Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't enter safe-mode for MW removal..


  • Please log in to reply
49 replies to this topic

#1 Neese

Neese

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Indiana, USA
  • Local time:07:54 PM

Posted 01 April 2010 - 06:33 PM

Hi.
Came here before, got great help from one of the team, JSntgRvr, and am back again after no success in trying to find out what is wrong with my brothers desktop.

Seems for a few months he's been having trouble, and he tried to run MBAM himself unsuccessfully, and then when he said he couldn't get into safe mode he thought it was just his bad timing. He dropped off his pc here.

I've since found I cannot access the internet via wifi on this pc, not set up for it, and.....
in trying to access safemode it just keeps rolling through, then back to the screen that asks which safe mode to enter to, etc.

I also noticed it reads in the upper corner during boot that it has an "invalid boot.ini - loading from c:/windows" problem (can't recall exactly what it said).

It boots slow.
Shuts down slow.
Has a fan running continously.
Freezes up unexpectedly and when it does this a shrill continuous beep tone occurs until we force shut it down.
He says he was having trouble logging onto the internet.

Again, any help here will have to be done on my end by USB drive, since I can't connect it to the 'net.

Thanks in advance for any help, and hopefully I didn't forget any of the issues!

~Neese

Edited by Neese, 01 April 2010 - 06:34 PM.


BC AdBot (Login to Remove)

 


#2 Neese

Neese
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Indiana, USA
  • Local time:07:54 PM

Posted 04 April 2010 - 09:11 AM

Is the crew off for the holidays?
Just wondering. Last time I came here the reply was prompt, and probably same day. This time, not fast. Thought it may be due to Good Friday and Easter.

#3 Neese

Neese
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Indiana, USA
  • Local time:07:54 PM

Posted 05 April 2010 - 08:55 PM

~Bump~

Day 5...............

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:54 PM

Posted 06 April 2010 - 08:49 AM

Hi, Neese :thumbsup:

Lets give this a try. You will need a flash drive to move information from the sick computer to a working computer, so we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE).

Here is what you need to do.

Two programs to download

First

Download ISOBurner. Click Here for ISOBurner Instructions. Install the program, and follow the next set of steps.

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 276.7MB in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Boot the Non working computer using the boot CD you just created.
  • In order to do so, the computer must be set to boot from the CD first
    Note : For information click here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standart Registry to All
    • Under the Custom Scan box paste this in


      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      userinit.exe
      explorer.exe
      ntoskrnl.exe
      /md5stop
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      %systemroot%\System32\config\*.sav

  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Neese

Neese
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Indiana, USA
  • Local time:07:54 PM

Posted 08 April 2010 - 07:24 AM

Hi,
Just got this message, thank you very much for the reply.
Will get right on this and post back today.

Thanks again,
Denise

#6 Neese

Neese
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Indiana, USA
  • Local time:07:54 PM

Posted 08 April 2010 - 07:44 AM

Not sure what is going on, but when i double click the otlpe icon, i get a folder browser window. when i click on reatogo, or any for that matter, i get a runscanner box that says target is not windows 2000 or later?

#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:54 PM

Posted 08 April 2010 - 09:38 AM

In the folder browse window, under c:\. Is there a Windows folder? If it does, select that. Else, the problem may be due to a bad download, a bad burn, or lack of appropriate disk drivers. Are you using the same download you used in the other computer. Are you able to see the contents of the C: drive while in the Reatogo environment.?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 Neese

Neese
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Indiana, USA
  • Local time:07:54 PM

Posted 08 April 2010 - 12:53 PM

I am using the same disc I'd burned for the other one, so it worked. I'll go take a look at these other issues you mentioned and post back. Thanks.

#9 Neese

Neese
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Indiana, USA
  • Local time:07:54 PM

Posted 08 April 2010 - 02:48 PM

Actually, I have an additional problem now. The pc won't recognize the memory stick in the usb drive now, where it had before. I've tried 3 different usb ports.

I had to enter by hand the codes to run the scan, but now....can't get the results copied to get them from the sick to well pc to paste to you?


Geez........never can be an easy thing, eh?!!!

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:54 PM

Posted 08 April 2010 - 05:54 PM

Actually, I have an additional problem now. The pc won't recognize the memory stick in the usb drive now, where it had before. I've tried 3 different usb ports.

I had to enter by hand the codes to run the scan, but now....can't get the results copied to get them from the sick to well pc to paste to you?


Geez........never can be an easy thing, eh?!!!

I guess you need another flash drive.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:54 PM

Posted 08 April 2010 - 05:58 PM

Can you boot to the Recovery Console? If you do, will it end in C:\windows or C:\?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 Neese

Neese
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Indiana, USA
  • Local time:07:54 PM

Posted 08 April 2010 - 06:09 PM

OK, got it.

OTL logfile created on: 4/8/2010 9:03:49 PM - Run
OTLPE by OldTimer - Version 3.1.30.3 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 251.00 Mb Available Physical Memory | 50.00% Memory free
455.00 Mb Paging File | 288.00 Mb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 58.50 Gb Free Space | 78.50% Space Free | Partition Type: NTFS
Drive D: | 7.45 Gb Total Space | 6.19 Gb Free Space | 83.11% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/21 15:16:45 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/21 15:16:40 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/13 12:55:48 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Disabled] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/02/28 17:40:36 | 000,737,280 | ---- | M] (Wacom Technology, Corp.) [Disabled] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2004/08/04 03:56:48 | 000,295,424 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\termsrv32.dll -- (TermService)
SRV - [2003/02/28 02:28:34 | 000,303,104 | ---- | M] (Lexmark International, Inc.) [Auto] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | On_Demand] -- -- (SymIMMP)
DRV - File not found [Kernel | On_Demand] -- -- (SymIM)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | System] -- -- (SASKUTIL)
DRV - File not found [Kernel | System] -- -- (SASDIFSV)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/12/04 14:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2009/10/20 12:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/08/28 19:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/21 15:17:39 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/08/21 15:17:33 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/21 15:17:32 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/24 07:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/06/22 10:58:24 | 000,024,576 | ---- | M] (NT Kernel Resources) [Kernel | System] -- C:\WINDOWS\system32\drivers\ndisrd.sys -- (NDISRD)
DRV - [2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\windows\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/06/20 07:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/13 20:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/13 20:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 20:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/13 20:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 15:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 15:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 15:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 15:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 15:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 15:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 15:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup)
DRV - [2008/04/13 15:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 15:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 15:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 14:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 14:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/04/13 14:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 14:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/13 14:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 14:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 14:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 14:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 14:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 14:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 14:56:01 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tunmp.sys -- (tunmp)
DRV - [2008/04/13 14:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 14:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 14:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/13 14:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 14:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/04/13 14:45:39 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR)
DRV - [2008/04/13 14:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 14:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 14:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/04/13 14:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/13 14:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 14:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 14:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 14:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 14:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 14:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 14:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 14:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 14:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 14:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 14:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 14:40:31 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\windows\system32\DRIVERS\viaide.sys -- (ViaIde)
DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 14:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\windows\system32\DRIVERS\intelide.sys -- (IntelIde)
DRV - [2008/04/13 14:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 14:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 14:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 14:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2008/04/13 14:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 14:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 14:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 14:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 14:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 14:39:48 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2008/04/13 14:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 14:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 14:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2008/04/13 14:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 14:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2008/04/13 14:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 14:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/04/13 14:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008/04/13 14:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 14:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/13 14:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 14:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 14:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 14:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/13 14:31:31 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\p3.sys -- (P3)
DRV - [2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2007/11/13 06:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/10/18 21:00:00 | 000,038,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wpdusb.sys -- (WpdUsb)
DRV - [2006/09/28 20:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 19:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2004/08/04 11:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/03 20:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 20:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 20:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 20:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 20:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 20:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 20:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 20:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 20:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 20:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 20:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 20:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 20:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 20:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 20:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2004/06/29 05:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/05/19 12:33:44 | 000,020,016 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2004/04/13 19:20:08 | 000,015,781 | R--- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2003/11/17 16:29:20 | 000,125,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1000325.sys -- (E1000) Intel®
DRV - [2003/09/17 21:44:00 | 000,145,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2003/08/29 19:09:00 | 000,578,304 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2003/08/12 17:45:32 | 000,086,536 | ---- | M] (Comtrol Europe Ltd.) [Kernel | System] -- C:\WINDOWS\system32\drivers\RcktSer.sys -- (Rckt550)
DRV - [2003/08/11 15:01:34 | 000,007,340 | ---- | M] (Comtrol Europe Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RcktMfuf.sys -- (Rcktmfuf)
DRV - [2003/08/11 15:01:28 | 000,024,180 | ---- | M] (Comtrol Europe Ltd.) [Kernel | System] -- C:\WINDOWS\system32\drivers\RcktMf.sys -- (RcktMf)
DRV - [2003/08/04 00:16:08 | 000,120,094 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)
DRV - [2003/08/04 00:16:00 | 000,096,858 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)
DRV - [2003/08/04 00:15:04 | 000,091,419 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2002/05/08 21:44:42 | 000,105,472 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2002/04/04 02:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled] -- C:\windows\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2002/04/01 10:15:00 | 000,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2001/08/17 17:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2001/08/17 17:07:44 | 000,020,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\windows\system32\DRIVERS\dpti2o.sys -- (dpti2o)
DRV - [2001/08/17 17:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\windows\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 17:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\windows\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 17:07:38 | 000,056,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\windows\system32\DRIVERS\aic78xx.sys -- (aic78xx)
DRV - [2001/08/17 17:07:36 | 000,055,168 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\windows\system32\DRIVERS\aic78u2.sys -- (aic78u2)
DRV - [2001/08/17 17:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\windows\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 17:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\windows\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 17:07:32 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\windows\system32\DRIVERS\adpu160m.sys -- (adpu160m)
DRV - [2001/08/17 16:58:20 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2001/08/17 16:57:56 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2001/08/17 16:57:38 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2001/08/17 16:57:32 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2001/08/17 16:56:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\windows\System32\drivers\ws2ifsl.sys -- (WS2IFSL)
DRV - [2001/08/17 16:55:42 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2001/08/17 16:55:34 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2001/08/17 16:55:08 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2001/08/17 16:54:12 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2001/08/17 16:54:08 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2001/08/17 16:52:50 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2001/08/17 16:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2001/08/17 16:49:58 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/17 16:49:54 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2001/08/17 16:49:40 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2001/08/17 16:47:42 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\null.sys -- (Null)
DRV - [2001/08/17 16:47:38 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep)
DRV - [2001/08/17 16:46:58 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2001/08/17 16:36:48 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2001/08/17 14:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 11:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 10:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/04/09 15:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\PenClass.sys -- (PenClass)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC 53 6D 7E FA E1 C9 01 [binary data]
IE - HKU\Administrator_ON_C\..\URLSearchHook: *{00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\..\URLSearchHook: *{00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 0
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC 53 6D 7E FA E1 C9 01 [binary data]
IE - HKU\HelpAssistant_ON_C\..\URLSearchHook: *{00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKU\HelpAssistant_ON_C\..\URLSearchHook: *{00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\HelpAssistant_ON_C\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\HelpAssistant_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/13 12:55:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 16:12:10 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 09:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\HelpAssistant_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\HelpAssistant_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\HelpAssistant_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\HelpAssistant_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\HelpAssistant_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\HelpAssistant_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-18\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Lexmark X5100 Series] C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKU\Administrator_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\HelpAssistant_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\HelpAssistant_ON_C..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\HelpAssistant_ON_C..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1229223765875 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1229223703015 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_01)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/download/imikimi_plugin_0.5.1.cab (Imikimi_activex_plugin Control)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\windows\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\windows\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\windows\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\windows\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\windows\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\windows\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\windows\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\windows\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\windows\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\windows\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\windows\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\System32\wdigest.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{9919ba26-eb11-11dc-9578-000ffeabf6af}\Shell - "" = AutoRun
O33 - MountPoints2\{9919ba26-eb11-11dc-9578-000ffeabf6af}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9919ba26-eb11-11dc-9578-000ffeabf6af}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/08 15:59:50 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft
[2010/04/08 15:58:40 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies
[2010/04/08 15:58:40 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent
[2010/04/08 15:58:40 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures
[2010/04/08 15:58:40 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music
[2010/04/08 15:58:40 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents
[2010/04/08 15:58:40 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites
[2010/04/08 15:58:40 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates
[2010/04/08 15:58:40 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp
[2010/04/08 15:58:40 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu
[2010/04/08 15:58:40 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo
[2010/04/08 15:58:40 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood
[2010/04/08 15:58:40 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood
[2010/04/08 15:58:40 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos
[2010/04/08 15:58:40 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft
[2010/04/08 15:58:40 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings
[2010/04/08 15:58:40 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop
[2010/04/08 15:58:40 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data
[2010/04/01 19:18:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PCHealth
[2010/04/01 17:47:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/04/01 15:48:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Received Files
[2010/03/25 00:48:05 | 000,000,000 | ---D | C] -- C:\3fe97ecb87e5a48e90ab7e695a55390e
[2010/03/24 21:26:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/03/24 21:25:42 | 000,000,000 | ---D | C] -- C:\cf081b9459c50967ca02920bf5e2e5c2
[2009/10/12 19:08:48 | 025,740,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/08 20:58:48 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/04/08 16:56:09 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/04/06 10:50:02 | 000,000,438 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{23752D1C-76BF-4AD0-BF9F-5E5803566352}.job
[2010/04/06 10:33:53 | 000,001,158 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2010/04/06 10:32:53 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/04/06 10:32:51 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2010/04/06 10:32:49 | 527,290,368 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/04 20:35:09 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/04/04 20:35:09 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/04/04 20:34:44 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/04/04 20:34:35 | 003,761,274 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/04/04 20:01:00 | 000,000,250 | ---- | M] () -- C:\windows\tasks\Scheduled Update for Ask Toolbar.job
[2010/03/25 12:17:32 | 057,693,111 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2010/03/25 00:50:49 | 000,530,992 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/03/25 00:50:49 | 000,462,500 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/03/25 00:50:49 | 000,078,462 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/03/24 17:01:04 | 000,000,652 | ---- | M] () -- C:\windows\win.ini
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/08 15:58:40 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/04/08 15:58:40 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/04/08 15:58:40 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/04/08 15:58:40 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/04/08 15:58:40 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/04/08 15:58:40 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/04/08 15:58:40 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/04/08 15:58:40 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/04/08 15:58:40 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/04/08 15:58:40 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/04/08 15:58:40 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/04/08 15:58:40 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/04/08 15:58:40 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/04/08 15:58:40 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/04/08 15:58:40 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/04/08 15:58:40 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/04/08 15:58:40 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/03/02 14:37:18 | 000,162,304 | ---- | C] () -- C:\windows\System32\ztvunrar36.dll
[2010/03/02 14:37:18 | 000,077,312 | ---- | C] () -- C:\windows\System32\ztvunace26.dll
[2010/03/02 14:37:17 | 000,153,088 | ---- | C] () -- C:\windows\System32\UNRAR3.dll
[2010/03/02 14:37:17 | 000,075,264 | ---- | C] () -- C:\windows\System32\unacev2.dll
[2009/10/25 20:42:42 | 000,012,253 | ---- | C] () -- C:\Program Files\Paula_DeAnda_-_Paula_DeAnda_(2006)_-_R_B.3515748.TPB.torrent
[2009/10/12 19:36:07 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/04 00:03:05 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/11 17:17:36 | 000,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
[2009/04/11 17:17:36 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
[2009/04/11 17:17:36 | 000,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
[2009/04/11 17:17:35 | 000,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
[2009/04/11 17:17:35 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
[2009/04/11 17:17:35 | 000,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll
[2009/04/11 17:16:56 | 000,122,880 | ---- | C] () -- C:\windows\System32\cddvdint.dll
[2008/08/20 11:35:13 | 000,000,072 | ---- | C] () -- C:\windows\AcrobatSetupStatus.ini
[2008/05/04 13:25:10 | 000,000,400 | ---- | C] () -- C:\windows\LEXSTAT.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\windows\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\windows\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\windows\System32\gthrctr.ini
[2006/06/22 13:18:44 | 001,331,254 | ---- | C] () -- C:\windows\System32\MaxInst.dll
[2006/03/01 13:11:40 | 000,015,744 | ---- | C] () -- C:\windows\System32\Wintab.dll
[2005/03/21 18:34:03 | 000,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2005/03/21 18:26:54 | 000,000,791 | ---- | C] () -- C:\windows\orun32.ini
[2005/03/21 18:26:33 | 000,001,058 | ---- | C] () -- C:\windows\System32\oeminfo.ini
[2005/03/21 17:46:32 | 000,131,072 | ---- | C] () -- C:\windows\System32\e1000msg.dll
[2005/03/21 17:46:25 | 000,012,288 | ---- | C] () -- C:\windows\System32\e100bmsg.dll
[2003/02/28 02:33:27 | 000,077,824 | ---- | C] () -- C:\windows\System32\LXBALCNP.DLL
[2002/08/21 09:55:26 | 000,000,188 | ---- | C] () -- C:\windows\System32\lxbacoin.ini
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\windows\System32\KodakOneTouch.dll

========== LOP Check ==========

[2010/03/02 14:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Simply Super Software
[2010/01/31 21:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2009/05/14 19:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2009/06/10 13:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Live Writer
[2009/05/16 22:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2008/06/06 23:37:05 | 000,000,276 | ---- | M] () -- C:\windows\Tasks\Disk Cleanup.job
[2009/04/28 17:00:51 | 000,000,452 | ---- | M] () -- C:\windows\Tasks\EasyShare Registration Task.job
[2010/04/04 20:01:00 | 000,000,250 | ---- | M] () -- C:\windows\Tasks\Scheduled Update for Ask Toolbar.job
[2010/04/06 10:50:02 | 000,000,438 | -H-- | M] () -- C:\windows\Tasks\User_Feed_Synchronization-{23752D1C-76BF-4AD0-BF9F-5E5803566352}.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/05 05:57:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/05 05:57:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/05 05:57:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/05 05:57:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 02:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 02:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/04 03:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 03:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 03:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\netlogon.dll

< MD5 for: NTOSKRNL.EXE >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:ntoskrnl.exe
[2004/08/04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:ntoskrnl.exe
[2008/08/05 05:57:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:ntoskrnl.exe
[2008/08/05 05:57:02 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:ntoskrnl.exe
[2009/12/09 00:52:36 | 002,189,312 | ---- | M] (Microsoft Corporation) MD5=05BE3D9A71972223AFF6A3C823BA51B1 -- C:\WINDOWS\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[2008/04/13 15:27:53 | 002,188,928 | ---- | M] (Microsoft Corporation) MD5=0C89243C7C3EE199B96FCC16990E0679 -- C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
[2007/02/28 05:08:48 | 002,136,064 | ---- | M] (Microsoft Corporation) MD5=1220FAF071DEA8653EE21DE7DCDA8BFD -- C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
[2005/03/01 21:04:22 | 002,179,456 | ---- | M] (Microsoft Corporation) MD5=28187802B7C368C0D3AEF7D4C382AABB -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[2008/08/14 16:11:10 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=31914172342BFF330063F343AC6958FE -- C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[2007/02/28 05:55:14 | 002,182,144 | ---- | M] (Microsoft Corporation) MD5=5A5C8DB4AA962C714C8371FBDF189FC9 -- C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[2009/12/08 15:27:51 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=78EC47F9B9A3A1D539262D8834C896CE -- C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
[2009/12/08 15:27:51 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=78EC47F9B9A3A1D539262D8834C896CE -- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
[2006/12/19 10:17:19 | 002,180,352 | ---- | M] (Microsoft Corporation) MD5=8F0DEAB1F81FB83F9C5995853CE48B9F -- C:\WINDOWS\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2gdr\ntoskrnl.exe
[2009/12/08 15:26:15 | 002,145,280 | ---- | M] (Microsoft Corporation) MD5=9696C553F994340CD6AA5C5A724C3A19 -- C:\WINDOWS\system32\ntoskrnl.exe
[2004/08/03 23:20:00 | 002,180,992 | ---- | M] (Microsoft Corporation) MD5=CE218BC7088681FAA06633E218596CA7 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\ntoskrnl.exe
[2006/12/19 12:51:12 | 002,182,016 | ---- | M] (Microsoft Corporation) MD5=CEF243F6DEFD20BE4ADDE26C7ECACB54 -- C:\WINDOWS\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2qfe\ntoskrnl.exe
[2009/02/07 19:35:26 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=EFE8EACE83EAAD5849A7A548FB75B584 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[2009/08/04 09:56:10 | 002,189,312 | ---- | M] (Microsoft Corporation) MD5=FDE779EA1A564EBFE16F4E0F82B61BAD -- C:\WINDOWS\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/04 03:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 03:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2004/08/04 03:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< %SYSTEMDRIVE%\*.* >
[2010/03/24 17:45:25 | 000,025,766 | ---- | M] () -- C:\CybDefInstallInfo.log
[2003/03/03 19:09:56 | 000,048,128 | ---- | M] () -- C:\DOSPR.EXE
[2006/04/03 20:12:22 | 000,004,994 | ---- | M] () -- C:\DRV_RDY.EXE
[2004/09/01 16:49:26 | 000,010,240 | ---- | M] () -- C:\DVBTRVDD.DLL
[2006/08/16 17:17:15 | 000,000,078 | ---- | M] () -- C:\DVIMENU.DAT
[2006/04/26 09:11:40 | 000,335,872 | ---- | M] () -- C:\DVINET.EXE
[2007/05/08 08:06:35 | 000,000,169 | ---- | M] () -- C:\DVISET.BAT
[2007/08/21 09:39:40 | 000,000,086 | ---- | M] () -- C:\dwinmenu.dat
[1994/03/10 10:21:00 | 000,120,926 | ---- | M] () -- C:\EMM386.EXE
[2010/04/08 21:03:10 | 000,047,652 | ---- | M] () -- C:\Extras.Txt
[2005/09/16 01:23:36 | 000,003,268 | ---- | M] () -- C:\FD.EXE
[2007/08/07 11:13:50 | 000,229,376 | R--- | M] (TODO: <Company name>) -- C:\GDVINET.EXE
[1997/04/10 10:30:00 | 000,017,809 | ---- | M] () -- C:\GUEST.EXE
[2006/01/14 22:55:28 | 000,000,092 | ---- | M] () -- C:\GUEST.INI
[2010/04/06 10:32:49 | 527,290,368 | -HS- | M] () -- C:\hiberfil.sys
[1994/03/10 10:21:00 | 000,029,136 | ---- | M] () -- C:\HIMEM.SYS
[1992/03/18 02:58:44 | 000,000,516 | ---- | M] () -- C:\INPUTCR.COM
[2005/12/19 15:30:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/08/17 17:15:14 | 000,042,583 | ---- | M] () -- C:\lenstech7d.gif
[2007/12/10 17:19:38 | 000,002,040 | ---- | M] () -- C:\MATDAT.VIS
[2005/12/19 15:30:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[1998/05/13 17:00:00 | 000,021,860 | ---- | M] () -- C:\NET.EXE
[1993/08/25 02:22:46 | 000,000,536 | ---- | M] () -- C:\NETBTR.BAT
[1999/10/30 01:11:24 | 000,001,365 | ---- | M] () -- C:\NETRDR.BAT
[1991/12/20 19:34:02 | 000,000,042 | ---- | M] () -- C:\NETSHARE.BAT
[2001/09/07 18:35:42 | 000,003,273 | ---- | M] () -- C:\NETSRV.BAT
[1999/03/31 19:14:22 | 000,000,248 | ---- | M] () -- C:\NETUNUSE.BAT
[2001/09/07 18:35:42 | 000,001,028 | ---- | M] () -- C:\NETUSE.BAT
[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/05 06:00:45 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/04/08 21:03:09 | 000,173,288 | ---- | M] () -- C:\OTL.Txt
[2010/04/06 10:32:49 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2008/01/18 11:55:23 | 000,000,000 | ---- | M] () -- C:\PRC.ERR
[1991/11/15 05:00:00 | 000,013,352 | ---- | M] () -- C:\PROTMAN.DOS
[1991/11/15 05:00:00 | 000,014,010 | ---- | M] () -- C:\PROTMAN.EXE
[2006/01/14 22:55:27 | 000,000,129 | ---- | M] () -- C:\PROTOCOL.INI
[1994/03/10 10:21:00 | 000,005,873 | ---- | M] () -- C:\RAMDRIVE.SYS
[1998/11/11 09:00:00 | 000,107,319 | ---- | M] () -- C:\REDIR.EXE
[1993/09/03 18:52:06 | 000,000,279 | ---- | M] () -- C:\REMBIO.DAT
[1993/08/25 01:58:02 | 000,000,193 | ---- | M] () -- C:\REMRDR.DAT
[2010/03/01 15:17:32 | 000,000,326 | ---- | M] () -- C:\rkill.log
[1996/12/16 21:49:30 | 000,001,938 | ---- | M] () -- C:\SERVER.DAT
[2007/08/09 11:46:19 | 000,000,029 | ---- | M] () -- C:\sesname.dat
[1994/11/24 13:47:14 | 000,012,015 | ---- | M] () -- C:\SETVER.EXE
[1994/05/31 06:22:00 | 000,010,912 | ---- | M] () -- C:\SHARE.EXE
[2006/01/13 17:15:45 | 000,000,394 | ---- | M] () -- C:\Shortcut to GDVINET.lnk
[1994/05/31 06:22:00 | 000,045,145 | ---- | M] () -- C:\SMARTDRV.EXE
[1993/09/03 18:52:38 | 000,000,267 | ---- | M] () -- C:\SRVBIO.DAT
[1993/08/25 01:58:36 | 000,000,227 | ---- | M] () -- C:\SRVRDR.DAT
[2008/01/28 18:31:54 | 000,025,110 | ---- | M] () -- C:\STYLDAT.VIS
[2008/10/08 20:07:04 | 000,005,632 | -HS- | M] () -- C:\Thumbs.db
[2006/08/16 17:17:16 | 000,000,098 | ---- | M] () -- C:\USER_BTR.BAT
[2006/08/16 17:17:16 | 000,000,266 | ---- | M] () -- C:\USER_HO2.BAT
[2006/08/16 17:17:15 | 000,000,026 | ---- | M] () -- C:\USER_HOO.BAT
[2003/10/27 16:36:10 | 000,110,592 | ---- | M] () -- C:\VISICON.DLL
[2006/08/16 17:17:15 | 000,000,421 | ---- | M] () -- C:\WINEXEC.BAT
[2007/08/21 09:33:16 | 000,000,000 | ---- | M] () -- C:\winmenu.dat
[2006/03/08 13:58:58 | 000,009,921 | ---- | M] () -- C:\WINUSER.BAT

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/09 09:20:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/09 09:20:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/09 09:20:10 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >



#13 Neese

Neese
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Indiana, USA
  • Local time:07:54 PM

Posted 08 April 2010 - 06:09 PM

OK, got it.

Edited by Neese, 08 April 2010 - 06:22 PM.


#14 Neese

Neese
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Indiana, USA
  • Local time:07:54 PM

Posted 08 April 2010 - 06:09 PM

OK, got it.

Edited by Neese, 08 April 2010 - 06:11 PM.


#15 Neese

Neese
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Indiana, USA
  • Local time:07:54 PM

Posted 08 April 2010 - 06:10 PM

geez..don't know what happened, but that posted way tooooo many times.

Edited by Neese, 08 April 2010 - 06:16 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users