Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer restarts after Windows loading screen


  • This topic is locked This topic is locked
18 replies to this topic

#1 Slayton26

Slayton26

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 19 March 2010 - 09:51 PM

Hi everyone.
Okay, as the title says, I cannot get my computer past the Windows loading screen.
I tried in safe mode, taking out one stick of RAM, switching the sticks around, anything I thought would work and nothing.

I had recently gotten rid completely of AntivirusPro 2009 and could finally download AVG.
After downloading it, I did a full scan and it found roughly 6 viruses.
The one virus that I thought was odd was winlogon.exe, obviously you can't delete that and I'm pretty sure AVG has no access to delete that either.

But anyways, after all that happened, I had to restart my computer as AVG instructed, thus starting the endless cycle of restarting after the windows loading screen.
If you have any tips or suggestions, please let me know.

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:57 PM

Posted 19 March 2010 - 10:14 PM

Does it work in Safe MOde? Hit F8 after the post screen.

#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:57 PM

Posted 19 March 2010 - 11:40 PM

Hi, Slayton26 smile.gif

Welcome.

Lets give this a try. You will need a flash drive to move information from the sick computer to a working computer, so we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE).

Here is what you need to do.

Two programs to download

First

Download ISOBurner. Click Here for ISOBurner Instructions. Install the program, and follow the next set of steps.

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 276.7MB in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Boot the Non working computer using the boot CD you just created.
  • In order to do so, the computer must be set to boot from the CD first
    Note : For information click here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Registry to All
    • Under the Custom Scan box paste this in

      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      userinit.exe
      winlogon.exe
      explorer.exe
      ntoskrnl.exe
      /md5stop
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      %systemroot%\System32\config\*.sav
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply.

Edited by elise025, 20 March 2010 - 04:54 AM.
Moving as requested ~ Elise

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 Slayton26

Slayton26
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 20 March 2010 - 02:11 AM

Ok I will try that as soon as possible. Sadly I cannot find a flash drive when I need one.
I'll update you when I can. Thanks for your help.

And cryptodan, I said I tried it already in safe mode smile.gif.
But thanks for at least trying.

#5 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:57 PM

Posted 20 March 2010 - 02:13 AM

What does it stop on in safe mode?

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:57 PM

Posted 20 March 2010 - 09:32 AM

QUOTE(cryptodan @ Mar 20 2010, 03:13 AM) View Post
What does it stop on in safe mode?

Probably due to an infected Motheboard's Chipset driver.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 Slayton26

Slayton26
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 20 March 2010 - 11:31 AM

It restarts at the same exact time as if I was starting the computer without safe mode.
Also tried Last Known Good Config., same problem though.

Looks like im just going to get ready and go buy a flash drive this morning.
I will go through those steps when I get back and post everything that I can.

Edited by Slayton26, 20 March 2010 - 11:32 AM.


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:57 PM

Posted 20 March 2010 - 12:33 PM

thumbup2.gif

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 Slayton26

Slayton26
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 20 March 2010 - 04:50 PM

Ok so I've started doing it all and booted it from the CD.

One thing I thought might be weird was that my BIOS was already set to boot from CD first?
Let me know if that's normal haha. tongue.gif.

I just got it booted through the CD and will post up the results very soon.


#10 Slayton26

Slayton26
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 20 March 2010 - 04:55 PM

Ok a little problem with your steps here.
When I click on the OTLPE icon, it brings up a "Browse For Folder" window, nothing else.

Edit: Woops i think i'm an idiot lol. Didn't see the "Choose Windows Directory" text in the window as well.

Edited by Slayton26, 20 March 2010 - 04:57 PM.


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:57 PM

Posted 20 March 2010 - 05:11 PM

Still having problems?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 Slayton26

Slayton26
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 20 March 2010 - 05:13 PM

No it's scanning it all right now. Taking a while on the step "Manual File Scan - Getting folder structure...", but other than that it seems to be running smoothly.

#13 Slayton26

Slayton26
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 20 March 2010 - 05:19 PM

OTL logfile created on: 3/20/2010 4:08:51 PM - Run
OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 795.00 Mb Available Physical Memory | 78.00% Memory free
907.00 Mb Paging File | 841.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 90.47 Gb Free Space | 38.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.87 Gb Total Space | 1.79 Gb Free Space | 96.21% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (Viewpoint Manager Service)
SRV - [2010/03/19 11:38:38 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008/07/10 20:28:06 | 040,999,448 | ---- | M] (Microsoft Corporation) [Auto] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2008/07/10 20:28:06 | 000,369,688 | ---- | M] (Microsoft Corporation) [Disabled] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV - [2008/07/10 20:28:04 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled] -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - [2008/07/10 05:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/07/10 05:49:34 | 000,258,072 | ---- | M] (Microsoft Corporation) [Disabled] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/06/06 19:20:00 | 000,002,560 | ---- | M] () [Auto] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
SRV - [2007/01/19 15:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/03/04 01:03:10 | 000,069,632 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (XDva195)
DRV - File not found [Kernel | On_Demand] -- -- (XDva190)
DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled] -- -- (symc810)
DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Auto] -- -- (npkcrypt)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | System] -- -- (Beep)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | On_Demand] -- -- (AmdLLD)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2010/03/19 11:38:44 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/19 11:38:41 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/19 11:38:32 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/12 00:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/11/12 00:14:27 | 000,057,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2008/12/11 06:57:09 | 000,333,952 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2008/12/05 19:58:54 | 000,137,992 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2008/12/04 09:17:15 | 000,627,072 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)
DRV - [2008/11/24 14:54:12 | 000,495,104 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2008/10/24 07:21:09 | 000,455,296 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2008/10/01 16:01:28 | 000,032,000 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\windows\System32\drivers\afd.sys -- (AFD)
DRV - [2008/07/10 05:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/17 16:12:54 | 000,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/13 20:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/13 20:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 20:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/13 20:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 15:46:26 | 000,085,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NABTSFEC.sys -- (NABTSFEC)
DRV - [2008/04/13 15:46:24 | 000,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WSTCODEC.SYS -- (WSTCODEC)
DRV - [2008/04/13 15:46:24 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CCDECODE.sys -- (CCDECODE)
DRV - [2008/04/13 15:46:24 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SLIP.sys -- (SLIP)
DRV - [2008/04/13 15:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\StreamIP.sys -- (streamip)
DRV - [2008/04/13 15:46:22 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NdisIP.sys -- (NdisIP)
DRV - [2008/04/13 15:45:28 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 15:39:50 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSTEE.sys -- (MSTEE)
DRV - [2008/04/13 15:39:48 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 15:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 15:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 15:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 15:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 15:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 15:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 15:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup)
DRV - [2008/04/13 15:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 15:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 15:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 14:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 14:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/04/13 14:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 14:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/13 14:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 14:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 14:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 14:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 14:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 14:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 14:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 14:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 14:53:53 | 000,264,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2008/04/13 14:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/13 14:53:23 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bridge.sys -- (BridgeMP)
DRV - [2008/04/13 14:53:23 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bridge.sys -- (Bridge)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 14:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2008/04/13 14:51:25 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2008/04/13 14:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 14:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/04/13 14:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2008/04/13 14:45:39 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR)
DRV - [2008/04/13 14:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 14:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 14:45:35 | 000,017,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbohci.sys -- (usbohci)
DRV - [2008/04/13 14:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/13 14:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 14:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 14:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 14:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 14:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 14:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 14:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 14:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 14:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 14:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 14:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 14:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 14:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 14:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 14:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 14:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 14:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 14:39:48 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2008/04/13 14:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 14:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 14:39:46 | 000,206,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dot4.sys -- (dot4)
DRV - [2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2008/04/13 14:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 14:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2008/04/13 14:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 14:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/04/13 14:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008/04/13 14:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 14:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 14:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 14:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 14:31:43 | 000,092,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2008/04/13 14:31:30 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2008/04/13 12:39:15 | 000,020,480 | R--- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/29 22:05:04 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/06/21 13:45:08 | 000,029,696 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Capt913D.sys -- (SQTECH913D)
DRV - [2007/04/17 00:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/01/30 01:03:34 | 000,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/01/13 19:52:24 | 000,646,392 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2006/12/29 03:13:28 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2006/10/19 00:00:00 | 000,038,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wpdusb.sys -- (WpdUsb)
DRV - [2006/09/28 23:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 22:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2006/06/16 19:55:20 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/04/24 20:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/04/17 04:31:26 | 004,262,912 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/12 21:04:39 | 000,049,664 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/04/12 21:04:39 | 000,021,568 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2006/04/12 21:04:39 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2006/03/22 01:24:02 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/22 01:24:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/10/08 08:01:47 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2004/10/08 08:01:47 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/10/08 08:01:47 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/10/08 08:01:47 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/10/08 08:01:47 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/10/08 08:01:47 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/10/08 08:01:47 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/10/08 08:01:47 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/10/08 08:01:47 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/10/08 08:01:47 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/10/08 08:01:47 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/10/08 08:01:47 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/10/08 08:01:47 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/10/08 08:01:47 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/10/08 08:01:47 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/10/08 08:01:47 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2004/10/08 08:01:47 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\null.sys -- (Null)
DRV - [2004/10/08 08:01:47 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2004/04/15 01:13:00 | 000,339,488 | R--- | M] (Cisco-Linksys, LLC.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WUSB20XP.sys -- (PRISM_A02)
DRV - [2001/08/17 17:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/17 17:47:32 | 000,023,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Dot4usb.sys -- (dot4usb)
DRV - [2001/08/17 17:47:32 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Dot4Prt.sys -- (Dot4Print)
DRV - [2001/08/17 09:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [1999/10/21 13:12:52 | 000,020,400 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Entech.sys -- (ENTECH)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKU\Gaming_Time_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Gaming_Time_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\Gaming_Time_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Gaming_Time_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\Gaming_Time_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\Gaming_Time_ON_C\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\Gaming_Time_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Gaming_Time_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Gaming_Time_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local




FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/19 18:34:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/12 14:41:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/12 14:41:38 | 000,000,000 | ---D | M]

[2010/03/19 19:00:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/09 16:31:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/10/04 16:34:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2010/03/12 14:40:42 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/03/12 14:40:43 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/06/17 19:12:42 | 000,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2007/03/01 19:08:58 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2007/04/22 20:03:13 | 000,094,208 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2006/12/12 14:48:22 | 001,440,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010/03/12 14:41:10 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 22:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2007/05/11 02:52:34 | 000,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/01/04 11:59:20 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/01/04 11:59:20 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/01/04 11:59:20 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/01/04 11:59:20 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/01/04 11:59:20 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/01/04 11:59:20 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/01/04 11:59:20 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
[2010/03/12 14:41:17 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/03/12 14:41:18 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/03/12 14:41:18 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/03/12 14:41:18 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/03/12 14:41:18 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/03/12 14:41:18 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/03/12 14:41:18 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/12/15 12:46:59 | 000,000,812 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 87.118.118.162 nprotect.roseonlinegame.com
O1 - Hosts: 87.118.118.162 update.nprotect.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\Gaming_Time_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Gaming_Time_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Gaming_Time_ON_C\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\Gaming_Time_ON_C..\Run: [Aim6] File not found
O4 - HKU\Gaming_Time_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Gaming_Time_ON_C..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\Gaming_Time_ON_C..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\windows\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: none = C:\Program Files\Video ActiveX Object\pmsngr.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: isamini.exe = C:\Program Files\Video ActiveX Object\isamonitor.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Gaming_Time_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1167896901356 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.9.127.107 68.116.46.115 24.205.192.61
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (karna.dat噁) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\windows\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\arm32reg: DllName - C:\Documents and Settings\All Users\Documents\Settings\arm32.dll - C:\Documents and Settings\All Users\Documents\Settings\arm32.dll File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\windows\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\windows\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\windows\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\windows\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\windows\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\windows\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\windows\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\windows\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\windows\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\windows\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/06 09:33:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/19 18:57:30 | 000,000,000 | ---D | C] -- C:\windows\LastGood.Tmp
[2010/03/19 18:38:23 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/03/19 11:38:41 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\avgrsstx.dll
[2010/03/19 10:26:40 | 000,242,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgtdix.sys
[2010/03/19 10:26:35 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgldx86.sys
[2010/03/19 10:26:34 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgmfx86.sys
[2010/03/19 10:26:29 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\Avg
[2010/03/19 01:37:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gaming Time\Application Data\vlc
[2010/03/18 19:31:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gaming Time\Application Data\Malwarebytes
[2010/03/18 18:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/03/18 18:16:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/03/18 18:16:05 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/03/18 18:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/11 17:05:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gaming Time\My Documents\Ableton
[2010/03/11 17:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gaming Time\Application Data\Ableton
[2010/03/11 17:04:10 | 000,368,640 | ---- | C] (Propellerhead Software AB) -- C:\windows\System32\ReWire.dll
[2010/03/11 17:04:10 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\windows\System32\REX Shared Library.dll
[2010/03/11 16:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\Ableton
[2010/03/11 16:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gaming Time\Desktop\Ableton Live 7 - The Essentials [Total Training]
[2010/03/09 02:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gaming Time\My Documents\Azureus Downloads
[2010/03/08 21:05:17 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2010/03/08 21:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/03/08 21:00:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gaming Time\Local Settings\Application Data\Conduit
[2010/03/08 21:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze_Remote
[2010/03/08 21:00:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gaming Time\Local Settings\Application Data\Vuze_Remote
[2007/04/29 20:02:20 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[9 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\windows\System32\drivers\*.tmp files -> C:\windows\System32\drivers\*.tmp -> ]
[1 C:\windows\System32\dllcache\*.tmp files -> C:\windows\System32\dllcache\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/20 15:59:09 | 000,786,432 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/03/19 22:42:46 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2010/03/19 22:26:49 | 016,777,216 | -H-- | M] () -- C:\Documents and Settings\Gaming Time\NTUSER.DAT
[2010/03/19 22:26:49 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/03/19 22:26:49 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/03/19 22:26:44 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/03/19 21:09:20 | 057,396,646 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2010/03/19 18:36:35 | 000,012,688 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2010/03/19 18:35:59 | 000,268,856 | ---- | M] () -- C:\windows\System32\NvApps.xml
[2010/03/19 18:35:04 | 000,001,057 | -HS- | M] () -- C:\windows\System32\mmf.sys
[2010/03/19 11:38:44 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgtdix.sys
[2010/03/19 11:38:41 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgmfx86.sys
[2010/03/19 11:38:41 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\avgrsstx.dll
[2010/03/19 11:38:32 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgldx86.sys
[2010/03/19 10:26:34 | 000,113,461 | ---- | M] () -- C:\windows\System32\drivers\Avg\iavichjw.avm
[2010/03/19 10:26:29 | 006,061,540 | ---- | M] () -- C:\windows\System32\drivers\Avg\avi7.avg
[2010/03/19 10:26:29 | 000,492,629 | ---- | M] () -- C:\windows\System32\drivers\Avg\miniavi.avg
[2010/03/19 10:26:29 | 000,142,495 | ---- | M] () -- C:\windows\System32\drivers\Avg\microavi.avg
[2010/03/18 19:53:48 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Gaming Time\ntuser.ini
[2010/03/15 11:10:01 | 000,613,104 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/03/15 11:10:01 | 000,505,996 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/03/15 11:10:01 | 000,095,404 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/03/08 18:22:01 | 000,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[9 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\windows\System32\drivers\*.tmp files -> C:\windows\System32\drivers\*.tmp -> ]
[1 C:\windows\System32\dllcache\*.tmp files -> C:\windows\System32\dllcache\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/19 10:26:34 | 000,113,461 | ---- | C] () -- C:\windows\System32\drivers\Avg\iavichjw.avm
[2010/03/19 10:26:29 | 057,396,646 | ---- | C] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2010/03/19 10:26:29 | 006,061,540 | ---- | C] () -- C:\windows\System32\drivers\Avg\avi7.avg
[2010/03/19 10:26:29 | 000,492,629 | ---- | C] () -- C:\windows\System32\drivers\Avg\miniavi.avg
[2010/03/19 10:26:29 | 000,142,495 | ---- | C] () -- C:\windows\System32\drivers\Avg\microavi.avg
[2009/12/16 04:03:31 | 000,099,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/03 04:21:54 | 000,197,912 | ---- | C] () -- C:\windows\System32\physxcudart_20.dll
[2009/08/03 04:21:54 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 04:21:54 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSwedish.dll
[2009/08/03 04:21:54 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSpanish.dll
[2009/08/03 04:21:54 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 04:21:54 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelPortugese.dll
[2009/08/03 04:21:54 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelKorean.dll
[2009/08/03 04:21:54 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelJapanese.dll
[2009/08/03 04:21:52 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelGerman.dll
[2009/08/03 04:21:52 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelFrench.dll
[2009/01/04 20:42:37 | 000,000,000 | ---- | C] () -- C:\windows\PTWebCam.INI
[2008/11/12 11:51:44 | 000,137,992 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2008/10/07 12:14:36 | 000,061,500 | ---- | C] () -- C:\Documents and Settings\Gaming Time\Application Data\PyScripter.ini
[2008/10/07 12:14:36 | 000,000,748 | ---- | C] () -- C:\windows\PyScripter.ini
[2008/08/12 00:58:05 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2008/06/06 19:20:02 | 000,001,057 | -HS- | C] () -- C:\windows\System32\mmf.sys
[2008/06/06 19:20:00 | 000,045,056 | ---- | C] () -- C:\windows\mmfs.dll
[2008/06/03 03:20:47 | 000,000,118 | ---- | C] () -- C:\windows\System32\MRT.INI
[2008/05/13 21:29:30 | 000,041,296 | ---- | C] () -- C:\windows\System32\xfcodec.dll
[2007/06/08 21:14:41 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Gaming Time\Application Data\internaldb41.dat
[2007/06/08 21:14:41 | 000,000,382 | ---- | C] () -- C:\Documents and Settings\Gaming Time\Application Data\internaldb6334.dat
[2007/06/08 21:14:41 | 000,000,194 | ---- | C] () -- C:\Documents and Settings\Gaming Time\Application Data\internaldb8467.dat
[2007/06/07 10:05:04 | 000,000,381 | ---- | C] () -- C:\windows\cdplayer.ini
[2007/06/01 16:04:02 | 002,255,360 | ---- | C] () -- C:\windows\System32\libavcodec.dll
[2007/06/01 16:04:02 | 000,395,776 | ---- | C] () -- C:\windows\System32\libmplayer.dll
[2007/06/01 16:04:02 | 000,262,144 | ---- | C] () -- C:\windows\System32\TomsMoComp_ff.dll
[2007/06/01 16:04:02 | 000,112,640 | ---- | C] () -- C:\windows\System32\libmpeg2_ff.dll
[2007/04/26 23:21:13 | 000,765,952 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2007/04/26 23:21:13 | 000,180,224 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2007/04/22 20:15:29 | 003,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2007/04/22 20:01:47 | 000,012,288 | ---- | C] () -- C:\windows\System32\DivXWMPExtType.dll
[2007/03/01 19:21:21 | 000,077,824 | R--- | C] () -- C:\windows\System32\HPZIDS01.dll
[2007/02/27 23:30:48 | 000,146,762 | ---- | C] () -- C:\Documents and Settings\Gaming Time\Application Data\Cosmos Prefs
[2007/02/25 00:56:29 | 000,000,050 | ---- | C] () -- C:\windows\GunzLauncher.INI
[2007/01/12 01:11:54 | 000,043,520 | ---- | C] () -- C:\windows\System32\CmdLineExt03.dll
[2007/01/12 01:11:04 | 000,021,840 | ---- | C] () -- C:\windows\System32\SIntfNT.dll
[2007/01/12 01:11:04 | 000,017,212 | ---- | C] () -- C:\windows\System32\SIntf32.dll
[2007/01/12 01:11:04 | 000,012,067 | ---- | C] () -- C:\windows\System32\SIntf16.dll
[2007/01/04 21:08:14 | 000,684,032 | ---- | C] () -- C:\windows\System32\libeay32.dll
[2007/01/04 21:08:14 | 000,155,648 | ---- | C] () -- C:\windows\System32\ssleay32.dll
[2006/12/25 18:06:17 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Gaming Time\Local Settings\Application Data\fusioncache.dat
[2006/12/20 19:55:26 | 000,065,024 | ---- | C] () -- C:\Documents and Settings\Gaming Time\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/15 00:34:24 | 000,000,116 | ---- | C] () -- C:\windows\NeroDigital.ini
[2006/12/14 22:57:25 | 000,000,029 | ---- | C] () -- C:\windows\atid.ini
[2006/12/06 11:20:46 | 000,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2006/12/06 10:01:16 | 000,003,972 | ---- | C] () -- C:\windows\System32\drivers\PciBus.sys
[2006/12/06 09:48:21 | 000,135,168 | R--- | C] () -- C:\windows\System32\RtlCPAPI.dll
[2006/12/06 09:44:50 | 000,006,016 | ---- | C] () -- C:\windows\System32\drivers\ALLOW-IO.SYS
[2006/10/22 16:22:00 | 000,581,632 | ---- | C] () -- C:\windows\System32\nvhwvid.dll
[2006/10/22 16:22:00 | 000,286,720 | ---- | C] () -- C:\windows\System32\nvnt4cpl.dll
[2006/06/04 17:31:22 | 000,001,372 | ---- | C] () -- C:\windows\System32\OEMINFO.INI
[2003/01/07 11:05:08 | 000,002,695 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI
[2001/07/07 07:00:00 | 000,003,399 | ---- | C] () -- C:\windows\System32\hptcpmon.ini

========== LOP Check ==========

[2010/03/11 17:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaming Time\Application Data\Ableton
[2006/12/14 23:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaming Time\Application Data\acccore
[2009/12/15 12:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaming Time\Application Data\Atari
[2010/03/18 18:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaming Time\Application Data\Azureus
[2007/05/05 12:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaming Time\Application Data\BitTorrent
[2008/08/31 11:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaming Time\Application Data\DNA
[2008/10/07 17:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaming Time\Application Data\gtk-2.0
[2008/08/02 22:02:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Gaming Time\Application Data\ijjigame
[2008/10/06 10:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaming Time\Application Data\JCreator
[2007/04/20 09:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaming Time\Application Data\Leadertech
[2009/12/16 03:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaming Time\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2007/06/13 09:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaming Time\Application Data\NCH Swift Sound
[2007/08/17 15:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaming Time\Application Data\Nexon
[2008/10/01 16:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaming Time\Application Data\Opera
[2008/11/11 10:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaming Time\Application Data\PACE Anti-Piracy
[2008/12/11 16:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaming Time\Application Data\Pogo Games
[2008/10/07 12:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaming Time\Application Data\PyScripter
[2008/09/12 13:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaming Time\Application Data\Sports Interactive
[2008/10/23 14:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaming Time\Application Data\Subversion
[2007/11/26 14:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaming Time\Application Data\SystemRequirementsLab
[2007/04/07 10:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaming Time\Application Data\Turbine
[2007/05/07 00:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaming Time\Application Data\uTorrent
[2009/12/15 12:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaming Time\Application Data\Viewpoint
[2008/10/31 15:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gaming Time\Application Data\X-Chat 2

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: AGP440.SYS >
[2004/10/08 08:01:47 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/06/03 14:32:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/10/08 08:01:47 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/06/03 14:32:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 03:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/10/08 08:01:47 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/06/03 14:32:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/10/08 08:01:47 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/06/03 14:32:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/10/08 08:01:47 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/10/08 08:01:47 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: IASTOR.SYS >
[2005/06/17 11:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\DRIVERS\006_STORAGE\INTEL\SATARAID\IASTOR.SYS

< MD5 for: IDECHNDR.SYS >
[2004/10/08 08:01:47 | 000,101,431 | ---- | M] (Intel Corporation) MD5=7D2B8BE9E89628663C1FB571F7C34062 -- C:\DRIVERS\006_STORAGE\INTEL\EIDE\IDECHNDR.SYS

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/10/08 08:01:47 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTOSKRNL.EXE >
[2004/10/08 08:01:47 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:ntoskrnl.exe
[2008/06/03 14:32:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:ntoskrnl.exe
[2004/10/08 08:01:47 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:ntoskrnl.exe
[2008/06/03 14:32:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:ntoskrnl.exe
[2008/04/13 15:27:53 | 002,188,928 | ---- | M] (Microsoft Corporation) MD5=0C89243C7C3EE199B96FCC16990E0679 -- C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
[2007/02/28 05:08:48 | 002,136,064 | ---- | M] (Microsoft Corporation) MD5=1220FAF071DEA8653EE21DE7DCDA8BFD -- C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
[2005/03/01 21:04:22 | 002,179,456 | ---- | M] (Microsoft Corporation) MD5=28187802B7C368C0D3AEF7D4C382AABB -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[2008/08/14 19:11:10 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=31914172342BFF330063F343AC6958FE -- C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[2008/04/13 15:24:37 | 002,145,280 | ---- | M] (Microsoft Corporation) MD5=40F8880122A030A7E9E1FEDEA833B33D -- C:\WINDOWS\$NtUninstallKB956841$\ntoskrnl.exe
[2007/02/28 05:55:14 | 002,182,144 | ---- | M] (Microsoft Corporation) MD5=5A5C8DB4AA962C714C8371FBDF189FC9 -- C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[2006/12/19 12:51:12 | 002,182,016 | ---- | M] (Microsoft Corporation) MD5=CEF243F6DEFD20BE4ADDE26C7ECACB54 -- C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[2008/08/14 06:11:02 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=EEAF32F8E15A24F62BECB1BD403BB5C5 -- C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
[2008/08/14 06:11:02 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=EEAF32F8E15A24F62BECB1BD403BB5C5 -- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
[2008/08/14 06:09:26 | 002,145,280 | ---- | M] (Microsoft Corporation) MD5=F6F8245B3A2E9CA834DD318E7AE0C6D0 -- C:\WINDOWS\system32\ntoskrnl.exe

< MD5 for: NVATA.SYS >
[2006/03/16 06:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\PNPDRIVERS\NVIDIA\CHIPSET\IDE\WINXP\SATA_IDE\NVATA.SYS
[2006/04/24 20:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\DRIVERS\006_STORAGE\NVIDIA\EIDE\NVATA.SYS
[2006/04/24 20:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: NVATABUS.SYS >
[2006/03/16 06:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\PNPDRIVERS\NVIDIA\CHIPSET\IDE\WINXP\SATARAID\NVATABUS.SYS
[2006/04/24 20:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\DRIVERS\006_STORAGE\NVIDIA\RAID\NVATABUS.SYS
[2006/06/16 19:55:20 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\system32\drivers\nvatabus.sys

< MD5 for: NVGTS.SYS >
[2009/06/30 21:31:18 | 000,164,896 | ---- | M] (NVIDIA Corporation) MD5=17F915C35450783A446E70693AFA749B -- C:\NVIDIA\nForce\15.46\International\IDE\WinXP\sataraid\nvgts.sys
[2009/06/30 21:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) MD5=619D8943725402D1179941FD58574CC8 -- C:\NVIDIA\nForce\15.46\International\IDE\WinXP\sata_ide\nvgts.sys

< MD5 for: NVRD32.SYS >
[2009/06/30 21:31:18 | 000,139,296 | ---- | M] (NVIDIA Corporation) MD5=C0B63B73BC79C48EAF53900E494F6DE9 -- C:\NVIDIA\nForce\15.46\International\IDE\WinXP\sataraid\nvrd32.sys

< MD5 for: SCECLI.DLL >
[2004/10/08 08:01:47 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/10/08 08:01:47 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VIAMRAID.SYS >
[2005/04/08 15:43:26 | 000,060,928 | ---- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\DRIVERS\006_STORAGE\64XX\VIAMRAID.SYS

< MD5 for: VIASRAID.SYS >
[2004/10/08 08:01:47 | 000,077,312 | ---- | M] (VIA Technologies inc,.ltd) MD5=EBE101C01D80A42868F57B327BE1B564 -- C:\DRIVERS\006_STORAGE\VIA\SATARAID\VIASRAID.SYS

< MD5 for: WINLOGON.EXE >
[2004/10/08 08:01:47 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

< %SYSTEMDRIVE%\*.* >
[2008/12/13 19:27:06 | 000,000,035 | ---- | M] () -- C:\aa.txt
[2006/12/06 09:33:46 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/06/09 15:23:50 | 000,016,882 | ---- | M] () -- C:\avi_log.txt
[2008/06/08 02:18:33 | 000,000,099 | RHS- | M] () -- C:\boot.ini
[2006/12/06 09:33:46 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/12/29 03:13:14 | 000,000,000 | ---- | M] () -- C:\DBS.TXT
[2009/01/19 14:28:17 | 000,011,324 | ---- | M] () -- C:\drwtsn32.log
[2006/12/06 09:33:46 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/11/02 19:27:25 | 000,002,247 | -H-- | M] () -- C:\IPH.PH
[2006/12/06 09:33:46 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/10/08 08:01:47 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/06/03 14:35:11 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/03/19 22:42:43 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2008/11/04 13:40:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/11/22 12:55:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/11/22 22:35:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/11/25 11:17:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/11/28 16:40:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2008/12/13 19:29:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2008/12/14 17:27:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2008/12/15 19:48:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2008/12/22 19:03:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/12/24 12:31:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/12/15 10:59:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/12/15 11:15:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/12/15 12:55:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/12/15 13:04:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/11/04 13:40:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/11/22 12:55:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/11/22 22:35:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/11/25 11:17:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/11/28 16:40:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008/12/13 19:29:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008/12/14 17:27:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008/12/15 19:48:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008/12/22 19:03:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/12/24 12:31:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/12/15 10:59:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/12/15 11:15:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/12/15 12:55:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/12/15 13:04:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2008/11/14 23:30:56 | 000,001,780 | ---- | M] () -- C:\UBSoftUpdate.log
[2 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/05/19 02:24:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/05/19 02:24:39 | 000,643,072 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/05/19 02:24:39 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 1293 bytes -> C:\Program Files\Common Files\System:RgCAoabdZIlmAeXEqh9NmFJo
< End of report >


There it is.

#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:57 PM

Posted 20 March 2010 - 05:48 PM

  • Copy the entire contents of the Quote Box below to Notepad.
  • Leave an empty line at the end of the script
  • Name the file as fix.bat
  • Change the Save as Type to All Files
  • and Save it in the Flash drive

QUOTE
Copy C:\WINDOWS\ServicePackFiles\i386\winlogon.exe C:\Windows\System32
Dir c:\Windows\winlogon.exe /s >C:\Log.txt
Del %0

  • Boot the computer with the OTLPE CD
  • Once in the Reatogo desktop, using Explorer (Right click on the Start button and select "Explore".) Navigate to the Flash drive and doubleclick on the fix.bat. If all goes well, the batch file will disappear and a Log.txt will be created in the C:\ folder. Copy that file to the Flash drive and post its contents in a reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 Slayton26

Slayton26
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 20 March 2010 - 05:50 PM

Alright I don't have time to do that right now, but I will do it as soon as possible. Sorry for the delay.
Have dinner with the girlfriends parents tonight.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users