
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator

SystemRoot REG_SZ C:\WINDOWS


Here iss the MBR log
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x898E64E0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x898e64e0
NDIS: D-Link DFE-530TX PCI Fast Ethernet Adapter (rev.A) -> SendCompleteHandler -> 0x897a1330
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x0DF8F900
malicious code @ sector 0x0DF8F903 !
PE file found in sector at 0x0DF8F919 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.


Edited by Flyinfool, 08 March 2010 - 10:34 AM.


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,219 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:27 AM

Posted 08 March 2010 - 11:14 AM

Download and save HelpAsst_mebroot_fix.exe by noahdfear to your desktop.
Double-click on it to run the tool. When complete follow these steps:
  • Copy the entire contents of the Quote Box below to Notepad.
  • Leave an empty line at the end of the script
  • Name the file as Fix.bat
  • Change the Save as Type to All Files
  • and Save it on the desktop
  • Once saved, double click on the Fix.bat file and post the resulting report.

QUOTE
@echo off
cd\
cd windows
cd system32
mbr.exe -f
start mbr.log


Restart the Computer

To confirm, please double-click profiles.exe once again and post the resulting log in your reply. Also check if the C:\Documents and Settings\HelpAssistant folder still exists.

If having problems to download the file, we can create a script to manually delete those entries.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 Flyinfool

Flyinfool
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 08 March 2010 - 11:53 AM

PROGRESS
The computer booted up normally!

The HelpAssistant directory is still there.
There is also a HelpAssistant(2), HelpAssistant(3), HelpAssistant(4) that were created during all of the reboots.

Here is the MBR log
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x898e64e0
NDIS: D-Link DFE-530TX PCI Fast Ethernet Adapter (rev.A) -> SendCompleteHandler -> 0x897a1330
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x0DF8F900
malicious code @ sector 0x0DF8F903 !
PE file found in sector at 0x0DF8F919 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
original MBR restored successfully !


Here is the prof log

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-790525478-838170752-725345543-1005
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\HelpAssistant

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-790525478-838170752-725345543-500
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator

SystemRoot REG_SZ C:\WINDOWS


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,219 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:27 AM

Posted 08 March 2010 - 12:06 PM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    QUOTE
    :folderfind
    HelpAssistant*

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

With that info we can prepare a script to remove those entries.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 Flyinfool

Flyinfool
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 08 March 2010 - 12:20 PM

This one was so much easier not that the problem computer boots up, than running between the problem computer on the second floor and the working computer in the basement with a thumb drive in hand.

Here is the contents of the SystemLook log
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 11:10 on 08/03/2010 by Administrator (Administrator - Elevation successful)

========== folderfind ==========

Searching for "HelpAssistant*"
C:\Documents and Settings\HelpAssistant d----- [17:08 05/03/2010]
C:\Documents and Settings\HelpAssistant(2) d---s- [15:31 05/03/2010]
C:\Documents and Settings\HelpAssistant(3) d----- [22:35 04/03/2010]
C:\Documents and Settings\HelpAssistant(4) d---s- [17:37 04/03/2010]

-=End Of File=-

#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,219 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:27 AM

Posted 08 March 2010 - 01:57 PM

Please download the OTM by OldTimer.
  • Save it to your desktop.
  • Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    QUOTE
    :files
    C:\Documents and Settings\HelpAssistant
    C:\Documents and Settings\HelpAssistant(2)
    C:\Documents and Settings\HelpAssistant(3)
    C:\Documents and Settings\HelpAssistant(4)

    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-790525478-838170752-725345543-1005]

    :Commands
    [EMPTYTEMP]
    [REBOOT]

  • Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTM
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Upon Startup, click on Profiles.exe and post also its report.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 Flyinfool

Flyinfool
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 08 March 2010 - 02:34 PM

The partial directories of HelpAssistant(2) and HelpAssistant(4) are sill present
It did require a reboot and I did let it.

I get an error message that the reply is to long when I include the contents of the OTM log
It is huge. There are 4,492 lines. 1.24M in size so I had to winZIP it to attach it as a file.

Here is the profiles log

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-790525478-838170752-725345543-500
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator

SystemRoot REG_SZ C:\WINDOWS

Attached Files

  • Attached File  OTM.zip   44.7KB   7 downloads


#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,219 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:27 AM

Posted 08 March 2010 - 02:42 PM

Lets try that again.
  • Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    QUOTE
    :files
    C:\Documents and Settings\HelpAssistant(2)
    C:\Documents and Settings\HelpAssistant(4)

    :Commands
    [REBOOT]

  • Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTM
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Upon Startup, click on Profiles.exe and post also its report.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users